v4.15-9537-beta

2025-07-06 15:54:57 +03:00 · 2015-03-26 18:01:02 +09:00
parent 64fd19e6f8
commit 1f645c9816
385 changed files with 28637 additions and 22088 deletions
--- a/src/BuildFiles/Library/Win32_Debug/libeay32.lib
+++ b/src/BuildFiles/Library/Win32_Debug/libeay32.lib
--- a/src/BuildFiles/Library/Win32_Debug/ssleay32.lib
+++ b/src/BuildFiles/Library/Win32_Debug/ssleay32.lib
--- a/src/BuildFiles/Library/Win32_Release/libeay32.lib
+++ b/src/BuildFiles/Library/Win32_Release/libeay32.lib
--- a/src/BuildFiles/Library/Win32_Release/ssleay32.lib
+++ b/src/BuildFiles/Library/Win32_Release/ssleay32.lib
--- a/src/BuildFiles/Library/x64_Debug/libeay32.lib
+++ b/src/BuildFiles/Library/x64_Debug/libeay32.lib
--- a/src/BuildFiles/Library/x64_Debug/ssleay32.lib
+++ b/src/BuildFiles/Library/x64_Debug/ssleay32.lib
--- a/src/BuildFiles/Library/x64_Release/libeay32.lib
+++ b/src/BuildFiles/Library/x64_Release/libeay32.lib
--- a/src/BuildFiles/Library/x64_Release/ssleay32.lib
+++ b/src/BuildFiles/Library/x64_Release/ssleay32.lib
--- a/src/BuildUtil/BuildUtil.csproj
+++ b/src/BuildUtil/BuildUtil.csproj
@ -39,7 +39,7 @@
    <DefineConstants>TRACE;DEBUG;BU_SOFTETHER;BU_OSS</DefineConstants>
    <ErrorReport>prompt</ErrorReport>
    <WarningLevel>4</WarningLevel>
-    <PlatformTarget>x86</PlatformTarget>
+    <PlatformTarget>AnyCPU</PlatformTarget>
    <DocumentationFile>
    </DocumentationFile>
    <UseVSHostingProcess>false</UseVSHostingProcess>
--- a/src/BuildUtil/VpnBuilder.cs
+++ b/src/BuildUtil/VpnBuilder.cs
@ -376,7 +376,14 @@ namespace BuildUtil
 			// Get the VC++ directory
 			// Visual Studio 2008
 			if (IntPtr.Size == 4)
 			{
 				Paths.VisualStudioVCDir = IO.RemoteLastEnMark(Reg.ReadStr(RegRoot.LocalMachine, @"SOFTWARE\Microsoft\VisualStudio\9.0\Setup\VC", "ProductDir"));
 			}
 			else
 			{
 				Paths.VisualStudioVCDir = IO.RemoteLastEnMark(Reg.ReadStr(RegRoot.LocalMachine, @"SOFTWARE\Wow6432Node\Microsoft\VisualStudio\9.0\Setup\VC", "ProductDir"));
 			}
 			if (Str.IsEmptyStr(Paths.VisualStudioVCDir))
 			{
 				throw new ApplicationException("Visual C++ directory not found.\n");
@ -396,7 +403,14 @@ namespace BuildUtil
 			bool x86_dir = false;
 			// Get Microsoft SDK 6.0a directory
 			if (IntPtr.Size == 4)
 			{
 				Paths.MicrosoftSDKDir = IO.RemoteLastEnMark(Reg.ReadStr(RegRoot.LocalMachine, @"SOFTWARE\Wow6432Node\Microsoft\Microsoft SDKs\Windows\v6.0A", "InstallationFolder"));
 			}
 			else
 			{
 				Paths.MicrosoftSDKDir = IO.RemoteLastEnMark(Reg.ReadStr(RegRoot.LocalMachine, @"SOFTWARE\Microsoft\Microsoft SDKs\Windows\v6.0A", "InstallationFolder"));
 			}
 			// Get makecat.exe file name
 			Paths.MakeCatFilename = Path.Combine(Paths.MicrosoftSDKDir, @"bin\" + (x86_dir ? @"x86\" : "") + "makecat.exe");
--- a/src/Cedar/Cedar.h
+++ b/src/Cedar/Cedar.h
@ -135,10 +135,10 @@
 // Version number
-#define	CEDAR_VER					414
+#define	CEDAR_VER					415
 // Build Number
-#define	CEDAR_BUILD					9529
+#define	CEDAR_BUILD					9537
 // Beta number
 //#define	BETA_NUMBER					3
@ -153,16 +153,16 @@
 // Specify the location to build
 #ifndef	BUILD_PLACE
-#define	BUILD_PLACE			"pc30"
+#define	BUILD_PLACE			"pc26"
 #endif	// BUILD_PLACE
 // Specifies the build date
 #define	BUILD_DATE_Y		2015
-#define	BUILD_DATE_M		2
+#define	BUILD_DATE_M		3
-#define	BUILD_DATE_D		2
+#define	BUILD_DATE_D		26
-#define	BUILD_DATE_HO		17
+#define	BUILD_DATE_HO		16
-#define	BUILD_DATE_MI		33
+#define	BUILD_DATE_MI		48
-#define	BUILD_DATE_SE		33
+#define	BUILD_DATE_SE		15
 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)
--- a/src/Cedar/SW.c
+++ b/src/Cedar/SW.c
@ -4569,6 +4569,24 @@ UINT SwReady(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, WIZARD *wizard,
 		break;
 	case WM_WIZ_NEXT:
 		if (IsUseAlternativeHostname())
 		{
 			wchar_t src_dll1[MAX_PATH];
 			wchar_t src_dll2[MAX_PATH];
 			wchar_t *exe_dir = MsGetExeFileDirW();
 			CombinePathW(src_dll1, sizeof(src_dll1), exe_dir, VG_DLL_X86);
 			CombinePathW(src_dll2, sizeof(src_dll2), exe_dir, VG_DLL_X64);
 			if (IsFileExistsW(src_dll1) || IsFileExistsW(src_dll2))
 			{
 				if (MsgBoxEx(hWnd, MB_ICONQUESTION | MB_YESNO | MB_DEFBUTTON2,
 					_UU("SW_VG_CONFIRM_MSG")) == IDNO)
 				{
 					break;
 				}
 			}
 		}
 		return D_SW_PERFORM;
 	case WM_WIZ_BACK:
--- a/src/CurrentBuild.txt
+++ b/src/CurrentBuild.txt
@ -1,4 +1,4 @@
-BUILD_NUMBER 9529
+BUILD_NUMBER 9537
-VERSION 414
+VERSION 415
 BUILD_NAME beta
-BUILD_DATE 20150202_173333
+BUILD_DATE 20150326_164815
--- a/src/Mayaqua/Mayaqua.vcproj
+++ b/src/Mayaqua/Mayaqua.vcproj
@ -546,10 +546,22 @@
 				RelativePath=".\openssl\buffer.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\camellia.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\cast.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\cmac.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\cms.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\comp.h"
 				>
@ -622,14 +634,6 @@
 				RelativePath=".\openssl\evp.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\fips.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\fips_rand.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\hmac.h"
 				>
@ -650,10 +654,6 @@
 				RelativePath=".\openssl\lhash.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\md2.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\md4.h"
 				>
@ -666,6 +666,10 @@
 				RelativePath=".\openssl\mdc2.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\modes.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\obj_mac.h"
 				>
@ -706,10 +710,6 @@
 				RelativePath=".\openssl\pkcs7.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\pq_compat.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\pqueue.h"
 				>
@ -726,10 +726,6 @@
 				RelativePath=".\openssl\rc4.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\rc5.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\ripemd.h"
 				>
@ -742,10 +738,22 @@
 				RelativePath=".\openssl\safestack.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\seed.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\sha.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\srp.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\srtp.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\ssl.h"
 				>
@ -766,10 +774,6 @@
 				RelativePath=".\openssl\stack.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\store.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\symhacks.h"
 				>
@ -779,7 +783,7 @@
 				>
 			</File>
 			<File
-				RelativePath=".\openssl\tmdiff.h"
+				RelativePath=".\openssl\ts.h"
 				>
 			</File>
 			<File
@ -794,6 +798,10 @@
 				RelativePath=".\openssl\ui_compat.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\whrlpool.h"
 				>
 			</File>
 			<File
 				RelativePath=".\openssl\x509.h"
 				>
--- a/src/Mayaqua/win32_inc/openssl/aes.h
+++ b/src/Mayaqua/win32_inc/openssl/aes.h
@ -58,18 +58,18 @@
 #  error AES is disabled.
 # endif
 # include <stddef.h>
 # define AES_ENCRYPT     1
 # define AES_DECRYPT     0
-/* Because array size can't be a const in C, the following two are macros.
+/*
-   Both sizes are in bytes. */
+ * Because array size can't be a const in C, the following two are macros.
 * Both sizes are in bytes.
 */
 # define AES_MAXNR 14
 # define AES_BLOCK_SIZE 16
 #ifdef OPENSSL_FIPS
 #define FIPS_AES_SIZE_T	int
 #endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@ -92,6 +92,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key);
 int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                                AES_KEY *key);
 int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                                AES_KEY *key);
 void AES_encrypt(const unsigned char *in, unsigned char *out,
                 const AES_KEY *key);
 void AES_decrypt(const unsigned char *in, unsigned char *out,
@ -100,37 +105,32 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
                     const AES_KEY *key, const int enc);
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
+                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
                        unsigned char *ivec, int *num, const int enc);
 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
+                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc);
 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
+                      size_t length, const AES_KEY *key,
                      unsigned char *ivec, int *num, const int enc);
 void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
 			    const int nbits,const AES_KEY *key,
 			    unsigned char *ivec,const int enc);
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
                        unsigned char *ivec, int *num);
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
                        unsigned char ivec[AES_BLOCK_SIZE],
                        unsigned char ecount_buf[AES_BLOCK_SIZE],
                        unsigned int *num);
 /* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
 /* NB: the IV is _two_ blocks long */
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-		     const unsigned long length, const AES_KEY *key,
+                     size_t length, const AES_KEY *key,
                     unsigned char *ivec, const int enc);
 /* NB: the IV is _four_ blocks long */
 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-			const unsigned long length, const AES_KEY *key,
+                        size_t length, const AES_KEY *key,
                        const AES_KEY *key2, const unsigned char *ivec,
                        const int enc);
@ -141,6 +141,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                   unsigned char *out,
                   const unsigned char *in, unsigned int inlen);
 #ifdef  __cplusplus
 }
 #endif
--- a/src/Mayaqua/win32_inc/openssl/asn1.h
+++ b/src/Mayaqua/win32_inc/openssl/asn1.h
@ -129,7 +129,6 @@ extern "C" {
 # define V_ASN1_GENERALSTRING            27 /**/
 # define V_ASN1_UNIVERSALSTRING          28 /**/
 # define V_ASN1_BMPSTRING                30
 /* For use with d2i_ASN1_type_bytes() */
 # define B_ASN1_NUMERICSTRING    0x0001
 # define B_ASN1_PRINTABLESTRING  0x0002
@ -150,32 +149,30 @@ extern "C" {
 # define B_ASN1_UTCTIME          0x4000
 # define B_ASN1_GENERALIZEDTIME  0x8000
 # define B_ASN1_SEQUENCE         0x10000
 /* For use with ASN1_mbstring_copy() */
 # define MBSTRING_FLAG           0x1000
 # define MBSTRING_UTF8           (MBSTRING_FLAG)
 # define MBSTRING_ASC            (MBSTRING_FLAG|1)
 # define MBSTRING_BMP            (MBSTRING_FLAG|2)
 # define MBSTRING_UNIV           (MBSTRING_FLAG|4)
 # define SMIME_OLDMIME           0x400
 # define SMIME_CRLFEOL           0x800
 # define SMIME_STREAM            0x1000
    struct X509_algor_st;
 DECLARE_STACK_OF(X509_ALGOR)
 # define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */
 # define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */
-/* We MUST make sure that, except for constness, asn1_ctx_st and
+/*
-   asn1_const_ctx are exactly the same.  Fortunately, as soon as
+ * We MUST make sure that, except for constness, asn1_ctx_st and
-   the old ASN1 parsing macros are gone, we can throw this away
+ * asn1_const_ctx are exactly the same.  Fortunately, as soon as the old ASN1
-   as well... */
+ * parsing macros are gone, we can throw this away as well...
-typedef struct asn1_ctx_st
+ */
-	{
+typedef struct asn1_ctx_st {
    unsigned char *p;           /* work char pointer */
-	int eos;	/* end of sequence read for indefinite encoding */
+    int eos;                    /* end of sequence read for indefinite
                                 * encoding */
    int error;                  /* error code to use when returning an error */
    int inf;                    /* constructed if 0x20, indefinite is 0x21 */
    int tag;                    /* tag from last 'get object' */
@ -187,10 +184,10 @@ typedef struct asn1_ctx_st
    int line;                   /* used in error processing */
 } ASN1_CTX;
-typedef struct asn1_const_ctx_st
+typedef struct asn1_const_ctx_st {
 	{
    const unsigned char *p;     /* work char pointer */
-	int eos;	/* end of sequence read for indefinite encoding */
+    int eos;                    /* end of sequence read for indefinite
                                 * encoding */
    int error;                  /* error code to use when returning an error */
    int inf;                    /* constructed if 0x20, indefinite is 0x21 */
    int tag;                    /* tag from last 'get object' */
@ -202,54 +199,62 @@ typedef struct asn1_const_ctx_st
    int line;                   /* used in error processing */
 } ASN1_const_CTX;
-/* These are used internally in the ASN1_OBJECT to keep track of
+/*
- * whether the names and data need to be free()ed */
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
 * names and data need to be free()ed
 */
 # define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
 # define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
 # define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
 # define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
-typedef struct asn1_object_st
+struct asn1_object_st {
 	{
    const char *sn, *ln;
    int nid;
    int length;
-	unsigned char *data;
+    const unsigned char *data;  /* data remains const after init */
    int flags;                  /* Should we free this one */
-	} ASN1_OBJECT;
+};
 # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
-/* This indicates that the ASN1_STRING is not a real value but just a place
+/*
- * holder for the location where indefinite length constructed data should
+ * This indicates that the ASN1_STRING is not a real value but just a place
- * be inserted in the memory buffer 
+ * holder for the location where indefinite length constructed data should be
 * inserted in the memory buffer
 */
 # define ASN1_STRING_FLAG_NDEF 0x010
-/* This flag is used by the CMS code to indicate that a string is not
+/*
- * complete and is a place holder for content when it had all been 
+ * This flag is used by the CMS code to indicate that a string is not
- * accessed. The flag will be reset when content has been written to it.
+ * complete and is a place holder for content when it had all been accessed.
 * The flag will be reset when content has been written to it.
 */
 #define ASN1_STRING_FLAG_CONT 0x020 
 # define ASN1_STRING_FLAG_CONT 0x020
 /*
 * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
 * type.
 */
 # define ASN1_STRING_FLAG_MSTRING 0x040
 /* This is the base type that holds just about everything :-) */
-typedef struct asn1_string_st
+struct asn1_string_st {
 	{
    int length;
    int type;
    unsigned char *data;
-	/* The value of the following field depends on the type being
+    /*
-	 * held.  It is mostly being used for BIT_STRING so if the
+     * The value of the following field depends on the type being held.  It
-	 * input data has a non-zero 'unused bits' value, it will be
+     * is mostly being used for BIT_STRING so if the input data has a
-	 * handled correctly */
+     * non-zero 'unused bits' value, it will be handled correctly
     */
    long flags;
-	} ASN1_STRING;
+};
-/* ASN1_ENCODING structure: this is used to save the received
+/*
- * encoding of an ASN1 type. This is useful to get round
+ * ASN1_ENCODING structure: this is used to save the received encoding of an
- * problems with invalid encodings which can break signatures.
+ * ASN1 type. This is useful to get round problems with invalid encodings
 * which can break signatures.
 */
-typedef struct ASN1_ENCODING_st
+typedef struct ASN1_ENCODING_st {
 	{
    unsigned char *enc;         /* DER encoding */
    long len;                   /* Length of encoding */
    int modified;               /* set to 1 if 'enc' is invalid */
@ -285,11 +290,10 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
 # define ub_title                        64
 # define ub_email_address                128
-/* Declarations for template structures: for full definitions
+/*
- * see asn1t.h
+ * Declarations for template structures: for full definitions see asn1t.h
 */
 typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
 typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct ASN1_TLC_st ASN1_TLC;
 /* This is just an opaque pointer */
 typedef struct ASN1_VALUE_st ASN1_VALUE;
@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
        type *name##_new(void); \
        void name##_free(type *a);
 # define DECLARE_ASN1_PRINT_FUNCTION(stname) \
        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
 # define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
        int fname##_print_ctx(BIO *out, stname *x, int indent, \
                                         const ASN1_PCTX *pctx);
 # define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
 # define I2D_OF(type) int (*)(type *,unsigned char **)
 # define I2D_OF_const(type) int (*)(const type *,unsigned char **)
@ -344,8 +355,6 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
    ((void*) (1 ? p : (type*)0))
 # define CHECKED_PPTR_OF(type, p) \
    ((void**) (1 ? p : (type**)0))
 #define CHECKED_PTR_OF_TO_CHAR(type, p) \
    ((char*) (1 ? p : (type*)0))
 # define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
 # define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
@ -353,7 +362,8 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 TYPEDEF_D2I2D_OF(void);
-/* The following macros and typedefs allow an ASN1_ITEM
+/*-
 * The following macros and typedefs allow an ASN1_ITEM
 * to be embedded in a structure and referenced. Since
 * the ASN1_ITEM pointers need to be globally accessible
 * (possibly from shared libraries) they may exist in
@ -406,8 +416,9 @@ typedef const ASN1_ITEM ASN1_ITEM_EXP;
 # else
-/* Platforms that can't easily handle shared global variables are declared
+/*
- * as functions returning ASN1_ITEM pointers.
+ * Platforms that can't easily handle shared global variables are declared as
 * functions returning ASN1_ITEM pointers.
 */
 /* ASN1_ITEM pointer exported type */
@ -428,24 +439,22 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
 /* Parameters used by ASN1_STRING_print_ex() */
-/* These determine which characters to escape:
+/*
- * RFC2253 special characters, control characters and
+ * These determine which characters to escape: RFC2253 special characters,
- * MSB set characters
+ * control characters and MSB set characters
 */
 # define ASN1_STRFLGS_ESC_2253           1
 # define ASN1_STRFLGS_ESC_CTRL           2
 # define ASN1_STRFLGS_ESC_MSB            4
-
+/*
-/* This flag determines how we do escaping: normally
+ * This flag determines how we do escaping: normally RC2253 backslash only,
- * RC2253 backslash only, set this to use backslash and
+ * set this to use backslash and quote.
 * quote.
 */
 # define ASN1_STRFLGS_ESC_QUOTE          8
 /* These three flags are internal use only. */
 /* Character is a valid PrintableString character */
@ -455,19 +464,21 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
 /* Character needs escaping if it is the last character */
 # define CHARTYPE_LAST_ESC_2253          0x40
-/* NB the internal flags are safely reused below by flags
+/*
- * handled at the top level.
+ * NB the internal flags are safely reused below by flags handled at the top
 * level.
 */
-/* If this is set we convert all character strings
+/*
- * to UTF8 first 
+ * If this is set we convert all character strings to UTF8 first
 */
 # define ASN1_STRFLGS_UTF8_CONVERT       0x10
-/* If this is set we don't attempt to interpret content:
+/*
- * just assume all strings are 1 byte per character. This
+ * If this is set we don't attempt to interpret content: just assume all
- * will produce some pretty odd looking output!
+ * strings are 1 byte per character. This will produce some pretty odd
 * looking output!
 */
 # define ASN1_STRFLGS_IGNORE_TYPE        0x20
@ -475,27 +486,27 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
 /* If this is set we include the string type in the output */
 # define ASN1_STRFLGS_SHOW_TYPE          0x40
-/* This determines which strings to display and which to
+/*
- * 'dump' (hex dump of content octets or DER encoding). We can
+ * This determines which strings to display and which to 'dump' (hex dump of
- * only dump non character strings or everything. If we
+ * content octets or DER encoding). We can only dump non character strings or
- * don't dump 'unknown' they are interpreted as character
+ * everything. If we don't dump 'unknown' they are interpreted as character
- * strings with 1 octet per character and are subject to
+ * strings with 1 octet per character and are subject to the usual escaping
- * the usual escaping options.
+ * options.
 */
 # define ASN1_STRFLGS_DUMP_ALL           0x80
 # define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
-/* These determine what 'dumping' does, we can dump the
+/*
- * content octets or the DER encoding: both use the
+ * These determine what 'dumping' does, we can dump the content octets or the
- * RFC2253 #XXXXX notation.
+ * DER encoding: both use the RFC2253 #XXXXX notation.
 */
 # define ASN1_STRFLGS_DUMP_DER           0x200
-/* All the string flags consistent with RFC2253,
+/*
- * escaping control characters isn't essential in
+ * All the string flags consistent with RFC2253, escaping control characters
- * RFC2253 but it is advisable anyway.
+ * isn't essential in RFC2253 but it is advisable anyway.
 */
 # define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
@ -510,8 +521,7 @@ DECLARE_ASN1_SET_OF(ASN1_INTEGER)
 DECLARE_STACK_OF(ASN1_GENERALSTRING)
-typedef struct asn1_type_st
+typedef struct asn1_type_st {
 	{
    int type;
    union {
        char *ptr;
@ -532,8 +542,10 @@ typedef struct asn1_type_st
        ASN1_GENERALIZEDTIME *generalizedtime;
        ASN1_VISIBLESTRING *visiblestring;
        ASN1_UTF8STRING *utf8string;
-		/* set and sequence are left complete and still
+        /*
-		 * contain the set or sequence bytes */
+         * set and sequence are left complete and still contain the set or
         * sequence bytes
         */
        ASN1_STRING *set;
        ASN1_STRING *sequence;
        ASN1_VALUE *asn1_value;
@ -543,21 +555,15 @@ typedef struct asn1_type_st
 DECLARE_STACK_OF(ASN1_TYPE)
 DECLARE_ASN1_SET_OF(ASN1_TYPE)
-typedef struct asn1_method_st
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
 	{
 	i2d_of_void *i2d;
 	d2i_of_void *d2i;
 	void *(*create)(void);
 	void (*destroy)(void *);
 	} ASN1_METHOD;
-/* This is used when parsing some Netscape objects */
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-typedef struct asn1_header_st
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
-	{
+
 typedef struct NETSCAPE_X509_st {
    ASN1_OCTET_STRING *header;
-	void *data;
+    X509 *cert;
-	ASN1_METHOD *meth;
+} NETSCAPE_X509;
 	} ASN1_HEADER;
 /* This is used to contain a list of bit names */
 typedef struct BIT_STRING_BITNAME_st {
@ -566,7 +572,6 @@ typedef struct BIT_STRING_BITNAME_st {
    const char *sname;
 } BIT_STRING_BITNAME;
 # define M_ASN1_STRING_length(x) ((x)->length)
 # define M_ASN1_STRING_length_set(x, n)  ((x)->length = (n))
 # define M_ASN1_STRING_type(x)   ((x)->type)
@ -577,32 +582,34 @@ typedef struct BIT_STRING_BITNAME_st {
                ASN1_STRING_type_new(V_ASN1_BIT_STRING)
 # define M_ASN1_BIT_STRING_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
 # define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-		ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 # define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-		(ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 # define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
 # define M_ASN1_INTEGER_new()    (ASN1_INTEGER *)\
                ASN1_STRING_type_new(V_ASN1_INTEGER)
 # define M_ASN1_INTEGER_free(a)          ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
                ASN1_STRING_dup((const ASN1_STRING *)a)
 # define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
-		(ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 # define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
                ASN1_STRING_type_new(V_ASN1_ENUMERATED)
 # define M_ASN1_ENUMERATED_free(a)       ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
                ASN1_STRING_dup((const ASN1_STRING *)a)
 # define M_ASN1_ENUMERATED_cmp(a,b)      ASN1_STRING_cmp(\
-		(ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 # define M_ASN1_OCTET_STRING_new()       (ASN1_OCTET_STRING *)\
                ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
 # define M_ASN1_OCTET_STRING_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
 # define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-		ASN1_STRING_dup((ASN1_STRING *)a)
+                ASN1_STRING_dup((const ASN1_STRING *)a)
 # define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-		(ASN1_STRING *)a,(ASN1_STRING *)b)
+                (const ASN1_STRING *)a,(const ASN1_STRING *)b)
 # define M_ASN1_OCTET_STRING_set(a,b,c)  ASN1_STRING_set((ASN1_STRING *)a,b,c)
 # define M_ASN1_OCTET_STRING_print(a,b)  ASN1_STRING_print(a,(ASN1_STRING *)b)
 # define M_i2d_ASN1_OCTET_STRING(a,pp) \
@ -686,7 +693,7 @@ typedef struct BIT_STRING_BITNAME_st {
                ASN1_STRING_type_new(V_ASN1_IA5STRING)
 # define M_ASN1_IA5STRING_free(a)        ASN1_STRING_free((ASN1_STRING *)a)
 # define M_ASN1_IA5STRING_dup(a) \
-			(ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+                (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
 # define M_i2d_ASN1_IA5STRING(a,pp) \
                i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
                        V_ASN1_UNIVERSAL)
@ -697,18 +704,20 @@ typedef struct BIT_STRING_BITNAME_st {
 # define M_ASN1_UTCTIME_new()    (ASN1_UTCTIME *)\
                ASN1_STRING_type_new(V_ASN1_UTCTIME)
 # define M_ASN1_UTCTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
                ASN1_STRING_dup((const ASN1_STRING *)a)
 # define M_ASN1_GENERALIZEDTIME_new()    (ASN1_GENERALIZEDTIME *)\
                ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
 # define M_ASN1_GENERALIZEDTIME_free(a)  ASN1_STRING_free((ASN1_STRING *)a)
 # define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-	(ASN1_STRING *)a)
+        (const ASN1_STRING *)a)
 # define M_ASN1_TIME_new()       (ASN1_TIME *)\
                ASN1_STRING_type_new(V_ASN1_UTCTIME)
 # define M_ASN1_TIME_free(a)     ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
        ASN1_STRING_dup((const ASN1_STRING *)a)
 # define M_ASN1_GENERALSTRING_new()      (ASN1_GENERALSTRING *)\
                ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
@ -769,6 +778,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
 int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
 ASN1_OBJECT *ASN1_OBJECT_new(void);
 void ASN1_OBJECT_free(ASN1_OBJECT *a);
@ -785,26 +795,31 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT)
 ASN1_STRING *ASN1_STRING_new(void);
 void ASN1_STRING_free(ASN1_STRING *a);
-ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);
+void ASN1_STRING_clear_free(ASN1_STRING *a);
 int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
 ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
 ASN1_STRING *ASN1_STRING_type_new(int type);
-int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
-  /* Since this is used to store all sorts of things, via macros, for now, make
+  /*
-     its data void * */
+   * Since this is used to store all sorts of things, via macros, for now,
   * make its data void *
   */
 int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
 void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(ASN1_STRING *x);
+int ASN1_STRING_length(const ASN1_STRING *x);
 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
 unsigned char *ASN1_STRING_data(ASN1_STRING *x);
 DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-			long length);
+                                     const unsigned char **pp, long length);
-int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
 			int length );
 int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
 int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
                          unsigned char *flags, int flags_len);
 # ifndef OPENSSL_NO_BIO
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
@ -823,27 +838,37 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
                               long length);
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
                                long length);
-ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
 ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
                               int offset_day, long offset_sec);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 # if 0
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 # endif
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
                                               time_t t);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
                                               time_t t, int offset_day,
                                               long offset_sec);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
 int ASN1_TIME_diff(int *pday, int *psec,
                   const ASN1_TIME *from, const ASN1_TIME *to);
 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
-int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
-int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
+                          const ASN1_OCTET_STRING *b);
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
                          int len);
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
@ -869,13 +894,19 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
 DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
 ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
                         int offset_day, long offset_sec);
 int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME
                                                   **out);
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
+int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
-STACK *	d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-		     d2i_of_void *d2i, void (*free_func)(void *),
+                                      const unsigned char **pp,
                                      long length, d2i_of_void *d2i,
                                      void (*free_func) (OPENSSL_BLOCK),
                                      int ex_tag, int ex_class);
 # ifndef OPENSSL_NO_BIO
@ -894,9 +925,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
                                const char *sn, const char *ln);
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
@ -930,17 +961,17 @@ int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
 # define ASN1_dup_of(type,i2d,d2i,x) \
    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
                     CHECKED_D2I_OF(type, d2i), \
-		     CHECKED_PTR_OF_TO_CHAR(type, x)))
+                     CHECKED_PTR_OF(type, x)))
 # define ASN1_dup_of_const(type,i2d,d2i,x) \
    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
                     CHECKED_D2I_OF(type, d2i), \
-		     CHECKED_PTR_OF_TO_CHAR(const type, x)))
+                     CHECKED_PTR_OF(const type, x)))
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
@ -1001,42 +1032,36 @@ int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
                  CHECKED_PTR_OF(const type, x)))
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
 int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
                  unsigned char *buf, int off);
 int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
                    int dump);
 # endif
 const char *ASN1_tag2str(int tag);
-/* Used to load and write netscape format cert/key */
+/* Used to load and write netscape format cert */
-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
+
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
 ASN1_HEADER *ASN1_HEADER_new(void );
 void ASN1_HEADER_free(ASN1_HEADER *a);
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-/* Not used that much at this point, except for the first two */
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
-ASN1_METHOD *X509_asn1_meth(void);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
 ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
 ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
 ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
 int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
 	unsigned char *data, int len);
 int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
 	unsigned char *data, int max_len);
 int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
                                  unsigned char *data, int len);
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
                                  unsigned char *data, int max_len);
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-		       d2i_of_void *d2i, void (*free_func)(void *));
+                                         d2i_of_void *d2i,
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+                                         void (*free_func) (OPENSSL_BLOCK));
 unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
                             unsigned char **buf, int *len);
 void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
@ -1048,7 +1073,8 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
                      CHECKED_I2D_OF(type, i2d), \
                      oct))
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
                            ASN1_OCTET_STRING **oct);
 void ASN1_STRING_set_default_mask(unsigned long mask);
 int ASN1_STRING_set_default_mask_asc(const char *p);
@ -1060,7 +1086,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                        long minsize, long maxsize);
 ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
-		const unsigned char *in, int inlen, int inform, int nid);
+                                    const unsigned char *in, int inlen,
                                    int inform, int nid);
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
 int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
 void ASN1_STRING_TABLE_cleanup(void);
@ -1070,27 +1097,71 @@ void ASN1_STRING_TABLE_cleanup(void);
 /* Old API compatible functions */
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
                          long len, const ASN1_ITEM *it);
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
                       const ASN1_ITEM *it);
 void ASN1_add_oid_module(void);
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+/* ASN1 Print flags */
 					const ASN1_ITEM *it);
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+/* Indicate missing OPTIONAL fields */
-				int ctype_nid, int econt_nid,
+# define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001
-				STACK_OF(X509_ALGOR) *mdalgs,
+/* Mark start and end of SEQUENCE */
-				asn1_output_data_fn *data_fn,
+# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
 /* Mark start and end of SEQUENCE/SET OF */
 # define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
 /* Show the ASN1 type of primitives */
 # define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
 /* Don't show ASN1 type of ANY */
 # define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
 /* Don't show ASN1 type of MSTRINGs */
 # define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
 /* Don't show field names in SEQUENCE */
 # define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
 /* Show structure names of each SEQUENCE field */
 # define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
 /* Don't show structure name even at top level */
 # define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
 int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
                    const ASN1_ITEM *it, const ASN1_PCTX *pctx);
 ASN1_PCTX *ASN1_PCTX_new(void);
 void ASN1_PCTX_free(ASN1_PCTX *p);
 unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
 void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
 unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
 void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
 unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
 void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
 unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
 void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
 unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
 void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
 BIO_METHOD *BIO_f_asn1(void);
 BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
 int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
                        const ASN1_ITEM *it);
 int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
                              const char *hdr, const ASN1_ITEM *it);
 int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                     int ctype_nid, int econt_nid,
                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
 int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
 int SMIME_text(BIO *in, BIO *out);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_ASN1_strings(void);
@ -1118,6 +1189,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
 # define ASN1_F_ASN1_EX_C2I                               204
 # define ASN1_F_ASN1_FIND_END                             190
 # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
 # define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
 # define ASN1_F_ASN1_GENERATE_V3                          178
 # define ASN1_F_ASN1_GET_OBJECT                           114
@ -1134,11 +1206,12 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_ITEM_I2D_FP                          193
 # define ASN1_F_ASN1_ITEM_PACK                            198
 # define ASN1_F_ASN1_ITEM_SIGN                            195
 # define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
 # define ASN1_F_ASN1_ITEM_UNPACK                          199
 # define ASN1_F_ASN1_ITEM_VERIFY                          197
 # define ASN1_F_ASN1_MBSTRING_NCOPY                       122
 # define ASN1_F_ASN1_OBJECT_NEW                           123
-#define ASN1_F_ASN1_OUTPUT_DATA				 207
+# define ASN1_F_ASN1_OUTPUT_DATA                          214
 # define ASN1_F_ASN1_PACK_STRING                          124
 # define ASN1_F_ASN1_PCTX_NEW                             205
 # define ASN1_F_ASN1_PKCS5_PBE_SET                        125
@ -1152,14 +1225,17 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
 # define ASN1_F_ASN1_TEMPLATE_NEW                         133
 # define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
 # define ASN1_F_ASN1_TIME_ADJ                             217
 # define ASN1_F_ASN1_TIME_SET                             175
 # define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
 # define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
 # define ASN1_F_ASN1_UNPACK_STRING                        136
 # define ASN1_F_ASN1_UTCTIME_ADJ                          218
 # define ASN1_F_ASN1_UTCTIME_SET                          187
 # define ASN1_F_ASN1_VERIFY                               137
-#define ASN1_F_B64_READ_ASN1				 208
+# define ASN1_F_B64_READ_ASN1                             209
-#define ASN1_F_B64_WRITE_ASN1				 209
+# define ASN1_F_B64_WRITE_ASN1                            210
 # define ASN1_F_BIO_NEW_NDEF                              208
 # define ASN1_F_BITSTR_CB                                 180
 # define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
 # define ASN1_F_BN_TO_ASN1_INTEGER                        139
@ -1178,6 +1254,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_D2I_ASN1_TYPE_BYTES                       149
 # define ASN1_F_D2I_ASN1_UINTEGER                         150
 # define ASN1_F_D2I_ASN1_UTCTIME                          151
 # define ASN1_F_D2I_AUTOPRIVATEKEY                        207
 # define ASN1_F_D2I_NETSCAPE_RSA                          152
 # define ASN1_F_D2I_NETSCAPE_RSA_2                        153
 # define ASN1_F_D2I_PRIVATEKEY                            154
@ -1187,6 +1264,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_D2I_X509                                  156
 # define ASN1_F_D2I_X509_CINF                             157
 # define ASN1_F_D2I_X509_PKEY                             159
 # define ASN1_F_I2D_ASN1_BIO_STREAM                       211
 # define ASN1_F_I2D_ASN1_SET                              188
 # define ASN1_F_I2D_ASN1_TIME                             160
 # define ASN1_F_I2D_DSA_PUBKEY                            161
@ -1198,10 +1276,12 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_LONG_C2I                                  166
 # define ASN1_F_OID_MODULE_INIT                           174
 # define ASN1_F_PARSE_TAGGING                             182
-#define ASN1_F_PKCS5_PBE2_SET				 167
+# define ASN1_F_PKCS5_PBE2_SET_IV                         167
 # define ASN1_F_PKCS5_PBE_SET                             202
-#define ASN1_F_SMIME_READ_ASN1				 210
+# define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
-#define ASN1_F_SMIME_TEXT				 211
+# define ASN1_F_PKCS5_PBKDF2_SET                          219
 # define ASN1_F_SMIME_READ_ASN1                           212
 # define ASN1_F_SMIME_TEXT                                213
 # define ASN1_F_X509_CINF_NEW                             168
 # define ASN1_F_X509_CRL_ADD0_REVOKED                     169
 # define ASN1_F_X509_INFO_NEW                             170
@ -1213,22 +1293,24 @@ void ERR_load_ASN1_strings(void);
 /* Reason codes. */
 # define ASN1_R_ADDING_OBJECT                             171
-#define ASN1_R_ASN1_PARSE_ERROR				 198
+# define ASN1_R_ASN1_PARSE_ERROR                          203
-#define ASN1_R_ASN1_SIG_PARSE_ERROR			 199
+# define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
 # define ASN1_R_AUX_ERROR                                 100
 # define ASN1_R_BAD_CLASS                                 101
 # define ASN1_R_BAD_OBJECT_HEADER                         102
 # define ASN1_R_BAD_PASSWORD_READ                         103
 # define ASN1_R_BAD_TAG                                   104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
 # define ASN1_R_BN_LIB                                    105
 # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
 # define ASN1_R_BUFFER_TOO_SMALL                          107
 # define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
 # define ASN1_R_CONTEXT_NOT_INITIALISED                   217
 # define ASN1_R_DATA_IS_WRONG                             109
 # define ASN1_R_DECODE_ERROR                              110
 # define ASN1_R_DECODING_ERROR                            111
 # define ASN1_R_DEPTH_EXCEEDED                            174
 # define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
 # define ASN1_R_ENCODE_ERROR                              112
 # define ASN1_R_ERROR_GETTING_TIME                        173
 # define ASN1_R_ERROR_LOADING_SECTION                     172
@ -1260,12 +1342,13 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_ILLEGAL_TIME_VALUE                        184
 # define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
 # define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
 # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT              220
 # define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
 # define ASN1_R_INVALID_DIGIT                             130
-#define ASN1_R_INVALID_MIME_TYPE			 200
+# define ASN1_R_INVALID_MIME_TYPE                         205
 # define ASN1_R_INVALID_MODIFIER                          186
 # define ASN1_R_INVALID_NUMBER                            187
-#define ASN1_R_INVALID_OBJECT_ENCODING			 212
+# define ASN1_R_INVALID_OBJECT_ENCODING                   216
 # define ASN1_R_INVALID_SEPARATOR                         131
 # define ASN1_R_INVALID_TIME_FORMAT                       132
 # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
@ -1273,9 +1356,9 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_IV_TOO_LARGE                              135
 # define ASN1_R_LENGTH_ERROR                              136
 # define ASN1_R_LIST_ERROR                                188
-#define ASN1_R_MIME_NO_CONTENT_TYPE			 201
+# define ASN1_R_MIME_NO_CONTENT_TYPE                      206
-#define ASN1_R_MIME_PARSE_ERROR				 202
+# define ASN1_R_MIME_PARSE_ERROR                          207
-#define ASN1_R_MIME_SIG_PARSE_ERROR			 203
+# define ASN1_R_MIME_SIG_PARSE_ERROR                      208
 # define ASN1_R_MISSING_EOC                               137
 # define ASN1_R_MISSING_SECOND_NUMBER                     138
 # define ASN1_R_MISSING_VALUE                             189
@ -1285,11 +1368,12 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_NON_HEX_CHARACTERS                        141
 # define ASN1_R_NOT_ASCII_FORMAT                          190
 # define ASN1_R_NOT_ENOUGH_DATA                           142
-#define ASN1_R_NO_CONTENT_TYPE				 204
+# define ASN1_R_NO_CONTENT_TYPE                           209
 # define ASN1_R_NO_DEFAULT_DIGEST                         201
 # define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE		 205
+# define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
-#define ASN1_R_NO_MULTIPART_BOUNDARY			 206
+# define ASN1_R_NO_MULTIPART_BOUNDARY                     211
-#define ASN1_R_NO_SIG_CONTENT_TYPE			 207
+# define ASN1_R_NO_SIG_CONTENT_TYPE                       212
 # define ASN1_R_NULL_IS_WRONG_LENGTH                      144
 # define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
 # define ASN1_R_ODD_NUMBER_OF_CHARS                       145
@ -1299,8 +1383,8 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
 # define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
 # define ASN1_R_SHORT_LINE                                150
-#define ASN1_R_SIG_INVALID_MIME_TYPE			 208
+# define ASN1_R_SIG_INVALID_MIME_TYPE                     213
-#define ASN1_R_STREAMING_NOT_SUPPORTED			 209
+# define ASN1_R_STREAMING_NOT_SUPPORTED                   202
 # define ASN1_R_STRING_TOO_LONG                           151
 # define ASN1_R_STRING_TOO_SHORT                          152
 # define ASN1_R_TAG_VALUE_TOO_HIGH                        153
@ -1308,14 +1392,16 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
 # define ASN1_R_TOO_LONG                                  155
 # define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
 # define ASN1_R_TYPE_NOT_PRIMITIVE                        218
 # define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
 # define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY          158
 # define ASN1_R_UNEXPECTED_EOC                            159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
 # define ASN1_R_UNKNOWN_FORMAT                            160
 # define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
 # define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
 # define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
 # define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
 # define ASN1_R_UNKNOWN_TAG                               194
 # define ASN1_R_UNKOWN_FORMAT                             195
 # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
@ -1323,6 +1409,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
 # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
 # define ASN1_R_UNSUPPORTED_TYPE                          196
 # define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
 # define ASN1_R_WRONG_TAG                                 168
 # define ASN1_R_WRONG_TYPE                                169
--- a/src/Mayaqua/win32_inc/openssl/asn1_mac.h
+++ b/src/Mayaqua/win32_inc/openssl/asn1_mac.h
@ -153,6 +153,13 @@ err:\
                M_ASN1_D2I_get(b,func); \
                }
 # define M_ASN1_D2I_get_int_opt(b,func,type) \
        if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
                == (V_ASN1_UNIVERSAL|(type)))) \
                { \
                M_ASN1_D2I_get_int(b,func); \
                }
 # define M_ASN1_D2I_get_imp(b,func, type) \
        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
        c.q=c.p; \
@ -354,16 +361,17 @@ err:\
        if (((arg)=func()) == NULL) return(NULL)
 # define M_ASN1_New_Error(a) \
-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+/*-     err:    ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
                return(NULL);*/ \
        err2:   ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
                return(NULL)
-
+/*
-/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,
+ * BIG UGLY WARNING! This is so damn ugly I wanna puke.  Unfortunately, some
-   some macros that use ASN1_const_CTX still insist on writing in the input
+ * macros that use ASN1_const_CTX still insist on writing in the input
-   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.
+ * stream.  ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? --
-   Please?						-- Richard Levitte */
+ * Richard Levitte
 */
 # define M_ASN1_next             (*((unsigned char *)(c.p)))
 # define M_ASN1_next_prev        (*((unsigned char *)(c.q)))
--- a/src/Mayaqua/win32_inc/openssl/asn1t.h
+++ b/src/Mayaqua/win32_inc/openssl/asn1t.h
@ -1,9 +1,10 @@
 /* asn1t.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
- * project 2000.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -73,13 +74,11 @@
 extern "C" {
 #endif
 # ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
 /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
 #  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
 /* Macros for start and end of ASN1_ITEM definition */
 #  define ASN1_ITEM_start(itname) \
@ -93,7 +92,6 @@ extern "C" {
 /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
 #  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
 /* Macros for start and end of ASN1_ITEM definition */
 #  define ASN1_ITEM_start(itname) \
@ -108,7 +106,6 @@ extern "C" {
 # endif
 /* Macros to aid ASN1 template writing */
 # define ASN1_ITEM_TEMPLATE(tname) \
@ -126,10 +123,10 @@ extern "C" {
                #tname \
        ASN1_ITEM_end(tname)
 /* This is a ASN1 type which just embeds a template */
-/* This pair helps declare a SEQUENCE. We can do:
+/*-
 * This pair helps declare a SEQUENCE. We can do:
 *
 *      ASN1_SEQUENCE(stname) = {
 *              ... SEQUENCE components ...
@ -218,8 +215,20 @@ extern "C" {
                #stname \
        ASN1_ITEM_end(tname)
 # define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
        ;\
        ASN1_ITEM_start(tname) \
                ASN1_ITYPE_NDEF_SEQUENCE,\
                V_ASN1_SEQUENCE,\
                tname##_seq_tt,\
                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
                &tname##_aux,\
                sizeof(stname),\
                #stname \
        ASN1_ITEM_end(tname)
-/* This pair helps declare a CHOICE type. We can do:
+/*-
 * This pair helps declare a CHOICE type. We can do:
 *
 *      ASN1_CHOICE(chname) = {
 *              ... CHOICE options ...
@ -425,10 +434,10 @@ extern "C" {
 # define ASN1_ADB_TEMPLATE(name) \
        static const ASN1_TEMPLATE name##_tt
-/* This is the ASN1 template structure that defines
+/*
- * a wrapper round the actual type. It determines the
+ * This is the ASN1 template structure that defines a wrapper round the
- * actual position of the field in the value structure,
+ * actual type. It determines the actual position of the field in the value
- * various flags such as OPTIONAL and the field name.
+ * structure, various flags such as OPTIONAL and the field name.
 */
 struct ASN1_TEMPLATE_st {
@ -475,25 +484,24 @@ struct ASN1_ADB_TABLE_st {
 /* Field is a SEQUENCE OF */
 # define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
-/* Special case: this refers to a SET OF that
+/*
- * will be sorted into DER order when encoded *and*
+ * Special case: this refers to a SET OF that will be sorted into DER order
- * the corresponding STACK will be modified to match
+ * when encoded *and* the corresponding STACK will be modified to match the
- * the new order.
+ * new order.
 */
 # define ASN1_TFLG_SET_ORDER     (0x3 << 1)
 /* Mask for SET OF or SEQUENCE OF */
 # define ASN1_TFLG_SK_MASK       (0x3 << 1)
-/* These flags mean the tag should be taken from the
+/*
- * tag field. If EXPLICIT then the underlying type
+ * These flags mean the tag should be taken from the tag field. If EXPLICIT
- * is used for the inner tag.
+ * then the underlying type is used for the inner tag.
 */
 /* IMPLICIT tagging */
 # define ASN1_TFLG_IMPTAG        (0x1 << 3)
 /* EXPLICIT tagging, inner tag from underlying type */
 # define ASN1_TFLG_EXPTAG        (0x2 << 3)
@ -505,10 +513,10 @@ struct ASN1_ADB_TABLE_st {
 /* context specific EXPLICIT */
 # define ASN1_TFLG_EXPLICIT      ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
-/* If tagging is in force these determine the
+/*
- * type of tag to use. Otherwise the tag is
+ * If tagging is in force these determine the type of tag to use. Otherwise
- * determined by the underlying type. These 
+ * the tag is determined by the underlying type. These values reflect the
- * values reflect the actual octet format.
+ * actual octet format.
 */
 /* Universal tag */
@ -522,9 +530,9 @@ struct ASN1_ADB_TABLE_st {
 # define ASN1_TFLG_TAG_CLASS     (0x3<<6)
-/* These are for ANY DEFINED BY type. In this case
+/*
- * the 'item' field points to an ASN1_ADB structure
+ * These are for ANY DEFINED BY type. In this case the 'item' field points to
- * which contains a table of values to decode the
+ * an ASN1_ADB structure which contains a table of values to decode the
 * relevant type
 */
@ -534,19 +542,18 @@ struct ASN1_ADB_TABLE_st {
 # define ASN1_TFLG_ADB_INT       (0x1<<9)
-/* This flag means a parent structure is passed
+/*
- * instead of the field: this is useful is a
+ * This flag means a parent structure is passed instead of the field: this is
- * SEQUENCE is being combined with a CHOICE for
+ * useful is a SEQUENCE is being combined with a CHOICE for example. Since
- * example. Since this means the structure and
+ * this means the structure and item name will differ we need to use the
 * item name will differ we need to use the
 * ASN1_CHOICE_END_name() macro for example.
 */
 # define ASN1_TFLG_COMBINE       (0x1<<10)
-/* This flag when present in a SEQUENCE OF, SET OF
+/*
- * or EXPLICIT causes indefinite length constructed
+ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
- * encoding to be used if required.
+ * indefinite length constructed encoding to be used if required.
 */
 # define ASN1_TFLG_NDEF          (0x1<<11)
@ -554,9 +561,11 @@ struct ASN1_ADB_TABLE_st {
 /* This is the actual ASN1 item itself */
 struct ASN1_ITEM_st {
-char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */
+    char itype;                 /* The item type, primitive, SEQUENCE, CHOICE
                                 * or extern */
    long utype;                 /* underlying type */
-const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */
+    const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains
                                     * the contents */
    long tcount;                /* Number of templates if SEQUENCE or CHOICE */
    const void *funcs;          /* functions that handle this type */
    long size;                  /* Structure size (usually) */
@ -565,7 +574,8 @@ const char *sname;		/* Structure name */
 # endif
 };
-/* These are values for the itype field and
+/*-
 * These are values for the itype field and
 * determine how the type is interpreted.
 *
 * For PRIMITIVE types the underlying type
@ -623,8 +633,8 @@ const char *sname;		/* Structure name */
 # define ASN1_ITYPE_NDEF_SEQUENCE        0x6
-/* Cache for ASN1 tag and length, so we
+/*
- * don't keep re-reading it for things
+ * Cache for ASN1 tag and length, so we don't keep re-reading it for things
 * like CHOICE
 */
@ -641,18 +651,31 @@ struct ASN1_TLC_st{
 typedef ASN1_VALUE *ASN1_new_func(void);
 typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
+typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in,
                                  long length);
 typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in);
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-					int tag, int aclass, char opt, ASN1_TLC *ctx);
+                        const ASN1_ITEM *it, int tag, int aclass, char opt,
                        ASN1_TLC *ctx);
-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                        const ASN1_ITEM *it, int tag, int aclass);
 typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+                               int indent, const char *fname,
                               const ASN1_PCTX *pctx);
 typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
                               int *putype, const ASN1_ITEM *it);
 typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
                               int len, int utype, char *free_cont,
                               const ASN1_ITEM *it);
 typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
                                 const ASN1_ITEM *it, int indent,
                                 const ASN1_PCTX *pctx);
 typedef struct ASN1_COMPAT_FUNCS_st {
    ASN1_new_func *asn1_new;
@ -668,6 +691,7 @@ typedef struct ASN1_EXTERN_FUNCS_st {
    ASN1_ex_free_func *asn1_ex_clear;
    ASN1_ex_d2i *asn1_ex_d2i;
    ASN1_ex_i2d *asn1_ex_i2d;
    ASN1_ex_print_func *asn1_ex_print;
 } ASN1_EXTERN_FUNCS;
 typedef struct ASN1_PRIMITIVE_FUNCS_st {
@ -678,26 +702,24 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st {
    ASN1_ex_free_func *prim_clear;
    ASN1_primitive_c2i *prim_c2i;
    ASN1_primitive_i2c *prim_i2c;
    ASN1_primitive_print *prim_print;
 } ASN1_PRIMITIVE_FUNCS;
-/* This is the ASN1_AUX structure: it handles various
+/*
- * miscellaneous requirements. For example the use of
+ * This is the ASN1_AUX structure: it handles various miscellaneous
- * reference counts and an informational callback.
+ * requirements. For example the use of reference counts and an informational
- *
+ * callback. The "informational callback" is called at various points during
- * The "informational callback" is called at various
+ * the ASN1 encoding and decoding. It can be used to provide minor
- * points during the ASN1 encoding and decoding. It can
+ * customisation of the structures used. This is most useful where the
- * be used to provide minor customisation of the structures
+ * supplied routines *almost* do the right thing but need some extra help at
- * used. This is most useful where the supplied routines
+ * a few points. If the callback returns zero then it is assumed a fatal
- * *almost* do the right thing but need some extra help
+ * error has occurred and the main operation should be abandoned. If major
- * at a few points. If the callback returns zero then
+ * changes in the default behaviour are required then an external type is
- * it is assumed a fatal error has occurred and the 
+ * more appropriate.
 * main operation should be abandoned.
 *
 * If major changes in the default behaviour are required
 * then an external type is more appropriate.
 */
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
                        void *exarg);
 typedef struct ASN1_AUX_st {
    void *app_data;
@ -708,6 +730,23 @@ typedef struct ASN1_AUX_st {
    int enc_offset;             /* Offset of ASN1_ENCODING structure */
 } ASN1_AUX;
 /* For print related callbacks exarg points to this structure */
 typedef struct ASN1_PRINT_ARG_st {
    BIO *out;
    int indent;
    const ASN1_PCTX *pctx;
 } ASN1_PRINT_ARG;
 /* For streaming related callbacks exarg points to this structure */
 typedef struct ASN1_STREAM_ARG_st {
    /* BIO to stream through */
    BIO *out;
    /* BIO with filters appended */
    BIO *ndef_bio;
    /* Streaming I/O boundary */
    unsigned char **boundary;
 } ASN1_STREAM_ARG;
 /* Flags in ASN1_AUX */
 /* Use a reference count */
@ -727,6 +766,12 @@ typedef struct ASN1_AUX_st {
 # define ASN1_OP_D2I_POST        5
 # define ASN1_OP_I2D_PRE         6
 # define ASN1_OP_I2D_POST        7
 # define ASN1_OP_PRINT_PRE       8
 # define ASN1_OP_PRINT_POST      9
 # define ASN1_OP_STREAM_PRE      10
 # define ASN1_OP_STREAM_POST     11
 # define ASN1_OP_DETACHED_PRE    12
 # define ASN1_OP_DETACHED_POST   13
 /* Macro to implement a primitive type */
 # define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
@ -782,9 +827,22 @@ typedef struct ASN1_AUX_st {
 # define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
 # define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
 # define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
 # define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
        pre stname *fname##_new(void) \
        { \
                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
        } \
        pre void fname##_free(stname *a) \
        { \
                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
        }
 # define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
        stname *fname##_new(void) \
        { \
@ -815,8 +873,9 @@ typedef struct ASN1_AUX_st {
                return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
        }
-/* This includes evil casts to remove const: they will go away when full
+/*
- * ASN1 constification is done.
+ * This includes evil casts to remove const: they will go away when full ASN1
 * constification is done.
 */
 # define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
@ -834,6 +893,17 @@ typedef struct ASN1_AUX_st {
        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
        }
 # define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
 # define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
        int fname##_print_ctx(BIO *out, stname *x, int indent, \
                                                const ASN1_PCTX *pctx) \
        { \
                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
                        ASN1_ITEM_rptr(itname), pctx); \
        }
 # define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
@ -862,30 +932,40 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+                      const ASN1_TEMPLATE *tt);
-				int tag, int aclass, char opt, ASN1_TLC *ctx);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                     const ASN1_ITEM *it, int tag, int aclass, char opt,
                     ASN1_TLC *ctx);
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+                     const ASN1_ITEM *it, int tag, int aclass);
 int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
                      const ASN1_TEMPLATE *tt);
 void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+                const ASN1_ITEM *it);
 int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                int utype, char *free_cont, const ASN1_ITEM *it);
 int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
                             const ASN1_ITEM *it);
 ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
                                 int nullerr);
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
+                     const ASN1_ITEM *it);
 int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
                  const ASN1_ITEM *it);
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/bio.h
+++ b/src/Mayaqua/win32_inc/openssl/bio.h
@ -68,6 +68,14 @@
 # include <openssl/crypto.h>
 # ifndef OPENSSL_NO_SCTP
 #  ifndef OPENSSL_SYS_VMS
 #   include <stdint.h>
 #  else
 #   include <inttypes.h>
 #  endif
 # endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@ -95,19 +103,26 @@ extern "C" {
 # define BIO_TYPE_BIO            (19|0x0400)/* (half a) BIO pair */
 # define BIO_TYPE_LINEBUFFER     (20|0x0200)/* filter */
 # define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
 # ifndef OPENSSL_NO_SCTP
 #  define BIO_TYPE_DGRAM_SCTP     (24|0x0400|0x0100)
 # endif
 # define BIO_TYPE_ASN1           (22|0x0200)/* filter */
 # define BIO_TYPE_COMP           (23|0x0200)/* filter */
 # define BIO_TYPE_DESCRIPTOR     0x0100/* socket, fd, connect or accept */
 # define BIO_TYPE_FILTER         0x0200
 # define BIO_TYPE_SOURCE_SINK    0x0400
-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+/*
- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
 * BIO_set_fp(in,stdin,BIO_NOCLOSE);
 */
 # define BIO_NOCLOSE             0x00
 # define BIO_CLOSE               0x01
-/* These are used in the following macros and are passed to
+/*
- * BIO_ctrl() */
+ * These are used in the following macros and are passed to BIO_ctrl()
 */
 # define BIO_CTRL_RESET          1/* opt - rewind/zero etc */
 # define BIO_CTRL_EOF            2/* opt - are we at the eof */
 # define BIO_CTRL_INFO           3/* opt - extra tit-bits */
@ -129,9 +144,8 @@ extern "C" {
 /* dgram BIO stuff */
 # define BIO_CTRL_DGRAM_CONNECT       31/* BIO dgram special */
-#define BIO_CTRL_DGRAM_SET_CONNECTED 32  /* allow for an externally
+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
-					  * connected socket to be
+                                         * socket to be passed in */
 					  * passed in */ 
 # define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
 # define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
 # define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
@ -147,21 +161,37 @@ extern "C" {
 # define BIO_CTRL_DGRAM_QUERY_MTU          40/* as kernel for current MTU */
 # define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
 # define BIO_CTRL_DGRAM_GET_MTU            41/* get cached value for MTU */
-#define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
+# define BIO_CTRL_DGRAM_SET_MTU            42/* set cached value for MTU.
-					      * MTU. want to use this
+                                              * want to use this if asking
-					      * if asking the kernel
+                                              * the kernel fails */
 					      * fails */
-#define BIO_CTRL_DGRAM_MTU_EXCEEDED       43 /* check whether the MTU
+# define BIO_CTRL_DGRAM_MTU_EXCEEDED       43/* check whether the MTU was
-					      * was exceed in the
+                                              * exceed in the previous write
 					      * previous write
                                              * operation */
 # define BIO_CTRL_DGRAM_GET_PEER           46
 # define BIO_CTRL_DGRAM_SET_PEER           44/* Destination for the data */
-#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45/* Next DTLS handshake timeout
-											  * adjust socket timeouts */
+                                              * to adjust socket timeouts */
 # define BIO_CTRL_DGRAM_SET_DONT_FRAG      48
 # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
 # ifndef OPENSSL_NO_SCTP
 /* SCTP stuff */
 #  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
 #  define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY                51
 #  define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY               52
 #  define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD               53
 #  define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO         60
 #  define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO         61
 #  define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO         62
 #  define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO         63
 #  define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                  64
 #  define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                  65
 #  define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN               70
 # endif
 /* modifiers */
 # define BIO_FP_READ             0x02
@ -175,8 +205,10 @@ extern "C" {
 # define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
 # define BIO_FLAGS_SHOULD_RETRY  0x08
 # ifndef BIO_FLAGS_UPLINK
-/* "UPLINK" flag denotes file descriptors provided by application.
+/*
-   It defaults to 0, as most platforms don't require UPLINK interface. */
+ * "UPLINK" flag denotes file descriptors provided by application. It
 * defaults to 0, as most platforms don't require UPLINK interface.
 */
 #  define BIO_FLAGS_UPLINK        0
 # endif
@ -188,7 +220,8 @@ extern "C" {
 # define BIO_GHBN_CTRL_FLUSH             5
 /* Mostly used in the SSL BIO */
-/* Not used anymore
+/*-
 * Not used anymore
 * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
 * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
 * #define BIO_FLAGS_PROTOCOL_STARTUP   0x40
@ -196,7 +229,8 @@ extern "C" {
 # define BIO_FLAGS_BASE64_NO_NL  0x100
-/* This is used with memory BIOs: it means we shouldn't free up or change the
+/*
 * This is used with memory BIOs: it means we shouldn't free up or change the
 * data in any way.
 */
 # define BIO_FLAGS_MEM_RDONLY    0x200
@ -228,12 +262,16 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_retry_type(a)               BIO_test_flags(a, BIO_FLAGS_RWS)
 # define BIO_should_retry(a)             BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
-/* The next three are used in conjunction with the
+/*
- * BIO_should_io_special() condition.  After this returns true,
+ * The next three are used in conjunction with the BIO_should_io_special()
- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
+ * condition.  After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
- * stack and return the 'reason' for the special and the offending BIO.
+ * *reason); will walk the BIO stack and return the 'reason' for the special
- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
-/* Returned from the SSL bio when the certificate retrieval code had an error */
+ * the code.
 */
 /*
 * Returned from the SSL bio when the certificate retrieval code had an error
 */
 # define BIO_RR_SSL_X509_LOOKUP          0x01
 /* Returned from the connect BIO when a connect would have blocked */
 # define BIO_RR_CONNECT                  0x02
@ -248,27 +286,30 @@ void BIO_clear_flags(BIO *b, int flags);
 # define BIO_CB_GETS     0x05
 # define BIO_CB_CTRL     0x06
-/* The callback is called before and after the underling operation,
+/*
- * The BIO_CB_RETURN flag indicates if it is after the call */
+ * The callback is called before and after the underling operation, The
 * BIO_CB_RETURN flag indicates if it is after the call
 */
 # define BIO_CB_RETURN   0x80
 # define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
 # define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 # define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
                                        int, long, long);
 void BIO_set_callback(BIO *b,
-	long (*callback)(struct bio_st *,int,const char *,int, long,long));
+                      long (*callback) (struct bio_st *, int, const char *,
                                        int, long, long));
 char *BIO_get_callback_arg(const BIO *b);
 void BIO_set_callback_arg(BIO *b, char *arg);
 const char *BIO_method_name(const BIO *b);
 int BIO_method_type(const BIO *b);
-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
+typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
                          long);
-#ifndef OPENSSL_SYS_WIN16
+typedef struct bio_method_st {
 typedef struct bio_method_st
 	{
    int type;
    const char *name;
    int (*bwrite) (BIO *, const char *, int);
@ -280,29 +321,12 @@ typedef struct bio_method_st
    int (*destroy) (BIO *);
    long (*callback_ctrl) (BIO *, int, bio_info_cb *);
 } BIO_METHOD;
 #else
 typedef struct bio_method_st
 	{
 	int type;
 	const char *name;
 	int (_far *bwrite)();
 	int (_far *bread)();
 	int (_far *bputs)();
 	int (_far *bgets)();
 	long (_far *ctrl)();
 	int (_far *create)();
 	int (_far *destroy)();
 	long (_far *callback_ctrl)();
 	} BIO_METHOD;
 #endif
-struct bio_st
+struct bio_st {
 	{
    BIO_METHOD *method;
    /* bio, mode, argp, argi, argl, ret */
    long (*callback) (struct bio_st *, int, const char *, int, long, long);
    char *cb_arg;               /* first argument for the callback */
    int init;
    int shutdown;
    int flags;                  /* extra storage */
@ -314,15 +338,14 @@ struct bio_st
    int references;
    unsigned long num_read;
    unsigned long num_write;
    CRYPTO_EX_DATA ex_data;
 };
 DECLARE_STACK_OF(BIO)
-typedef struct bio_f_buffer_ctx_struct
+typedef struct bio_f_buffer_ctx_struct {
-	{
+    /*-
-	/* Buffers are setup like this:
+     * Buffers are setup like this:
     *
     * <---------------------- size ----------------------->
     * +---------------------------------------------------+
@ -330,20 +353,48 @@ typedef struct bio_f_buffer_ctx_struct
     * +---------------------------------------------------+
     * <-- off --><------- len ------->
     */
-
+    /*- BIO *bio; *//*
-	/* BIO *bio; */ /* this is now in the BIO struct */
+     * this is now in the BIO struct
     */
    int ibuf_size;              /* how big is the input buffer */
    int obuf_size;              /* how big is the output buffer */
    char *ibuf;                 /* the char array */
    int ibuf_len;               /* how many bytes are in it */
    int ibuf_off;               /* write/read offset */
    char *obuf;                 /* the char array */
    int obuf_len;               /* how many bytes are in it */
    int obuf_off;               /* write/read offset */
 } BIO_F_BUFFER_CTX;
 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
                          void *parg);
 # ifndef OPENSSL_NO_SCTP
 /* SCTP parameter structs */
 struct bio_dgram_sctp_sndinfo {
    uint16_t snd_sid;
    uint16_t snd_flags;
    uint32_t snd_ppid;
    uint32_t snd_context;
 };
 struct bio_dgram_sctp_rcvinfo {
    uint16_t rcv_sid;
    uint16_t rcv_ssn;
    uint16_t rcv_flags;
    uint32_t rcv_ppid;
    uint32_t rcv_tsn;
    uint32_t rcv_cumtsn;
    uint32_t rcv_context;
 };
 struct bio_dgram_sctp_prinfo {
    uint16_t pr_policy;
    uint32_t pr_value;
 };
 # endif
 /* connect BIO stuff */
 # define BIO_CONN_S_BEFORE               1
 # define BIO_CONN_S_GET_IP               2
@ -353,7 +404,9 @@ typedef struct bio_f_buffer_ctx_struct
 # define BIO_CONN_S_OK                   6
 # define BIO_CONN_S_BLOCKED_CONNECT      7
 # define BIO_CONN_S_NBIO                 8
-/*#define BIO_CONN_get_param_hostname	BIO_ctrl */
+/*
 * #define BIO_CONN_get_param_hostname BIO_ctrl
 */
 # define BIO_C_SET_CONNECT                       100
 # define BIO_C_DO_STATE_MACHINE                  101
@ -385,7 +438,8 @@ typedef struct bio_f_buffer_ctx_struct
 # define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
 # define BIO_C_FILE_SEEK                         128
 # define BIO_C_GET_CIPHER_CTX                    129
-#define BIO_C_SET_BUF_MEM_EOF_RETURN		130/*return end of input value*/
+# define BIO_C_SET_BUF_MEM_EOF_RETURN            130/* return end of input
                                                     * value */
 # define BIO_C_SET_BIND_MODE                     131
 # define BIO_C_GET_BIND_MODE                     132
 # define BIO_C_FILE_TELL                         133
@ -406,6 +460,13 @@ typedef struct bio_f_buffer_ctx_struct
 # define BIO_C_RESET_READ_REQUEST                147
 # define BIO_C_SET_MD_CTX                        148
 # define BIO_C_SET_PREFIX                        149
 # define BIO_C_GET_PREFIX                        150
 # define BIO_C_SET_SUFFIX                        151
 # define BIO_C_GET_SUFFIX                        152
 # define BIO_C_SET_EX_ARG                        153
 # define BIO_C_GET_EX_ARG                        154
 # define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
 # define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
@ -420,7 +481,6 @@ typedef struct bio_f_buffer_ctx_struct
 # define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
 # define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
 # define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
 /* BIO_s_accept_socket() */
@ -464,10 +524,13 @@ typedef struct bio_f_buffer_ctx_struct
 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
 # define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
-/* name is cast to lose const, but might be better to route through a function
+/*
-   so we can do it safely */
+ * name is cast to lose const, but might be better to route through a
 * function so we can do it safely
 */
 # ifdef CONST_STRICT
-/* If you are wondering why this isn't defined, its because CONST_STRICT is
+/*
 * If you are wondering why this isn't defined, its because CONST_STRICT is
 * purely a compile-time kludge to allow const to be checked.
 */
 int BIO_read_filename(BIO *b, const char *name);
@ -482,10 +545,12 @@ int BIO_read_filename(BIO *b,const char *name);
 # define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
-/* WARNING WARNING, this ups the reference count on the read bio of the
+/*
- * SSL structure.  This is because the ssl read BIO is now pointed to by
+ * WARNING WARNING, this ups the reference count on the read bio of the SSL
- * the next_bio field in the bio.  So when you free the BIO, make sure
+ * structure.  This is because the ssl read BIO is now pointed to by the
- * you are doing a BIO_free_all() to catch the underlying BIO. */
+ * next_bio field in the bio.  So when you free the BIO, make sure you are
 * doing a BIO_free_all() to catch the underlying BIO.
 */
 # define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
 # define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
 # define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
@ -558,6 +623,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
 # define BIO_dgram_set_peer(b,peer) \
         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
 # define BIO_dgram_get_mtu_overhead(b) \
         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
 /* These two aren't currently implemented */
 /* int BIO_get_ex_num(BIO *bio); */
@ -569,22 +636,21 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 unsigned long BIO_number_read(BIO *bio);
 unsigned long BIO_number_written(BIO *bio);
 /* For BIO_f_asn1() */
 int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
                        asn1_ps_func *prefix_free);
 int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
                        asn1_ps_func **pprefix_free);
 int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
                        asn1_ps_func *suffix_free);
 int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
                        asn1_ps_func **psuffix_free);
 # ifndef OPENSSL_NO_FP_API
 #  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
 BIO_METHOD *BIO_s_file_internal(void);
 BIO *BIO_new_file_internal(char *filename, char *mode);
 BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
 #    define BIO_s_file	BIO_s_file_internal
 #    define BIO_new_file	BIO_new_file_internal
 #    define BIO_new_fp	BIO_new_fp_internal
 #  else /* FP_API */
 BIO_METHOD *BIO_s_file(void);
 BIO *BIO_new_file(const char *filename, const char *mode);
 BIO *BIO_new_fp(FILE *stream, int close_flag);
 #  define BIO_s_file_internal    BIO_s_file
 #    define BIO_new_file_internal	BIO_new_file
 #    define BIO_new_fp_internal		BIO_s_file
 #  endif /* FP_API */
 # endif
 BIO *BIO_new(BIO_METHOD *type);
 int BIO_set(BIO *a, BIO_METHOD *type);
@ -596,7 +662,9 @@ int	BIO_write(BIO *b, const void *data, int len);
 int BIO_puts(BIO *bp, const char *buf);
 int BIO_indent(BIO *b, int indent, int max);
 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+long BIO_callback_ctrl(BIO *b, int cmd,
                       void (*fp) (struct bio_st *, int, const char *, int,
                                   long, long));
 char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
 long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
 BIO *BIO_push(BIO *b, BIO *append);
@ -613,13 +681,8 @@ int BIO_nread(BIO *bio, char **buf, int num);
 int BIO_nwrite0(BIO *bio, char **buf);
 int BIO_nwrite(BIO *bio, char **buf, int num);
 #ifndef OPENSSL_SYS_WIN16
 long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
                        long argl, long ret);
 #else
 long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #endif
 BIO_METHOD *BIO_s_mem(void);
 BIO *BIO_new_mem_buf(void *buf, int len);
@ -640,6 +703,9 @@ BIO_METHOD *BIO_f_linebuffer(void);
 BIO_METHOD *BIO_f_nbio_test(void);
 # ifndef OPENSSL_NO_DGRAM
 BIO_METHOD *BIO_s_datagram(void);
 #  ifndef OPENSSL_NO_SCTP
 BIO_METHOD *BIO_s_datagram_sctp(void);
 #  endif
 # endif
 /* BIO_METHOD *BIO_f_ber(void); */
@ -660,8 +726,12 @@ int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
 int BIO_dump_fp(FILE *fp, const char *s, int len);
 int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
 # endif
 int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
                   int datalen);
 struct hostent *BIO_gethostbyname(const char *name);
-/* We might want a thread-safe interface too:
+/*-
 * We might want a thread-safe interface too:
 * struct hostent *BIO_gethostbyname_r(const char *name,
 *     struct hostent *result, void *buffer, size_t buflen);
 * or something similar (caller allocates a struct hostent,
@ -682,20 +752,35 @@ int BIO_set_tcp_ndelay(int sock,int turn_on);
 BIO *BIO_new_socket(int sock, int close_flag);
 BIO *BIO_new_dgram(int fd, int close_flag);
 # ifndef OPENSSL_NO_SCTP
 BIO *BIO_new_dgram_sctp(int fd, int close_flag);
 int BIO_dgram_is_sctp(BIO *bio);
 int BIO_dgram_sctp_notification_cb(BIO *b,
                                   void (*handle_notifications) (BIO *bio,
                                                                 void
                                                                 *context,
                                                                 void *buf),
                                   void *context);
 int BIO_dgram_sctp_wait_for_dry(BIO *b);
 int BIO_dgram_sctp_msg_waiting(BIO *b);
 # endif
 BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_connect(const char *host_port);
-BIO *BIO_new_accept(char *host_port);
+BIO *BIO_new_accept(const char *host_port);
 int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
                     BIO **bio2, size_t writebuf2);
-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+/*
- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
- * Size 0 uses default value.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
 * value.
 */
 void BIO_copy_next_retry(BIO *b);
-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
+/*
 * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
 */
 # ifdef __GNUC__
 #  define __bio_h__attr__ __attribute__
@ -713,7 +798,8 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
 # undef __bio_h__attr__
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_BIO_strings(void);
@ -746,6 +832,8 @@ void ERR_load_BIO_strings(void);
 # define BIO_F_BUFFER_CTRL                                114
 # define BIO_F_CONN_CTRL                                  127
 # define BIO_F_CONN_STATE                                 115
 # define BIO_F_DGRAM_SCTP_READ                            132
 # define BIO_F_DGRAM_SCTP_WRITE                           133
 # define BIO_F_FILE_CTRL                                  116
 # define BIO_F_FILE_READ                                  130
 # define BIO_F_LINEBUFFER_CTRL                            129
--- a/src/Mayaqua/win32_inc/openssl/blowfish.h
+++ b/src/Mayaqua/win32_inc/openssl/blowfish.h
@ -72,14 +72,14 @@ extern "C" {
 # define BF_ENCRYPT      1
 # define BF_DECRYPT      0
-/*
+/*-
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
 * ! BF_LONG_LOG2 has to be defined along.                        !
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# if defined(__LP32__)
 #  define BF_LONG unsigned long
 # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #  define BF_LONG unsigned long
@ -98,8 +98,7 @@ extern "C" {
 # define BF_ROUNDS       16
 # define BF_BLOCK        8
-typedef struct bf_key_st
+typedef struct bf_key_st {
 	{
    BF_LONG P[BF_ROUNDS + 2];
    BF_LONG S[4 * 256];
 } BF_KEY;
@ -116,10 +115,12 @@ void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
                    const BF_KEY *key, int enc);
 void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
                    const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-	const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
+                      long length, const BF_KEY *schedule,
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+                      unsigned char *ivec, int *num, int enc);
-	const BF_KEY *schedule, unsigned char *ivec, int *num);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
                      long length, const BF_KEY *schedule,
                      unsigned char *ivec, int *num);
 const char *BF_options(void);
 #ifdef  __cplusplus
--- a/src/Mayaqua/win32_inc/openssl/bn.h
+++ b/src/Mayaqua/win32_inc/openssl/bn.h
@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 /* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
@ -77,38 +130,42 @@
 #  include <stdio.h>            /* FILE */
 # endif
 # include <openssl/ossl_typ.h>
 # include <openssl/crypto.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-/* These preprocessor symbols control various aspects of the bignum headers and
+/*
- * library code. They're not defined by any "normal" configuration, as they are
+ * These preprocessor symbols control various aspects of the bignum headers
- * intended for development and testing purposes. NB: defining all three can be
+ * and library code. They're not defined by any "normal" configuration, as
- * useful for debugging application code as well as openssl itself.
+ * they are intended for development and testing purposes. NB: defining all
- *
+ * three can be useful for debugging application code as well as openssl
- * BN_DEBUG - turn on various debugging alterations to the bignum code
+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum
- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
 * mismanagement of bignum internals. You must also define BN_DEBUG.
 */
 /* #define BN_DEBUG */
 /* #define BN_DEBUG_RAND */
 # ifndef OPENSSL_SMALL_FOOTPRINT
 #  define BN_MUL_COMBA
 #  define BN_SQR_COMBA
 #  define BN_RECURSION
 # endif
-/* This next option uses the C libraries (2 word)/(1 word) function.
+/*
- * If it is not defined, I use my C version (which is slower).
+ * This next option uses the C libraries (2 word)/(1 word) function. If it is
- * The reason for this flag is that when the particular C compiler
+ * not defined, I use my C version (which is slower). The reason for this
- * library routine is used, and the library is linked with a different
+ * flag is that when the particular C compiler library routine is used, and
- * compiler, the library is missing.  This mostly happens when the
+ * the library is linked with a different compiler, the library is missing.
- * library is built with gcc and then linked using normal cc.  This would
+ * This mostly happens when the library is built with gcc and then linked
- * be a common occurrence because gcc normally produces code that is
+ * using normal cc.  This would be a common occurrence because gcc normally
- * 2 times faster than system compilers for the big number stuff.
+ * produces code that is 2 times faster than system compilers for the big
- * For machines with only one compiler (or shared libraries), this should
+ * number stuff. For machines with only one compiler (or shared libraries),
- * be on.  Again this in only really a problem on machines
+ * this should be on.  Again this in only really a problem on machines using
- * using "long long's", are 32bit, and are not using my assembler code. */
+ * "long long's", are 32bit, and are not using my assembler code.
 */
 # if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
    defined(OPENSSL_SYS_WIN32) || defined(linux)
 #  ifndef BN_DIV2W
@ -116,9 +173,10 @@ extern "C" {
 #  endif
 # endif
-/* assuming long is 64bit - this is the DEC Alpha
+/*
- * unsigned long long is only 64 bits :-(, don't define
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
- * BN_LLONG for the DEC Alpha */
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
 */
 # ifdef SIXTY_FOUR_BIT_LONG
 #  define BN_ULLONG       unsigned long long
 #  define BN_ULONG        unsigned long
@ -137,12 +195,15 @@ extern "C" {
 #  define BN_DEC_FMT1     "%lu"
 #  define BN_DEC_FMT2     "%019lu"
 #  define BN_DEC_NUM      19
 #  define BN_HEX_FMT1     "%lX"
 #  define BN_HEX_FMT2     "%016lX"
 # endif
-/* This is where the long long data type is 64 bits, but long is 32.
+/*
- * For machines where there are 64bit registers, this is the mode to use.
+ * This is where the long long data type is 64 bits, but long is 32. For
- * IRIX, on R4000 and above should use this mode, along with the relevant
+ * machines where there are 64bit registers, this is the mode to use. IRIX,
- * assembler code :-).  Do NOT define BN_LLONG.
+ * on R4000 and above should use this mode, along with the relevant assembler
 * code :-).  Do NOT define BN_LLONG.
 */
 # ifdef SIXTY_FOUR_BIT
 #  undef BN_LLONG
@ -162,109 +223,72 @@ extern "C" {
 #  define BN_DEC_FMT1     "%llu"
 #  define BN_DEC_FMT2     "%019llu"
 #  define BN_DEC_NUM      19
 #  define BN_HEX_FMT1     "%llX"
 #  define BN_HEX_FMT2     "%016llX"
 # endif
 # ifdef THIRTY_TWO_BIT
 #  ifdef BN_LLONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+#   if defined(_WIN32) && !defined(__GNUC__)
 #    define BN_ULLONG     unsigned __int64
 #    define BN_MASK       (0xffffffffffffffffI64)
 #   else
 #    define BN_ULLONG     unsigned long long
 #    define BN_MASK       (0xffffffffffffffffLL)
 #   endif
 #  endif
-#define BN_ULONG	unsigned long
+#  define BN_ULONG        unsigned int
-#define BN_LONG		long
+#  define BN_LONG         int
 #  define BN_BITS         64
 #  define BN_BYTES        4
 #  define BN_BITS2        32
 #  define BN_BITS4        16
 #ifdef OPENSSL_SYS_WIN32
 /* VC++ doesn't like the LL suffix */
 #define BN_MASK		(0xffffffffffffffffL)
 #else
 #define BN_MASK		(0xffffffffffffffffLL)
 #endif
 #  define BN_MASK2        (0xffffffffL)
 #  define BN_MASK2l       (0xffff)
 #  define BN_MASK2h1      (0xffff8000L)
 #  define BN_MASK2h       (0xffff0000L)
 #  define BN_TBIT         (0x80000000L)
 #  define BN_DEC_CONV     (1000000000L)
-#define BN_DEC_FMT1	"%lu"
+#  define BN_DEC_FMT1     "%u"
-#define BN_DEC_FMT2	"%09lu"
+#  define BN_DEC_FMT2     "%09u"
 #  define BN_DEC_NUM      9
-#endif
+#  define BN_HEX_FMT1     "%X"
-
+#  define BN_HEX_FMT2     "%08X"
 #ifdef SIXTEEN_BIT
 #ifndef BN_DIV2W
 #define BN_DIV2W
 #endif
 #define BN_ULLONG	unsigned long
 #define BN_ULONG	unsigned short
 #define BN_LONG		short
 #define BN_BITS		32
 #define BN_BYTES	2
 #define BN_BITS2	16
 #define BN_BITS4	8
 #define BN_MASK		(0xffffffff)
 #define BN_MASK2	(0xffff)
 #define BN_MASK2l	(0xff)
 #define BN_MASK2h1	(0xff80)
 #define BN_MASK2h	(0xff00)
 #define BN_TBIT		(0x8000)
 #define BN_DEC_CONV	(100000)
 #define BN_DEC_FMT1	"%u"
 #define BN_DEC_FMT2	"%05u"
 #define BN_DEC_NUM	5
 #endif
 #ifdef EIGHT_BIT
 #ifndef BN_DIV2W
 #define BN_DIV2W
 #endif
 #define BN_ULLONG	unsigned short
 #define BN_ULONG	unsigned char
 #define BN_LONG		char
 #define BN_BITS		16
 #define BN_BYTES	1
 #define BN_BITS2	8
 #define BN_BITS4	4
 #define BN_MASK		(0xffff)
 #define BN_MASK2	(0xff)
 #define BN_MASK2l	(0xf)
 #define BN_MASK2h1	(0xf8)
 #define BN_MASK2h	(0xf0)
 #define BN_TBIT		(0x80)
 #define BN_DEC_CONV	(100)
 #define BN_DEC_FMT1	"%u"
 #define BN_DEC_FMT2	"%02u"
 #define BN_DEC_NUM	2
 # endif
 # define BN_DEFAULT_BITS 1280
 # define BN_FLG_MALLOCED         0x01
 # define BN_FLG_STATIC_DATA      0x02
-#define BN_FLG_CONSTTIME	0x04 /* avoid leaking exponent information through timing,
+
 /*
 * avoid leaking exponent information through timing,
 * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
 * BN_div() will call BN_div_no_branch,
 * BN_mod_inverse() will call BN_mod_inverse_no_branch.
 */
 # define BN_FLG_CONSTTIME        0x04
-#ifndef OPENSSL_NO_DEPRECATED
+# ifdef OPENSSL_NO_DEPRECATED
-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
+/* deprecated name for the flag */
-                                      /* avoid leaking exponent information through timings
+#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
+/*
 * avoid leaking exponent information through timings
 * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime)
 */
 # endif
 # ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_FREE		0x8000	/* used for debuging */
+#  define BN_FLG_FREE             0x8000
                                       /* used for debuging */
 # endif
 # define BN_set_flags(b,n)       ((b)->flags|=(n))
 # define BN_get_flags(b,n)       ((b)->flags&(n))
-/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+/*
- * (the two BIGNUMs cannot not be used in parallel!) */
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
 * two BIGNUMs cannot not be used in parallel!)
 */
 # define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
                                  (dest)->top=(b)->top, \
                                  (dest)->dmax=(b)->dmax, \
@ -285,9 +309,9 @@ typedef struct bn_recp_ctx_st BN_RECP_CTX;
 typedef struct bn_gencb_st BN_GENCB;
 # endif
-struct bignum_st
+struct bignum_st {
-	{
+    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
-	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
+                                 * chunks. */
    int top;                    /* Index of last used d +1. */
    /* The next are internal book keeping for bn_expand. */
    int dmax;                   /* Size of the d array. */
@ -296,27 +320,23 @@ struct bignum_st
 };
 /* Used for montgomery multiplication */
-struct bn_mont_ctx_st
+struct bn_mont_ctx_st {
 	{
    int ri;                     /* number of bits in R */
    BIGNUM RR;                  /* used to convert to montgomery form */
    BIGNUM N;                   /* The modulus */
-	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
+    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
-	                * (Ni is only stored for bignum algorithm) */
+                                 * stored for bignum algorithm) */
-#if 0
+    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
-	/* OpenSSL 0.9.9 preview: */
+                                 * changed with 0.9.9, was "BN_ULONG n0;"
-	BN_ULONG n0[2];/* least significant word(s) of Ni */
+                                 * before) */
 #else
 	BN_ULONG n0;   /* least significant word of Ni */
 #endif
    int flags;
 };
-/* Used for reciprocal division/mod functions
+/*
- * It cannot be shared between threads
+ * Used for reciprocal division/mod functions It cannot be shared between
 * threads
 */
-struct bn_recp_ctx_st
+struct bn_recp_ctx_st {
 	{
    BIGNUM N;                   /* the divisor */
    BIGNUM Nr;                  /* the reciprocal */
    int num_bits;
@ -325,12 +345,10 @@ struct bn_recp_ctx_st
 };
 /* Used for slow "generation" functions. */
-struct bn_gencb_st
+struct bn_gencb_st {
 	{
    unsigned int ver;           /* To handle binary (in)compatibility */
    void *arg;                  /* callback-specific data */
-	union
+    union {
 		{
        /* if(ver==1) - handles old style callbacks */
        void (*cb_1) (int, int, void *);
        /* if(ver==2) - new callback style */
@ -352,14 +370,17 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
                tmp_gencb->arg = (cb_arg); \
                tmp_gencb->cb.cb_2 = (callback); }
-#define BN_prime_checks 0 /* default: select number of iterations
+# define BN_prime_checks 0      /* default: select number of iterations based
-			     based on the size of the number */
+                                 * on the size of the number */
-/* number of Miller-Rabin iterations for an error rate  of less than 2^-80
+/*
- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
+ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for
- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
+ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
+ * original paper: Damgaard, Landrock, Pomerance: Average case error
 * estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
 * 177-194)
 */
 # define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
                                (b) >=  850 ?  3 : \
                                (b) >=  650 ?  4 : \
@ -442,16 +463,21 @@ int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
           BN_CTX *ctx);
 # define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
 int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+               BN_CTX *ctx);
-int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+                     const BIGNUM *m);
-int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-	const BIGNUM *m, BN_CTX *ctx);
+               BN_CTX *ctx);
 int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                     const BIGNUM *m);
 int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
               BN_CTX *ctx);
 int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
 int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
 int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
-int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
                  BN_CTX *ctx);
 int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
@ -474,7 +500,8 @@ int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+                              const BIGNUM *m, BN_CTX *ctx,
                              BN_MONT_CTX *in_mont);
 int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
@ -504,13 +531,18 @@ char *	BN_bn2hex(const BIGNUM *a);
 char *BN_bn2dec(const BIGNUM *a);
 int BN_hex2bn(BIGNUM **a, const char *str);
 int BN_dec2bn(BIGNUM **a, const char *str);
 int BN_asc2bn(BIGNUM **a, const char *str);
 int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
                                                                  * -2 for
                                                                  * error */
 BIGNUM *BN_mod_inverse(BIGNUM *ret,
                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
 void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
 /* Deprecated versions */
 # ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
@ -520,8 +552,8 @@ int	BN_is_prime(const BIGNUM *p,int nchecks,
                void (*callback) (int, int, void *),
                BN_CTX *ctx, void *cb_arg);
 int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
-	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
+                         void (*callback) (int, int, void *), BN_CTX *ctx,
-	int do_trial_division);
+                         void *cb_arg, int do_trial_division);
 # endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
 /* Newer versions */
@ -534,13 +566,12 @@ int	BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
 int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
-			const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
 int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 			BIGNUM *Xp1, BIGNUM *Xp2,
 			const BIGNUM *Xp,
 			const BIGNUM *e, BN_CTX *ctx,
                            BN_GENCB *cb);
 int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
                              BN_CTX *ctx, BN_GENCB *cb);
 BN_MONT_CTX *BN_MONT_CTX_new(void);
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
@ -560,21 +591,29 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
 # define BN_BLINDING_NO_UPDATE   0x00000001
 # define BN_BLINDING_NO_RECREATE 0x00000002
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
 void BN_BLINDING_free(BN_BLINDING *b);
 int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
                          BN_CTX *);
 # ifndef OPENSSL_NO_DEPRECATED
 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
 void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
 # endif
 CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
 void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-	const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                                      int (*bn_mod_exp) (BIGNUM *r,
-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
+                                                         const BIGNUM *a,
                                                         const BIGNUM *p,
                                                         const BIGNUM *m,
                                                         BN_CTX *ctx,
                                                         BN_MONT_CTX *m_ctx),
                                      BN_MONT_CTX *m_ctx);
 # ifndef OPENSSL_NO_DEPRECATED
@ -593,59 +632,81 @@ int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
                BN_RECP_CTX *recp, BN_CTX *ctx);
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs. 
+# ifndef OPENSSL_NO_EC2M
- *
+
 /*
 * Functions for arithmetic over binary polynomials represented by BIGNUMs.
 * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored.
+ * ignored. Note that input arguments are not const so that their bit arrays
- *
+ * can be expanded to the appropriate size if needed.
 * Note that input arguments are not const so that their bit arrays can
 * be expanded to the appropriate size if needed.
 */
-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
+/*
 * r = a + b
 */
 int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 #  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
+/*
 * r=a mod p
 */
 int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
 /* r = (a * b) mod p */
 int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
+                    const BIGNUM *p, BN_CTX *ctx);
-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+/* r = (a * a) mod p */
-	BN_CTX *ctx); /* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int	BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
+/* r = (1 / b) mod p */
-	BN_CTX *ctx); /* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
 /* r = (a / b) mod p */
 int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
+                    const BIGNUM *p, BN_CTX *ctx);
 /* r = (a ^ b) mod p */
 int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
+                    const BIGNUM *p, BN_CTX *ctx);
 /* r = sqrt(a) mod p */
 int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r = sqrt(a) mod p */
+                     BN_CTX *ctx);
 /* r^2 + r = a mod p */
 int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r^2 + r = a mod p */
+                           BN_CTX *ctx);
 #  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
+/*-
 * Some functions allow for representation of the irreducible polynomials
 * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
 *     t^p[0] + t^p[1] + ... + t^p[k]
 * where m = p[0] > p[1] > ... > p[k] = 0.
 */
 int	BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
 /* r = a mod p */
 int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
 /* r = (a * b) mod p */
 int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */
+                        const int p[], BN_CTX *ctx);
-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+/* r = (a * a) mod p */
-	BN_CTX *ctx); /* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-int	BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
+                        BN_CTX *ctx);
-	BN_CTX *ctx); /* r = (1 / b) mod p */
+/* r = (1 / b) mod p */
 int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
                        BN_CTX *ctx);
 /* r = (a / b) mod p */
 int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */
+                        const int p[], BN_CTX *ctx);
 /* r = (a ^ b) mod p */
 int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
+                        const int p[], BN_CTX *ctx);
 /* r = sqrt(a) mod p */
 int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-	const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
+                         const int p[], BN_CTX *ctx);
 /* r^2 + r = a mod p */
 int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-	const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
+                               const int p[], BN_CTX *ctx);
-int	BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int	BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
-/* faster mod functions for the 'NIST primes' 
+# endif
- * 0 <= a < p^2 */
+
 /*
 * faster mod functions for the 'NIST primes' 0 <= a < p^2
 */
 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
 int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
 int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
@ -668,7 +729,8 @@ BIGNUM *bn_expand2(BIGNUM *a, int words);
 BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
 # endif
-/* Bignum consistency macros
+/*-
 * Bignum consistency macros
 * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
 * bignum data after direct manipulations on the data. There is also an
 * "internal" macro, bn_check_top(), for verifying that there are no leading
@ -740,31 +802,47 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 #  define bn_fix_top(a)           bn_check_top(a)
 #  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
 #  define bn_wcheck_size(bn, words) \
        do { \
                const BIGNUM *_bnum2 = (bn); \
                assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
                /* avoid unused variable warning with NDEBUG */ \
                (void)(_bnum2); \
        } while(0)
 # else                          /* !BN_DEBUG */
 #  define bn_pollute(a)
 #  define bn_check_top(a)
 #  define bn_fix_top(a)           bn_correct_top(a)
 #  define bn_check_size(bn, bits)
 #  define bn_wcheck_size(bn, words)
 # endif
 # define bn_correct_top(a) \
        { \
        BN_ULONG *ftl; \
-	if ((a)->top > 0) \
+        int tmp_top = (a)->top; \
        if (tmp_top > 0) \
                { \
-		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+                for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
                        if (*(ftl--)) break; \
                (a)->top = tmp_top; \
                } \
        bn_pollute(a); \
        }
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
                          BN_ULONG w);
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
 void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+                      int num);
 BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                      int num);
 /* Primes from RFC 2409 */
 BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
@ -781,7 +859,8 @@ BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_BN_strings(void);
--- a/src/Mayaqua/win32_inc/openssl/buffer.h
+++ b/src/Mayaqua/win32_inc/openssl/buffer.h
@ -74,28 +74,29 @@ extern "C" {
 /* Already declared in ossl_typ.h */
 /* typedef struct buf_mem_st BUF_MEM; */
-struct buf_mem_st
+struct buf_mem_st {
-	{
+    size_t length;              /* current number of bytes */
 	int length;	/* current number of bytes */
    char *data;
-	int max;	/* size of buffer */
+    size_t max;                 /* size of buffer */
 };
 BUF_MEM *BUF_MEM_new(void);
 void BUF_MEM_free(BUF_MEM *a);
-int	BUF_MEM_grow(BUF_MEM *str, int len);
+int BUF_MEM_grow(BUF_MEM *str, size_t len);
-int	BUF_MEM_grow_clean(BUF_MEM *str, int len);
+int BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 size_t BUF_strnlen(const char *str, size_t maxlen);
 char *BUF_strdup(const char *str);
 char *BUF_strndup(const char *str, size_t siz);
 void *BUF_memdup(const void *data, size_t siz);
 void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
 /* safe string functions */
 size_t BUF_strlcpy(char *dst, const char *src, size_t siz);
 size_t BUF_strlcat(char *dst, const char *src, size_t siz);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_BUF_strings(void);
--- a/src/Mayaqua/win32_inc/openssl/camellia.h
+++ b/src/Mayaqua/win32_inc/openssl/camellia.h
@ -0,0 +1,132 @@
 /* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 */
 #ifndef HEADER_CAMELLIA_H
 # define HEADER_CAMELLIA_H
 # include <openssl/opensslconf.h>
 # ifdef OPENSSL_NO_CAMELLIA
 #  error CAMELLIA is disabled.
 # endif
 # include <stddef.h>
 # define CAMELLIA_ENCRYPT        1
 # define CAMELLIA_DECRYPT        0
 /*
 * Because array size can't be a const in C, the following two are macros.
 * Both sizes are in bytes.
 */
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* This should be a hidden type, but EVP requires that the size be known */
 # define CAMELLIA_BLOCK_SIZE 16
 # define CAMELLIA_TABLE_BYTE_LEN 272
 # define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
 typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
                                                               * with WORD */
 struct camellia_key_st {
    union {
        double d;               /* ensures 64-bit align */
        KEY_TABLE_TYPE rd_key;
    } u;
    int grand_rounds;
 };
 typedef struct camellia_key_st CAMELLIA_KEY;
 # ifdef OPENSSL_FIPS
 int private_Camellia_set_key(const unsigned char *userKey, const int bits,
                             CAMELLIA_KEY *key);
 # endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
                     CAMELLIA_KEY *key);
 void Camellia_encrypt(const unsigned char *in, unsigned char *out,
                      const CAMELLIA_KEY *key);
 void Camellia_decrypt(const unsigned char *in, unsigned char *out,
                      const CAMELLIA_KEY *key);
 void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
                          const CAMELLIA_KEY *key, const int enc);
 void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
                          size_t length, const CAMELLIA_KEY *key,
                          unsigned char *ivec, const int enc);
 void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                             size_t length, const CAMELLIA_KEY *key,
                             unsigned char *ivec, int *num, const int enc);
 void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
                           size_t length, const CAMELLIA_KEY *key,
                           unsigned char *ivec, int *num, const int enc);
 void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
                           size_t length, const CAMELLIA_KEY *key,
                           unsigned char *ivec, int *num, const int enc);
 void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                             size_t length, const CAMELLIA_KEY *key,
                             unsigned char *ivec, int *num);
 void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                             size_t length, const CAMELLIA_KEY *key,
                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
                             unsigned int *num);
 #ifdef  __cplusplus
 }
 #endif
 #endif                          /* !HEADER_Camellia_H */
--- a/src/Mayaqua/win32_inc/openssl/cast.h
+++ b/src/Mayaqua/win32_inc/openssl/cast.h
@ -72,13 +72,12 @@ extern "C" {
 # define CAST_ENCRYPT    1
 # define CAST_DECRYPT    0
-#define CAST_LONG unsigned long
+# define CAST_LONG unsigned int
 # define CAST_BLOCK      8
 # define CAST_KEY_LENGTH 16
-typedef struct cast_key_st
+typedef struct cast_key_st {
 	{
    CAST_LONG data[32];
    int short_key;              /* Use reduced rounds for short key */
 } CAST_KEY;
@ -87,18 +86,19 @@ typedef struct cast_key_st
 void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 # endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
-		      int enc);
+                      const CAST_KEY *key, int enc);
 void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
 void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
-		      const CAST_KEY *ks, unsigned char *iv, int enc);
+                      long length, const CAST_KEY *ks, unsigned char *iv,
                      int enc);
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, const CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule,
-			int *num, int enc);
+                        unsigned char *ivec, int *num, int enc);
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, const CAST_KEY *schedule, unsigned char *ivec,
+                        long length, const CAST_KEY *schedule,
-			int *num);
+                        unsigned char *ivec, int *num);
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/fips_rand.h
+++ b/src/Mayaqua/win32_inc/openssl/fips_rand.h
@ -1,5 +1,10 @@
 /* crypto/cmac/cmac.h */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
 /* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -16,12 +21,12 @@
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
+ *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
@ -30,7 +35,7 @@
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -44,31 +49,34 @@
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
+ * ====================================================================
 */
-#ifndef HEADER_FIPS_RAND_H
+#ifndef HEADER_CMAC_H
-#define HEADER_FIPS_RAND_H
+# define HEADER_CMAC_H
 #include "des.h"
 #ifdef OPENSSL_FIPS
 #ifdef __cplusplus
 extern "C" {
 #endif
-void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]);
+# include <openssl/evp.h>
 void FIPS_test_mode(int test,const unsigned char faketime[8]);
 void FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
 /* NB: this returns true if _partially_ seeded */
 int FIPS_rand_seeded(void);
-RAND_METHOD *FIPS_rand_method(void);
+/* Opaque */
 typedef struct CMAC_CTX_st CMAC_CTX;
 CMAC_CTX *CMAC_CTX_new(void);
 void CMAC_CTX_cleanup(CMAC_CTX *ctx);
 void CMAC_CTX_free(CMAC_CTX *ctx);
 EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
 int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
 int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
              const EVP_CIPHER *cipher, ENGINE *impl);
 int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
 int CMAC_resume(CMAC_CTX *ctx);
 #ifdef  __cplusplus
 }
 #endif
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/cms.h
+++ b/src/Mayaqua/win32_inc/openssl/cms.h
@ -0,0 +1,555 @@
 /* crypto/cms/cms.h */
 /*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
 /* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 */
 #ifndef HEADER_CMS_H
 # define HEADER_CMS_H
 # include <openssl/x509.h>
 # ifdef OPENSSL_NO_CMS
 #  error CMS is disabled.
 # endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 typedef struct CMS_ContentInfo_st CMS_ContentInfo;
 typedef struct CMS_SignerInfo_st CMS_SignerInfo;
 typedef struct CMS_CertificateChoices CMS_CertificateChoices;
 typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
 typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
 typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
 typedef struct CMS_Receipt_st CMS_Receipt;
 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
 DECLARE_STACK_OF(CMS_SignerInfo)
 DECLARE_STACK_OF(GENERAL_NAMES)
 DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 # define CMS_SIGNERINFO_ISSUER_SERIAL    0
 # define CMS_SIGNERINFO_KEYIDENTIFIER    1
 # define CMS_RECIPINFO_NONE              -1
 # define CMS_RECIPINFO_TRANS             0
 # define CMS_RECIPINFO_AGREE             1
 # define CMS_RECIPINFO_KEK               2
 # define CMS_RECIPINFO_PASS              3
 # define CMS_RECIPINFO_OTHER             4
 /* S/MIME related flags */
 # define CMS_TEXT                        0x1
 # define CMS_NOCERTS                     0x2
 # define CMS_NO_CONTENT_VERIFY           0x4
 # define CMS_NO_ATTR_VERIFY              0x8
 # define CMS_NOSIGS                      \
                        (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
 # define CMS_NOINTERN                    0x10
 # define CMS_NO_SIGNER_CERT_VERIFY       0x20
 # define CMS_NOVERIFY                    0x20
 # define CMS_DETACHED                    0x40
 # define CMS_BINARY                      0x80
 # define CMS_NOATTR                      0x100
 # define CMS_NOSMIMECAP                  0x200
 # define CMS_NOOLDMIMETYPE               0x400
 # define CMS_CRLFEOL                     0x800
 # define CMS_STREAM                      0x1000
 # define CMS_NOCRL                       0x2000
 # define CMS_PARTIAL                     0x4000
 # define CMS_REUSE_DIGEST                0x8000
 # define CMS_USE_KEYID                   0x10000
 # define CMS_DEBUG_DECRYPT               0x20000
 # define CMS_KEY_PARAM                   0x40000
 const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
 BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
 int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
 ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
 int CMS_is_detached(CMS_ContentInfo *cms);
 int CMS_set_detached(CMS_ContentInfo *cms, int detached);
 # ifdef HEADER_PEM_H
 DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
 # endif
 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
 CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
 int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
 BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
 int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
 int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
                             int flags);
 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
              unsigned int flags);
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                          STACK_OF(X509) *certs, BIO *data,
                          unsigned int flags);
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
                                  X509 *signcert, EVP_PKEY *pkey,
                                  STACK_OF(X509) *certs, unsigned int flags);
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                      unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                   unsigned int flags);
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                              const unsigned char *key, size_t keylen,
                              BIO *dcont, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                           const unsigned char *key,
                                           size_t keylen, unsigned int flags);
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
                               const unsigned char *key, size_t keylen);
 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
               X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
 int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
                       STACK_OF(X509) *certs,
                       X509_STORE *store, unsigned int flags);
 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                             const EVP_CIPHER *cipher, unsigned int flags);
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                BIO *dcont, BIO *out, unsigned int flags);
 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
                         unsigned char *key, size_t keylen,
                         unsigned char *id, size_t idlen);
 int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
                              unsigned char *pass, ossl_ssize_t passlen);
 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                           X509 *recip, unsigned int flags);
 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
                                     EVP_PKEY **pk, X509 **recip,
                                     X509_ALGOR **palg);
 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
                                          ASN1_OCTET_STRING **keyid,
                                          X509_NAME **issuer,
                                          ASN1_INTEGER **sno);
 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
                                          unsigned char *key, size_t keylen,
                                          unsigned char *id, size_t idlen,
                                          ASN1_GENERALIZEDTIME *date,
                                          ASN1_OBJECT *otherTypeId,
                                          ASN1_TYPE *otherType);
 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
                                    X509_ALGOR **palg,
                                    ASN1_OCTET_STRING **pid,
                                    ASN1_GENERALIZEDTIME **pdate,
                                    ASN1_OBJECT **potherid,
                                    ASN1_TYPE **pothertype);
 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
                               unsigned char *key, size_t keylen);
 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
                                   const unsigned char *id, size_t idlen);
 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
                                    unsigned char *pass,
                                    ossl_ssize_t passlen);
 CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
                                               int iter, int wrap_nid,
                                               int pbe_nid,
                                               unsigned char *pass,
                                               ossl_ssize_t passlen,
                                               const EVP_CIPHER *kekciph);
 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
 int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                   unsigned int flags);
 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
 int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
 const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
 CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
 int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
 int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
 int CMS_SignedData_init(CMS_ContentInfo *cms);
 CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
                                unsigned int flags);
 EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
 EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
                                  ASN1_OCTET_STRING **keyid,
                                  X509_NAME **issuer, ASN1_INTEGER **sno);
 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
                           unsigned int flags);
 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
                              X509 **signer, X509_ALGOR **pdig,
                              X509_ALGOR **psig);
 ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
 int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
                            int algnid, int keysize);
 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
 int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
 int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
                               int lastpos);
 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
                               int lastpos);
 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
 int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
                                const ASN1_OBJECT *obj, int type,
                                const void *bytes, int len);
 int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
                                int nid, int type,
                                const void *bytes, int len);
 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
                                const char *attrname, int type,
                                const void *bytes, int len);
 void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
                                  int lastpos, int type);
 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
                                 int lastpos);
 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
                                 int lastpos);
 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
 int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
                                  const ASN1_OBJECT *obj, int type,
                                  const void *bytes, int len);
 int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
                                  int nid, int type,
                                  const void *bytes, int len);
 int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
                                  const char *attrname, int type,
                                  const void *bytes, int len);
 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
                                    int lastpos, int type);
 # ifdef HEADER_X509V3_H
 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
 CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
                                               int allorfirst,
                                               STACK_OF(GENERAL_NAMES)
                                               *receiptList, STACK_OF(GENERAL_NAMES)
                                               *receiptsTo);
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
                                    ASN1_STRING **pcid,
                                    int *pallorfirst,
                                    STACK_OF(GENERAL_NAMES) **plist,
                                    STACK_OF(GENERAL_NAMES) **prto);
 # endif
 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
                                    X509_ALGOR **palg,
                                    ASN1_OCTET_STRING **pukm);
 STACK_OF(CMS_RecipientEncryptedKey)
 *CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
 int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
                                        X509_ALGOR **pubalg,
                                        ASN1_BIT_STRING **pubkey,
                                        ASN1_OCTET_STRING **keyid,
                                        X509_NAME **issuer,
                                        ASN1_INTEGER **sno);
 int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
 int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
                                      ASN1_OCTET_STRING **keyid,
                                      ASN1_GENERALIZEDTIME **tm,
                                      CMS_OtherKeyAttribute **other,
                                      X509_NAME **issuer, ASN1_INTEGER **sno);
 int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
                                       X509 *cert);
 int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
 EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
 int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
                                   CMS_RecipientInfo *ri,
                                   CMS_RecipientEncryptedKey *rek);
 int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
                          ASN1_OCTET_STRING *ukm, int keylen);
 /* BEGIN ERROR CODES */
 /*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_CMS_strings(void);
 /* Error codes for the CMS functions. */
 /* Function codes. */
 # define CMS_F_CHECK_CONTENT                              99
 # define CMS_F_CMS_ADD0_CERT                              164
 # define CMS_F_CMS_ADD0_RECIPIENT_KEY                     100
 # define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD                165
 # define CMS_F_CMS_ADD1_RECEIPTREQUEST                    158
 # define CMS_F_CMS_ADD1_RECIPIENT_CERT                    101
 # define CMS_F_CMS_ADD1_SIGNER                            102
 # define CMS_F_CMS_ADD1_SIGNINGTIME                       103
 # define CMS_F_CMS_COMPRESS                               104
 # define CMS_F_CMS_COMPRESSEDDATA_CREATE                  105
 # define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO                106
 # define CMS_F_CMS_COPY_CONTENT                           107
 # define CMS_F_CMS_COPY_MESSAGEDIGEST                     108
 # define CMS_F_CMS_DATA                                   109
 # define CMS_F_CMS_DATAFINAL                              110
 # define CMS_F_CMS_DATAINIT                               111
 # define CMS_F_CMS_DECRYPT                                112
 # define CMS_F_CMS_DECRYPT_SET1_KEY                       113
 # define CMS_F_CMS_DECRYPT_SET1_PASSWORD                  166
 # define CMS_F_CMS_DECRYPT_SET1_PKEY                      114
 # define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX               115
 # define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO               116
 # define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                  117
 # define CMS_F_CMS_DIGEST_VERIFY                          118
 # define CMS_F_CMS_ENCODE_RECEIPT                         161
 # define CMS_F_CMS_ENCRYPT                                119
 # define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO              120
 # define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                  121
 # define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                  122
 # define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                 123
 # define CMS_F_CMS_ENVELOPEDDATA_CREATE                   124
 # define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                 125
 # define CMS_F_CMS_ENVELOPED_DATA_INIT                    126
 # define CMS_F_CMS_ENV_ASN1_CTRL                          171
 # define CMS_F_CMS_FINAL                                  127
 # define CMS_F_CMS_GET0_CERTIFICATE_CHOICES               128
 # define CMS_F_CMS_GET0_CONTENT                           129
 # define CMS_F_CMS_GET0_ECONTENT_TYPE                     130
 # define CMS_F_CMS_GET0_ENVELOPED                         131
 # define CMS_F_CMS_GET0_REVOCATION_CHOICES                132
 # define CMS_F_CMS_GET0_SIGNED                            133
 # define CMS_F_CMS_MSGSIGDIGEST_ADD1                      162
 # define CMS_F_CMS_RECEIPTREQUEST_CREATE0                 159
 # define CMS_F_CMS_RECEIPT_VERIFY                         160
 # define CMS_F_CMS_RECIPIENTINFO_DECRYPT                  134
 # define CMS_F_CMS_RECIPIENTINFO_ENCRYPT                  169
 # define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT             178
 # define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG            175
 # define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID        173
 # define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS           172
 # define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP         174
 # define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT            135
 # define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT            136
 # define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID            137
 # define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP             138
 # define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP            139
 # define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT             140
 # define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT             141
 # define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS           142
 # define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID      143
 # define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT               167
 # define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                 144
 # define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD            168
 # define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY                145
 # define CMS_F_CMS_SD_ASN1_CTRL                           170
 # define CMS_F_CMS_SET1_IAS                               176
 # define CMS_F_CMS_SET1_KEYID                             177
 # define CMS_F_CMS_SET1_SIGNERIDENTIFIER                  146
 # define CMS_F_CMS_SET_DETACHED                           147
 # define CMS_F_CMS_SIGN                                   148
 # define CMS_F_CMS_SIGNED_DATA_INIT                       149
 # define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                150
 # define CMS_F_CMS_SIGNERINFO_SIGN                        151
 # define CMS_F_CMS_SIGNERINFO_VERIFY                      152
 # define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 153
 # define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT              154
 # define CMS_F_CMS_SIGN_RECEIPT                           163
 # define CMS_F_CMS_STREAM                                 155
 # define CMS_F_CMS_UNCOMPRESS                             156
 # define CMS_F_CMS_VERIFY                                 157
 /* Reason codes. */
 # define CMS_R_ADD_SIGNER_ERROR                           99
 # define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
 # define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
 # define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
 # define CMS_R_CIPHER_INITIALISATION_ERROR                101
 # define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
 # define CMS_R_CMS_DATAFINAL_ERROR                        103
 # define CMS_R_CMS_LIB                                    104
 # define CMS_R_CONTENTIDENTIFIER_MISMATCH                 170
 # define CMS_R_CONTENT_NOT_FOUND                          105
 # define CMS_R_CONTENT_TYPE_MISMATCH                      171
 # define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA           106
 # define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA            107
 # define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA               108
 # define CMS_R_CONTENT_VERIFY_ERROR                       109
 # define CMS_R_CTRL_ERROR                                 110
 # define CMS_R_CTRL_FAILURE                               111
 # define CMS_R_DECRYPT_ERROR                              112
 # define CMS_R_DIGEST_ERROR                               161
 # define CMS_R_ERROR_GETTING_PUBLIC_KEY                   113
 # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
 # define CMS_R_ERROR_SETTING_KEY                          115
 # define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
 # define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
 # define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
 # define CMS_R_INVALID_KEY_LENGTH                         118
 # define CMS_R_MD_BIO_INIT_ERROR                          119
 # define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH       120
 # define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                 121
 # define CMS_R_MSGSIGDIGEST_ERROR                         172
 # define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE          162
 # define CMS_R_MSGSIGDIGEST_WRONG_LENGTH                  163
 # define CMS_R_NEED_ONE_SIGNER                            164
 # define CMS_R_NOT_A_SIGNED_RECEIPT                       165
 # define CMS_R_NOT_ENCRYPTED_DATA                         122
 # define CMS_R_NOT_KEK                                    123
 # define CMS_R_NOT_KEY_AGREEMENT                          181
 # define CMS_R_NOT_KEY_TRANSPORT                          124
 # define CMS_R_NOT_PWRI                                   177
 # define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE            125
 # define CMS_R_NO_CIPHER                                  126
 # define CMS_R_NO_CONTENT                                 127
 # define CMS_R_NO_CONTENT_TYPE                            173
 # define CMS_R_NO_DEFAULT_DIGEST                          128
 # define CMS_R_NO_DIGEST_SET                              129
 # define CMS_R_NO_KEY                                     130
 # define CMS_R_NO_KEY_OR_CERT                             174
 # define CMS_R_NO_MATCHING_DIGEST                         131
 # define CMS_R_NO_MATCHING_RECIPIENT                      132
 # define CMS_R_NO_MATCHING_SIGNATURE                      166
 # define CMS_R_NO_MSGSIGDIGEST                            167
 # define CMS_R_NO_PASSWORD                                178
 # define CMS_R_NO_PRIVATE_KEY                             133
 # define CMS_R_NO_PUBLIC_KEY                              134
 # define CMS_R_NO_RECEIPT_REQUEST                         168
 # define CMS_R_NO_SIGNERS                                 135
 # define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
 # define CMS_R_RECEIPT_DECODE_ERROR                       169
 # define CMS_R_RECIPIENT_ERROR                            137
 # define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND               138
 # define CMS_R_SIGNFINAL_ERROR                            139
 # define CMS_R_SMIME_TEXT_ERROR                           140
 # define CMS_R_STORE_INIT_ERROR                           141
 # define CMS_R_TYPE_NOT_COMPRESSED_DATA                   142
 # define CMS_R_TYPE_NOT_DATA                              143
 # define CMS_R_TYPE_NOT_DIGESTED_DATA                     144
 # define CMS_R_TYPE_NOT_ENCRYPTED_DATA                    145
 # define CMS_R_TYPE_NOT_ENVELOPED_DATA                    146
 # define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                 147
 # define CMS_R_UNKNOWN_CIPHER                             148
 # define CMS_R_UNKNOWN_DIGEST_ALGORIHM                    149
 # define CMS_R_UNKNOWN_ID                                 150
 # define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
 # define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
 # define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153
 # define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM       179
 # define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                 154
 # define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE              155
 # define CMS_R_UNSUPPORTED_TYPE                           156
 # define CMS_R_UNWRAP_ERROR                               157
 # define CMS_R_UNWRAP_FAILURE                             180
 # define CMS_R_VERIFICATION_FAILURE                       158
 # define CMS_R_WRAP_ERROR                                 159
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/comp.h
+++ b/src/Mayaqua/win32_inc/openssl/comp.h
@ -10,8 +10,7 @@ extern "C" {
 typedef struct comp_ctx_st COMP_CTX;
-typedef struct comp_method_st
+typedef struct comp_method_st {
 	{
    int type;                   /* NID for compression library */
    const char *name;           /* A text string to identify the library */
    int (*init) (COMP_CTX *ctx);
@ -22,23 +21,22 @@ typedef struct comp_method_st
    int (*expand) (COMP_CTX *ctx,
                   unsigned char *out, unsigned int olen,
                   unsigned char *in, unsigned int ilen);
-	/* The following two do NOTHING, but are kept for backward compatibility */
+    /*
     * The following two do NOTHING, but are kept for backward compatibility
     */
    long (*ctrl) (void);
    long (*callback_ctrl) (void);
 } COMP_METHOD;
-struct comp_ctx_st
+struct comp_ctx_st {
 	{
    COMP_METHOD *meth;
    unsigned long compress_in;
    unsigned long compress_out;
    unsigned long expand_in;
    unsigned long expand_out;
    CRYPTO_EX_DATA ex_data;
 };
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
 void COMP_CTX_free(COMP_CTX *ctx);
 int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
@ -56,7 +54,8 @@ BIO_METHOD *BIO_f_zlib(void);
 # endif
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_COMP_strings(void);
--- a/src/Mayaqua/win32_inc/openssl/conf.h
+++ b/src/Mayaqua/win32_inc/openssl/conf.h
@ -71,23 +71,20 @@
 extern "C" {
 #endif
-typedef struct
+typedef struct {
 	{
    char *section;
    char *name;
    char *value;
 } CONF_VALUE;
 DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_LHASH_OF(CONF_VALUE);
 DECLARE_STACK_OF(CONF_IMODULE)
 struct conf_st;
 struct conf_method_st;
 typedef struct conf_method_st CONF_METHOD;
-struct conf_method_st
+struct conf_method_st {
 	{
    const char *name;
    CONF *(*create) (CONF_METHOD *meth);
    int (*init) (CONF *conf);
@ -105,6 +102,9 @@ struct conf_method_st
 typedef struct conf_imodule_st CONF_IMODULE;
 typedef struct conf_module_st CONF_MODULE;
 DECLARE_STACK_OF(CONF_MODULE)
 DECLARE_STACK_OF(CONF_IMODULE)
 /* DSO module function typedefs */
 typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
 typedef void conf_finish_func (CONF_IMODULE *md);
@ -117,36 +117,44 @@ typedef void conf_finish_func(CONF_IMODULE *md);
 # define CONF_MFLAGS_DEFAULT_SECTION     0x20
 int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf,LHASH *hash);
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
-LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
                                long *eline);
 # ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
                                   long *eline);
 # endif
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
+                                    long *eline);
-char *CONF_get_string(LHASH *conf,const char *group,const char *name);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
-long CONF_get_number(LHASH *conf,const char *group,const char *name);
+                                       const char *section);
-void CONF_free(LHASH *conf);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
-int CONF_dump_fp(LHASH *conf, FILE *out);
+                      const char *name);
-int CONF_dump_bio(LHASH *conf, BIO *out);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
                     const char *name);
 void CONF_free(LHASH_OF(CONF_VALUE) *conf);
 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
 void OPENSSL_config(const char *config_name);
 void OPENSSL_no_config(void);
-/* New conf code.  The semantics are different from the functions above.
+/*
-   If that wasn't the case, the above functions would have been replaced */
+ * New conf code.  The semantics are different from the functions above. If
 * that wasn't the case, the above functions would have been replaced
 */
-struct conf_st
+struct conf_st {
 	{
    CONF_METHOD *meth;
    void *meth_data;
-	LHASH *data;
+    LHASH_OF(CONF_VALUE) *data;
 };
 CONF *NCONF_new(CONF_METHOD *meth);
 CONF_METHOD *NCONF_default(void);
 CONF_METHOD *NCONF_WIN32(void);
-#if 0 /* Just to give you an idea of what I have in mind */
+# if 0                          /* Just to give you an idea of what I have in
                                 * mind */
 CONF_METHOD *NCONF_XML(void);
 # endif
 void NCONF_free(CONF *conf);
@ -157,15 +165,16 @@ int NCONF_load(CONF *conf,const char *file,long *eline);
 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
 # endif
 int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
                                        const char *section);
 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
                       long *result);
 int NCONF_dump_fp(const CONF *conf, FILE *out);
 int NCONF_dump_bio(const CONF *conf, BIO *out);
-#if 0 /* The following function has no error checking,
+# if 0                          /* The following function has no error
-	 and should therefore be avoided */
+                                 * checking, and should therefore be avoided */
 long NCONF_get_number(CONF *conf, char *group, char *name);
 # else
 #  define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
@ -196,12 +205,14 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
 char *CONF_get1_default_config_file(void);
 int CONF_parse_list(const char *list, int sep, int nospc,
-	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
+                    int (*list_cb) (const char *elem, int len, void *usr),
                    void *arg);
 void OPENSSL_load_builtin_modules(void);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_CONF_strings(void);
@ -214,6 +225,7 @@ void ERR_load_CONF_strings(void);
 # define CONF_F_CONF_LOAD_BIO                             102
 # define CONF_F_CONF_LOAD_FP                              103
 # define CONF_F_CONF_MODULES_LOAD                         116
 # define CONF_F_CONF_PARSE_LIST                           119
 # define CONF_F_DEF_LOAD                                  120
 # define CONF_F_DEF_LOAD_BIO                              121
 # define CONF_F_MODULE_INIT                               115
@ -233,6 +245,7 @@ void ERR_load_CONF_strings(void);
 /* Reason codes. */
 # define CONF_R_ERROR_LOADING_DSO                         110
 # define CONF_R_LIST_CANNOT_BE_NULL                       115
 # define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
 # define CONF_R_MISSING_EQUAL_SIGN                        101
 # define CONF_R_MISSING_FINISH_FUNCTION                   111
--- a/src/Mayaqua/win32_inc/openssl/conf_api.h
+++ b/src/Mayaqua/win32_inc/openssl/conf_api.h
@ -77,7 +77,8 @@ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
 int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
 char *_CONF_get_string(const CONF *conf, const char *section,
                       const char *name);
-long _CONF_get_number(const CONF *conf, const char *section, const char *name);
+long _CONF_get_number(const CONF *conf, const char *section,
                      const char *name);
 int _CONF_new_data(CONF *conf);
 void _CONF_free_data(CONF *conf);
@ -86,4 +87,3 @@ void _CONF_free_data(CONF *conf);
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/crypto.h
+++ b/src/Mayaqua/win32_inc/openssl/crypto.h
@ -1,6 +1,6 @@
 /* crypto/crypto.h */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -134,8 +134,10 @@
 #  include <openssl/ebcdic.h>
 # endif
-/* Resolve problems on some operating systems with symbol names that clash
+/*
-   one way or another */
+ * Resolve problems on some operating systems with symbol names that clash
 * one way or another
 */
 # include <openssl/symhacks.h>
 #ifdef  __cplusplus
@ -143,8 +145,10 @@ extern "C" {
 #endif
 /* Backward compatibility to SSLeay */
-/* This is more to be used to check the correct DLL is being used
+/*
- * in the MS world. */
+ * This is more to be used to check the correct DLL is being used in the MS
 * world.
 */
 # define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
 # define SSLEAY_VERSION          0
 /* #define SSLEAY_OPTIONS       1 no longer supported */
@ -163,21 +167,21 @@ typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
 typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                             int idx, long argl, void *argp);
 /* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
-					int idx, long argl, void *argp);
+                           void *from_d, int idx, long argl, void *argp);
 # endif
 /* A generic structure to pass assorted data in a expandable way */
-typedef struct openssl_item_st
+typedef struct openssl_item_st {
 	{
    int code;
    void *value;                /* Not used for flag attributes */
-	size_t value_size;	/* Max size of value for output, length for input */
+    size_t value_size;          /* Max size of value for output, length for
                                 * input */
    size_t *value_length;       /* Returned length of value for output */
 } OPENSSL_ITEM;
-
+/*
-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
+ * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
 * names in cryptlib.c
 */
@ -219,13 +223,9 @@ typedef struct openssl_item_st
 # define CRYPTO_LOCK_EC_PRE_COMP         36
 # define CRYPTO_LOCK_STORE               37
 # define CRYPTO_LOCK_COMP                38
 #ifndef OPENSSL_FIPS
 #define CRYPTO_NUM_LOCKS		39
 #else
 # define CRYPTO_LOCK_FIPS                39
 # define CRYPTO_LOCK_FIPS2               40
 # define CRYPTO_NUM_LOCKS                41
 #endif
 # define CRYPTO_LOCK             1
 # define CRYPTO_UNLOCK           2
@ -253,27 +253,31 @@ typedef struct openssl_item_st
 #  define CRYPTO_add(a,b,c)       ((*(a))+=(b))
 # endif
-/* Some applications as well as some parts of OpenSSL need to allocate
+/*
-   and deallocate locks in a dynamic fashion.  The following typedef
+ * Some applications as well as some parts of OpenSSL need to allocate and
-   makes this possible in a type-safe manner.  */
+ * deallocate locks in a dynamic fashion.  The following typedef makes this
 * possible in a type-safe manner.
 */
 /* struct CRYPTO_dynlock_value has to be defined by the application. */
-typedef struct
+typedef struct {
 	{
    int references;
    struct CRYPTO_dynlock_value *data;
 } CRYPTO_dynlock;
-
+/*
-/* The following can be used to detect memory leaks in the SSLeay library.
+ * The following can be used to detect memory leaks in the SSLeay library. It
- * It used, it turns on malloc checking */
+ * used, it turns on malloc checking
 */
 # define CRYPTO_MEM_CHECK_OFF    0x0/* an enume */
 # define CRYPTO_MEM_CHECK_ON     0x1/* a bit */
 # define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */
 # define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */
-/* The following are bit values to turn on or off options connected to the
+/*
- * malloc checking functionality */
+ * The following are bit values to turn on or off options connected to the
 * malloc checking functionality
 */
 /* Adds time to the memory checking information */
 # define V_CRYPTO_MDEBUG_TIME    0x1/* a bit */
@ -282,21 +286,22 @@ typedef struct
 # define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
 /* predec of the BIO type */
 typedef struct bio_st BIO_dummy;
-struct crypto_ex_data_st
+struct crypto_ex_data_st {
-	{
+    STACK_OF(void) *sk;
-	STACK *sk;
+    /* gcc is screwing up this data structure :-( */
-	int dummy; /* gcc is screwing up this data structure :-( */
+    int dummy;
 };
 DECLARE_STACK_OF(void)
-/* This stuff is basically class callback functions
+/*
- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
+ * This stuff is basically class callback functions The current classes are
 * SSL_CTX, SSL, SSL_SESSION, and a few more
 */
-typedef struct crypto_ex_data_func_st
+typedef struct crypto_ex_data_func_st {
 	{
    long argl;                  /* Arbitary long */
    void *argp;                 /* Arbitary void * */
    CRYPTO_EX_new *new_func;
@ -306,7 +311,8 @@ typedef struct crypto_ex_data_func_st
 DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
+/*
 * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
 * entry.
 */
@ -327,14 +333,16 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 # define CRYPTO_EX_INDEX_COMP            14
 # define CRYPTO_EX_INDEX_STORE           15
-/* Dynamically assigned indexes start from this value (don't use directly, use
+/*
- * via CRYPTO_ex_data_new_class). */
+ * Dynamically assigned indexes start from this value (don't use directly,
 * use via CRYPTO_ex_data_new_class).
 */
 # define CRYPTO_EX_INDEX_USER            100
-
+/*
-/* This is the default callbacks, but we can have others as well:
+ * This is the default callbacks, but we can have others as well: this is
- * this is needed in Win32 where the application malloc and the
+ * needed in Win32 where the application malloc and the library malloc may
- * library malloc may not be the same.
+ * not be the same.
 */
 # define CRYPTO_malloc_init()    CRYPTO_set_mem_functions(\
        malloc, realloc, free)
@ -345,9 +353,18 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 #  endif
 # endif
-/* Set standard debugging functions (not done by default
+/*
- * unless CRYPTO_MDEBUG is defined) */
+ * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG
-void CRYPTO_malloc_debug_init(void);
+ * is defined)
 */
 # define CRYPTO_malloc_debug_init()      do {\
        CRYPTO_set_mem_debug_functions(\
                CRYPTO_dbg_malloc,\
                CRYPTO_dbg_realloc,\
                CRYPTO_dbg_free,\
                CRYPTO_dbg_set_options,\
                CRYPTO_dbg_get_options);\
        } while(0)
 int CRYPTO_mem_ctrl(int mode);
 int CRYPTO_is_mem_check_on(void);
@ -376,7 +393,6 @@ int CRYPTO_is_mem_check_on(void);
        CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
 const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
@ -394,18 +410,24 @@ int CRYPTO_ex_data_new_class(void);
 int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
                            CRYPTO_EX_free *free_func);
-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
+/*
- * class (invokes whatever per-class callbacks are applicable) */
+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
 * given class (invokes whatever per-class callbacks are applicable)
 */
 int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
 int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
                       CRYPTO_EX_DATA *from);
 void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
+/*
- * (relative to the class type involved) */
+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
 * index (relative to the class type involved)
 */
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
 void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
-/* This function cleans up all "ex_data" state. It mustn't be called under
+/*
- * potential race-conditions. */
+ * This function cleans up all "ex_data" state. It mustn't be called under
 * potential race-conditions.
 */
 void CRYPTO_cleanup_all_ex_data(void);
 int CRYPTO_get_new_lockid(char *name);
@ -414,68 +436,104 @@ int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
 void CRYPTO_lock(int mode, int type, const char *file, int line);
 void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
                                               const char *file, int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
-		int line);
+                                           const char *file, int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+void CRYPTO_set_add_lock_callback(int (*func)
                                   (int *num, int mount, int type,
                                    const char *file, int line));
 int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type,
                                           const char *file, int line);
 /* Don't use this structure directly. */
 typedef struct crypto_threadid_st {
    void *ptr;
    unsigned long val;
 } CRYPTO_THREADID;
 /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
 void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
 void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
 int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *));
 void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *);
 void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
 int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
 void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
 unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
 # ifndef OPENSSL_NO_DEPRECATED
 void CRYPTO_set_id_callback(unsigned long (*func) (void));
 unsigned long (*CRYPTO_get_id_callback(void)) (void);
 unsigned long CRYPTO_thread_id(void);
 # endif
 const char *CRYPTO_get_lock_name(int type);
 int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
                    int line);
 void int_CRYPTO_set_do_dynlock_callback(
 	void (*do_dynlock_cb)(int mode, int type, const char *file, int line));
 int CRYPTO_get_new_dynlockid(void);
 void CRYPTO_destroy_dynlockid(int i);
 struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value
-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
+                                        *(*dyn_create_function) (const char
-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
+                                                                 *file,
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
+                                                                 int line));
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
+void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
+                                       (int mode,
                                        struct CRYPTO_dynlock_value *l,
                                        const char *file, int line));
 void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
                                          (struct CRYPTO_dynlock_value *l,
                                           const char *file, int line));
 struct CRYPTO_dynlock_value
 *(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line);
 void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode,
                                                struct CRYPTO_dynlock_value
                                                *l, const char *file,
                                                int line);
 void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value
                                                   *l, const char *file,
                                                   int line);
-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
+/*
- * call the latter last if you need different functions */
+ * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call
-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
+ * the latter last if you need different functions
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
+ */
-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),
                                void *(*r)(void *,size_t,const char *,int),
                             void (*f) (void *));
 int CRYPTO_set_locked_mem_functions(void *(*m) (size_t),
                                    void (*free_func) (void *));
 int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
                                void *(*r) (void *, size_t, const char *,
                                            int), void (*f) (void *));
 int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),
                                       void (*free_func) (void *));
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+int CRYPTO_set_mem_debug_functions(void (*m)
-				   void (*r)(void *,void *,int,const char *,int,int),
+                                    (void *, int, const char *, int, int),
-				   void (*f)(void *,int),
+                                   void (*r) (void *, void *, int,
-				   void (*so)(long),
+                                              const char *, int, int),
                                   void (*f) (void *, int), void (*so) (long),
                                   long (*go) (void));
-void CRYPTO_set_mem_info_functions(
+void CRYPTO_get_mem_functions(void *(**m) (size_t),
-	int  (*push_info_fn)(const char *info, const char *file, int line),
+                              void *(**r) (void *, size_t),
-	int  (*pop_info_fn)(void),
+                              void (**f) (void *));
-	int (*remove_all_info_fn)(void));
+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t),
-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
+                                     void (**f) (void *));
 void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
 void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int),
-                                 void *(**r)(void *, size_t,const char *,int),
+                                 void *(**r) (void *, size_t, const char *,
                                              int), void (**f) (void *));
 void CRYPTO_get_locked_mem_ex_functions(void
                                        *(**m) (size_t, const char *, int),
                                        void (**f) (void *));
-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
+void CRYPTO_get_mem_debug_functions(void (**m)
-                                        void (**f)(void *));
+                                     (void *, int, const char *, int, int),
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+                                    void (**r) (void *, void *, int,
-				    void (**r)(void *,void *,int,const char *,int,int),
+                                                const char *, int, int),
                                    void (**f) (void *, int),
-				    void (**so)(long),
+                                    void (**so) (long), long (**go) (void));
 				    long (**go)(void));
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);
 void *CRYPTO_realloc(void *addr, int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file,
                           int line);
@ -492,18 +550,23 @@ int CRYPTO_push_info_(const char *info, const char *file, int line);
 int CRYPTO_pop_info(void);
 int CRYPTO_remove_all_info(void);
-
+/*
-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
+ * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
- * used as default in CRYPTO_MDEBUG compilations): */
+ * used as default in CRYPTO_MDEBUG compilations):
-/* The last argument has the following significance:
+ */
 /*-
 * The last argument has the following significance:
 *
 * 0:   called before the actual memory allocation has taken place
 * 1:   called after the actual memory allocation has taken place
 */
-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
+                       int before_p);
 void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file,
                        int line, int before_p);
 void CRYPTO_dbg_free(void *addr, int before_p);
-/* Tell the debugging code about options.  By default, the following values
+/*-
 * Tell the debugging code about options.  By default, the following values
 * apply:
 *
 * 0:                           Clear all options.
@ -514,16 +577,13 @@ void CRYPTO_dbg_free(void *addr,int before_p);
 void CRYPTO_dbg_set_options(long bits);
 long CRYPTO_dbg_get_options(void);
 int CRYPTO_dbg_push_info(const char *info, const char *file, int line);
 int CRYPTO_dbg_pop_info(void);
 int CRYPTO_dbg_remove_all_info(void);
 # ifndef OPENSSL_NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
 # endif
 void CRYPTO_mem_leaks(struct bio_st *bio);
 /* unsigned long order, char *file, int line, int num_bytes, char *addr */
-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
+typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int,
                                  void *);
 void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 /* die if we have to */
@ -534,65 +594,45 @@ unsigned long *OPENSSL_ia32cap_loc(void);
 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 int OPENSSL_isservice(void);
-#ifdef OPENSSL_FIPS
+int FIPS_mode(void);
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+int FIPS_mode_set(int r);
 		alg " previous FIPS forbidden algorithm error ignored");
 #define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
 		#alg " Algorithm forbidden in FIPS mode");
 #ifdef OPENSSL_FIPS_STRICT
 #define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
 #else
 #define FIPS_BAD_ALGORITHM(alg) \
 	{ \
 	FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
 	ERR_add_error_data(2, "Algorithm=", #alg); \
 	return 0; \
 	}
 #endif
 /* Low level digest API blocking macro */
 #define FIPS_NON_FIPS_MD_Init(alg) \
 	int alg##_Init(alg##_CTX *c) \
 		{ \
 		if (FIPS_mode()) \
 			FIPS_BAD_ALGORITHM(alg) \
 		return private_##alg##_Init(c); \
 		} \
 	int private_##alg##_Init(alg##_CTX *c)
 /* For ciphers the API often varies from cipher to cipher and each needs to
 * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
 * CAST) however are very similar and can use a blocking macro.
 */
 #define FIPS_NON_FIPS_VCIPHER_Init(alg) \
 	void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
 		{ \
 		if (FIPS_mode()) \
 			FIPS_BAD_ABORT(alg) \
 		private_##alg##_set_key(key, len, data); \
 		} \
 	void private_##alg##_set_key(alg##_KEY *key, int len, \
 					const unsigned char *data)
 #else
 #define FIPS_NON_FIPS_VCIPHER_Init(alg) \
 	void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
 #define FIPS_NON_FIPS_MD_Init(alg) \
 	int alg##_Init(alg##_CTX *c) 
 #endif /* def OPENSSL_FIPS */
 #define OPENSSL_HAVE_INIT	1
 void OPENSSL_init(void);
 # define fips_md_init(alg) fips_md_init_ctx(alg, alg)
 # ifdef OPENSSL_FIPS
 #  define fips_md_init_ctx(alg, cx) \
        int alg##_Init(cx##_CTX *c) \
        { \
        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
                "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
        return private_##alg##_Init(c); \
        } \
        int private_##alg##_Init(cx##_CTX *c)
 #  define fips_cipher_abort(alg) \
        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
                "Low level API call to cipher " #alg " forbidden in FIPS mode!")
 # else
 #  define fips_md_init_ctx(alg, cx) \
        int alg##_Init(cx##_CTX *c)
 #  define fips_cipher_abort(alg) while(0)
 # endif
 /*
 * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
 * It takes an amount of time dependent on |len|, but independent of the
 * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
 * into a defined order as the return value when a != b is undefined, other
 * than to be non-zero.
 */
 int CRYPTO_memcmp(const void *a, const void *b, size_t len);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_CRYPTO_strings(void);
@ -606,11 +646,13 @@ void ERR_load_CRYPTO_strings(void);
 # define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
 # define CRYPTO_F_DEF_ADD_INDEX                           104
 # define CRYPTO_F_DEF_GET_CLASS                           105
 # define CRYPTO_F_FIPS_MODE_SET                           109
 # define CRYPTO_F_INT_DUP_EX_DATA                         106
 # define CRYPTO_F_INT_FREE_EX_DATA                        107
 # define CRYPTO_F_INT_NEW_EX_DATA                         108
 /* Reason codes. */
 # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
 # define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK              100
 #ifdef  __cplusplus
--- a/src/Mayaqua/win32_inc/openssl/des.h
+++ b/src/Mayaqua/win32_inc/openssl/des.h
@ -59,8 +59,8 @@
 #ifndef HEADER_NEW_DES_H
 # define HEADER_NEW_DES_H
-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES,
+# include <openssl/e_os2.h>     /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG
-				   DES_LONG (via openssl/opensslconf.h */
+                                 * (via openssl/opensslconf.h */
 # ifdef OPENSSL_NO_DES
 #  error DES is disabled.
@ -77,16 +77,17 @@ extern "C" {
 typedef unsigned char DES_cblock[8];
 typedef /* const */ unsigned char const_DES_cblock[8];
-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
+/*
- * and const_DES_cblock * are incompatible pointer types. */
+ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and
 * const_DES_cblock * are incompatible pointer types.
 */
-typedef struct DES_ks
+typedef struct DES_ks {
-    {
+    union {
    union
 	{
        DES_cblock cblock;
-	/* make sure things are correct size on machines with
+        /*
-	 * 8 byte longs */
+         * make sure things are correct size on machines with 8 byte longs
         */
        DES_LONG deslong[2];
    } ks[16];
 } DES_key_schedule;
@ -136,37 +137,41 @@ DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
                       const_DES_cblock *ivec);
 /* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
 void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                     long length, DES_key_schedule *schedule,
-		     int enc);
+                     DES_cblock *ivec, int enc);
 void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                      long length, DES_key_schedule *schedule,
-		      int enc);
+                      DES_cblock *ivec, int enc);
 void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                      long length, DES_key_schedule *schedule,
-		      const_DES_cblock *inw,const_DES_cblock *outw,int enc);
+                      DES_cblock *ivec, const_DES_cblock *inw,
                      const_DES_cblock *outw, int enc);
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                     long length, DES_key_schedule *schedule,
-		     int enc);
+                     DES_cblock *ivec, int enc);
 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
                     DES_key_schedule *ks, int enc);
-/* 	This is the DES encryption function that gets called by just about
+/*
-	every other DES routine in the library.  You should not use this
+ * This is the DES encryption function that gets called by just about every
-	function except to implement 'modes' of DES.  I say this because the
+ * other DES routine in the library.  You should not use this function except
-	functions that call this routine do the conversion from 'char *' to
+ * to implement 'modes' of DES.  I say this because the functions that call
-	long, and this needs to be done to make sure 'non-aligned' memory
+ * this routine do the conversion from 'char *' to long, and this needs to be
-	access do not occur.  The characters are loaded 'little endian'.
+ * done to make sure 'non-aligned' memory access do not occur.  The
-	Data is a pointer to 2 unsigned long's and ks is the
+ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned
-	DES_key_schedule to use.  enc, is non zero specifies encryption,
+ * long's and ks is the DES_key_schedule to use.  enc, is non zero specifies
-	zero if decryption. */
+ * encryption, zero if decryption.
 */
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
-/* 	This functions is the same as DES_encrypt1() except that the DES
+/*
-	initial permutation (IP) and final permutation (FP) have been left
+ * This functions is the same as DES_encrypt1() except that the DES initial
-	out.  As for DES_encrypt1(), you should not use this function.
+ * permutation (IP) and final permutation (FP) have been left out.  As for
-	It is used by the routines in the library that implement triple DES.
+ * DES_encrypt1(), you should not use this function. It is used by the
-	IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
+ * routines in the library that implement triple DES. IP() DES_encrypt2()
-	as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
+ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1()
 * DES_encrypt1() DES_encrypt1() except faster :-).
 */
 void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
 void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
@ -181,8 +186,7 @@ void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
                           long length,
                           DES_key_schedule *ks1, DES_key_schedule *ks2,
                           DES_key_schedule *ks3,
-			   DES_cblock *ivec1,DES_cblock *ivec2,
+                           DES_cblock *ivec1, DES_cblock *ivec2, int enc);
 			   int enc);
 void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                            long length, DES_key_schedule *ks1,
                            DES_key_schedule *ks2, DES_key_schedule *ks3,
@ -207,34 +211,42 @@ int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
 char *DES_fcrypt(const char *buf, const char *salt, char *ret);
 char *DES_crypt(const char *buf, const char *salt);
 void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec);
+                     long length, DES_key_schedule *schedule,
                     DES_cblock *ivec);
 void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+                      long length, DES_key_schedule *schedule,
-		      int enc);
+                      DES_cblock *ivec, int enc);
 DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
                        long length, int out_count, DES_cblock *seed);
 int DES_random_key(DES_cblock *ret);
 void DES_set_odd_parity(DES_cblock *key);
 int DES_check_key_parity(const_DES_cblock *key);
 int DES_is_weak_key(const_DES_cblock *key);
-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
+/*
 * DES_set_key (= set_key = DES_key_sched = key_sched) calls
 * DES_set_key_checked if global variable DES_check_key is set,
- * DES_set_key_unchecked otherwise. */
+ * DES_set_key_unchecked otherwise.
 */
 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
 # ifdef OPENSSL_FIPS
 void private_DES_set_key_unchecked(const_DES_cblock *key,
                                   DES_key_schedule *schedule);
 # endif
 void DES_string_to_key(const char *str, DES_cblock *key);
 void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num,
+                       long length, DES_key_schedule *schedule,
-		       int enc);
+                       DES_cblock *ivec, int *num, int enc);
-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num);
+                       long length, DES_key_schedule *schedule,
                       DES_cblock *ivec, int *num);
 int DES_read_password(DES_cblock *key, const char *prompt, int verify);
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
-	int verify);
+                        const char *prompt, int verify);
 # define DES_fixup_key_parity DES_set_odd_parity
--- a/src/Mayaqua/win32_inc/openssl/des_old.h
+++ b/src/Mayaqua/win32_inc/openssl/des_old.h
@ -1,6 +1,7 @@
 /* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+/*-
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 *
 * The function names in here are deprecated and are only present to
 * provide an interface compatible with openssl 0.9.6 and older as
@ -31,8 +32,9 @@
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+/*
- * project 2001.
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
 */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
@ -121,12 +123,12 @@ extern "C" {
 # endif
 typedef unsigned char _ossl_old_des_cblock[8];
-typedef struct _ossl_old_des_ks_struct
+typedef struct _ossl_old_des_ks_struct {
 	{
    union {
        _ossl_old_des_cblock _;
-		/* make sure things are correct size on machines with
+        /*
-		 * 8 byte longs */
+         * make sure things are correct size on machines with 8 byte longs
         */
        DES_LONG pad[2];
    } ks;
 } _ossl_old_des_key_schedule[16];
@ -220,7 +222,6 @@ typedef struct _ossl_old_des_ks_struct
 #  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
        DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
 #  define des_ecb2_encrypt(i,o,k1,k2,e) \
        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
@ -236,8 +237,10 @@ typedef struct _ossl_old_des_ks_struct
 #  define des_check_key DES_check_key
 #  define des_rw_mode DES_rw_mode
 # else                          /* libdes compatibility */
-/* Map all symbol names to _ossl_old_des_* form, so we avoid all
+/*
-   clashes with libdes */
+ * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with
 * libdes
 */
 #  define des_cblock _ossl_old_des_cblock
 #  define des_key_schedule _ossl_old_des_key_schedule
 #  define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
@ -315,7 +318,6 @@ typedef struct _ossl_old_des_ks_struct
 #  define des_ofb64_encrypt(i,o,l,ks,iv,n)\
        _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
 #  define des_ecb2_encrypt(i,o,k1,k2,e) \
        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
@ -333,45 +335,76 @@ typedef struct _ossl_old_des_ks_struct
 # endif
 const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
-	_ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
+                                _ossl_old_des_cblock *output,
                                _ossl_old_des_key_schedule ks1,
                                _ossl_old_des_key_schedule ks2,
                                _ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+                                 _ossl_old_des_cblock *output, long length,
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+                                 _ossl_old_des_key_schedule schedule,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+                                 _ossl_old_des_cblock *ivec);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+                               _ossl_old_des_cblock *output, long length,
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+                               _ossl_old_des_key_schedule schedule,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+                               _ossl_old_des_cblock *ivec, int enc);
-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+                                _ossl_old_des_cblock *output, long length,
-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+                                _ossl_old_des_key_schedule schedule,
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+                                _ossl_old_des_cblock *ivec, int enc);
 void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
                                _ossl_old_des_cblock *output, long length,
                                _ossl_old_des_key_schedule schedule,
                                _ossl_old_des_cblock *ivec,
                                _ossl_old_des_cblock *inw,
                                _ossl_old_des_cblock *outw, int enc);
 void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
                               int numbits, long length,
                               _ossl_old_des_key_schedule schedule,
                               _ossl_old_des_cblock *ivec, int enc);
 void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
                               _ossl_old_des_cblock *output,
                               _ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks,
-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+                           int enc);
 void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks,
                            int enc);
 void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+                            _ossl_old_des_key_schedule ks2,
                            _ossl_old_des_key_schedule ks3);
 void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+                            _ossl_old_des_key_schedule ks2,
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+                            _ossl_old_des_key_schedule ks3);
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
+                                    _ossl_old_des_cblock *output, long length,
                                    _ossl_old_des_key_schedule ks1,
                                    _ossl_old_des_key_schedule ks2,
                                    _ossl_old_des_key_schedule ks3,
                                    _ossl_old_des_cblock *ivec, int enc);
 void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+                                      long length,
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
+                                      _ossl_old_des_key_schedule ks1,
                                      _ossl_old_des_key_schedule ks2,
                                      _ossl_old_des_key_schedule ks3,
                                      _ossl_old_des_cblock *ivec, int *num,
                                      int enc);
 void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+                                      long length,
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
+                                      _ossl_old_des_key_schedule ks1,
                                      _ossl_old_des_key_schedule ks2,
                                      _ossl_old_des_key_schedule ks3,
                                      _ossl_old_des_cblock *ivec, int *num);
 # if 0
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
                                 _ossl_old_des_cblock (*in_white),
                                 _ossl_old_des_cblock (*out_white));
 # endif
-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+int _ossl_old_des_enc_read(int fd, char *buf, int len,
                           _ossl_old_des_key_schedule sched,
                           _ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+int _ossl_old_des_enc_write(int fd, char *buf, int len,
                            _ossl_old_des_key_schedule sched,
                            _ossl_old_des_cblock *iv);
 char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret);
 char *_ossl_old_des_crypt(const char *buf, const char *salt);
@ -379,31 +412,49 @@ char *_ossl_old_des_crypt(const char *buf,const char *salt);
 char *_ossl_old_crypt(const char *buf, const char *salt);
 # endif
 void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
-	int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+                               int numbits, long length,
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+                               _ossl_old_des_key_schedule schedule,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+                               _ossl_old_des_cblock *ivec);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
-	long length,int out_count,_ossl_old_des_cblock *seed);
+                                _ossl_old_des_cblock *output, long length,
                                _ossl_old_des_key_schedule schedule,
                                _ossl_old_des_cblock *ivec, int enc);
 DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
                                  _ossl_old_des_cblock *output, long length,
                                  int out_count, _ossl_old_des_cblock *seed);
 void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
 void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
+                                int verify);
 int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
                                  _ossl_old_des_cblock *key2,
                                  const char *prompt, int verify);
 void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
 int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+                          _ossl_old_des_key_schedule schedule);
 int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
                            _ossl_old_des_key_schedule schedule);
 void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+                                   _ossl_old_des_cblock *key2);
-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+                                 long length,
-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
+                                 _ossl_old_des_key_schedule schedule,
                                 _ossl_old_des_cblock *ivec, int *num,
                                 int enc);
 void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
                                 long length,
                                 _ossl_old_des_key_schedule schedule,
                                 _ossl_old_des_cblock *ivec, int *num);
 void _ossl_096_des_random_seed(des_cblock *key);
-/* The following definitions provide compatibility with the MIT Kerberos
+/*
- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
+ * The following definitions provide compatibility with the MIT Kerberos
 * library. The _ossl_old_des_key_schedule structure is not binary
 * compatible.
 */
 # define _KERBEROS_DES_H
--- a/src/Mayaqua/win32_inc/openssl/dh.h
+++ b/src/Mayaqua/win32_inc/openssl/dh.h
@ -77,16 +77,34 @@
 #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
 # endif
 #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
 # define DH_FLAG_CACHE_MONT_P     0x01
-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+
 /*
 * new with 0.9.7h; the built-in DH
 * implementation now uses constant time
 * modular exponentiation for secret exponents
 * by default. This flag causes the
 * faster variable sliding window method to
 * be used for all exponents.
 */
 # define DH_FLAG_NO_EXP_CONSTTIME 0x02
 /*
 * If this flag is set the DH method is FIPS compliant and can be used in
 * FIPS mode. This is set in the validated module method. If an application
 * sets this flag in its own methods it is its reposibility to ensure the
 * result is compliant.
 */
 # define DH_FLAG_FIPS_METHOD                     0x0400
 /*
 * If this flag is set the operations normally disabled in FIPS mode are
 * permitted it is then the applications responsibility to ensure that the
 * usage is compliant.
 */
 # define DH_FLAG_NON_FIPS_ALLOW                  0x0400
 #ifdef  __cplusplus
 extern "C" {
@ -96,28 +114,29 @@ extern "C" {
 /* typedef struct dh_st DH; */
 /* typedef struct dh_method DH_METHOD; */
-struct dh_method
+struct dh_method {
 	{
    const char *name;
    /* Methods here */
    int (*generate_key) (DH *dh);
    int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
    /* Can be null */
    int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-				BN_MONT_CTX *m_ctx); /* Can be null */
+                       BN_MONT_CTX *m_ctx);
    int (*init) (DH *dh);
    int (*finish) (DH *dh);
    int flags;
    char *app_data;
    /* If this is non-NULL, it will be used to generate parameters */
-	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
+    int (*generate_params) (DH *dh, int prime_len, int generator,
                            BN_GENCB *cb);
 };
-struct dh_st
+struct dh_st {
-	{
+    /*
-	/* This first argument is used to pick up errors when
+     * This first argument is used to pick up errors when a DH is passed
-	 * a DH is passed instead of a EVP_PKEY */
+     * instead of a EVP_PKEY
     */
    int pad;
    int version;
    BIGNUM *p;
@ -125,7 +144,6 @@ struct dh_st
    long length;                /* optional */
    BIGNUM *pub_key;            /* g^x */
    BIGNUM *priv_key;           /* x */
    int flags;
    BN_MONT_CTX *method_mont_p;
    /* Place holders if we want to do X9.42 DH */
@ -134,7 +152,6 @@ struct dh_st
    unsigned char *seed;
    int seedlen;
    BIGNUM *counter;
    int references;
    CRYPTO_EX_DATA ex_data;
    const DH_METHOD *meth;
@ -150,16 +167,20 @@ struct dh_st
 # define DH_CHECK_P_NOT_SAFE_PRIME       0x02
 # define DH_UNABLE_TO_CHECK_GENERATOR    0x04
 # define DH_NOT_SUITABLE_GENERATOR       0x08
 # define DH_CHECK_Q_NOT_PRIME            0x10
 # define DH_CHECK_INVALID_Q_VALUE        0x20
 # define DH_CHECK_INVALID_J_VALUE        0x40
 /* DH_check_pub_key error codes */
 # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
 # define DH_CHECK_PUBKEY_TOO_LARGE       0x02
-/* primes p where (p-1)/2 is prime too are called "safe"; we define
+/*
-   this for backward compatibility: */
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
 * backward compatibility:
 */
 # define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
 #define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
 # define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
 # define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
@ -167,12 +188,9 @@ struct dh_st
 # define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
 # define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-const DH_METHOD *DH_OpenSSL(void);
+DH *DHparams_dup(DH *);
-#ifdef OPENSSL_FIPS
+const DH_METHOD *DH_OpenSSL(void);
 DH *	FIPS_dh_new(void);
 void	FIPS_dh_free(DH *dh);
 #endif
 void DH_set_default_method(const DH_METHOD *meth);
 const DH_METHOD *DH_get_default_method(void);
@ -195,14 +213,18 @@ DH *	DH_generate_parameters(int prime_len,int generator,
 # endif                         /* !defined(OPENSSL_NO_DEPRECATED) */
 /* New version */
-int	DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
                              BN_GENCB *cb);
 int DH_check(const DH *dh, int *codes);
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
 int DH_generate_key(DH *dh);
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
 int i2d_DHparams(const DH *a, unsigned char **pp);
 DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
 int i2d_DHxparams(const DH *a, unsigned char **pp);
 # ifndef OPENSSL_NO_FP_API
 int DHparams_print_fp(FILE *fp, const DH *x);
 # endif
@ -212,8 +234,113 @@ int	DHparams_print(BIO *bp, const DH *x);
 int DHparams_print(char *bp, const DH *x);
 # endif
 /* RFC 5114 parameters */
 DH *DH_get_1024_160(void);
 DH *DH_get_2048_224(void);
 DH *DH_get_2048_256(void);
 /* RFC2631 KDF */
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                 const unsigned char *Z, size_t Zlen,
                 ASN1_OBJECT *key_oid,
                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
 # define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
 # define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
 # define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
 # define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
 # define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
 # define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
 # define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
 # define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)oid)
 # define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)poid)
 # define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)md)
 # define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)pmd)
 # define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
 # define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                        EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)plen)
 # define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)p)
 # define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
                                EVP_PKEY_OP_DERIVE, \
                                EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)p)
 # define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
 # define EVP_PKEY_CTRL_DH_RFC5114                (EVP_PKEY_ALG_CTRL + 3)
 # define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN  (EVP_PKEY_ALG_CTRL + 4)
 # define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE          (EVP_PKEY_ALG_CTRL + 5)
 # define EVP_PKEY_CTRL_DH_KDF_TYPE               (EVP_PKEY_ALG_CTRL + 6)
 # define EVP_PKEY_CTRL_DH_KDF_MD                 (EVP_PKEY_ALG_CTRL + 7)
 # define EVP_PKEY_CTRL_GET_DH_KDF_MD             (EVP_PKEY_ALG_CTRL + 8)
 # define EVP_PKEY_CTRL_DH_KDF_OUTLEN             (EVP_PKEY_ALG_CTRL + 9)
 # define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN         (EVP_PKEY_ALG_CTRL + 10)
 # define EVP_PKEY_CTRL_DH_KDF_UKM                (EVP_PKEY_ALG_CTRL + 11)
 # define EVP_PKEY_CTRL_GET_DH_KDF_UKM            (EVP_PKEY_ALG_CTRL + 12)
 # define EVP_PKEY_CTRL_DH_KDF_OID                (EVP_PKEY_ALG_CTRL + 13)
 # define EVP_PKEY_CTRL_GET_DH_KDF_OID            (EVP_PKEY_ALG_CTRL + 14)
 /* KDF types */
 # define EVP_PKEY_DH_KDF_NONE                            1
 # define EVP_PKEY_DH_KDF_X9_42                           2
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_DH_strings(void);
@ -222,22 +349,42 @@ void ERR_load_DH_strings(void);
 /* Function codes. */
 # define DH_F_COMPUTE_KEY                                 102
 #define DH_F_DHPARAMS_PRINT				 100
 # define DH_F_DHPARAMS_PRINT_FP                           101
 # define DH_F_DH_BUILTIN_GENPARAMS                        106
-#define DH_F_DH_COMPUTE_KEY				 107
+# define DH_F_DH_CMS_DECRYPT                              117
-#define DH_F_DH_GENERATE_KEY				 108
+# define DH_F_DH_CMS_SET_PEERKEY                          118
-#define DH_F_DH_GENERATE_PARAMETERS			 109
+# define DH_F_DH_CMS_SET_SHARED_INFO                      119
 # define DH_F_DH_COMPUTE_KEY                              114
 # define DH_F_DH_GENERATE_KEY                             115
 # define DH_F_DH_GENERATE_PARAMETERS_EX                   116
 # define DH_F_DH_NEW_METHOD                               105
 # define DH_F_DH_PARAM_DECODE                             107
 # define DH_F_DH_PRIV_DECODE                              110
 # define DH_F_DH_PRIV_ENCODE                              111
 # define DH_F_DH_PUB_DECODE                               108
 # define DH_F_DH_PUB_ENCODE                               109
 # define DH_F_DO_DH_PRINT                                 100
 # define DH_F_GENERATE_KEY                                103
 # define DH_F_GENERATE_PARAMETERS                         104
 # define DH_F_PKEY_DH_DERIVE                              112
 # define DH_F_PKEY_DH_KEYGEN                              113
 /* Reason codes. */
 # define DH_R_BAD_GENERATOR                               101
 # define DH_R_BN_DECODE_ERROR                             109
 # define DH_R_BN_ERROR                                    106
 # define DH_R_DECODE_ERROR                                104
 # define DH_R_INVALID_PUBKEY                              102
-#define DH_R_KEY_SIZE_TOO_SMALL				 104
+# define DH_R_KDF_PARAMETER_ERROR                         112
 # define DH_R_KEYS_NOT_SET                                108
 # define DH_R_KEY_SIZE_TOO_SMALL                          110
 # define DH_R_MODULUS_TOO_LARGE                           103
 # define DH_R_NON_FIPS_METHOD                             111
 # define DH_R_NO_PARAMETERS_SET                           107
 # define DH_R_NO_PRIVATE_VALUE                            100
 # define DH_R_PARAMETER_ENCODING_ERROR                    105
 # define DH_R_PEER_KEY_ERROR                              113
 # define DH_R_SHARED_INFO_ERROR                           114
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/dsa.h
+++ b/src/Mayaqua/win32_inc/openssl/dsa.h
@ -88,36 +88,31 @@
 #  define OPENSSL_DSA_MAX_MODULUS_BITS   10000
 # endif
 #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
 # define DSA_FLAG_CACHE_MONT_P   0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
+/*
-                                              * implementation now uses constant time
+ * new with 0.9.7h; the built-in DSA implementation now uses constant time
-                                              * modular exponentiation for secret exponents
+ * modular exponentiation for secret exponents by default. This flag causes
-                                              * by default. This flag causes the
+ * the faster variable sliding window method to be used for all exponents.
                                              * faster variable sliding window method to
                                              * be used for all exponents.
 */
 # define DSA_FLAG_NO_EXP_CONSTTIME       0x02
-/* If this flag is set the DSA method is FIPS compliant and can be used
+/*
- * in FIPS mode. This is set in the validated module method. If an
+ * If this flag is set the DSA method is FIPS compliant and can be used in
- * application sets this flag in its own methods it is its reposibility
+ * FIPS mode. This is set in the validated module method. If an application
- * to ensure the result is compliant.
+ * sets this flag in its own methods it is its reposibility to ensure the
 * result is compliant.
 */
 # define DSA_FLAG_FIPS_METHOD                    0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
+/*
 * If this flag is set the operations normally disabled in FIPS mode are
 * permitted it is then the applications responsibility to ensure that the
 * usage is compliant.
 */
 # define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
 #ifdef OPENSSL_FIPS
 #define FIPS_DSA_SIZE_T	int
 #endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@ -126,14 +121,12 @@ extern "C" {
 /* typedef struct dsa_st DSA; */
 /* typedef struct dsa_method DSA_METHOD; */
-typedef struct DSA_SIG_st
+typedef struct DSA_SIG_st {
 	{
    BIGNUM *r;
    BIGNUM *s;
 } DSA_SIG;
-struct dsa_method
+struct dsa_method {
 	{
    const char *name;
    DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
    int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
@ -143,39 +136,37 @@ struct dsa_method
    int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
                        BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
                        BN_MONT_CTX *in_mont);
    /* Can be null */
    int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-				const BIGNUM *m, BN_CTX *ctx,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 				BN_MONT_CTX *m_ctx); /* Can be null */
    int (*init) (DSA *dsa);
    int (*finish) (DSA *dsa);
    int flags;
    char *app_data;
    /* If this is non-NULL, it is used to generate DSA parameters */
    int (*dsa_paramgen) (DSA *dsa, int bits,
-			unsigned char *seed, int seed_len,
+                         const unsigned char *seed, int seed_len,
                         int *counter_ret, unsigned long *h_ret,
                         BN_GENCB *cb);
    /* If this is non-NULL, it is used to generate DSA keys */
    int (*dsa_keygen) (DSA *dsa);
 };
-struct dsa_st
+struct dsa_st {
-	{
+    /*
-	/* This first variable is used to pick up errors where
+     * This first variable is used to pick up errors where a DSA is passed
-	 * a DSA is passed instead of of a EVP_PKEY */
+     * instead of of a EVP_PKEY
     */
    int pad;
    long version;
    int write_params;
    BIGNUM *p;
    BIGNUM *q;                  /* == 20 */
    BIGNUM *g;
    BIGNUM *pub_key;            /* y public key */
    BIGNUM *priv_key;           /* x private key */
    BIGNUM *kinv;               /* Signing pre-calc */
    BIGNUM *r;                  /* Signing pre-calc */
    int flags;
    /* Normally used to cache montgomery values */
    BN_MONT_CTX *method_mont_p;
@ -186,7 +177,6 @@ struct dsa_st
    ENGINE *engine;
 };
 #define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
 # define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
 # define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
@ -194,7 +184,7 @@ struct dsa_st
 # define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
 # define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
-
+DSA *DSAparams_dup(DSA *x);
 DSA_SIG *DSA_SIG_new(void);
 void DSA_SIG_free(DSA_SIG *a);
 int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
@ -210,11 +200,6 @@ void	DSA_set_default_method(const DSA_METHOD *);
 const DSA_METHOD *DSA_get_default_method(void);
 int DSA_set_method(DSA *dsa, const DSA_METHOD *);
 #ifdef OPENSSL_FIPS
 DSA *	FIPS_dsa_new(void);
 void	FIPS_dsa_free (DSA *r);
 #endif
 DSA *DSA_new(void);
 DSA *DSA_new_method(ENGINE *engine);
 void DSA_free(DSA *r);
@ -246,8 +231,9 @@ DSA *	DSA_generate_parameters(int bits,
 /* New version */
 int DSA_generate_parameters_ex(DSA *dsa, int bits,
-		unsigned char *seed,int seed_len,
+                               const unsigned char *seed, int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+                               int *counter_ret, unsigned long *h_ret,
                               BN_GENCB *cb);
 int DSA_generate_key(DSA *a);
 int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
@ -264,24 +250,32 @@ int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 # endif
 # define DSS_prime_checks 50
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
+/*
- * 50 rounds of Rabin-Miller */
+ * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
 * Rabin-Miller
 */
 # define DSA_is_prime(n, callback, cb_arg) \
        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
 # ifndef OPENSSL_NO_DH
-/* Convert DSA structure (key or just parameters) into DH structure
+/*
- * (be careful to avoid small subgroup attacks when using this!) */
+ * Convert DSA structure (key or just parameters) into DH structure (be
 * careful to avoid small subgroup attacks when using this!)
 */
 DH *DSA_dup_DH(const DSA *r);
 # endif
-#ifdef OPENSSL_FIPS
+# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
-int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-#endif
+
 # define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
 # define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_DSA_strings(void);
@ -290,33 +284,47 @@ void ERR_load_DSA_strings(void);
 /* Function codes. */
 # define DSA_F_D2I_DSA_SIG                                110
 # define DSA_F_DO_DSA_PRINT                               104
 # define DSA_F_DSAPARAMS_PRINT                            100
 # define DSA_F_DSAPARAMS_PRINT_FP                         101
-#define DSA_F_DSA_BUILTIN_KEYGEN			 119
+# define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
 #define DSA_F_DSA_BUILTIN_PARAMGEN			 118
 # define DSA_F_DSA_DO_SIGN                                112
 # define DSA_F_DSA_DO_VERIFY                              113
-#define DSA_F_DSA_GENERATE_PARAMETERS			 117
+# define DSA_F_DSA_GENERATE_KEY                           124
 # define DSA_F_DSA_GENERATE_PARAMETERS_EX                 123
 # define DSA_F_DSA_NEW_METHOD                             103
-#define DSA_F_DSA_PRINT					 104
+# define DSA_F_DSA_PARAM_DECODE                           119
 # define DSA_F_DSA_PRINT_FP                               105
-#define DSA_F_DSA_SET_DEFAULT_METHOD			 115
+# define DSA_F_DSA_PRIV_DECODE                            115
-#define DSA_F_DSA_SET_METHOD				 116
+# define DSA_F_DSA_PRIV_ENCODE                            116
 # define DSA_F_DSA_PUB_DECODE                             117
 # define DSA_F_DSA_PUB_ENCODE                             118
 # define DSA_F_DSA_SIGN                                   106
 # define DSA_F_DSA_SIGN_SETUP                             107
 # define DSA_F_DSA_SIG_NEW                                109
 # define DSA_F_DSA_SIG_PRINT                              125
 # define DSA_F_DSA_VERIFY                                 108
 # define DSA_F_I2D_DSA_SIG                                111
 # define DSA_F_OLD_DSA_PRIV_DECODE                        122
 # define DSA_F_PKEY_DSA_CTRL                              120
 # define DSA_F_PKEY_DSA_KEYGEN                            121
 # define DSA_F_SIG_CB                                     114
 /* Reason codes. */
 # define DSA_R_BAD_Q_VALUE                                102
 # define DSA_R_BN_DECODE_ERROR                            108
 # define DSA_R_BN_ERROR                                   109
 # define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
-#define DSA_R_KEY_SIZE_TOO_SMALL			 106
+# define DSA_R_DECODE_ERROR                               104
 # define DSA_R_INVALID_DIGEST_TYPE                        106
 # define DSA_R_INVALID_PARAMETERS                         112
 # define DSA_R_MISSING_PARAMETERS                         101
 # define DSA_R_MODULUS_TOO_LARGE                          103
-#define DSA_R_NON_FIPS_METHOD				 104
+# define DSA_R_NEED_NEW_SETUP_VALUES                      110
-#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 105
+# define DSA_R_NON_FIPS_DSA_METHOD                        111
 # define DSA_R_NO_PARAMETERS_SET                          107
 # define DSA_R_PARAMETER_ENCODING_ERROR                   105
 # define DSA_R_Q_NOT_PRIME                                113
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/dso.h
+++ b/src/Mayaqua/win32_inc/openssl/dso.h
@ -1,6 +1,7 @@
 /* dso.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+/*
- * project 2000.
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
 */
 /* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@ -70,86 +71,92 @@ extern "C" {
 # define DSO_CTRL_SET_FLAGS      2
 # define DSO_CTRL_OR_FLAGS       3
-/* By default, DSO_load() will translate the provided filename into a form
+/*
 * By default, DSO_load() will translate the provided filename into a form
 * typical for the platform (more specifically the DSO_METHOD) using the
 * dso_name_converter function of the method. Eg. win32 will transform "blah"
 * into "blah.dll", and dlfcn will transform it into "libblah.so". The
- * behaviour can be overriden by setting the name_converter callback in the DSO
+ * behaviour can be overriden by setting the name_converter callback in the
- * object (using DSO_set_name_converter()). This callback could even utilise
+ * DSO object (using DSO_set_name_converter()). This callback could even
- * the DSO_METHOD's converter too if it only wants to override behaviour for
+ * utilise the DSO_METHOD's converter too if it only wants to override
- * one or two possible DSO methods. However, the following flag can be set in a
+ * behaviour for one or two possible DSO methods. However, the following flag
- * DSO to prevent *any* native name-translation at all - eg. if the caller has
+ * can be set in a DSO to prevent *any* native name-translation at all - eg.
- * prompted the user for a path to a driver library so the filename should be
+ * if the caller has prompted the user for a path to a driver library so the
- * interpreted as-is. */
+ * filename should be interpreted as-is.
 */
 # define DSO_FLAG_NO_NAME_TRANSLATION            0x01
-/* An extra flag to give if only the extension should be added as
+/*
- * translation.  This is obviously only of importance on Unix and
+ * An extra flag to give if only the extension should be added as
- * other operating systems where the translation also may prefix
+ * translation.  This is obviously only of importance on Unix and other
- * the name with something, like 'lib', and ignored everywhere else.
+ * operating systems where the translation also may prefix the name with
- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
+ * something, like 'lib', and ignored everywhere else. This flag is also
- * at the same time. */
+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
 */
 # define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
-/* The following flag controls the translation of symbol names to upper
+/*
- * case.  This is currently only being implemented for OpenVMS.
+ * The following flag controls the translation of symbol names to upper case.
 * This is currently only being implemented for OpenVMS.
 */
 # define DSO_FLAG_UPCASE_SYMBOL                  0x10
-/* This flag loads the library with public symbols.
+/*
- * Meaning: The exported symbols of this library are public
+ * This flag loads the library with public symbols. Meaning: The exported
- * to all libraries loaded after this library.
+ * symbols of this library are public to all libraries loaded after this
- * At the moment only implemented in unix.
+ * library. At the moment only implemented in unix.
 */
 # define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
 typedef void (*DSO_FUNC_TYPE) (void);
 typedef struct dso_st DSO;
-/* The function prototype used for method functions (or caller-provided
+/*
- * callbacks) that transform filenames. They are passed a DSO structure pointer
+ * The function prototype used for method functions (or caller-provided
- * (or NULL if they are to be used independantly of a DSO object) and a
+ * callbacks) that transform filenames. They are passed a DSO structure
- * filename to transform. They should either return NULL (if there is an error
+ * pointer (or NULL if they are to be used independantly of a DSO object) and
- * condition) or a newly allocated string containing the transformed form that
+ * a filename to transform. They should either return NULL (if there is an
- * the caller will need to free with OPENSSL_free() when done. */
+ * error condition) or a newly allocated string containing the transformed
 * form that the caller will need to free with OPENSSL_free() when done.
 */
 typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/* The function prototype used for method functions (or caller-provided
+/*
- * callbacks) that merge two file specifications. They are passed a
+ * The function prototype used for method functions (or caller-provided
- * DSO structure pointer (or NULL if they are to be used independantly of
+ * callbacks) that merge two file specifications. They are passed a DSO
- * a DSO object) and two file specifications to merge. They should
+ * structure pointer (or NULL if they are to be used independantly of a DSO
- * either return NULL (if there is an error condition) or a newly allocated
+ * object) and two file specifications to merge. They should either return
- * string containing the result of merging that the caller will need
+ * NULL (if there is an error condition) or a newly allocated string
- * to free with OPENSSL_free() when done.
+ * containing the result of merging that the caller will need to free with
- * Here, merging means that bits and pieces are taken from each of the
+ * OPENSSL_free() when done. Here, merging means that bits and pieces are
- * file specifications and added together in whatever fashion that is
+ * taken from each of the file specifications and added together in whatever
- * sensible for the DSO method in question.  The only rule that really
+ * fashion that is sensible for the DSO method in question.  The only rule
- * applies is that if the two specification contain pieces of the same
+ * that really applies is that if the two specification contain pieces of the
- * type, the copy from the first string takes priority.  One could see
+ * same type, the copy from the first string takes priority.  One could see
- * it as the first specification is the one given by the user and the
+ * it as the first specification is the one given by the user and the second
- * second being a bunch of defaults to add on if they're missing in the
+ * being a bunch of defaults to add on if they're missing in the first.
- * first. */
+ */
 typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
-typedef struct dso_meth_st
+typedef struct dso_meth_st {
 	{
    const char *name;
-	/* Loads a shared library, NB: new DSO_METHODs must ensure that a
+    /*
     * Loads a shared library, NB: new DSO_METHODs must ensure that a
     * successful load populates the loaded_filename field, and likewise a
-	 * successful unload OPENSSL_frees and NULLs it out. */
+     * successful unload OPENSSL_frees and NULLs it out.
     */
    int (*dso_load) (DSO *dso);
    /* Unloads a shared library */
    int (*dso_unload) (DSO *dso);
    /* Binds a variable */
    void *(*dso_bind_var) (DSO *dso, const char *symname);
-	/* Binds a function - assumes a return type of DSO_FUNC_TYPE.
+    /*
-	 * This should be cast to the real function prototype by the
+     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
-	 * caller. Platforms that don't have compatible representations
+     * be cast to the real function prototype by the caller. Platforms that
-	 * for different prototypes (this is possible within ANSI C)
+     * don't have compatible representations for different prototypes (this
-	 * are highly unlikely to have shared libraries at all, let
+     * is possible within ANSI C) are highly unlikely to have shared
-	 * alone a DSO_METHOD implemented for them. */
+     * libraries at all, let alone a DSO_METHOD implemented for them.
     */
    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
 /* I don't think this would actually be used in any circumstances. */
 # if 0
    /* Unbinds a variable */
@ -157,62 +164,80 @@ typedef struct dso_meth_st
    /* Unbinds a function */
    int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
 # endif
-	/* The generic (yuck) "ctrl()" function. NB: Negative return
+    /*
-	 * values (rather than zero) indicate errors. */
+     * The generic (yuck) "ctrl()" function. NB: Negative return values
     * (rather than zero) indicate errors.
     */
    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
-	/* The default DSO_METHOD-specific function for converting filenames to
+    /*
-	 * a canonical native form. */
+     * The default DSO_METHOD-specific function for converting filenames to a
     * canonical native form.
     */
    DSO_NAME_CONVERTER_FUNC dso_name_converter;
-	/* The default DSO_METHOD-specific function for converting filenames to
+    /*
-	 * a canonical native form. */
+     * The default DSO_METHOD-specific function for converting filenames to a
     * canonical native form.
     */
    DSO_MERGER_FUNC dso_merger;
    /* [De]Initialisation handlers. */
    int (*init) (DSO *dso);
    int (*finish) (DSO *dso);
    /* Return pathname of the module containing location */
    int (*pathbyaddr) (void *addr, char *path, int sz);
    /* Perform global symbol lookup, i.e. among *all* modules */
    void *(*globallookup) (const char *symname);
 } DSO_METHOD;
 /**********************************************************************/
 /* The low-level handle type used to refer to a loaded shared library */
-struct dso_st
+struct dso_st {
 	{
    DSO_METHOD *meth;
-	/* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
+    /*
-	 * doesn't use anything but will need to cache the filename
+     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
-	 * for use in the dso_bind handler. All in all, let each
+     * anything but will need to cache the filename for use in the dso_bind
-	 * method control its own destiny. "Handles" and such go in
+     * handler. All in all, let each method control its own destiny.
-	 * a STACK. */
+     * "Handles" and such go in a STACK.
-	STACK *meth_data;
+     */
    STACK_OF(void) *meth_data;
    int references;
    int flags;
-	/* For use by applications etc ... use this for your bits'n'pieces,
+    /*
-	 * don't touch meth_data! */
+     * For use by applications etc ... use this for your bits'n'pieces, don't
     * touch meth_data!
     */
    CRYPTO_EX_DATA ex_data;
-	/* If this callback function pointer is set to non-NULL, then it will
+    /*
-	 * be used in DSO_load() in place of meth->dso_name_converter. NB: This
+     * If this callback function pointer is set to non-NULL, then it will be
-	 * should normally set using DSO_set_name_converter(). */
+     * used in DSO_load() in place of meth->dso_name_converter. NB: This
     * should normally set using DSO_set_name_converter().
     */
    DSO_NAME_CONVERTER_FUNC name_converter;
-	/* If this callback function pointer is set to non-NULL, then it will
+    /*
-	 * be used in DSO_load() in place of meth->dso_merger. NB: This
+     * If this callback function pointer is set to non-NULL, then it will be
-	 * should normally set using DSO_set_merger(). */
+     * used in DSO_load() in place of meth->dso_merger. NB: This should
     * normally set using DSO_set_merger().
     */
    DSO_MERGER_FUNC merger;
-	/* This is populated with (a copy of) the platform-independant
+    /*
-	 * filename used for this DSO. */
+     * This is populated with (a copy of) the platform-independant filename
     * used for this DSO.
     */
    char *filename;
-	/* This is populated with (a copy of) the translated filename by which
+    /*
     * This is populated with (a copy of) the translated filename by which
     * the DSO was actually loaded. It is NULL iff the DSO is not currently
-	 * loaded. NB: This is here because the filename translation process
+     * loaded. NB: This is here because the filename translation process may
-	 * may involve a callback being invoked more than once not only to
+     * involve a callback being invoked more than once not only to convert to
-	 * convert to a platform-specific form, but also to try different
+     * a platform-specific form, but also to try different filenames in the
-	 * filenames in the process of trying to perform a load. As such, this
+     * process of trying to perform a load. As such, this variable can be
-	 * variable can be used to indicate (a) whether this DSO structure
+     * used to indicate (a) whether this DSO structure corresponds to a
-	 * corresponds to a loaded library or not, and (b) the filename with
+     * loaded library or not, and (b) the filename with which it was actually
-	 * which it was actually loaded. */
+     * loaded.
     */
    char *loaded_filename;
 };
 DSO *DSO_new(void);
 DSO *DSO_new_method(DSO_METHOD *method);
 int DSO_free(DSO *dso);
@ -220,37 +245,47 @@ int	DSO_flags(DSO *dso);
 int DSO_up_ref(DSO *dso);
 long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-/* This function sets the DSO's name_converter callback. If it is non-NULL,
+/*
 * This function sets the DSO's name_converter callback. If it is non-NULL,
 * then it will be used instead of the associated DSO_METHOD's function. If
 * oldcb is non-NULL then it is set to the function pointer value being
- * replaced. Return value is non-zero for success. */
+ * replaced. Return value is non-zero for success.
 */
 int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
                           DSO_NAME_CONVERTER_FUNC *oldcb);
-/* These functions can be used to get/set the platform-independant filename
+/*
- * used for a DSO. NB: set will fail if the DSO is already loaded. */
+ * These functions can be used to get/set the platform-independant filename
 * used for a DSO. NB: set will fail if the DSO is already loaded.
 */
 const char *DSO_get_filename(DSO *dso);
 int DSO_set_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's name_converter callback to translate a
+/*
 * This function will invoke the DSO's name_converter callback to translate a
 * filename, or if the callback isn't set it will instead use the DSO_METHOD's
 * converter. If "filename" is NULL, the "filename" in the DSO itself will be
 * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
 * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
- * caller-created DSO_METHODs can do the same thing. A non-NULL return value
+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return
- * will need to be OPENSSL_free()'d. */
+ * value will need to be OPENSSL_free()'d.
 */
 char *DSO_convert_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's merger callback to merge two file
+/*
 * This function will invoke the DSO's merger callback to merge two file
 * specifications, or if the callback isn't set it will instead use the
 * DSO_METHOD's merger.  A non-NULL return value will need to be
- * OPENSSL_free()'d. */
+ * OPENSSL_free()'d.
 */
 char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
-/* If the DSO is currently loaded, this returns the filename that it was loaded
+/*
- * under, otherwise it returns NULL. So it is also useful as a test as to
+ * If the DSO is currently loaded, this returns the filename that it was
- * whether the DSO is currently loaded. NB: This will not necessarily return
+ * loaded under, otherwise it returns NULL. So it is also useful as a test as
- * the same value as DSO_convert_filename(dso, dso->filename), because the
+ * to whether the DSO is currently loaded. NB: This will not necessarily
- * DSO_METHOD's load function may have tried a variety of filenames (with
+ * return the same value as DSO_convert_filename(dso, dso->filename), because
 * the DSO_METHOD's load function may have tried a variety of filenames (with
 * and/or without the aid of the converters) before settling on the one it
- * actually loaded. */
+ * actually loaded.
 */
 const char *DSO_get_loaded_filename(DSO *dso);
 void DSO_set_default_method(DSO_METHOD *meth);
@ -258,11 +293,13 @@ DSO_METHOD *DSO_get_default_method(void);
 DSO_METHOD *DSO_get_method(DSO *dso);
 DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
-/* The all-singing all-dancing load function, you normally pass NULL
+/*
- * for the first and third parameters. Use DSO_up and DSO_free for
+ * The all-singing all-dancing load function, you normally pass NULL for the
- * subsequent reference count handling. Any flags passed in will be set
+ * first and third parameters. Use DSO_up and DSO_free for subsequent
- * in the constructed DSO after its init() function but before the
+ * reference count handling. Any flags passed in will be set in the
- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
+ * constructed DSO after its init() function but before the load operation.
 * If 'dso' is non-NULL, 'flags' is ignored.
 */
 DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
 /* This function binds to a variable inside a shared library. */
@ -271,23 +308,31 @@ void *DSO_bind_var(DSO *dso, const char *symname);
 /* This function binds to a function inside a shared library. */
 DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-/* This method is the default, but will beg, borrow, or steal whatever
+/*
- * method should be the default on any particular platform (including
+ * This method is the default, but will beg, borrow, or steal whatever method
- * DSO_METH_null() if necessary). */
+ * should be the default on any particular platform (including
 * DSO_METH_null() if necessary).
 */
 DSO_METHOD *DSO_METHOD_openssl(void);
-/* This method is defined for all platforms - if a platform has no
+/*
- * DSO support then this will be the only method! */
+ * This method is defined for all platforms - if a platform has no DSO
 * support then this will be the only method!
 */
 DSO_METHOD *DSO_METHOD_null(void);
-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
+/*
- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
+ * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen,
- * this method. If not, this method will return NULL. */
+ * dlclose, dlsym, etc) will be used and incorporated into this method. If
 * not, this method will return NULL.
 */
 DSO_METHOD *DSO_METHOD_dlfcn(void);
-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, 
+/*
- * shl_unload, shl_findsym, etc) will be used and incorporated into
+ * If DSO_DL is defined, the standard dl.h-style functions (shl_load,
- * this method. If not, this method will return NULL. */
+ * shl_unload, shl_findsym, etc) will be used and incorporated into this
 * method. If not, this method will return NULL.
 */
 DSO_METHOD *DSO_METHOD_dl(void);
 /* If WIN32 is defined, use DLLs. If not, return NULL. */
@ -296,8 +341,34 @@ DSO_METHOD *DSO_METHOD_win32(void);
 /* If VMS is defined, use shared images. If not, return NULL. */
 DSO_METHOD *DSO_METHOD_vms(void);
 /*
 * This function writes null-terminated pathname of DSO module containing
 * 'addr' into 'sz' large caller-provided 'path' and returns the number of
 * characters [including trailing zero] written to it. If 'sz' is 0 or
 * negative, 'path' is ignored and required amount of charachers [including
 * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then
 * pathname of cryptolib itself is returned. Negative or zero return value
 * denotes error.
 */
 int DSO_pathbyaddr(void *addr, char *path, int sz);
 /*
 * This function should be used with caution! It looks up symbols in *all*
 * loaded modules and if module gets unloaded by somebody else attempt to
 * dereference the pointer is doomed to have fatal consequences. Primary
 * usage for this function is to probe *core* system functionality, e.g.
 * check if getnameinfo(3) is available at run-time without bothering about
 * OS-specific details such as libc.so.versioning or where does it actually
 * reside: in libc itself or libsocket.
 */
 void *DSO_global_lookup(const char *name);
 /* If BeOS is defined, use shared images. If not, return NULL. */
 DSO_METHOD *DSO_METHOD_beos(void);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_DSO_strings(void);
@ -305,6 +376,11 @@ void ERR_load_DSO_strings(void);
 /* Error codes for the DSO functions. */
 /* Function codes. */
 # define DSO_F_BEOS_BIND_FUNC                             144
 # define DSO_F_BEOS_BIND_VAR                              145
 # define DSO_F_BEOS_LOAD                                  146
 # define DSO_F_BEOS_NAME_CONVERTER                        147
 # define DSO_F_BEOS_UNLOAD                                148
 # define DSO_F_DLFCN_BIND_FUNC                            100
 # define DSO_F_DLFCN_BIND_VAR                             101
 # define DSO_F_DLFCN_LOAD                                 102
@ -324,22 +400,29 @@ void ERR_load_DSO_strings(void);
 # define DSO_F_DSO_FREE                                   111
 # define DSO_F_DSO_GET_FILENAME                           127
 # define DSO_F_DSO_GET_LOADED_FILENAME                    128
 # define DSO_F_DSO_GLOBAL_LOOKUP                          139
 # define DSO_F_DSO_LOAD                                   112
 # define DSO_F_DSO_MERGE                                  132
 # define DSO_F_DSO_NEW_METHOD                             113
 # define DSO_F_DSO_PATHBYADDR                             140
 # define DSO_F_DSO_SET_FILENAME                           129
 # define DSO_F_DSO_SET_NAME_CONVERTER                     122
 # define DSO_F_DSO_UP_REF                                 114
 # define DSO_F_GLOBAL_LOOKUP_FUNC                         138
 # define DSO_F_PATHBYADDR                                 137
 # define DSO_F_VMS_BIND_SYM                               115
 # define DSO_F_VMS_LOAD                                   116
 # define DSO_F_VMS_MERGER                                 133
 # define DSO_F_VMS_UNLOAD                                 117
 # define DSO_F_WIN32_BIND_FUNC                            118
 # define DSO_F_WIN32_BIND_VAR                             119
 # define DSO_F_WIN32_GLOBALLOOKUP                         142
 # define DSO_F_WIN32_GLOBALLOOKUP_FUNC                    143
 # define DSO_F_WIN32_JOINER                               135
 # define DSO_F_WIN32_LOAD                                 120
 # define DSO_F_WIN32_MERGER                               134
 # define DSO_F_WIN32_NAME_CONVERTER                       125
 # define DSO_F_WIN32_PATHBYADDR                           141
 # define DSO_F_WIN32_SPLITTER                             136
 # define DSO_F_WIN32_UNLOAD                               121
--- a/src/Mayaqua/win32_inc/openssl/dtls1.h
+++ b/src/Mayaqua/win32_inc/openssl/dtls1.h
@ -72,16 +72,27 @@
 # elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #  include <sys/timeval.h>
 # else
 #  if defined(OPENSSL_SYS_VXWORKS)
 #   include <sys/times.h>
 #  else
 #   include <sys/time.h>
 #  endif
 # endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
 # define DTLS1_VERSION                   0xFEFF
 # define DTLS1_2_VERSION                 0xFEFD
 # define DTLS_MAX_VERSION                DTLS1_2_VERSION
 # define DTLS1_VERSION_MAJOR             0xFE
 # define DTLS1_BAD_VER                   0x0100
 /* Special value for method supporting multiple versions */
 # define DTLS_ANY_VERSION                0x1FFFF
 # if 0
 /* this alert description is not specified anywhere... */
 #  define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
@ -105,18 +116,25 @@ extern "C" {
 #  define DTLS1_AL_HEADER_LENGTH                   2
 # endif
 # ifndef OPENSSL_NO_SSL_INTERN
-typedef struct dtls1_bitmap_st
+#  ifndef OPENSSL_NO_SCTP
-	{
+#   define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
-	PQ_64BIT map;
+#  endif
-	unsigned long length;     /* sizeof the bitmap in bits */
+
-	PQ_64BIT max_seq_num;  /* max record number seen so far */
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
 #  define DTLS1_MAX_MTU_OVERHEAD                   48
 typedef struct dtls1_bitmap_st {
    unsigned long map;          /* track 32 packets on 32-bit systems and 64
                                 * - on 64-bit systems */
    unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
                                   * value in big-endian encoding */
 } DTLS1_BITMAP;
-struct dtls1_retransmit_state
+struct dtls1_retransmit_state {
 	{
    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
-	const EVP_MD *write_hash;		/* used for mac generation */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
 #  ifndef OPENSSL_NO_COMP
    COMP_CTX *compress;         /* compression */
 #  else
@ -126,8 +144,7 @@ struct dtls1_retransmit_state
    unsigned short epoch;
 };
-struct hm_header_st
+struct hm_header_st {
 	{
    unsigned char type;
    unsigned long msg_len;
    unsigned short seq;
@ -137,44 +154,36 @@ struct hm_header_st
    struct dtls1_retransmit_state saved_retransmit_state;
 };
-struct ccs_header_st
+struct ccs_header_st {
 	{
    unsigned char type;
    unsigned short seq;
 };
-struct dtls1_timeout_st
+struct dtls1_timeout_st {
 	{
    /* Number of read timeouts so far */
    unsigned int read_timeouts;
    /* Number of write timeouts so far */
    unsigned int write_timeouts;
    /* Number of alerts received so far */
    unsigned int num_alerts;
 };
-typedef struct record_pqueue_st
+typedef struct record_pqueue_st {
 	{
    unsigned short epoch;
    pqueue q;
 } record_pqueue;
-typedef struct hm_fragment_st
+typedef struct hm_fragment_st {
 	{
    struct hm_header_st msg_header;
    unsigned char *fragment;
    unsigned char *reassembly;
 } hm_fragment;
-typedef struct dtls1_state_st
+typedef struct dtls1_state_st {
 	{
    unsigned int send_cookie;
    unsigned char cookie[DTLS1_COOKIE_LENGTH];
    unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
    unsigned int cookie_len;
    /*
     * The current data and handshake epoch.  This is initially
     * undefined, and starts at zero once the initial handshake is
@ -182,75 +191,74 @@ typedef struct dtls1_state_st
     */
    unsigned short r_epoch;
    unsigned short w_epoch;
    /* records being received in the current epoch */
    DTLS1_BITMAP bitmap;
    /* renegotiation starts a new set of sequence numbers */
    DTLS1_BITMAP next_bitmap;
    /* handshake message numbers */
    unsigned short handshake_write_seq;
    unsigned short next_handshake_write_seq;
    unsigned short handshake_read_seq;
    /* save last sequence number for retransmissions */
    unsigned char last_write_sequence[8];
    /* Received handshake records (processed and unprocessed) */
    record_pqueue unprocessed_rcds;
    record_pqueue processed_rcds;
    /* Buffered handshake messages */
    pqueue buffered_messages;
    /* Buffered (sent) handshake records */
    pqueue sent_messages;
-
+    /*
-	/* Buffered application records.
+     * Buffered application records. Only for records between CCS and
-	 * Only for records between CCS and Finished
+     * Finished to prevent either protocol violation or unnecessary message
-	 * to prevent either protocol violation or
+     * loss.
 	 * unnecessary message loss.
     */
    record_pqueue buffered_app_data;
    /* Is set when listening for new connections with dtls1_listen() */
    unsigned int listen;
-
+    unsigned int link_mtu;      /* max on-the-wire DTLS packet size */
    unsigned int mtu;           /* max DTLS packet size */
    struct hm_header_st w_msg_hdr;
    struct hm_header_st r_msg_hdr;
    struct dtls1_timeout_st timeout;
-
+    /*
-	/* Indicates when the last handshake msg sent will timeout */
+     * Indicates when the last handshake msg or heartbeat sent will timeout
     */
    struct timeval next_timeout;
    /* Timeout duration */
    unsigned short timeout_duration;
-
+    /*
-	/* storage for Alert/Handshake protocol data received but not
+     * storage for Alert/Handshake protocol data received but not yet
-	 * yet processed by ssl3_read_bytes: */
+     * processed by ssl3_read_bytes:
     */
    unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
    unsigned int alert_fragment_len;
    unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
    unsigned int handshake_fragment_len;
    unsigned int retransmitting;
    /*
     * Set when the handshake is ready to process peer's ChangeCipherSpec message.
     * Cleared after the message has been processed.
     */
    unsigned int change_cipher_spec_ok;
-
+#  ifndef OPENSSL_NO_SCTP
    /* used when SSL_ST_XX_FLUSH is entered */
    int next_state;
    int shutdown_received;
 #  endif
 } DTLS1_STATE;
-typedef struct dtls1_record_data_st
+typedef struct dtls1_record_data_st {
 	{
    unsigned char *packet;
    unsigned int packet_length;
    SSL3_BUFFER rbuf;
    SSL3_RECORD rrec;
 #  ifndef OPENSSL_NO_SCTP
    struct bio_dgram_sctp_rcvinfo recordinfo;
 #  endif
 } DTLS1_RECORD_DATA;
 # endif
 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
 # define DTLS1_TMO_READ_COUNT                      2
@ -262,4 +270,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/e_os2.h
+++ b/src/Mayaqua/win32_inc/openssl/e_os2.h
@ -70,34 +70,38 @@ extern "C" {
 # define OPENSSL_SYS_UNIX
-/* ----------------------- Macintosh, before MacOS X ----------------------- */
+/* ---------------------- Macintosh, before MacOS X ----------------------- */
 # if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_MACINTOSH_CLASSIC
 # endif
-/* ----------------------- NetWare ----------------------------------------- */
+/* ---------------------- NetWare ----------------------------------------- */
 # if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_NETWARE
 # endif
-/* ---------------------- Microsoft operating systems ---------------------- */
+/* --------------------- Microsoft operating systems ---------------------- */
-/* Note that MSDOS actually denotes 32-bit environments running on top of
+/*
-   MS-DOS, such as DJGPP one. */
+ * Note that MSDOS actually denotes 32-bit environments running on top of
 * MS-DOS, such as DJGPP one.
 */
 # if defined(OPENSSL_SYSNAME_MSDOS)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_MSDOS
 # endif
-/* For 32 bit environment, there seems to be the CygWin environment and then
+/*
-   all the others that try to do the same thing Microsoft does... */
+ * For 32 bit environment, there seems to be the CygWin environment and then
 * all the others that try to do the same thing Microsoft does...
 */
 # if defined(OPENSSL_SYSNAME_UWIN)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_WIN32_UWIN
 # else
-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
+#  if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN)
 #   undef OPENSSL_SYS_UNIX
 #   define OPENSSL_SYS_WIN32_CYGWIN
 #  else
@ -125,19 +129,21 @@ extern "C" {
 #  endif
 # endif
-/* DLL settings.  This part is a bit tough, because it's up to the application
+/*
-   implementor how he or she will link the application, so it requires some
+ * DLL settings.  This part is a bit tough, because it's up to the
-   macro to be used. */
+ * application implementor how he or she will link the application, so it
 * requires some macro to be used.
 */
 # ifdef OPENSSL_SYS_WINDOWS
 #  ifndef OPENSSL_OPT_WINDLL
-#  if defined(_WINDLL) /* This is used when building OpenSSL to indicate that
+#   if defined(_WINDLL)         /* This is used when building OpenSSL to
-                          DLL linkage should be used */
+                                 * indicate that DLL linkage should be used */
 #    define OPENSSL_OPT_WINDLL
 #   endif
 #  endif
 # endif
-/* -------------------------------- OpenVMS -------------------------------- */
+/* ------------------------------- OpenVMS -------------------------------- */
 # if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_VMS
@ -151,13 +157,13 @@ extern "C" {
 #  endif
 # endif
-/* --------------------------------- OS/2 ---------------------------------- */
+/* -------------------------------- OS/2 ---------------------------------- */
 # if defined(__EMX__) || defined(__OS2__)
 #  undef OPENSSL_SYS_UNIX
 #  define OPENSSL_SYS_OS2
 # endif
-/* --------------------------------- Unix ---------------------------------- */
+/* -------------------------------- Unix ---------------------------------- */
 # ifdef OPENSSL_SYS_UNIX
 #  if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
 #   define OPENSSL_SYS_LINUX
@ -192,21 +198,37 @@ extern "C" {
 #  endif
 # endif
-/* --------------------------------- VOS ----------------------------------- */
+/* -------------------------------- VOS ----------------------------------- */
-#ifdef OPENSSL_SYSNAME_VOS
+# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS)
 #  define OPENSSL_SYS_VOS
 #  ifdef __HPPA__
 #   define OPENSSL_SYS_VOS_HPPA
 #  endif
 #  ifdef __IA32__
 #   define OPENSSL_SYS_VOS_IA32
 #  endif
 # endif
-/* ------------------------------- VxWorks --------------------------------- */
+/* ------------------------------ VxWorks --------------------------------- */
 # ifdef OPENSSL_SYSNAME_VXWORKS
 #  define OPENSSL_SYS_VXWORKS
 # endif
 /* -------------------------------- BeOS ---------------------------------- */
 # if defined(__BEOS__)
 #  define OPENSSL_SYS_BEOS
 #  include <sys/socket.h>
 #  if defined(BONE_VERSION)
 #   define OPENSSL_SYS_BEOS_BONE
 #  else
 #   define OPENSSL_SYS_BEOS_R5
 #  endif
 # endif
 /**
 * That's it for OS-specific stuff
 *****************************************************************************/
 /* Specials for I/O an exit */
 # ifdef OPENSSL_SYS_MSDOS
 #  define OPENSSL_UNISTD_IO <io.h>
@ -216,23 +238,24 @@ extern "C" {
 #  define OPENSSL_DECLARE_EXIT  /* declared in unistd.h */
 # endif
-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
+/*-
-   certain global symbols that, with some compilers under VMS, have to be
+ * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
-   defined and declared explicitely with globaldef and globalref.
+ * certain global symbols that, with some compilers under VMS, have to be
-   Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
+ * defined and declared explicitely with globaldef and globalref.
-   DLL exports and imports for compilers under Win32.  These are a little
+ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
-   more complicated to use.  Basically, for any library that exports some
+ * DLL exports and imports for compilers under Win32.  These are a little
-   global variables, the following code must be present in the header file
+ * more complicated to use.  Basically, for any library that exports some
-   that declares them, before OPENSSL_EXTERN is used:
+ * global variables, the following code must be present in the header file
-
+ * that declares them, before OPENSSL_EXTERN is used:
-   #ifdef SOME_BUILD_FLAG_MACRO
+ *
-   # undef OPENSSL_EXTERN
+ * #ifdef SOME_BUILD_FLAG_MACRO
-   # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * # undef OPENSSL_EXTERN
-   #endif
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
-
+ * #endif
-   The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
+ *
-   have some generally sensible values, and for OPENSSL_EXTERN to have the
+ * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
-   value OPENSSL_IMPORT.
+ * have some generally sensible values, and for OPENSSL_EXTERN to have the
 * value OPENSSL_IMPORT.
 */
 # if defined(OPENSSL_SYS_VMS_NODECC)
@ -250,30 +273,56 @@ extern "C" {
 # endif
 # define OPENSSL_EXTERN OPENSSL_IMPORT
-/* Macros to allow global variables to be reached through function calls when
+/*-
-   required (if a shared library version requvres it, for example.
+ * Macros to allow global variables to be reached through function calls when
-   The way it's done allows definitions like this:
+ * required (if a shared library version requires it, for example.
-
+ * The way it's done allows definitions like this:
-	// in foobar.c
+ *
-	OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0;
+ *      // in foobar.c
-	// in foobar.h
+ *      OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
-	OPENSSL_DECLARE_GLOBAL(int,foobar);
+ *      // in foobar.h
-	#define foobar OPENSSL_GLOBAL_REF(foobar)
+ *      OPENSSL_DECLARE_GLOBAL(int,foobar);
 *      #define foobar OPENSSL_GLOBAL_REF(foobar)
 */
 # ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name)			     \
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
-	extern type _hide_##name;				     \
+        type *_shadow_##name(void)                                      \
-	type *_shadow_##name(void) { return &_hide_##name; }	     \
+        { static type _hide_##name=value; return &_hide_##name; }
 	static type _hide_##name
 #  define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
 #  define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
 # else
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value;
 #  define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
 #  define OPENSSL_GLOBAL_REF(name) _shadow_##name
 # endif
 # if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE)
 #  define ossl_ssize_t long
 # endif
 # ifdef OPENSSL_SYS_MSDOS
 #  define ossl_ssize_t long
 # endif
 # if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
 #  define ssize_t int
 # endif
 # if defined(__ultrix) && !defined(ssize_t)
 #  define ossl_ssize_t int
 # endif
 # ifndef ossl_ssize_t
 #  define ossl_ssize_t ssize_t
 # endif
 #ifdef  __cplusplus
 }
 #endif
 #endif
 #ifndef	_MSC_VER
 #undef	OPENSSL_SYS_WIN32
 #undef	OPENSSL_SYS_WINDOWS
 #endif	// _MSC_VER
--- a/src/Mayaqua/win32_inc/openssl/ebcdic.h
+++ b/src/Mayaqua/win32_inc/openssl/ebcdic.h
@ -5,6 +5,10 @@
 # include <sys/types.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* Avoid name clashes with other applications */
 # define os_toascii   _openssl_os_toascii
 # define os_toebcdic  _openssl_os_toebcdic
@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256];
 void *ebcdic2ascii(void *dest, const void *srce, size_t count);
 void *ascii2ebcdic(void *dest, const void *srce, size_t count);
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/ec.h
+++ b/src/Mayaqua/win32_inc/openssl/ec.h
--- a/src/Mayaqua/win32_inc/openssl/ecdh.h
+++ b/src/Mayaqua/win32_inc/openssl/ecdh.h
@ -85,23 +85,32 @@
 extern "C" {
 #endif
 # define EC_FLAG_COFACTOR_ECDH   0x1000
 const ECDH_METHOD *ECDH_OpenSSL(void);
 void ECDH_set_default_method(const ECDH_METHOD *);
 const ECDH_METHOD *ECDH_get_default_method(void);
 int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+                     EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen,
                                                 void *out, size_t *outlen));
 int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+                          *new_func, CRYPTO_EX_dup *dup_func,
                          CRYPTO_EX_free *free_func);
 int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
 void *ECDH_get_ex_data(EC_KEY *d, int idx);
 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                   const unsigned char *Z, size_t Zlen,
                   const unsigned char *sinfo, size_t sinfolen,
                   const EVP_MD *md);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_ECDH_strings(void);
@ -109,11 +118,13 @@ void ERR_load_ECDH_strings(void);
 /* Error codes for the ECDH functions. */
 /* Function codes. */
 # define ECDH_F_ECDH_CHECK                                102
 # define ECDH_F_ECDH_COMPUTE_KEY                          100
 # define ECDH_F_ECDH_DATA_NEW_METHOD                      101
 /* Reason codes. */
 # define ECDH_R_KDF_FAILED                                102
 # define ECDH_R_NON_FIPS_METHOD                           103
 # define ECDH_R_NO_PRIVATE_VALUE                          100
 # define ECDH_R_POINT_ARITHMETIC_FAILURE                  101
--- a/src/Mayaqua/win32_inc/openssl/ecdsa.h
+++ b/src/Mayaqua/win32_inc/openssl/ecdsa.h
@ -4,7 +4,7 @@
 * \author Written by Nils Larsch for the OpenSSL project
 */
 /* ====================================================================
- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -75,175 +75,236 @@
 extern "C" {
 #endif
-typedef struct ECDSA_SIG_st
+typedef struct ECDSA_SIG_st {
 	{
    BIGNUM *r;
    BIGNUM *s;
 } ECDSA_SIG;
-/** ECDSA_SIG *ECDSA_SIG_new(void)
+/** Allocates and initialize a ECDSA_SIG structure
 * allocates and initialize a ECDSA_SIG structure
 *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
 */
 ECDSA_SIG *ECDSA_SIG_new(void);
-/** ECDSA_SIG_free
+/** frees a ECDSA_SIG structure
- * frees a ECDSA_SIG structure
+ *  \param  sig  pointer to the ECDSA_SIG structure
 * \param a pointer to the ECDSA_SIG structure
 */
-void	  ECDSA_SIG_free(ECDSA_SIG *a);
+void ECDSA_SIG_free(ECDSA_SIG *sig);
-/** i2d_ECDSA_SIG
+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
 * DER encode content of ECDSA_SIG object (note: this function modifies *pp
 *  (*pp += length of the DER encoded signature)).
- * \param a  pointer to the ECDSA_SIG object
+ *  \param  sig  pointer to the ECDSA_SIG object
 *  \param  pp   pointer to a unsigned char pointer for the output or NULL
 *  \return the length of the DER encoded ECDSA_SIG object or 0
 */
-int	  i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-/** d2i_ECDSA_SIG
+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
 * decodes a DER encoded ECDSA signature (note: this function changes *pp
 *  (*pp += len)).
- * \param v pointer to ECDSA_SIG pointer (may be NULL)
+ *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
- * \param pp buffer with the DER encoded signature
+ *  \param  pp   memory buffer with the DER encoded signature
- * \param len bufferlength
+ *  \param  len  length of the buffer
 *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
 */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-/** ECDSA_do_sign
+/** Computes the ECDSA signature of the given hash value using
 * computes the ECDSA signature of the given hash value using
 *  the supplied private key and returns the created signature.
 *  \param  dgst      pointer to the hash value
 *  \param  dgst_len  length of the hash value
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \param  eckey     EC_KEY object containing a private EC key
- * \return pointer to a ECDSA_SIG structure or NULL
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
 */
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
                         EC_KEY *eckey);
-/** ECDSA_do_sign_ex
+/** Computes ECDSA signature of a given hash value using the supplied
 * computes ECDSA signature of a given hash value using the supplied
 *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
 *  \param  dgst     pointer to the hash value to sign
 *  \param  dgstlen  length of the hash value
- * \param kinv optional pointer to a pre-computed inverse k
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- * \param rp optional pointer to the pre-computed rp value (see 
+ *  \param  rp       BIGNUM with a pre-computed rp value (optioanl),
- *        ECDSA_sign_setup
+ *                   see ECDSA_sign_setup
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \param  eckey    EC_KEY object containing a private EC key
- * \return pointer to a ECDSA_SIG structure or NULL
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
 */
 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
-		const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+                            const BIGNUM *kinv, const BIGNUM *rp,
                            EC_KEY *eckey);
-/** ECDSA_do_verify
+/** Verifies that the supplied signature is a valid ECDSA
 * verifies that the supplied signature is a valid ECDSA
 *  signature of the supplied hash value using the supplied public key.
 *  \param  dgst      pointer to the hash value
 *  \param  dgst_len  length of the hash value
- * \param sig  pointer to the ECDSA_SIG structure
+ *  \param  sig       ECDSA_SIG structure
- * \param eckey pointer to the EC_KEY object containing a public EC key
+ *  \param  eckey     EC_KEY object containing a public EC key
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
 *          and -1 on error
 */
 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
                    const ECDSA_SIG *sig, EC_KEY *eckey);
 const ECDSA_METHOD *ECDSA_OpenSSL(void);
-/** ECDSA_set_default_method
+/** Sets the default ECDSA method
- * sets the default ECDSA method
+ *  \param  meth  new default ECDSA_METHOD
 * \param meth the new default ECDSA_METHOD
 */
 void ECDSA_set_default_method(const ECDSA_METHOD *meth);
-/** ECDSA_get_default_method
+/** Returns the default ECDSA method
 * returns the default ECDSA method
 *  \return pointer to ECDSA_METHOD structure containing the default method
 */
 const ECDSA_METHOD *ECDSA_get_default_method(void);
-/** ECDSA_set_method
+/** Sets method to be used for the ECDSA operations
- * sets method to be used for the ECDSA operations
+ *  \param  eckey  EC_KEY object
- * \param eckey pointer to the EC_KEY object
+ *  \param  meth   new method
 * \param meth  pointer to the new method
 *  \return 1 on success and 0 otherwise
 */
 int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
-/** ECDSA_size
+/** Returns the maximum length of the DER encoded signature
- * returns the maximum length of the DER encoded signature
+ *  \param  eckey  EC_KEY object
 * \param  eckey pointer to a EC_KEY object
 *  \return numbers of bytes required for the DER encoded signature
 */
 int ECDSA_size(const EC_KEY *eckey);
-/** ECDSA_sign_setup
+/** Precompute parts of the signing operation
- * precompute parts of the signing operation. 
+ *  \param  eckey  EC_KEY object containing a private EC key
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \param  ctx    BN_CTX object (optional)
- * \param ctx  pointer to a BN_CTX object (may be NULL)
+ *  \param  kinv   BIGNUM pointer for the inverse of k
- * \param kinv pointer to a BIGNUM pointer for the inverse of k
+ *  \param  rp     BIGNUM pointer for x coordinate of k * generator
 * \param rp   pointer to a BIGNUM pointer for x coordinate of k * generator
 *  \return 1 on success and 0 otherwise
 */
-int 	  ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
 		BIGNUM **rp);
-/** ECDSA_sign
+/** Computes ECDSA signature of a given hash value using the supplied
 * computes ECDSA signature of a given hash value using the supplied
 *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
 *  \param  type     this parameter is ignored
 *  \param  dgst     pointer to the hash value to sign
 *  \param  dgstlen  length of the hash value
- * \param sig buffer to hold the DER encoded signature
+ *  \param  sig      memory for the DER encoded created signature
 *  \param  siglen   pointer to the length of the returned signature
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \param  eckey    EC_KEY object containing a private EC key
 *  \return 1 on success and 0 otherwise
 */
 int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-
+/** Computes ECDSA signature of a given hash value using the supplied
 /** ECDSA_sign_ex
 * computes ECDSA signature of a given hash value using the supplied
 *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
 *  \param  type     this parameter is ignored
 *  \param  dgst     pointer to the hash value to sign
 *  \param  dgstlen  length of the hash value
 *  \param  sig      buffer to hold the DER encoded signature
 *  \param  siglen   pointer to the length of the returned signature
- * \param kinv optional pointer to a pre-computed inverse k
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- * \param rp optional pointer to the pre-computed rp value (see 
+ *  \param  rp       BIGNUM with a pre-computed rp value (optioanl),
- *        ECDSA_sign_setup
+ *                   see ECDSA_sign_setup
- * \param eckey pointer to the EC_KEY object containing a private EC key
+ *  \param  eckey    EC_KEY object containing a private EC key
 *  \return 1 on success and 0 otherwise
 */
 int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
-		unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+                  unsigned char *sig, unsigned int *siglen,
-		const BIGNUM *rp, EC_KEY *eckey);
+                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-/** ECDSA_verify
+/** Verifies that the given signature is valid ECDSA signature
 * verifies that the given signature is valid ECDSA signature
 *  of the supplied hash value using the specified public key.
 *  \param  type     this parameter is ignored
 *  \param  dgst     pointer to the hash value
 *  \param  dgstlen  length of the hash value
 *  \param  sig      pointer to the DER encoded signature
 *  \param  siglen   length of the DER encoded signature
- * \param eckey pointer to the EC_KEY object containing a public EC key
+ *  \param  eckey    EC_KEY object containing a public EC key
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
 *          and -1 on error
 */
 int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
                 const unsigned char *sig, int siglen, EC_KEY *eckey);
 /* the standard ex_data functions */
 int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+                           *new_func, CRYPTO_EX_dup *dup_func,
                           CRYPTO_EX_free *free_func);
 int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
 void *ECDSA_get_ex_data(EC_KEY *d, int idx);
 /** Allocates and initialize a ECDSA_METHOD structure
 *  \param ecdsa_method pointer to ECDSA_METHOD to copy.  (May be NULL)
 *  \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
 */
 ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method);
 /** frees a ECDSA_METHOD structure
 *  \param  ecdsa_method  pointer to the ECDSA_METHOD structure
 */
 void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);
 /**  Sets application specific data in the ECDSA_METHOD
 *   \param  ecdsa_method pointer to existing ECDSA_METHOD
 *   \param  app application specific data to set
 */
 void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app);
 /** Returns application specific data from a ECDSA_METHOD structure
 *  \param ecdsa_method pointer to ECDSA_METHOD structure
 *  \return pointer to application specific data.
 */
 void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method);
 /**  Set the ECDSA_do_sign function in the ECDSA_METHOD
 *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
 *   \param  ecdsa_do_sign a funtion of type ECDSA_do_sign
 */
 void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
                           ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char
                                                        *dgst, int dgst_len,
                                                        const BIGNUM *inv,
                                                        const BIGNUM *rp,
                                                        EC_KEY *eckey));
 /**  Set the  ECDSA_sign_setup function in the ECDSA_METHOD
 *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
 *   \param  ecdsa_sign_setup a funtion of type ECDSA_sign_setup
 */
 void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
                                 int (*ecdsa_sign_setup) (EC_KEY *eckey,
                                                          BN_CTX *ctx,
                                                          BIGNUM **kinv,
                                                          BIGNUM **r));
 /**  Set the ECDSA_do_verify function in the ECDSA_METHOD
 *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
 *   \param  ecdsa_do_verify a funtion of type ECDSA_do_verify
 */
 void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
                             int (*ecdsa_do_verify) (const unsigned char
                                                     *dgst, int dgst_len,
                                                     const ECDSA_SIG *sig,
                                                     EC_KEY *eckey));
 void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags);
 /**  Set the flags field in the ECDSA_METHOD
 *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
 *   \param  flags flags value to set
 */
 void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name);
 /**  Set the name field in the ECDSA_METHOD
 *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
 *   \param  name name to set
 */
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_ECDSA_strings(void);
@ -251,9 +312,11 @@ void ERR_load_ECDSA_strings(void);
 /* Error codes for the ECDSA functions. */
 /* Function codes. */
 # define ECDSA_F_ECDSA_CHECK                              104
 # define ECDSA_F_ECDSA_DATA_NEW_METHOD                    100
 # define ECDSA_F_ECDSA_DO_SIGN                            101
 # define ECDSA_F_ECDSA_DO_VERIFY                          102
 # define ECDSA_F_ECDSA_METHOD_NEW                         105
 # define ECDSA_F_ECDSA_SIGN_SETUP                         103
 /* Reason codes. */
@ -262,6 +325,7 @@ void ERR_load_ECDSA_strings(void);
 # define ECDSA_R_ERR_EC_LIB                               102
 # define ECDSA_R_MISSING_PARAMETERS                       103
 # define ECDSA_R_NEED_NEW_SETUP_VALUES                    106
 # define ECDSA_R_NON_FIPS_METHOD                          107
 # define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED          104
 # define ECDSA_R_SIGNATURE_MALLOC_FAILED                  105
--- a/src/Mayaqua/win32_inc/openssl/engine.h
+++ b/src/Mayaqua/win32_inc/openssl/engine.h
@ -1,6 +1,7 @@
 /* openssl/engine.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+/*
- * project 2000.
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
 */
 /* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
@ -88,22 +89,23 @@
 #   include <openssl/ecdsa.h>
 #  endif
 #  include <openssl/rand.h>
 #include <openssl/store.h>
 #  include <openssl/ui.h>
 #  include <openssl/err.h>
 # endif
 #include <openssl/x509.h>
 # include <openssl/ossl_typ.h>
 # include <openssl/symhacks.h>
 # include <openssl/x509.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-/* These flags are used to control combinations of algorithm (methods)
+/*
- * by bitwise "OR"ing. */
+ * These flags are used to control combinations of algorithm (methods) by
 * bitwise "OR"ing.
 */
 # define ENGINE_METHOD_RSA               (unsigned int)0x0001
 # define ENGINE_METHOD_DSA               (unsigned int)0x0002
 # define ENGINE_METHOD_DH                (unsigned int)0x0004
@ -113,158 +115,212 @@ extern "C" {
 # define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
 # define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
 # define ENGINE_METHOD_STORE             (unsigned int)0x0100
 # define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
 # define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
 /* Obvious all-or-nothing cases. */
 # define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
 # define ENGINE_METHOD_NONE              (unsigned int)0x0000
-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+/*
- * internally to control registration of ENGINE implementations, and can be set
+ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * internally to control registration of ENGINE implementations, and can be
- * initialise registered ENGINEs if they are not already initialised. */
+ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
 * initialise registered ENGINEs if they are not already initialised.
 */
 # define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
 /* ENGINE flags that can be set by ENGINE_set_flags(). */
-/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */
+/* Not used */
 /* #define ENGINE_FLAGS_MALLOCED        0x0001 */
-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
+/*
- * control commands on their own. Without this flag, ENGINE_ctrl() handles these
+ * This flag is for ENGINEs that wish to handle the various 'CMD'-related
- * control commands on behalf of the ENGINE using their "cmd_defns" data. */
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles
 * these control commands on behalf of the ENGINE using their "cmd_defns"
 * data.
 */
 # define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
-/* This flag is for ENGINEs who return new duplicate structures when found via
+/*
- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
+ * This flag is for ENGINEs who return new duplicate structures when found
- * commands are called in sequence as part of some stateful process like
+ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if
- * key-generation setup and execution), it can set this flag - then each attempt
+ * ENGINE_ctrl() commands are called in sequence as part of some stateful
- * to obtain the ENGINE will result in it being copied into a new structure.
+ * process like key-generation setup and execution), it can set this flag -
- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
+ * then each attempt to obtain the ENGINE will result in it being copied into
- * the existing ENGINE's structural reference count. */
+ * a new structure. Normally, ENGINEs don't declare this flag so
 * ENGINE_by_id() just increments the existing ENGINE's structural reference
 * count.
 */
 # define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
-/* ENGINEs can support their own command types, and these flags are used in
+/*
- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
+ * This flag if for an ENGINE that does not want its methods registered as
- * command expects. Currently only numeric and string input is supported. If a
+ * part of ENGINE_register_all_complete() for example if the methods are not
- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
+ * usable as default methods.
- * then it is regarded as an "internal" control command - and not for use in
+ */
- * config setting situations. As such, they're not available to the
+
- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
+# define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008
- * this list of 'command types' should be reflected carefully in
+
- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
+/*
 * ENGINEs can support their own command types, and these flags are used in
 * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
 * each command expects. Currently only numeric and string input is
 * supported. If a control command supports none of the _NUMERIC, _STRING, or
 * _NO_INPUT options, then it is regarded as an "internal" control command -
 * and not for use in config setting situations. As such, they're not
 * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl()
 * access. Changes to this list of 'command types' should be reflected
 * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string().
 */
 /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
 # define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
+/*
- * ENGINE_ctrl) */
+ * accepts string input (cast from 'void*' to 'const char *', 4th parameter
 * to ENGINE_ctrl)
 */
 # define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
-/* Indicates that the control command takes *no* input. Ie. the control command
+/*
- * is unparameterised. */
+ * Indicates that the control command takes *no* input. Ie. the control
 * command is unparameterised.
 */
 # define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
-/* Indicates that the control command is internal. This control command won't
+/*
 * Indicates that the control command is internal. This control command won't
 * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
- * function. */
+ * function.
 */
 # define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
+/*
- * relying on these commands should compile conditional support for
+ * NB: These 3 control commands are deprecated and should not be used.
- * compatibility (eg. if these symbols are defined) but should also migrate the
+ * ENGINEs relying on these commands should compile conditional support for
- * same functionality to their own ENGINE-specific control functions that can be
+ * compatibility (eg. if these symbols are defined) but should also migrate
- * "discovered" by calling applications. The fact these control commands
+ * the same functionality to their own ENGINE-specific control functions that
- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
+ * can be "discovered" by calling applications. The fact these control
- * fact that application code can find and use them without requiring per-ENGINE
+ * commands wouldn't be "executable" (ie. usable by text-based config)
- * hacking. */
+ * doesn't change the fact that application code can find and use them
 * without requiring per-ENGINE hacking.
 */
-/* These flags are used to tell the ctrl function what should be done.
+/*
- * All command numbers are shared between all engines, even if some don't
+ * These flags are used to tell the ctrl function what should be done. All
- * make sense to some engines.  In such a case, they do nothing but return
+ * command numbers are shared between all engines, even if some don't make
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+ * sense to some engines.  In such a case, they do nothing but return the
 * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
 */
 # define ENGINE_CTRL_SET_LOGSTREAM               1
 # define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
-#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any
+# define ENGINE_CTRL_HUP                         3/* Close and reinitialise
-						     handles/connections etc. */
+                                                   * any handles/connections
                                                   * etc. */
 # define ENGINE_CTRL_SET_USER_INTERFACE          4/* Alternative to callback */
 # define ENGINE_CTRL_SET_CALLBACK_DATA           5/* User-specific data, used
-						     when calling the password
+                                                   * when calling the password
-						     callback and the user
+                                                   * callback and the user
-						     interface */
+                                                   * interface */
-#define ENGINE_CTRL_LOAD_CONFIGURATION		6 /* Load a configuration, given
+# define ENGINE_CTRL_LOAD_CONFIGURATION          6/* Load a configuration,
-						     a string that represents a
+                                                   * given a string that
-						     file name or so */
+                                                   * represents a file name
                                                   * or so */
 # define ENGINE_CTRL_LOAD_SECTION                7/* Load data from a given
-						     section in the already loaded
+                                                   * section in the already
-						     configuration */
+                                                   * loaded configuration */
-/* These control commands allow an application to deal with an arbitrary engine
+/*
- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
+ * These control commands allow an application to deal with an arbitrary
- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
+ * engine in a dynamic way. Warn: Negative return values indicate errors FOR
- * including ENGINE-specific command types, return zero for an error.
+ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other
- *
+ * commands, including ENGINE-specific command types, return zero for an
- * An ENGINE can choose to implement these ctrl functions, and can internally
+ * error. An ENGINE can choose to implement these ctrl functions, and can
- * manage things however it chooses - it does so by setting the
+ * internally manage things however it chooses - it does so by setting the
- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise
- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
+ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the
- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
+ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's
- * handler need only implement its own commands - the above "meta" commands will
+ * ctrl() handler need only implement its own commands - the above "meta"
- * be taken care of. */
+ * commands will be taken care of.
 */
-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
+/*
- * all the remaining control commands will return failure, so it is worth
+ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not",
- * checking this first if the caller is trying to "discover" the engine's
+ * then all the remaining control commands will return failure, so it is
- * capabilities and doesn't want errors generated unnecessarily. */
+ * worth checking this first if the caller is trying to "discover" the
 * engine's capabilities and doesn't want errors generated unnecessarily.
 */
 # define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
-/* Returns a positive command number for the first command supported by the
+/*
- * engine. Returns zero if no ctrl commands are supported. */
+ * Returns a positive command number for the first command supported by the
 * engine. Returns zero if no ctrl commands are supported.
 */
 # define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
-/* The 'long' argument specifies a command implemented by the engine, and the
+/*
- * return value is the next command supported, or zero if there are no more. */
+ * The 'long' argument specifies a command implemented by the engine, and the
 * return value is the next command supported, or zero if there are no more.
 */
 # define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
-/* The 'void*' argument is a command name (cast from 'const char *'), and the
+/*
- * return value is the command that corresponds to it. */
+ * The 'void*' argument is a command name (cast from 'const char *'), and the
 * return value is the command that corresponds to it.
 */
 # define ENGINE_CTRL_GET_CMD_FROM_NAME           13
-/* The next two allow a command to be converted into its corresponding string
+/*
- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
+ * The next two allow a command to be converted into its corresponding string
- * case, the return value is the length of the command name (not counting a
+ * form. In each case, the 'long' argument supplies the command. In the
- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
+ * NAME_LEN case, the return value is the length of the command name (not
- * large enough, and it will be populated with the name of the command (WITH a
+ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a
- * trailing EOL). */
+ * string buffer large enough, and it will be populated with the name of the
 * command (WITH a trailing EOL).
 */
 # define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
 # define ENGINE_CTRL_GET_NAME_FROM_CMD           15
 /* The next two are similar but give a "short description" of a command. */
 # define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
 # define ENGINE_CTRL_GET_DESC_FROM_CMD           17
-/* With this command, the return value is the OR'd combination of
+/*
 * With this command, the return value is the OR'd combination of
 * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
- * engine-specific ctrl command expects. */
+ * engine-specific ctrl command expects.
 */
 # define ENGINE_CTRL_GET_CMD_FLAGS               18
-/* ENGINE implementations should start the numbering of their own control
+/*
- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
+ * ENGINE implementations should start the numbering of their own control
 * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
 */
 # define ENGINE_CMD_BASE                         200
-/* NB: These 2 nCipher "chil" control commands are deprecated, and their
+/*
 * NB: These 2 nCipher "chil" control commands are deprecated, and their
 * functionality is now available through ENGINE-specific control commands
 * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
- * commands should be migrated to the more general command handling before these
+ * commands should be migrated to the more general command handling before
- * are removed. */
+ * these are removed.
 */
 /* Flags specific to the nCipher "chil" engine */
 # define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
-	/* Depending on the value of the (long)i argument, this sets or
+        /*
         * Depending on the value of the (long)i argument, this sets or
         * unsets the SimpleForkCheck flag in the CHIL API to enable or
         * disable checking and workarounds for applications that fork().
         */
 # define ENGINE_CTRL_CHIL_NO_LOCKING             101
-	/* This prevents the initialisation function from providing mutex
+        /*
-	 * callbacks to the nCipher library. */
+         * This prevents the initialisation function from providing mutex
         * callbacks to the nCipher library.
         */
-/* If an ENGINE supports its own specific control commands and wishes the
+/*
- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
+ * If an ENGINE supports its own specific control commands and wishes the
- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on
- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
+ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN
- * supports the stated commands (ie. the "cmd_num" entries as described by the
+ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl()
- * array). NB: The array must be ordered in increasing order of cmd_num.
+ * handler that supports the stated commands (ie. the "cmd_num" entries as
- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
+ * described by the array). NB: The array must be ordered in increasing order
- * to zero and/or cmd_name set to NULL. */
+ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element
-typedef struct ENGINE_CMD_DEFN_st
+ * has cmd_num set to zero and/or cmd_name set to NULL.
-	{
+ */
 typedef struct ENGINE_CMD_DEFN_st {
    unsigned int cmd_num;       /* The command number */
    const char *cmd_name;       /* The command name itself */
    const char *cmd_desc;       /* A short description of the command */
@ -276,14 +332,20 @@ typedef int (*ENGINE_GEN_FUNC_PTR)(void);
 /* Generic function pointer taking no arguments */
 typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *);
 /* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));
+typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *,
                                     void (*f) (void));
 /* Generic load_key function pointer */
 typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
-	UI_METHOD *ui_method, void *callback_data);
+                                         UI_METHOD *ui_method,
                                         void *callback_data);
 typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+                                           STACK_OF(X509_NAME) *ca_dn,
-	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
+                                           X509 **pcert, EVP_PKEY **pkey,
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
+                                           STACK_OF(X509) **pother,
                                           UI_METHOD *ui_method,
                                           void *callback_data);
 /*-
 * These callback types are for an ENGINE's handler for cipher and digest logic.
 * These handlers have these prototypes;
 *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
 *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
@ -293,20 +355,29 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
 * If the framework wants a list of supported 'nid's, it will call;
 *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
 */
-/* Returns to a pointer to the array of supported cipher 'nid's. If the second
+/*
- * parameter is non-NULL it is set to the size of the returned array. */
+ * Returns to a pointer to the array of supported cipher 'nid's. If the
-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
+ * second parameter is non-NULL it is set to the size of the returned array.
-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
+ */
-
+typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
+                                   const int **, int);
- * structures where the pointers have a "structural reference". This means that
+typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
- * their reference is to allowed access to the structure but it does not imply
+                                   int);
- * that the structure is functional. To simply increment or decrement the
+typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **,
- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
+                                      const int **, int);
- * required when iterating using ENGINE_get_next as it will automatically
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
- * decrement the structural reference count of the "current" ENGINE and
+                                           const int **, int);
- * increment the structural reference count of the ENGINE it returns (unless it
+/*
- * is NULL). */
+ * STRUCTURE functions ... all of these functions deal with pointers to
 * ENGINE structures where the pointers have a "structural reference". This
 * means that their reference is to allowed access to the structure but it
 * does not imply that the structure is functional. To simply increment or
 * decrement the structural reference count, use ENGINE_by_id and
 * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next
 * as it will automatically decrement the structural reference count of the
 * "current" ENGINE and increment the structural reference count of the
 * ENGINE it returns (unless it is NULL).
 */
 /* Get the first/last "ENGINE" type available. */
 ENGINE *ENGINE_get_first(void);
@ -329,34 +400,37 @@ void ENGINE_load_aep(void);
 void ENGINE_load_atalla(void);
 void ENGINE_load_chil(void);
 void ENGINE_load_cswift(void);
 #ifndef OPENSSL_NO_GMP
 void ENGINE_load_gmp(void);
 #endif
 void ENGINE_load_nuron(void);
 void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
 void ENGINE_load_padlock(void);
 void ENGINE_load_capi(void);
 #  ifndef OPENSSL_NO_GMP
 void ENGINE_load_gmp(void);
 #  endif
 #  ifndef OPENSSL_NO_GOST
 void ENGINE_load_gost(void);
 #  endif
 # endif
 void ENGINE_load_cryptodev(void);
-void ENGINE_load_padlock(void);
+void ENGINE_load_rdrand(void);
 void ENGINE_load_builtin_engines(void);
 #ifdef OPENSSL_SYS_WIN32
 #ifndef OPENSSL_NO_CAPIENG
 void ENGINE_load_capi(void);
 #endif
 #endif
-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+/*
- * "registry" handling. */
+ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
 * "registry" handling.
 */
 unsigned int ENGINE_get_table_flags(void);
 void ENGINE_set_table_flags(unsigned int flags);
-/* Manage registration of ENGINEs per "table". For each type, there are 3
+/*- Manage registration of ENGINEs per "table". For each type, there are 3
 * functions;
 *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
 *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
 *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
 * Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
+ * ENGINE_cleanup() will reverse any "register" operations.
 */
 int ENGINE_register_RSA(ENGINE *e);
 void ENGINE_unregister_RSA(ENGINE *e);
@ -394,63 +468,85 @@ int ENGINE_register_digests(ENGINE *e);
 void ENGINE_unregister_digests(ENGINE *e);
 void ENGINE_register_all_digests(void);
-/* These functions register all support from the above categories. Note, use of
+int ENGINE_register_pkey_meths(ENGINE *e);
- * these functions can result in static linkage of code your application may not
+void ENGINE_unregister_pkey_meths(ENGINE *e);
- * need. If you only need a subset of functionality, consider using more
+void ENGINE_register_all_pkey_meths(void);
- * selective initialisation. */
+
 int ENGINE_register_pkey_asn1_meths(ENGINE *e);
 void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
 void ENGINE_register_all_pkey_asn1_meths(void);
 /*
 * These functions register all support from the above categories. Note, use
 * of these functions can result in static linkage of code your application
 * may not need. If you only need a subset of functionality, consider using
 * more selective initialisation.
 */
 int ENGINE_register_complete(ENGINE *e);
 int ENGINE_register_all_complete(void);
-/* Send parametrised control commands to the engine. The possibilities to send
+/*
- * down an integer, a pointer to data or a function pointer are provided. Any of
+ * Send parametrised control commands to the engine. The possibilities to
- * the parameters may or may not be NULL, depending on the command number. In
+ * send down an integer, a pointer to data or a function pointer are
- * actuality, this function only requires a structural (rather than functional)
+ * provided. Any of the parameters may or may not be NULL, depending on the
- * reference to an engine, but many control commands may require the engine be
+ * command number. In actuality, this function only requires a structural
- * functional. The caller should be aware of trying commands that require an
+ * (rather than functional) reference to an engine, but many control commands
- * operational ENGINE, and only use functional references in such situations. */
+ * may require the engine be functional. The caller should be aware of trying
 * commands that require an operational ENGINE, and only use functional
 * references in such situations.
 */
 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
-/* This function tests if an ENGINE-specific command is usable as a "setting".
+/*
- * Eg. in an application's config file that gets processed through
+ * This function tests if an ENGINE-specific command is usable as a
 * "setting". Eg. in an application's config file that gets processed through
 * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
 */
 int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-/* This function works like ENGINE_ctrl() with the exception of taking a
+/*
- * command name instead of a command number, and can handle optional commands.
+ * This function works like ENGINE_ctrl() with the exception of taking a
- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
+ * command name instead of a command number, and can handle optional
- * use the cmd_name and cmd_optional. */
+ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
 * on how to use the cmd_name and cmd_optional.
 */
 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
                    long i, void *p, void (*f) (void), int cmd_optional);
-/* This function passes a command-name and argument to an ENGINE. The cmd_name
+/*
- * is converted to a command number and the control command is called using
+ * This function passes a command-name and argument to an ENGINE. The
- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
+ * cmd_name is converted to a command number and the control command is
- * which case no control command is called). The command is checked for input
+ * called using 'arg' as an argument (unless the ENGINE doesn't support such
- * flags, and if necessary the argument will be converted to a numeric value. If
+ * a command, in which case no control command is called). The command is
- * cmd_optional is non-zero, then if the ENGINE doesn't support the given
+ * checked for input flags, and if necessary the argument will be converted
- * cmd_name the return value will be success anyway. This function is intended
+ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE
- * for applications to use so that users (or config files) can supply
+ * doesn't support the given cmd_name the return value will be success
- * engine-specific config data to the ENGINE at run-time to control behaviour of
+ * anyway. This function is intended for applications to use so that users
- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
+ * (or config files) can supply engine-specific config data to the ENGINE at
- * functions that return data, deal with binary data, or that are otherwise
+ * run-time to control behaviour of specific engines. As such, it shouldn't
- * supposed to be used directly through ENGINE_ctrl() in application code. Any
+ * be used for calling ENGINE_ctrl() functions that return data, deal with
- * "return" data from an ENGINE_ctrl() operation in this function will be lost -
+ * binary data, or that are otherwise supposed to be used directly through
- * the return value is interpreted as failure if the return value is zero,
+ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl()
- * success otherwise, and this function returns a boolean value as a result. In
+ * operation in this function will be lost - the return value is interpreted
- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
+ * as failure if the return value is zero, success otherwise, and this
- * implementations with parameterisations that work in this scheme, so that
+ * function returns a boolean value as a result. In other words, vendors of
- * compliant ENGINE-based applications can work consistently with the same
+ * 'ENGINE'-enabled devices should write ENGINE implementations with
- * configuration for the same ENGINE-enabled devices, across applications. */
+ * parameterisations that work in this scheme, so that compliant ENGINE-based
 * applications can work consistently with the same configuration for the
 * same ENGINE-enabled devices, across applications.
 */
 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
                           int cmd_optional);
-/* These functions are useful for manufacturing new ENGINE structures. They
+/*
- * don't address reference counting at all - one uses them to populate an ENGINE
+ * These functions are useful for manufacturing new ENGINE structures. They
- * structure with personalised implementations of things prior to using it
+ * don't address reference counting at all - one uses them to populate an
- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
+ * ENGINE structure with personalised implementations of things prior to
- * here so that the ENGINE structure doesn't have to be exposed and break binary
+ * using it directly or adding it to the builtin ENGINE list in OpenSSL.
- * compatibility! */
+ * These are also here so that the ENGINE structure doesn't have to be
 * exposed and break binary compatibility!
 */
 ENGINE *ENGINE_new(void);
 int ENGINE_free(ENGINE *e);
 int ENGINE_up_ref(ENGINE *e);
@ -467,30 +563,39 @@ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_privkey_function(ENGINE *e,
                                     ENGINE_LOAD_KEY_PTR loadpriv_f);
 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
 int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-				ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
+                                             ENGINE_SSL_CLIENT_CERT_PTR
                                             loadssl_f);
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
 int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
 int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
 /* These functions allow control over any per-structure ENGINE data. */
 int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+                            CRYPTO_EX_dup *dup_func,
                            CRYPTO_EX_free *free_func);
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
 void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
+/*
- * automatically ensures the list cleanup function is registered to be called
+ * This function cleans up anything that needs it. Eg. the ENGINE_add()
- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
+ * function automatically ensures the list cleanup function is registered to
- * ENGINE_cleanup() will clean up after them. */
+ * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_***
 * functions ensure ENGINE_cleanup() will clean up after them.
 */
 void ENGINE_cleanup(void);
-/* These return values from within the ENGINE structure. These can be useful
+/*
 * These return values from within the ENGINE structure. These can be useful
 * with functional references as well as structural references - it depends
 * which you obtained. Using the result for functional purposes if you only
- * obtained a structural reference may be problematic! */
+ * obtained a structural reference may be problematic!
 */
 const char *ENGINE_get_id(const ENGINE *e);
 const char *ENGINE_get_name(const ENGINE *e);
 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
@ -506,51 +611,71 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
                                                               *e);
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
 ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
 ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
 const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
 const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
 const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
                                                          const char *str,
                                                          int len);
 const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
                                                      const char *str,
                                                      int len);
 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
 int ENGINE_get_flags(const ENGINE *e);
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
+/*
- * that have (or will) be initialised for use. Broadly speaking, the
+ * FUNCTIONAL functions. These functions deal with ENGINE structures that
- * structural functions are useful for iterating the list of available
+ * have (or will) be initialised for use. Broadly speaking, the structural
- * engine types, creating new engine types, and other "list" operations.
+ * functions are useful for iterating the list of available engine types,
- * These functions actually deal with ENGINEs that are to be used. As
+ * creating new engine types, and other "list" operations. These functions
- * such these functions can fail (if applicable) when particular
+ * actually deal with ENGINEs that are to be used. As such these functions
- * engines are unavailable - eg. if a hardware accelerator is not
+ * can fail (if applicable) when particular engines are unavailable - eg. if
- * attached or not functioning correctly. Each ENGINE has 2 reference
+ * a hardware accelerator is not attached or not functioning correctly. Each
- * counts; structural and functional. Every time a functional reference
+ * ENGINE has 2 reference counts; structural and functional. Every time a
- * is obtained or released, a corresponding structural reference is
+ * functional reference is obtained or released, a corresponding structural
- * automatically obtained or released too. */
+ * reference is automatically obtained or released too.
 */
-/* Initialise a engine type for use (or up its reference count if it's
+/*
- * already in use). This will fail if the engine is not currently
+ * Initialise a engine type for use (or up its reference count if it's
- * operational and cannot initialise. */
+ * already in use). This will fail if the engine is not currently operational
 * and cannot initialise.
 */
 int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
+/*
- * a corresponding call to ENGINE_free as it also releases a structural
+ * Free a functional reference to a engine type. This does not require a
- * reference. */
+ * corresponding call to ENGINE_free as it also releases a structural
 * reference.
 */
 int ENGINE_finish(ENGINE *e);
-/* The following functions handle keys that are stored in some secondary
+/*
 * The following functions handle keys that are stored in some secondary
 * location, handled by the engine.  The storage may be on a card or
- * whatever. */
+ * whatever.
 */
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
                                  UI_METHOD *ui_method, void *callback_data);
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
                                 UI_METHOD *ui_method, void *callback_data);
 int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
-	STACK_OF(X509) **pother,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
                                UI_METHOD *ui_method, void *callback_data);
-/* This returns a pointer for the current ENGINE structure that
+/*
- * is (by default) performing any RSA operations. The value returned
+ * This returns a pointer for the current ENGINE structure that is (by
- * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * default) performing any RSA operations. The value returned is an
- * before it is discarded. */
+ * incremented reference, so it should be free'd (ENGINE_finish) before it is
 * discarded.
 */
 ENGINE *ENGINE_get_default_RSA(void);
 /* Same for the other "methods" */
 ENGINE *ENGINE_get_default_DSA(void);
@ -558,15 +683,21 @@ ENGINE *ENGINE_get_default_ECDH(void);
 ENGINE *ENGINE_get_default_ECDSA(void);
 ENGINE *ENGINE_get_default_DH(void);
 ENGINE *ENGINE_get_default_RAND(void);
-/* These functions can be used to get a functional reference to perform
+/*
- * ciphering or digesting corresponding to "nid". */
+ * These functions can be used to get a functional reference to perform
 * ciphering or digesting corresponding to "nid".
 */
 ENGINE *ENGINE_get_cipher_engine(int nid);
 ENGINE *ENGINE_get_digest_engine(int nid);
 ENGINE *ENGINE_get_pkey_meth_engine(int nid);
 ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
-/* This sets a new default ENGINE structure for performing RSA
+/*
- * operations. If the result is non-zero (success) then the ENGINE
+ * This sets a new default ENGINE structure for performing RSA operations. If
- * structure will have had its reference count up'd so the caller
+ * the result is non-zero (success) then the ENGINE structure will have had
- * should still free their own reference 'e'. */
+ * its reference count up'd so the caller should still free their own
 * reference 'e'.
 */
 int ENGINE_set_default_RSA(ENGINE *e);
 int ENGINE_set_default_string(ENGINE *e, const char *def_list);
 /* Same for the other "methods" */
@ -577,12 +708,16 @@ int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
 int ENGINE_set_default_ciphers(ENGINE *e);
 int ENGINE_set_default_digests(ENGINE *e);
 int ENGINE_set_default_pkey_meths(ENGINE *e);
 int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
-/* The combination "set" - the flags are bitwise "OR"d from the
+/*
 * The combination "set" - the flags are bitwise "OR"d from the
 * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
 * function, this function can result in unnecessary static linkage. If your
 * application requires only specific functionality, consider using more
- * selective functions. */
+ * selective functions.
 */
 int ENGINE_set_default(ENGINE *e, unsigned int flags);
 void ENGINE_add_conf_module(void);
@ -596,19 +731,23 @@ void ENGINE_add_conf_module(void);
 /* Binary/behaviour compatibility levels */
 # define OSSL_DYNAMIC_VERSION            (unsigned long)0x00020000
-/* Binary versions older than this are too old for us (whether we're a loader or
+/*
- * a loadee) */
+ * Binary versions older than this are too old for us (whether we're a loader
 * or a loadee)
 */
 # define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00020000
-/* When compiling an ENGINE entirely as an external shared library, loadable by
+/*
- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
+ * When compiling an ENGINE entirely as an external shared library, loadable
- * type provides the calling application's (or library's) error functionality
+ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns'
- * and memory management function pointers to the loaded library. These should
+ * structure type provides the calling application's (or library's) error
- * be used/set in the loaded library code so that the loading application's
+ * functionality and memory management function pointers to the loaded
- * 'state' will be used/changed in all operations. The 'static_state' pointer
+ * library. These should be used/set in the loaded library code so that the
- * allows the loaded library to know if it shares the same static data as the
+ * loading application's 'state' will be used/changed in all operations. The
- * calling application (or library), and thus whether these callbacks need to be
+ * 'static_state' pointer allows the loaded library to know if it shares the
- * set or not. */
+ * same static data as the calling application (or library), and thus whether
 * these callbacks need to be set or not.
 */
 typedef void *(*dyn_MEM_malloc_cb) (size_t);
 typedef void *(*dyn_MEM_realloc_cb) (void *, size_t);
 typedef void (*dyn_MEM_free_cb) (void *);
@ -617,12 +756,14 @@ typedef struct st_dynamic_MEM_fns {
    dyn_MEM_realloc_cb realloc_cb;
    dyn_MEM_free_cb free_cb;
 } dynamic_MEM_fns;
-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
+/*
- * these types so we (and any other dependant code) can simplify a bit?? */
+ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
 * use these types so we (and any other dependant code) can simplify a bit??
 */
 typedef void (*dyn_lock_locking_cb) (int, int, const char *, int);
 typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *,
-						const char *,int);
+                                                               int);
 typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *,
                                     const char *, int);
 typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *,
@ -643,39 +784,48 @@ typedef struct st_dynamic_fns {
    dynamic_LOCK_fns lock_fns;
 } dynamic_fns;
-/* The version checking function should be of this prototype. NB: The
+/*
- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
+ * The version checking function should be of this prototype. NB: The
- * If this function returns zero, it indicates a (potential) version
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading
 * code. If this function returns zero, it indicates a (potential) version
 * incompatibility and the loaded library doesn't believe it can proceed.
 * Otherwise, the returned value is the (latest) version supported by the
- * loading library. The loader may still decide that the loaded code's version
+ * loading library. The loader may still decide that the loaded code's
- * is unsatisfactory and could veto the load. The function is expected to
+ * version is unsatisfactory and could veto the load. The function is
- * be implemented with the symbol name "v_check", and a default implementation
+ * expected to be implemented with the symbol name "v_check", and a default
- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
+ * implementation can be fully instantiated with
 * IMPLEMENT_DYNAMIC_CHECK_FN().
 */
 typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
 # define IMPLEMENT_DYNAMIC_CHECK_FN() \
        OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
        OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
                if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
                return 0; }
-/* This function is passed the ENGINE structure to initialise with its own
+/*
 * This function is passed the ENGINE structure to initialise with its own
 * function and command settings. It should not adjust the structural or
- * functional reference counts. If this function returns zero, (a) the load will
+ * functional reference counts. If this function returns zero, (a) the load
- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
+ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto
- * structure, and (c) the shared library will be unloaded. So implementations
+ * the structure, and (c) the shared library will be unloaded. So
- * should do their own internal cleanup in failure circumstances otherwise they
+ * implementations should do their own internal cleanup in failure
- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
+ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL,
- * the loader is looking for. If this is NULL, the shared library can choose to
+ * represents the ENGINE id that the loader is looking for. If this is NULL,
- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
+ * the shared library can choose to return failure or to initialise a
- * library must initialise only an ENGINE matching the passed 'id'. The function
+ * 'default' ENGINE. If non-NULL, the shared library must initialise only an
- * is expected to be implemented with the symbol name "bind_engine". A standard
+ * ENGINE matching the passed 'id'. The function is expected to be
- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
+ * implemented with the symbol name "bind_engine". A standard implementation
- * the parameter 'fn' is a callback function that populates the ENGINE structure
+ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter
- * and returns an int value (zero for failure). 'fn' should have prototype;
+ * 'fn' is a callback function that populates the ENGINE structure and
- *    [static] int fn(ENGINE *e, const char *id); */
+ * returns an int value (zero for failure). 'fn' should have prototype;
 * [static] int fn(ENGINE *e, const char *id);
 */
 typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
                                    const dynamic_fns *fns);
 # define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
        OPENSSL_EXPORT \
        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
        OPENSSL_EXPORT \
        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
                if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
@ -694,23 +844,26 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
                if(!fn(e,id)) return 0; \
                return 1; }
-/* If the loading application (or library) and the loaded ENGINE library share
+/*
- * the same static data (eg. they're both dynamically linked to the same
+ * If the loading application (or library) and the loaded ENGINE library
- * libcrypto.so) we need a way to avoid trying to set system callbacks - this
+ * share the same static data (eg. they're both dynamically linked to the
- * would fail, and for the same reason that it's unnecessary to try. If the
+ * same libcrypto.so) we need a way to avoid trying to set system callbacks -
- * loaded ENGINE has (or gets from through the loader) its own copy of the
+ * this would fail, and for the same reason that it's unnecessary to try. If
- * libcrypto static data, we will need to set the callbacks. The easiest way to
+ * the loaded ENGINE has (or gets from through the loader) its own copy of
- * detect this is to have a function that returns a pointer to some static data
+ * the libcrypto static data, we will need to set the callbacks. The easiest
- * and let the loading application and loaded ENGINE compare their respective
+ * way to detect this is to have a function that returns a pointer to some
- * values. */
+ * static data and let the loading application and loaded ENGINE compare
 * their respective values.
 */
 void *ENGINE_get_static_state(void);
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
 void ENGINE_setup_bsd_cryptodev(void);
 # endif
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_ENGINE_strings(void);
@ -734,13 +887,15 @@ void ERR_load_ENGINE_strings(void);
 # define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
 # define ENGINE_F_ENGINE_GET_DIGEST                       186
 # define ENGINE_F_ENGINE_GET_NEXT                         115
 # define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
 # define ENGINE_F_ENGINE_GET_PKEY_METH                    192
 # define ENGINE_F_ENGINE_GET_PREV                         116
 # define ENGINE_F_ENGINE_INIT                             119
 # define ENGINE_F_ENGINE_LIST_ADD                         120
 # define ENGINE_F_ENGINE_LIST_REMOVE                      121
 # define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
 # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT		 192
+# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
 # define ENGINE_F_ENGINE_NEW                              122
 # define ENGINE_F_ENGINE_REMOVE                           123
 # define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
@ -769,7 +924,7 @@ void ERR_load_ENGINE_strings(void);
 # define ENGINE_R_DSO_FAILURE                             104
 # define ENGINE_R_DSO_NOT_FOUND                           132
 # define ENGINE_R_ENGINES_SECTION_ERROR                   148
-#define ENGINE_R_ENGINE_CONFIGURATION_ERROR		 101
+# define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
 # define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
 # define ENGINE_R_ENGINE_SECTION_ERROR                    149
 # define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
@ -796,6 +951,7 @@ void ERR_load_ENGINE_strings(void);
 # define ENGINE_R_RSA_NOT_IMPLEMENTED                     141
 # define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
 # define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
 # define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
 # define ENGINE_R_VERSION_INCOMPATIBILITY                 145
 #ifdef  __cplusplus
--- a/src/Mayaqua/win32_inc/openssl/err.h
+++ b/src/Mayaqua/win32_inc/openssl/err.h
@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef HEADER_ERR_H
 # define HEADER_ERR_H
@ -92,9 +145,8 @@ extern "C" {
 # define ERR_FLAG_MARK           0x01
 # define ERR_NUM_ERRORS  16
-typedef struct err_state_st
+typedef struct err_state_st {
-	{
+    CRYPTO_THREADID tid;
 	unsigned long pid;
    int err_flags[ERR_NUM_ERRORS];
    unsigned long err_buffer[ERR_NUM_ERRORS];
    char *err_data[ERR_NUM_ERRORS];
@ -142,7 +194,9 @@ typedef struct err_state_st
 # define ERR_LIB_STORE           44
 # define ERR_LIB_FIPS            45
 # define ERR_LIB_CMS             46
-#define ERR_LIB_JPAKE		47
+# define ERR_LIB_TS              47
 # define ERR_LIB_HMAC            48
 # define ERR_LIB_JPAKE           49
 # define ERR_LIB_USER            128
@ -176,10 +230,14 @@ typedef struct err_state_st
 # define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
 # define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
 # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
 # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
 # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
 # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
-/* Borland C seems too stupid to be able to shift and do longs in
+/*
- * the pre-processor :-( */
+ * Borland C seems too stupid to be able to shift and do longs in the
 * pre-processor :-(
 */
 # define ERR_PACK(l,f,r)         (((((unsigned long)l)&0xffL)*0x1000000)| \
                                ((((unsigned long)f)&0xfffL)*0x1000)| \
                                ((((unsigned long)r)&0xfffL)))
@ -188,7 +246,6 @@ typedef struct err_state_st
 # define ERR_GET_REASON(l)       (int)((l)&0xfffL)
 # define ERR_FATAL_ERROR(l)      (int)((l)&ERR_R_FATAL)
 /* OS functions */
 # define SYS_F_FOPEN             1
 # define SYS_F_CONNECT           2
@ -202,7 +259,6 @@ typedef struct err_state_st
 # define SYS_F_OPENDIR           10
 # define SYS_F_FREAD             11
 /* reasons */
 # define ERR_R_SYS_LIB   ERR_LIB_SYS/* 2 */
 # define ERR_R_BN_LIB    ERR_LIB_BN/* 3 */
@ -232,6 +288,7 @@ typedef struct err_state_st
 # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
 # define ERR_R_ECDH_LIB  ERR_LIB_ECDH/* 43 */
 # define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */
 # define ERR_R_TS_LIB    ERR_LIB_TS/* 45 */
 # define ERR_R_NESTED_ASN1_ERROR                 58
 # define ERR_R_BAD_ASN1_OBJECT_HEADER            59
@ -248,12 +305,12 @@ typedef struct err_state_st
 # define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
 # define ERR_R_DISABLED                          (5|ERR_R_FATAL)
-/* 99 is the maximum possible ERR_R_... code, higher values
+/*
- * are reserved for the individual libraries */
+ * 99 is the maximum possible ERR_R_... code, higher values are reserved for
 * the individual libraries
 */
-
+typedef struct ERR_string_data_st {
 typedef struct ERR_string_data_st
 	{
    unsigned long error;
    const char *string;
 } ERR_STRING_DATA;
@ -286,21 +343,25 @@ void ERR_print_errors_fp(FILE *fp);
 # endif
 # ifndef OPENSSL_NO_BIO
 void ERR_print_errors(BIO *bp);
 void ERR_add_error_data(int num, ...);
 # endif
 void ERR_add_error_data(int num, ...);
 void ERR_add_error_vdata(int num, va_list args);
 void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
 void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
 void ERR_load_ERR_strings(void);
 void ERR_load_crypto_strings(void);
 void ERR_free_strings(void);
 void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
 # ifndef OPENSSL_NO_DEPRECATED
 void ERR_remove_state(unsigned long pid); /* if zero we look it up */
 # endif
 ERR_STATE *ERR_get_state(void);
 # ifndef OPENSSL_NO_LHASH
-LHASH *ERR_get_string_table(void);
+LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
-LHASH *ERR_get_err_state_table(void);
+LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH **hash);
+void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
 # endif
 int ERR_get_next_error_library(void);
@ -308,19 +369,17 @@ int ERR_get_next_error_library(void);
 int ERR_set_mark(void);
 int ERR_pop_to_mark(void);
 #ifdef OPENSSL_FIPS
 void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
 				void (*remove_func)(unsigned long pid));
 void int_ERR_lib_init(void);
 #endif
 /* Already defined in ossl_typ.h */
 /* typedef struct st_ERR_FNS ERR_FNS; */
-/* An application can use this function and provide the return value to loaded
+/*
- * modules that should use the application's ERR state/functionality */
+ * An application can use this function and provide the return value to
 * loaded modules that should use the application's ERR state/functionality
 */
 const ERR_FNS *ERR_get_implementation(void);
-/* A loaded module should call this function prior to any ERR operations using
+/*
- * the application's "ERR_FNS". */
+ * A loaded module should call this function prior to any ERR operations
 * using the application's "ERR_FNS".
 */
 int ERR_set_implementation(const ERR_FNS *fns);
 #ifdef  __cplusplus
--- a/src/Mayaqua/win32_inc/openssl/evp.h
+++ b/src/Mayaqua/win32_inc/openssl/evp.h
--- a/src/Mayaqua/win32_inc/openssl/fips.h
+++ b/src/Mayaqua/win32_inc/openssl/fips.h
@ -1,126 +0,0 @@
 /* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #include <openssl/opensslconf.h>
 #ifdef OPENSSL_FIPS
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* Note that these are defined in crypto/cryptlib.c so they're
 * available even without -lfips.
 */
 struct dsa_st;
 int FIPS_mode_set(int onoff,const char *path);
 void FIPS_allow_md5(int onoff);
 int FIPS_md5_allowed(void);
 int FIPS_selftest_failed(void);
 int FIPS_dsa_check(struct dsa_st *dsa);
 void FIPS_corrupt_sha1(void);
 int FIPS_selftest_sha1(void);
 void FIPS_corrupt_aes(void);
 int FIPS_selftest_aes(void);
 void FIPS_corrupt_des(void);
 int FIPS_selftest_des(void);
 void FIPS_corrupt_rsa(void);
 int FIPS_selftest_rsa(void);
 void FIPS_corrupt_dsa(void);
 int FIPS_selftest_dsa(void);
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_FIPS_strings(void);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_FIPS_strings(void);
 /* Error codes for the FIPS functions. */
 /* Function codes. */
 #define FIPS_F_DSA_DO_SIGN				 111
 #define FIPS_F_DSA_DO_VERIFY				 112
 #define FIPS_F_DSA_GENERATE_PARAMETERS			 110
 #define FIPS_F_FIPS_CHECK_DSA				 116
 #define FIPS_F_FIPS_CHECK_EXE				 106
 #define FIPS_F_FIPS_CHECK_RSA				 115
 #define FIPS_F_FIPS_DSA_CHECK				 102
 #define FIPS_F_FIPS_MODE_SET				 105
 #define FIPS_F_FIPS_SELFTEST_AES			 104
 #define FIPS_F_FIPS_SELFTEST_DES			 107
 #define FIPS_F_FIPS_SELFTEST_DSA			 109
 #define FIPS_F_FIPS_SELFTEST_RSA			 108
 #define FIPS_F_FIPS_SELFTEST_SHA1			 103
 #define FIPS_F_HASH_FINAL				 100
 #define FIPS_F_DH_GENERATE_PARAMETERS			 117
 #define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 114
 #define FIPS_F_RSA_GENERATE_KEY				 113
 #define FIPS_F_SSLEAY_RAND_BYTES			 101
 /* Reason codes. */
 #define FIPS_R_CANNOT_READ_EXE				 103
 #define FIPS_R_CANNOT_READ_EXE_DIGEST			 104
 #define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH		 105
 #define FIPS_R_FIPS_MODE_ALREADY_SET			 102
 #define FIPS_R_FIPS_SELFTEST_FAILED			 106
 #define FIPS_R_NON_FIPS_METHOD				 100
 #define FIPS_R_PAIRWISE_TEST_FAILED			 107
 #define FIPS_R_SELFTEST_FAILED				 101
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/hmac.h
+++ b/src/Mayaqua/win32_inc/openssl/hmac.h
@ -72,8 +72,7 @@
 extern "C" {
 #endif
-typedef struct hmac_ctx_st
+typedef struct hmac_ctx_st {
 	{
    const EVP_MD *md;
    EVP_MD_CTX md_ctx;
    EVP_MD_CTX i_ctx;
@ -84,21 +83,22 @@ typedef struct hmac_ctx_st
 # define HMAC_size(e)    (EVP_MD_size((e)->md))
 void HMAC_CTX_init(HMAC_CTX *ctx);
 void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
+/* deprecated */
 # define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx)
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+/* deprecated */
-	       const EVP_MD *md); /* deprecated */
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md);
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                 const EVP_MD *md, ENGINE *impl);
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
                    const unsigned char *d, size_t n, unsigned char *md,
                    unsigned int *md_len);
 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
--- a/src/Mayaqua/win32_inc/openssl/idea.h
+++ b/src/Mayaqua/win32_inc/openssl/idea.h
@ -75,8 +75,7 @@
 extern "C" {
 #endif
-typedef struct idea_key_st
+typedef struct idea_key_st {
 	{
    IDEA_INT data[9][6];
 } IDEA_KEY_SCHEDULE;
@ -84,17 +83,20 @@ const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
                      IDEA_KEY_SCHEDULE *ks);
 # ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void private_idea_set_encrypt_key(const unsigned char *key,
                                  IDEA_KEY_SCHEDULE *ks);
 # endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
                      int enc);
 void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
                        int *num, int enc);
 void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
                        int *num);
 void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/krb5_asn.h
+++ b/src/Mayaqua/win32_inc/openssl/krb5_asn.h
@ -1,6 +1,7 @@
 /* krb5_asn.h */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+/*
-** using ocsp/{*.h,*asn*.c} as a starting point
+ * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project, **
 * using ocsp/{*.h,*asn*.c} as a starting point
 */
 /* ====================================================================
@ -61,7 +62,7 @@
 # define HEADER_KRB5_ASN_H
 /*
-#include <krb5.h>
+ * #include <krb5.h>
 */
 # include <openssl/safestack.h>
@ -69,18 +70,17 @@
 extern "C" {
 #endif
-
+/*
-/*	ASN.1 from Kerberos RFC 1510
+ * ASN.1 from Kerberos RFC 1510
 */
-/*	EncryptedData ::=   SEQUENCE {
+/*-     EncryptedData ::=   SEQUENCE {
-**		etype[0]                      INTEGER, -- EncryptionType
+ *              etype[0]                      INTEGER, -- EncryptionType
-**		kvno[1]                       INTEGER OPTIONAL,
+ *              kvno[1]                       INTEGER OPTIONAL,
-**		cipher[2]                     OCTET STRING -- ciphertext
+ *              cipher[2]                     OCTET STRING -- ciphertext
-**	}
+ *      }
 */
-typedef	struct	krb5_encdata_st
+typedef struct krb5_encdata_st {
 	{
    ASN1_INTEGER *etype;
    ASN1_INTEGER *kvno;
    ASN1_OCTET_STRING *cipher;
@ -88,29 +88,26 @@ typedef	struct	krb5_encdata_st
 DECLARE_STACK_OF(KRB5_ENCDATA)
-/*	PrincipalName ::=   SEQUENCE {
+/*-     PrincipalName ::=   SEQUENCE {
-**		name-type[0]                  INTEGER,
+ *              name-type[0]                  INTEGER,
-**		name-string[1]                SEQUENCE OF GeneralString
+ *              name-string[1]                SEQUENCE OF GeneralString
-**	}
+ *      }
 */
-typedef	struct	krb5_princname_st
+typedef struct krb5_princname_st {
 	{
    ASN1_INTEGER *nametype;
    STACK_OF(ASN1_GENERALSTRING) *namestring;
 } KRB5_PRINCNAME;
 DECLARE_STACK_OF(KRB5_PRINCNAME)
-
+/*-     Ticket ::=      [APPLICATION 1] SEQUENCE {
-/*	Ticket ::=	[APPLICATION 1] SEQUENCE {
+ *              tkt-vno[0]                    INTEGER,
-**		tkt-vno[0]                    INTEGER,
+ *              realm[1]                      Realm,
-**		realm[1]                      Realm,
+ *              sname[2]                      PrincipalName,
-**		sname[2]                      PrincipalName,
+ *              enc-part[3]                   EncryptedData
-**		enc-part[3]                   EncryptedData
+ *      }
 **	}
 */
-typedef	struct	krb5_tktbody_st
+typedef struct krb5_tktbody_st {
 	{
    ASN1_INTEGER *tktvno;
    ASN1_GENERALSTRING *realm;
    KRB5_PRINCNAME *sname;
@ -120,20 +117,18 @@ typedef	struct	krb5_tktbody_st
 typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
 DECLARE_STACK_OF(KRB5_TKTBODY)
-
+/*-     AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {
+ *              pvno[0]                       INTEGER,
-**		pvno[0]                       INTEGER,
+ *              msg-type[1]                   INTEGER,
-**		msg-type[1]                   INTEGER,
+ *              ap-options[2]                 APOptions,
-**		ap-options[2]                 APOptions,
+ *              ticket[3]                     Ticket,
-**		ticket[3]                     Ticket,
+ *              authenticator[4]              EncryptedData
-**		authenticator[4]              EncryptedData
+ *      }
-**	}
+ *
-**
+ *      APOptions ::=   BIT STRING {
-**	APOptions ::=   BIT STRING {
+ *              reserved(0), use-session-key(1), mutual-required(2) }
 **		reserved(0), use-session-key(1), mutual-required(2) }
 */
-typedef	struct	krb5_ap_req_st
+typedef struct krb5_ap_req_st {
 	{
    ASN1_INTEGER *pvno;
    ASN1_INTEGER *msgtype;
    ASN1_BIT_STRING *apoptions;
@ -144,67 +139,58 @@ typedef	struct	krb5_ap_req_st
 typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
 DECLARE_STACK_OF(KRB5_APREQBODY)
 /*      Authenticator Stuff     */
-
+/*-     Checksum ::=   SEQUENCE {
-/*	Checksum ::=   SEQUENCE {
+ *              cksumtype[0]                  INTEGER,
-**		cksumtype[0]                  INTEGER,
+ *              checksum[1]                   OCTET STRING
-**		checksum[1]                   OCTET STRING
+ *      }
 **	}
 */
-typedef	struct	krb5_checksum_st
+typedef struct krb5_checksum_st {
 	{
    ASN1_INTEGER *ctype;
    ASN1_OCTET_STRING *checksum;
 } KRB5_CHECKSUM;
 DECLARE_STACK_OF(KRB5_CHECKSUM)
-
+/*-     EncryptionKey ::=   SEQUENCE {
-/*	EncryptionKey ::=   SEQUENCE {
+ *              keytype[0]                    INTEGER,
-**		keytype[0]                    INTEGER,
+ *              keyvalue[1]                   OCTET STRING
-**		keyvalue[1]                   OCTET STRING
+ *      }
 **	}
 */
-typedef struct  krb5_encryptionkey_st
+typedef struct krb5_encryptionkey_st {
 	{
    ASN1_INTEGER *ktype;
    ASN1_OCTET_STRING *keyvalue;
 } KRB5_ENCKEY;
 DECLARE_STACK_OF(KRB5_ENCKEY)
-
+/*-     AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {
+ *              ad-type[0]                    INTEGER,
-**		ad-type[0]                    INTEGER,
+ *              ad-data[1]                    OCTET STRING
-**              ad-data[1]                    OCTET STRING
+ *      }
 **	}
 */
-typedef struct	krb5_authorization_st
+typedef struct krb5_authorization_st {
 	{
    ASN1_INTEGER *adtype;
    ASN1_OCTET_STRING *addata;
 } KRB5_AUTHDATA;
 DECLARE_STACK_OF(KRB5_AUTHDATA)
-			
+/*-     -- Unencrypted authenticator
-/*	-- Unencrypted authenticator
+ *      Authenticator ::=    [APPLICATION 2] SEQUENCE    {
-**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {
+ *              authenticator-vno[0]          INTEGER,
-**		authenticator-vno[0]          INTEGER,
+ *              crealm[1]                     Realm,
-**		crealm[1]                     Realm,
+ *              cname[2]                      PrincipalName,
-**		cname[2]                      PrincipalName,
+ *              cksum[3]                      Checksum OPTIONAL,
-**		cksum[3]                      Checksum OPTIONAL,
+ *              cusec[4]                      INTEGER,
-**		cusec[4]                      INTEGER,
+ *              ctime[5]                      KerberosTime,
-**		ctime[5]                      KerberosTime,
+ *              subkey[6]                     EncryptionKey OPTIONAL,
-**		subkey[6]                     EncryptionKey OPTIONAL,
+ *              seq-number[7]                 INTEGER OPTIONAL,
-**		seq-number[7]                 INTEGER OPTIONAL,
+ *              authorization-data[8]         AuthorizationData OPTIONAL
-**		authorization-data[8]         AuthorizationData OPTIONAL
+ *      }
 **	}
 */
-typedef struct	krb5_authenticator_st
+typedef struct krb5_authenticator_st {
 	{
    ASN1_INTEGER *avno;
    ASN1_GENERALSTRING *crealm;
    KRB5_PRINCNAME *cname;
@ -219,15 +205,14 @@ typedef struct	krb5_authenticator_st
 typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
 DECLARE_STACK_OF(KRB5_AUTHENTBODY)
-
+/*-  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
-/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+ *      type *name##_new(void);
-**	type *name##_new(void);
+ *      void name##_free(type *a);
-**	void name##_free(type *a);
+ *      DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
-**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+ *       DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
-**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+ *        type *d2i_##name(type **a, const unsigned char **in, long len);
-**	  type *d2i_##name(type **a, const unsigned char **in, long len);
+ *        int i2d_##name(type *a, unsigned char **out);
-**	  int i2d_##name(type *a, unsigned char **out);
+ *        DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
 **	  DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
 */
 DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
@ -243,9 +228,9 @@ DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
 DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
 DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
@ -253,4 +238,3 @@ DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/kssl.h
+++ b/src/Mayaqua/win32_inc/openssl/kssl.h
@ -1,6 +1,7 @@
 /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
+/*
- * project 2000.
+ * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
 * 2000. project 2000.
 */
 /* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@ -70,14 +71,24 @@
 #  include <stdio.h>
 #  include <ctype.h>
 #  include <krb5.h>
 #  ifdef OPENSSL_SYS_WIN32
 /*
 * These can sometimes get redefined indirectly by krb5 header files after
 * they get undefed in ossl_typ.h
 */
 #   undef X509_NAME
 #   undef X509_EXTENSIONS
 #   undef OCSP_REQUEST
 #   undef OCSP_RESPONSE
 #  endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /*
-**	Depending on which KRB5 implementation used, some types from
+ *      Depending on which KRB5 implementation used, some types from
-**	the other may be missing.  Resolve that here and now
+ *      the other may be missing.  Resolve that here and now
 */
 #  ifdef KRB5_HEIMDAL
 typedef unsigned char krb5_octet;
@ -90,10 +101,11 @@ typedef unsigned char krb5_octet;
 #  endif
-/*	Uncomment this to debug kssl problems or
+/*-
-**	to trace usage of the Kerberos session key
+ *      Uncomment this to debug kssl problems or
-**
+ *      to trace usage of the Kerberos session key
-**	#define		KSSL_DEBUG
+ *
 *      #define         KSSL_DEBUG
 */
 #  ifndef KRB5SVC
@ -122,13 +134,11 @@ typedef struct kssl_err_st  {
    char text[KSSL_ERR_MAX + 1];
 } KSSL_ERR;
-
+/*-     Context for passing
-/*	Context for passing
+ *              (1) Kerberos session key to SSL, and
-**		(1) Kerberos session key to SSL, and
+ *              (2)     Config data between application and SSL lib
 **		(2)	Config data between application and SSL lib
 */
-typedef struct kssl_ctx_st
+typedef struct kssl_ctx_st {
        {
    /*      used by:    disposition:            */
    char *service_name;         /* C,S default ok (kssl) */
    char *service_host;         /* C input, REQUIRED */
@ -155,7 +165,8 @@ KSSL_CTX *kssl_ctx_new(void);
 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities);
+                                  krb5_data *realm, krb5_data *entity,
                                  int nentities);
 krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
                              krb5_data *authenp, KSSL_ERR *kssl_err);
 krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
@ -164,14 +175,21 @@ krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
 void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
 krb5_error_code kssl_build_principal_2(krb5_context context,
-			krb5_principal *princ, int rlen, const char *realm,
+                                       krb5_principal *princ, int rlen,
-			int slen, const char *svc, int hlen, const char *host);
+                                       const char *realm, int slen,
                                       const char *svc, int hlen,
                                       const char *host);
 krb5_error_code kssl_validate_times(krb5_timestamp atime,
                                    krb5_ticket_times *ttimes);
 krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
-			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);
+                                   krb5_timestamp *atimep,
                                   KSSL_ERR *kssl_err);
 unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
 void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
 KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
 char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
 #ifdef  __cplusplus
 }
 #endif
--- a/src/Mayaqua/win32_inc/openssl/lhash.h
+++ b/src/Mayaqua/win32_inc/openssl/lhash.h
@ -56,8 +56,8 @@
 * [including the GNU Public Licence.]
 */
-/* Header for dynamic hash table routines
+/*
- * Author - Eric Young
+ * Header for dynamic hash table routines Author - Eric Young
 */
 #ifndef HEADER_LHASH_H
@ -76,8 +76,7 @@
 extern "C" {
 #endif
-typedef struct lhash_node_st
+typedef struct lhash_node_st {
 	{
    void *data;
    struct lhash_node_st *next;
 # ifndef OPENSSL_NO_HASH_COMP
@ -90,53 +89,54 @@ typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
 typedef void (*LHASH_DOALL_FN_TYPE) (void *);
 typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *);
-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
+/*
- * This way, callbacks can be provided to LHASH structures without function
+ * Macros for declaring and implementing type-safe wrappers for LHASH
- * pointer casting and the macro-defined callbacks provide per-variable casting
+ * callbacks. This way, callbacks can be provided to LHASH structures without
- * before deferring to the underlying type-specific callbacks. NB: It is
+ * function pointer casting and the macro-defined callbacks provide
- * possible to place a "static" in front of both the DECLARE and IMPLEMENT
+ * per-variable casting before deferring to the underlying type-specific
- * macros if the functions are strictly internal. */
+ * callbacks. NB: It is possible to place a "static" in front of both the
 * DECLARE and IMPLEMENT macros if the functions are strictly internal.
 */
 /* First: "hash" functions */
-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+# define DECLARE_LHASH_HASH_FN(name, o_type) \
-	unsigned long f_name##_LHASH_HASH(const void *);
+        unsigned long name##_LHASH_HASH(const void *);
-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-	unsigned long f_name##_LHASH_HASH(const void *arg) { \
+        unsigned long name##_LHASH_HASH(const void *arg) { \
-		o_type a = (o_type)arg; \
+                const o_type *a = arg; \
-		return f_name(a); }
+                return name##_hash(a); }
-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+# define LHASH_HASH_FN(name) name##_LHASH_HASH
 /* Second: "compare" functions */
-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+# define DECLARE_LHASH_COMP_FN(name, o_type) \
-	int f_name##_LHASH_COMP(const void *, const void *);
+        int name##_LHASH_COMP(const void *, const void *);
-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-	int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-		o_type a = (o_type)arg1; \
+                const o_type *a = arg1;             \
-		o_type b = (o_type)arg2; \
+                const o_type *b = arg2; \
-		return f_name(a,b); }
+                return name##_cmp(a,b); }
-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+# define LHASH_COMP_FN(name) name##_LHASH_COMP
 /* Third: "doall" functions */
-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+# define DECLARE_LHASH_DOALL_FN(name, o_type) \
-	void f_name##_LHASH_DOALL(void *);
+        void name##_LHASH_DOALL(void *);
-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-	void f_name##_LHASH_DOALL(void *arg) { \
+        void name##_LHASH_DOALL(void *arg) { \
-		o_type a = (o_type)arg; \
+                o_type *a = arg; \
-		f_name(a); }
+                name##_doall(a); }
-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+# define LHASH_DOALL_FN(name) name##_LHASH_DOALL
 /* Fourth: "doall_arg" functions */
-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-	void f_name##_LHASH_DOALL_ARG(void *, void *);
+        void name##_LHASH_DOALL_ARG(void *, void *);
-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-	void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-		o_type a = (o_type)arg1; \
+                o_type *a = arg1; \
-		a_type b = (a_type)arg2; \
+                a_type *b = arg2; \
-		f_name(a,b); }
+                name##_doall_arg(a, b); }
-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
-typedef struct lhash_st
+typedef struct lhash_st {
 	{
    LHASH_NODE **b;
    LHASH_COMP_FN_TYPE comp;
    LHASH_HASH_FN_TYPE hash;
@ -147,7 +147,6 @@ typedef struct lhash_st
    unsigned long up_load;      /* load times 256 */
    unsigned long down_load;    /* load times 256 */
    unsigned long num_items;
    unsigned long num_expands;
    unsigned long num_expand_reallocs;
    unsigned long num_contracts;
@ -161,40 +160,81 @@ typedef struct lhash_st
    unsigned long num_retrieve;
    unsigned long num_retrieve_miss;
    unsigned long num_hash_comps;
    int error;
-	} LHASH;
+} _LHASH;                       /* Do not use _LHASH directly, use LHASH_OF
                                 * and friends */
 # define LH_LOAD_MULT    256
-/* Indicates a malloc() error in the last call, this is only bad
+/*
- * in lh_insert(). */
+ * Indicates a malloc() error in the last call, this is only bad in
 * lh_insert().
 */
 # define lh_error(lh)    ((lh)->error)
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
+_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(LHASH *lh);
+void lh_free(_LHASH *lh);
-void *lh_insert(LHASH *lh, void *data);
+void *lh_insert(_LHASH *lh, void *data);
-void *lh_delete(LHASH *lh, const void *data);
+void *lh_delete(_LHASH *lh, const void *data);
-void *lh_retrieve(LHASH *lh, const void *data);
+void *lh_retrieve(_LHASH *lh, const void *data);
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
+void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
+void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
 unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const LHASH *lh);
+unsigned long lh_num_items(const _LHASH *lh);
 # ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *out);
+void lh_stats(const _LHASH *lh, FILE *out);
-void lh_node_stats(const LHASH *lh, FILE *out);
+void lh_node_stats(const _LHASH *lh, FILE *out);
-void lh_node_usage_stats(const LHASH *lh, FILE *out);
+void lh_node_usage_stats(const _LHASH *lh, FILE *out);
 # endif
 # ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const LHASH *lh, BIO *out);
+void lh_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
 # endif
 /* Type checking... */
 # define LHASH_OF(type) struct lhash_st_##type
 # define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
 # define CHECKED_LHASH_OF(type,lh) \
  ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
 /* Define wrapper functions. */
 # define LHM_lh_new(type, name) \
  ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name)))
 # define LHM_lh_error(type, lh) \
  lh_error(CHECKED_LHASH_OF(type,lh))
 # define LHM_lh_insert(type, lh, inst) \
  ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \
                     CHECKED_PTR_OF(type, inst)))
 # define LHM_lh_retrieve(type, lh, inst) \
  ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \
                       CHECKED_PTR_OF(type, inst)))
 # define LHM_lh_delete(type, lh, inst) \
  ((type *)lh_delete(CHECKED_LHASH_OF(type, lh),                        \
                     CHECKED_PTR_OF(type, inst)))
 # define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
 # define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
  lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
 # define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
 # define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
 # define LHM_lh_node_stats_bio(type, lh, out) \
  lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
 # define LHM_lh_node_usage_stats_bio(type, lh, out) \
  lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
 # define LHM_lh_stats_bio(type, lh, out) \
  lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
 # define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
 DECLARE_LHASH_OF(OPENSSL_STRING);
 DECLARE_LHASH_OF(OPENSSL_CSTRING);
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/md2.h
+++ b/src/Mayaqua/win32_inc/openssl/md2.h
@ -1,95 +0,0 @@
 /* crypto/md/md2.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #ifndef HEADER_MD2_H
 #define HEADER_MD2_H
 #include <openssl/opensslconf.h> /* OPENSSL_NO_MD2, MD2_INT */
 #ifdef OPENSSL_NO_MD2
 #error MD2 is disabled.
 #endif
 #include <stddef.h>
 #define MD2_DIGEST_LENGTH	16
 #define MD2_BLOCK       	16
 #ifdef  __cplusplus
 extern "C" {
 #endif
 typedef struct MD2state_st
 	{
 	unsigned int num;
 	unsigned char data[MD2_BLOCK];
 	MD2_INT cksm[MD2_BLOCK];
 	MD2_INT state[MD2_BLOCK];
 	} MD2_CTX;
 const char *MD2_options(void);
 #ifdef OPENSSL_FIPS
 int private_MD2_Init(MD2_CTX *c);
 #endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);
 unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md);
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/md4.h
+++ b/src/Mayaqua/win32_inc/openssl/md4.h
@ -70,14 +70,14 @@ extern "C" {
 #  error MD4 is disabled.
 # endif
-/*
+/*-
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
 * ! MD4_LONG_LOG2 has to be defined along.                        !
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# if defined(__LP32__)
 #  define MD4_LONG unsigned long
 # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #  define MD4_LONG unsigned long
@ -97,8 +97,7 @@ extern "C" {
 # define MD4_LBLOCK      (MD4_CBLOCK/4)
 # define MD4_DIGEST_LENGTH 16
-typedef struct MD4state_st
+typedef struct MD4state_st {
 	{
    MD4_LONG A, B, C, D;
    MD4_LONG Nl, Nh;
    MD4_LONG data[MD4_LBLOCK];
--- a/src/Mayaqua/win32_inc/openssl/md5.h
+++ b/src/Mayaqua/win32_inc/openssl/md5.h
@ -77,7 +77,7 @@ extern "C" {
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# if defined(__LP32__)
 #  define MD5_LONG unsigned long
 # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #  define MD5_LONG unsigned long
@ -97,8 +97,7 @@ extern "C" {
 # define MD5_LBLOCK      (MD5_CBLOCK/4)
 # define MD5_DIGEST_LENGTH 16
-typedef struct MD5state_st
+typedef struct MD5state_st {
 	{
    MD5_LONG A, B, C, D;
    MD5_LONG Nl, Nh;
    MD5_LONG data[MD5_LBLOCK];
--- a/src/Mayaqua/win32_inc/openssl/mdc2.h
+++ b/src/Mayaqua/win32_inc/openssl/mdc2.h
@ -72,9 +72,8 @@ extern "C" {
 # define MDC2_BLOCK              8
 # define MDC2_DIGEST_LENGTH      16
-typedef struct mdc2_ctx_st
+typedef struct mdc2_ctx_st {
-	{
+    unsigned int num;
 	int num;
    unsigned char data[MDC2_BLOCK];
    DES_cblock h, hh;
    int pad_type;               /* either 1 or 2, default 1 */
@ -84,15 +83,12 @@ typedef struct mdc2_ctx_st
 int private_MDC2_Init(MDC2_CTX *c);
 # endif
 int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, unsigned long n,
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
 	unsigned char *md);
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/modes.h
+++ b/src/Mayaqua/win32_inc/openssl/modes.h
@ -0,0 +1,163 @@
 /* ====================================================================
 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
 *
 * Rights for redistribution and usage in source and binary
 * forms are granted according to the OpenSSL license.
 */
 #include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
 typedef void (*block128_f) (const unsigned char in[16],
                            unsigned char out[16], const void *key);
 typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out,
                          size_t len, const void *key,
                          unsigned char ivec[16], int enc);
 typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out,
                          size_t blocks, const void *key,
                          const unsigned char ivec[16]);
 typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out,
                          size_t blocks, const void *key,
                          const unsigned char ivec[16],
                          unsigned char cmac[16]);
 void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
                           size_t len, const void *key,
                           unsigned char ivec[16], block128_f block);
 void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
                           size_t len, const void *key,
                           unsigned char ivec[16], block128_f block);
 void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                           size_t len, const void *key,
                           unsigned char ivec[16],
                           unsigned char ecount_buf[16], unsigned int *num,
                           block128_f block);
 void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
                                 size_t len, const void *key,
                                 unsigned char ivec[16],
                                 unsigned char ecount_buf[16],
                                 unsigned int *num, ctr128_f ctr);
 void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                           size_t len, const void *key,
                           unsigned char ivec[16], int *num,
                           block128_f block);
 void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                           size_t len, const void *key,
                           unsigned char ivec[16], int *num,
                           int enc, block128_f block);
 void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
                             size_t length, const void *key,
                             unsigned char ivec[16], int *num,
                             int enc, block128_f block);
 void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
                             size_t bits, const void *key,
                             unsigned char ivec[16], int *num,
                             int enc, block128_f block);
 size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
                                   unsigned char *out, size_t len,
                                   const void *key, unsigned char ivec[16],
                                   block128_f block);
 size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
                             size_t len, const void *key,
                             unsigned char ivec[16], cbc128_f cbc);
 size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
                                   unsigned char *out, size_t len,
                                   const void *key, unsigned char ivec[16],
                                   block128_f block);
 size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
                             size_t len, const void *key,
                             unsigned char ivec[16], cbc128_f cbc);
 size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
                                       unsigned char *out, size_t len,
                                       const void *key,
                                       unsigned char ivec[16],
                                       block128_f block);
 size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
                                 size_t len, const void *key,
                                 unsigned char ivec[16], cbc128_f cbc);
 size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
                                       unsigned char *out, size_t len,
                                       const void *key,
                                       unsigned char ivec[16],
                                       block128_f block);
 size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
                                 size_t len, const void *key,
                                 unsigned char ivec[16], cbc128_f cbc);
 typedef struct gcm128_context GCM128_CONTEXT;
 GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
 void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block);
 void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
                         size_t len);
 int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
                      size_t len);
 int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                          const unsigned char *in, unsigned char *out,
                          size_t len);
 int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                          const unsigned char *in, unsigned char *out,
                          size_t len);
 int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                                const unsigned char *in, unsigned char *out,
                                size_t len, ctr128_f stream);
 int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                                const unsigned char *in, unsigned char *out,
                                size_t len, ctr128_f stream);
 int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
                         size_t len);
 void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
 void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
 typedef struct ccm128_context CCM128_CONTEXT;
 void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
                        unsigned int M, unsigned int L, void *key,
                        block128_f block);
 int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce,
                        size_t nlen, size_t mlen);
 void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad,
                       size_t alen);
 int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
                          unsigned char *out, size_t len);
 int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
                          unsigned char *out, size_t len);
 int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
                                unsigned char *out, size_t len,
                                ccm128_f stream);
 int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
                                unsigned char *out, size_t len,
                                ccm128_f stream);
 size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
 typedef struct xts128_context XTS128_CONTEXT;
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
                          const unsigned char iv[16],
                          const unsigned char *inp, unsigned char *out,
                          size_t len, int enc);
 size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
                       unsigned char *out,
                       const unsigned char *in, size_t inlen,
                       block128_f block);
 size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
                         unsigned char *out,
                         const unsigned char *in, size_t inlen,
                         block128_f block);
 #ifdef  __cplusplus
 }
 #endif
--- a/src/Mayaqua/win32_inc/openssl/obj_mac.h
+++ b/src/Mayaqua/win32_inc/openssl/obj_mac.h
@ -1,8 +1,8 @@
 /* crypto/objects/obj_mac.h */
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+/*
- * following command:
+ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
+ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h
 */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
@ -580,6 +580,26 @@
 #define NID_sha1WithRSAEncryption               65
 #define OBJ_sha1WithRSAEncryption               OBJ_pkcs1,5L
 #define SN_rsaesOaep            "RSAES-OAEP"
 #define LN_rsaesOaep            "rsaesOaep"
 #define NID_rsaesOaep           919
 #define OBJ_rsaesOaep           OBJ_pkcs1,7L
 #define SN_mgf1         "MGF1"
 #define LN_mgf1         "mgf1"
 #define NID_mgf1                911
 #define OBJ_mgf1                OBJ_pkcs1,8L
 #define SN_pSpecified           "PSPECIFIED"
 #define LN_pSpecified           "pSpecified"
 #define NID_pSpecified          935
 #define OBJ_pSpecified          OBJ_pkcs1,9L
 #define SN_rsassaPss            "RSASSA-PSS"
 #define LN_rsassaPss            "rsassaPss"
 #define NID_rsassaPss           912
 #define OBJ_rsassaPss           OBJ_pkcs1,10L
 #define SN_sha256WithRSAEncryption              "RSA-SHA256"
 #define LN_sha256WithRSAEncryption              "sha256WithRSAEncryption"
 #define NID_sha256WithRSAEncryption             668
@ -981,6 +1001,10 @@
 #define NID_id_smime_alg_CMSRC2wrap             247
 #define OBJ_id_smime_alg_CMSRC2wrap             OBJ_id_smime_alg,7L
 #define SN_id_alg_PWRI_KEK              "id-alg-PWRI-KEK"
 #define NID_id_alg_PWRI_KEK             893
 #define OBJ_id_alg_PWRI_KEK             OBJ_id_smime_alg,9L
 #define SN_id_smime_cd_ldap             "id-smime-cd-ldap"
 #define NID_id_smime_cd_ldap            248
 #define OBJ_id_smime_cd_ldap            OBJ_id_smime_cd,1L
@ -2399,6 +2423,11 @@
 #define NID_no_rev_avail                403
 #define OBJ_no_rev_avail                OBJ_id_ce,56L
 #define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
 #define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
 #define NID_anyExtendedKeyUsage         910
 #define OBJ_anyExtendedKeyUsage         OBJ_ext_key_usage,0L
 #define SN_netscape             "Netscape"
 #define LN_netscape             "Netscape Communications Corp."
 #define NID_netscape            57
@ -2586,6 +2615,24 @@
 #define NID_aes_128_cfb128              421
 #define OBJ_aes_128_cfb128              OBJ_aes,4L
 #define SN_id_aes128_wrap               "id-aes128-wrap"
 #define NID_id_aes128_wrap              788
 #define OBJ_id_aes128_wrap              OBJ_aes,5L
 #define SN_aes_128_gcm          "id-aes128-GCM"
 #define LN_aes_128_gcm          "aes-128-gcm"
 #define NID_aes_128_gcm         895
 #define OBJ_aes_128_gcm         OBJ_aes,6L
 #define SN_aes_128_ccm          "id-aes128-CCM"
 #define LN_aes_128_ccm          "aes-128-ccm"
 #define NID_aes_128_ccm         896
 #define OBJ_aes_128_ccm         OBJ_aes,7L
 #define SN_id_aes128_wrap_pad           "id-aes128-wrap-pad"
 #define NID_id_aes128_wrap_pad          897
 #define OBJ_id_aes128_wrap_pad          OBJ_aes,8L
 #define SN_aes_192_ecb          "AES-192-ECB"
 #define LN_aes_192_ecb          "aes-192-ecb"
 #define NID_aes_192_ecb         422
@ -2606,6 +2653,24 @@
 #define NID_aes_192_cfb128              425
 #define OBJ_aes_192_cfb128              OBJ_aes,24L
 #define SN_id_aes192_wrap               "id-aes192-wrap"
 #define NID_id_aes192_wrap              789
 #define OBJ_id_aes192_wrap              OBJ_aes,25L
 #define SN_aes_192_gcm          "id-aes192-GCM"
 #define LN_aes_192_gcm          "aes-192-gcm"
 #define NID_aes_192_gcm         898
 #define OBJ_aes_192_gcm         OBJ_aes,26L
 #define SN_aes_192_ccm          "id-aes192-CCM"
 #define LN_aes_192_ccm          "aes-192-ccm"
 #define NID_aes_192_ccm         899
 #define OBJ_aes_192_ccm         OBJ_aes,27L
 #define SN_id_aes192_wrap_pad           "id-aes192-wrap-pad"
 #define NID_id_aes192_wrap_pad          900
 #define OBJ_id_aes192_wrap_pad          OBJ_aes,28L
 #define SN_aes_256_ecb          "AES-256-ECB"
 #define LN_aes_256_ecb          "aes-256-ecb"
 #define NID_aes_256_ecb         426
@ -2626,6 +2691,24 @@
 #define NID_aes_256_cfb128              429
 #define OBJ_aes_256_cfb128              OBJ_aes,44L
 #define SN_id_aes256_wrap               "id-aes256-wrap"
 #define NID_id_aes256_wrap              790
 #define OBJ_id_aes256_wrap              OBJ_aes,45L
 #define SN_aes_256_gcm          "id-aes256-GCM"
 #define LN_aes_256_gcm          "aes-256-gcm"
 #define NID_aes_256_gcm         901
 #define OBJ_aes_256_gcm         OBJ_aes,46L
 #define SN_aes_256_ccm          "id-aes256-CCM"
 #define LN_aes_256_ccm          "aes-256-ccm"
 #define NID_aes_256_ccm         902
 #define OBJ_aes_256_ccm         OBJ_aes,47L
 #define SN_id_aes256_wrap_pad           "id-aes256-wrap-pad"
 #define NID_id_aes256_wrap_pad          903
 #define OBJ_id_aes256_wrap_pad          OBJ_aes,48L
 #define SN_aes_128_cfb1         "AES-128-CFB1"
 #define LN_aes_128_cfb1         "aes-128-cfb1"
 #define NID_aes_128_cfb1                650
@ -2650,6 +2733,26 @@
 #define LN_aes_256_cfb8         "aes-256-cfb8"
 #define NID_aes_256_cfb8                655
 #define SN_aes_128_ctr          "AES-128-CTR"
 #define LN_aes_128_ctr          "aes-128-ctr"
 #define NID_aes_128_ctr         904
 #define SN_aes_192_ctr          "AES-192-CTR"
 #define LN_aes_192_ctr          "aes-192-ctr"
 #define NID_aes_192_ctr         905
 #define SN_aes_256_ctr          "AES-256-CTR"
 #define LN_aes_256_ctr          "aes-256-ctr"
 #define NID_aes_256_ctr         906
 #define SN_aes_128_xts          "AES-128-XTS"
 #define LN_aes_128_xts          "aes-128-xts"
 #define NID_aes_128_xts         913
 #define SN_aes_256_xts          "AES-256-XTS"
 #define LN_aes_256_xts          "aes-256-xts"
 #define NID_aes_256_xts         914
 #define SN_des_cfb1             "DES-CFB1"
 #define LN_des_cfb1             "des-cfb1"
 #define NID_des_cfb1            656
@ -2666,18 +2769,6 @@
 #define LN_des_ede3_cfb8                "des-ede3-cfb8"
 #define NID_des_ede3_cfb8               659
 #define SN_id_aes128_wrap		"id-aes128-wrap"
 #define NID_id_aes128_wrap		788
 #define OBJ_id_aes128_wrap		OBJ_aes,5L
 #define SN_id_aes192_wrap		"id-aes192-wrap"
 #define NID_id_aes192_wrap		789
 #define OBJ_id_aes192_wrap		OBJ_aes,25L
 #define SN_id_aes256_wrap		"id-aes256-wrap"
 #define NID_id_aes256_wrap		790
 #define OBJ_id_aes256_wrap		OBJ_aes,45L
 #define OBJ_nist_hashalgs               OBJ_nistAlgorithms,2L
 #define SN_sha256               "SHA256"
@ -3810,6 +3901,18 @@
 #define NID_camellia_256_cbc            753
 #define OBJ_camellia_256_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,4L
 #define SN_id_camellia128_wrap          "id-camellia128-wrap"
 #define NID_id_camellia128_wrap         907
 #define OBJ_id_camellia128_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,2L
 #define SN_id_camellia192_wrap          "id-camellia192-wrap"
 #define NID_id_camellia192_wrap         908
 #define OBJ_id_camellia192_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,3L
 #define SN_id_camellia256_wrap          "id-camellia256-wrap"
 #define NID_id_camellia256_wrap         909
 #define OBJ_id_camellia256_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,4L
 #define OBJ_ntt_ds              0L,3L,4401L,5L
 #define OBJ_camellia            OBJ_ntt_ds,3L,1L,9L
@ -3912,3 +4015,180 @@
 #define LN_hmac         "hmac"
 #define NID_hmac                855
 #define SN_cmac         "CMAC"
 #define LN_cmac         "cmac"
 #define NID_cmac                894
 #define SN_rc4_hmac_md5         "RC4-HMAC-MD5"
 #define LN_rc4_hmac_md5         "rc4-hmac-md5"
 #define NID_rc4_hmac_md5                915
 #define SN_aes_128_cbc_hmac_sha1                "AES-128-CBC-HMAC-SHA1"
 #define LN_aes_128_cbc_hmac_sha1                "aes-128-cbc-hmac-sha1"
 #define NID_aes_128_cbc_hmac_sha1               916
 #define SN_aes_192_cbc_hmac_sha1                "AES-192-CBC-HMAC-SHA1"
 #define LN_aes_192_cbc_hmac_sha1                "aes-192-cbc-hmac-sha1"
 #define NID_aes_192_cbc_hmac_sha1               917
 #define SN_aes_256_cbc_hmac_sha1                "AES-256-CBC-HMAC-SHA1"
 #define LN_aes_256_cbc_hmac_sha1                "aes-256-cbc-hmac-sha1"
 #define NID_aes_256_cbc_hmac_sha1               918
 #define SN_aes_128_cbc_hmac_sha256              "AES-128-CBC-HMAC-SHA256"
 #define LN_aes_128_cbc_hmac_sha256              "aes-128-cbc-hmac-sha256"
 #define NID_aes_128_cbc_hmac_sha256             948
 #define SN_aes_192_cbc_hmac_sha256              "AES-192-CBC-HMAC-SHA256"
 #define LN_aes_192_cbc_hmac_sha256              "aes-192-cbc-hmac-sha256"
 #define NID_aes_192_cbc_hmac_sha256             949
 #define SN_aes_256_cbc_hmac_sha256              "AES-256-CBC-HMAC-SHA256"
 #define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
 #define NID_aes_256_cbc_hmac_sha256             950
 #define SN_dhpublicnumber               "dhpublicnumber"
 #define LN_dhpublicnumber               "X9.42 DH"
 #define NID_dhpublicnumber              920
 #define OBJ_dhpublicnumber              OBJ_ISO_US,10046L,2L,1L
 #define SN_brainpoolP160r1              "brainpoolP160r1"
 #define NID_brainpoolP160r1             921
 #define OBJ_brainpoolP160r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,1L
 #define SN_brainpoolP160t1              "brainpoolP160t1"
 #define NID_brainpoolP160t1             922
 #define OBJ_brainpoolP160t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,2L
 #define SN_brainpoolP192r1              "brainpoolP192r1"
 #define NID_brainpoolP192r1             923
 #define OBJ_brainpoolP192r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,3L
 #define SN_brainpoolP192t1              "brainpoolP192t1"
 #define NID_brainpoolP192t1             924
 #define OBJ_brainpoolP192t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,4L
 #define SN_brainpoolP224r1              "brainpoolP224r1"
 #define NID_brainpoolP224r1             925
 #define OBJ_brainpoolP224r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,5L
 #define SN_brainpoolP224t1              "brainpoolP224t1"
 #define NID_brainpoolP224t1             926
 #define OBJ_brainpoolP224t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,6L
 #define SN_brainpoolP256r1              "brainpoolP256r1"
 #define NID_brainpoolP256r1             927
 #define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
 #define SN_brainpoolP256t1              "brainpoolP256t1"
 #define NID_brainpoolP256t1             928
 #define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
 #define SN_brainpoolP320r1              "brainpoolP320r1"
 #define NID_brainpoolP320r1             929
 #define OBJ_brainpoolP320r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,9L
 #define SN_brainpoolP320t1              "brainpoolP320t1"
 #define NID_brainpoolP320t1             930
 #define OBJ_brainpoolP320t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,10L
 #define SN_brainpoolP384r1              "brainpoolP384r1"
 #define NID_brainpoolP384r1             931
 #define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
 #define SN_brainpoolP384t1              "brainpoolP384t1"
 #define NID_brainpoolP384t1             932
 #define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
 #define SN_brainpoolP512r1              "brainpoolP512r1"
 #define NID_brainpoolP512r1             933
 #define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
 #define SN_brainpoolP512t1              "brainpoolP512t1"
 #define NID_brainpoolP512t1             934
 #define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
 #define OBJ_x9_63_scheme                1L,3L,133L,16L,840L,63L,0L
 #define OBJ_secg_scheme         OBJ_certicom_arc,1L
 #define SN_dhSinglePass_stdDH_sha1kdf_scheme            "dhSinglePass-stdDH-sha1kdf-scheme"
 #define NID_dhSinglePass_stdDH_sha1kdf_scheme           936
 #define OBJ_dhSinglePass_stdDH_sha1kdf_scheme           OBJ_x9_63_scheme,2L
 #define SN_dhSinglePass_stdDH_sha224kdf_scheme          "dhSinglePass-stdDH-sha224kdf-scheme"
 #define NID_dhSinglePass_stdDH_sha224kdf_scheme         937
 #define OBJ_dhSinglePass_stdDH_sha224kdf_scheme         OBJ_secg_scheme,11L,0L
 #define SN_dhSinglePass_stdDH_sha256kdf_scheme          "dhSinglePass-stdDH-sha256kdf-scheme"
 #define NID_dhSinglePass_stdDH_sha256kdf_scheme         938
 #define OBJ_dhSinglePass_stdDH_sha256kdf_scheme         OBJ_secg_scheme,11L,1L
 #define SN_dhSinglePass_stdDH_sha384kdf_scheme          "dhSinglePass-stdDH-sha384kdf-scheme"
 #define NID_dhSinglePass_stdDH_sha384kdf_scheme         939
 #define OBJ_dhSinglePass_stdDH_sha384kdf_scheme         OBJ_secg_scheme,11L,2L
 #define SN_dhSinglePass_stdDH_sha512kdf_scheme          "dhSinglePass-stdDH-sha512kdf-scheme"
 #define NID_dhSinglePass_stdDH_sha512kdf_scheme         940
 #define OBJ_dhSinglePass_stdDH_sha512kdf_scheme         OBJ_secg_scheme,11L,3L
 #define SN_dhSinglePass_cofactorDH_sha1kdf_scheme               "dhSinglePass-cofactorDH-sha1kdf-scheme"
 #define NID_dhSinglePass_cofactorDH_sha1kdf_scheme              941
 #define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme              OBJ_x9_63_scheme,3L
 #define SN_dhSinglePass_cofactorDH_sha224kdf_scheme             "dhSinglePass-cofactorDH-sha224kdf-scheme"
 #define NID_dhSinglePass_cofactorDH_sha224kdf_scheme            942
 #define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme            OBJ_secg_scheme,14L,0L
 #define SN_dhSinglePass_cofactorDH_sha256kdf_scheme             "dhSinglePass-cofactorDH-sha256kdf-scheme"
 #define NID_dhSinglePass_cofactorDH_sha256kdf_scheme            943
 #define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme            OBJ_secg_scheme,14L,1L
 #define SN_dhSinglePass_cofactorDH_sha384kdf_scheme             "dhSinglePass-cofactorDH-sha384kdf-scheme"
 #define NID_dhSinglePass_cofactorDH_sha384kdf_scheme            944
 #define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme            OBJ_secg_scheme,14L,2L
 #define SN_dhSinglePass_cofactorDH_sha512kdf_scheme             "dhSinglePass-cofactorDH-sha512kdf-scheme"
 #define NID_dhSinglePass_cofactorDH_sha512kdf_scheme            945
 #define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme            OBJ_secg_scheme,14L,3L
 #define SN_dh_std_kdf           "dh-std-kdf"
 #define NID_dh_std_kdf          946
 #define SN_dh_cofactor_kdf              "dh-cofactor-kdf"
 #define NID_dh_cofactor_kdf             947
 #define SN_ct_precert_scts              "ct_precert_scts"
 #define LN_ct_precert_scts              "CT Precertificate SCTs"
 #define NID_ct_precert_scts             951
 #define OBJ_ct_precert_scts             1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L
 #define SN_ct_precert_poison            "ct_precert_poison"
 #define LN_ct_precert_poison            "CT Precertificate Poison"
 #define NID_ct_precert_poison           952
 #define OBJ_ct_precert_poison           1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L
 #define SN_ct_precert_signer            "ct_precert_signer"
 #define LN_ct_precert_signer            "CT Precertificate Signer"
 #define NID_ct_precert_signer           953
 #define OBJ_ct_precert_signer           1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L
 #define SN_ct_cert_scts         "ct_cert_scts"
 #define LN_ct_cert_scts         "CT Certificate SCTs"
 #define NID_ct_cert_scts                954
 #define OBJ_ct_cert_scts                1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L
 #define SN_jurisdictionLocalityName             "jurisdictionL"
 #define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
 #define NID_jurisdictionLocalityName            955
 #define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
 #define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
 #define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
 #define NID_jurisdictionStateOrProvinceName             956
 #define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
 #define SN_jurisdictionCountryName              "jurisdictionC"
 #define LN_jurisdictionCountryName              "jurisdictionCountryName"
 #define NID_jurisdictionCountryName             957
 #define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
--- a/src/Mayaqua/win32_inc/openssl/objects.h
+++ b/src/Mayaqua/win32_inc/openssl/objects.h
@ -389,9 +389,10 @@
 #  define NID_pbeWithSHA1AndRC2_CBC       68
 #  define OBJ_pbeWithSHA1AndRC2_CBC       OBJ_pkcs,5L,11L
-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
+/*
- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
+ * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined
- * completely different.
+ * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely
 * different.
 */
 #  define LN_id_pbkdf2                    "PBKDF2"
 #  define NID_id_pbkdf2                   69
@ -604,7 +605,8 @@
 #  define NID_pbeWithMD5AndCast5_CBC      112
 #  define OBJ_pbeWithMD5AndCast5_CBC      1L,2L,840L,113533L,7L,66L,12L
-/* This is one sun will soon be using :-(
+/*-
 * This is one sun will soon be using :-(
 * id-dsa-with-sha1 ID  ::= {
 *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
 */
@ -632,14 +634,17 @@
 #  define NID_ripemd160                   117
 #  define OBJ_ripemd160                   1L,3L,36L,3L,2L,1L
-/* The name should actually be rsaSignatureWithripemd160, but I'm going
+/*
- * to continue using the convention I'm using with the other ciphers */
+ * The name should actually be rsaSignatureWithripemd160, but I'm going to
 * continue using the convention I'm using with the other ciphers
 */
 #  define SN_ripemd160WithRSA             "RSA-RIPEMD160"
 #  define LN_ripemd160WithRSA             "ripemd160WithRSA"
 #  define NID_ripemd160WithRSA            119
 #  define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
-/* Taken from rfc2040
+/*-
 * Taken from rfc2040
 *  RC5_CBC_Parameters ::= SEQUENCE {
 *      version           INTEGER (v1_0(16)),
 *      rounds            INTEGER (8..127),
@ -976,8 +981,7 @@
 extern "C" {
 #endif
-typedef struct obj_name_st
+typedef struct obj_name_st {
 	{
    int type;
    int alias;
    const char *name;
@ -986,7 +990,6 @@ typedef struct obj_name_st
 # define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
 int OBJ_NAME_init(void);
 int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
                       int (*cmp_func) (const char *, const char *),
@ -997,7 +1000,8 @@ int OBJ_NAME_remove(const char *name,int type);
 void OBJ_NAME_cleanup(int type); /* -1 for everything */
 void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
                     void *arg);
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
+void OBJ_NAME_do_all_sorted(int type,
                            void (*fn) (const OBJ_NAME *, void *arg),
                            void *arg);
 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
@ -1011,10 +1015,91 @@ int		OBJ_txt2nid(const char *s);
 int OBJ_ln2nid(const char *s);
 int OBJ_sn2nid(const char *s);
 int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
-const char *	OBJ_bsearch(const char *key,const char *base,int num,int size,
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
                         int (*cmp) (const void *, const void *));
-const char *	OBJ_bsearch_ex(const char *key,const char *base,int num,
+const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
-	int size, int (*cmp)(const void *, const void *), int flags);
+                            int size,
                            int (*cmp) (const void *, const void *),
                            int flags);
 # define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
  static int nm##_cmp(type1 const *, type2 const *); \
  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
 # define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
 # define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
 /*-
 * Unsolved problem: if a type is actually a pointer type, like
 * nid_triple is, then its impossible to get a const where you need
 * it. Consider:
 *
 * typedef int nid_triple[3];
 * const void *a_;
 * const nid_triple const *a = a_;
 *
 * The assignement discards a const because what you really want is:
 *
 * const int const * const *a = a_;
 *
 * But if you do that, you lose the fact that a is an array of 3 ints,
 * which breaks comparison functions.
 *
 * Thus we end up having to cast, sadly, or unpack the
 * declarations. Or, as I finally did in this case, delcare nid_triple
 * to be a struct, which it should have been in the first place.
 *
 * Ben, August 2008.
 *
 * Also, strictly speaking not all types need be const, but handling
 * the non-constness means a lot of complication, and in practice
 * comparison routines do always not touch their arguments.
 */
 # define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
      { \
      type1 const *a = a_; \
      type2 const *b = b_; \
      return nm##_cmp(a,b); \
      } \
  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
      { \
      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
                                        nm##_cmp_BSEARCH_CMP_FN); \
      } \
      extern void dummy_prototype(void)
 # define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
      { \
      type1 const *a = a_; \
      type2 const *b = b_; \
      return nm##_cmp(a,b); \
      } \
  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
      { \
      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
                                        nm##_cmp_BSEARCH_CMP_FN); \
      } \
      extern void dummy_prototype(void)
 # define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
                         num,sizeof(type2),                             \
                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
                          cmp##_BSEARCH_CMP_FN)))
 # define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
                         num,sizeof(type2),                             \
                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
                          cmp##_BSEARCH_CMP_FN)),flags)
 int OBJ_new_nid(int num);
 int OBJ_add_object(const ASN1_OBJECT *obj);
@ -1022,8 +1107,17 @@ int		OBJ_create(const char *oid,const char *sn,const char *ln);
 void OBJ_cleanup(void);
 int OBJ_create_objects(BIO *in);
 int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
 int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
 int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
 void OBJ_sigid_free(void);
 extern int obj_cleanup_defer;
 void check_defer(int nid);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_OBJ_strings(void);
--- a/src/Mayaqua/win32_inc/openssl/ocsp.h
+++ b/src/Mayaqua/win32_inc/openssl/ocsp.h
@ -1,11 +1,14 @@
 /* ocsp.h */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+/*
- * project. */
+ * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project.
 */
-/* History:
+/*
-   This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
-   as a patch kit. */
+ * patch kit.
 */
 /* ====================================================================
 * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
@ -64,6 +67,7 @@
 #ifndef HEADER_OCSP_H
 # define HEADER_OCSP_H
 # include <openssl/ossl_typ.h>
 # include <openssl/x509.h>
 # include <openssl/x509v3.h>
 # include <openssl/safestack.h>
@ -89,14 +93,13 @@ extern "C" {
 # define OCSP_RESPID_KEY                 0x400
 # define OCSP_NOTIME                     0x800
-/*   CertID ::= SEQUENCE {
+/*-  CertID ::= SEQUENCE {
 *       hashAlgorithm            AlgorithmIdentifier,
 *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
 *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
 *       serialNumber       CertificateSerialNumber }
 */
-typedef struct ocsp_cert_id_st
+typedef struct ocsp_cert_id_st {
 	{
    X509_ALGOR *hashAlgorithm;
    ASN1_OCTET_STRING *issuerNameHash;
    ASN1_OCTET_STRING *issuerKeyHash;
@ -105,12 +108,11 @@ typedef struct ocsp_cert_id_st
 DECLARE_STACK_OF(OCSP_CERTID)
-/*   Request ::=     SEQUENCE {
+/*-  Request ::=     SEQUENCE {
 *       reqCert                    CertID,
 *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
 */
-typedef struct ocsp_one_request_st
+typedef struct ocsp_one_request_st {
 	{
    OCSP_CERTID *reqCert;
    STACK_OF(X509_EXTENSION) *singleRequestExtensions;
 } OCSP_ONEREQ;
@ -118,44 +120,40 @@ typedef struct ocsp_one_request_st
 DECLARE_STACK_OF(OCSP_ONEREQ)
 DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
-
+/*-  TBSRequest      ::=     SEQUENCE {
 /*   TBSRequest      ::=     SEQUENCE {
 *       version             [0] EXPLICIT Version DEFAULT v1,
 *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
 *       requestList             SEQUENCE OF Request,
 *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
 */
-typedef struct ocsp_req_info_st
+typedef struct ocsp_req_info_st {
 	{
    ASN1_INTEGER *version;
    GENERAL_NAME *requestorName;
    STACK_OF(OCSP_ONEREQ) *requestList;
    STACK_OF(X509_EXTENSION) *requestExtensions;
 } OCSP_REQINFO;
-/*   Signature       ::=     SEQUENCE {
+/*-  Signature       ::=     SEQUENCE {
 *       signatureAlgorithm   AlgorithmIdentifier,
 *       signature            BIT STRING,
 *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
 */
-typedef struct ocsp_signature_st
+typedef struct ocsp_signature_st {
 	{
    X509_ALGOR *signatureAlgorithm;
    ASN1_BIT_STRING *signature;
    STACK_OF(X509) *certs;
 } OCSP_SIGNATURE;
-/*   OCSPRequest     ::=     SEQUENCE {
+/*-  OCSPRequest     ::=     SEQUENCE {
 *       tbsRequest                  TBSRequest,
 *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
 */
-typedef struct ocsp_request_st
+typedef struct ocsp_request_st {
 	{
    OCSP_REQINFO *tbsRequest;
    OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
 } OCSP_REQUEST;
-/*   OCSPResponseStatus ::= ENUMERATED {
+/*-  OCSPResponseStatus ::= ENUMERATED {
 *       successful            (0),      --Response has valid confirmations
 *       malformedRequest      (1),      --Illegal confirmation request
 *       internalError         (2),      --Internal error in issuer
@ -172,34 +170,31 @@ typedef struct ocsp_request_st
 # define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
 # define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
-/*   ResponseBytes ::=       SEQUENCE {
+/*-  ResponseBytes ::=       SEQUENCE {
 *       responseType   OBJECT IDENTIFIER,
 *       response       OCTET STRING }
 */
-typedef struct ocsp_resp_bytes_st
+typedef struct ocsp_resp_bytes_st {
 	{
    ASN1_OBJECT *responseType;
    ASN1_OCTET_STRING *response;
 } OCSP_RESPBYTES;
-/*   OCSPResponse ::= SEQUENCE {
+/*-  OCSPResponse ::= SEQUENCE {
 *      responseStatus         OCSPResponseStatus,
 *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
 */
-struct ocsp_response_st
+struct ocsp_response_st {
 	{
    ASN1_ENUMERATED *responseStatus;
    OCSP_RESPBYTES *responseBytes;
 };
-/*   ResponderID ::= CHOICE {
+/*-  ResponderID ::= CHOICE {
 *      byName   [1] Name,
 *      byKey    [2] KeyHash }
 */
 # define V_OCSP_RESPID_NAME 0
 # define V_OCSP_RESPID_KEY  1
-struct ocsp_responder_id_st
+struct ocsp_responder_id_st {
 	{
    int type;
    union {
        X509_NAME *byName;
@ -210,21 +205,20 @@ struct ocsp_responder_id_st
 DECLARE_STACK_OF(OCSP_RESPID)
 DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+/*-  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
 *                            --(excluding the tag and length fields)
 */
-/*   RevokedInfo ::= SEQUENCE {
+/*-  RevokedInfo ::= SEQUENCE {
 *       revocationTime              GeneralizedTime,
 *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
 */
-typedef struct ocsp_revoked_info_st
+typedef struct ocsp_revoked_info_st {
 	{
    ASN1_GENERALIZEDTIME *revocationTime;
    ASN1_ENUMERATED *revocationReason;
 } OCSP_REVOKEDINFO;
-/*   CertStatus ::= CHOICE {
+/*-  CertStatus ::= CHOICE {
 *       good                [0]     IMPLICIT NULL,
 *       revoked             [1]     IMPLICIT RevokedInfo,
 *       unknown             [2]     IMPLICIT UnknownInfo }
@ -232,8 +226,7 @@ typedef struct ocsp_revoked_info_st
 # define V_OCSP_CERTSTATUS_GOOD    0
 # define V_OCSP_CERTSTATUS_REVOKED 1
 # define V_OCSP_CERTSTATUS_UNKNOWN 2
-typedef struct ocsp_cert_status_st
+typedef struct ocsp_cert_status_st {
 	{
    int type;
    union {
        ASN1_NULL *good;
@ -242,15 +235,14 @@ typedef struct ocsp_cert_status_st
    } value;
 } OCSP_CERTSTATUS;
-/*   SingleResponse ::= SEQUENCE {
+/*-  SingleResponse ::= SEQUENCE {
 *      certID                       CertID,
 *      certStatus                   CertStatus,
 *      thisUpdate                   GeneralizedTime,
 *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
 *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
 */
-typedef struct ocsp_single_response_st
+typedef struct ocsp_single_response_st {
 	{
    OCSP_CERTID *certId;
    OCSP_CERTSTATUS *certStatus;
    ASN1_GENERALIZEDTIME *thisUpdate;
@ -261,15 +253,14 @@ typedef struct ocsp_single_response_st
 DECLARE_STACK_OF(OCSP_SINGLERESP)
 DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
-/*   ResponseData ::= SEQUENCE {
+/*-  ResponseData ::= SEQUENCE {
 *      version              [0] EXPLICIT Version DEFAULT v1,
 *      responderID              ResponderID,
 *      producedAt               GeneralizedTime,
 *      responses                SEQUENCE OF SingleResponse,
 *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
 */
-typedef struct ocsp_response_data_st
+typedef struct ocsp_response_data_st {
 	{
    ASN1_INTEGER *version;
    OCSP_RESPID *responderId;
    ASN1_GENERALIZEDTIME *producedAt;
@ -277,37 +268,40 @@ typedef struct ocsp_response_data_st
    STACK_OF(X509_EXTENSION) *responseExtensions;
 } OCSP_RESPDATA;
-/*   BasicOCSPResponse       ::= SEQUENCE {
+/*-  BasicOCSPResponse       ::= SEQUENCE {
 *      tbsResponseData      ResponseData,
 *      signatureAlgorithm   AlgorithmIdentifier,
 *      signature            BIT STRING,
 *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
 */
-  /* Note 1:
+  /*
-     The value for "signature" is specified in the OCSP rfc2560 as follows:
+   * Note 1: The value for "signature" is specified in the OCSP rfc2560 as
-     "The value for the signature SHALL be computed on the hash of the DER
+   * follows: "The value for the signature SHALL be computed on the hash of
-     encoding ResponseData."  This means that you must hash the DER-encoded
+   * the DER encoding ResponseData." This means that you must hash the
-     tbsResponseData, and then run it through a crypto-signing function, which
+   * DER-encoded tbsResponseData, and then run it through a crypto-signing
-     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
+   * function, which will (at least w/RSA) do a hash-'n'-private-encrypt
-     a bit odd, but that's the spec.  Also note that the data structures do not
+   * operation.  This seems a bit odd, but that's the spec.  Also note that
-     leave anywhere to independently specify the algorithm used for the initial
+   * the data structures do not leave anywhere to independently specify the
-     hash. So, we look at the signature-specification algorithm, and try to do
+   * algorithm used for the initial hash. So, we look at the
-     something intelligent.	-- Kathy Weinhold, CertCo */
+   * signature-specification algorithm, and try to do something intelligent.
-  /* Note 2:
+   * -- Kathy Weinhold, CertCo
-     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
+   */
-     for interpretation.  I've done tests against another responder, and found
+  /*
-     that it doesn't do the double hashing that the RFC seems to say one
+   * Note 2: It seems that the mentioned passage from RFC 2560 (section
-     should.  Therefore, all relevant functions take a flag saying which
+   * 4.2.1) is open for interpretation.  I've done tests against another
-     variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */
+   * responder, and found that it doesn't do the double hashing that the RFC
-typedef struct ocsp_basic_response_st
+   * seems to say one should.  Therefore, all relevant functions take a flag
-	{
+   * saying which variant should be used.  -- Richard Levitte, OpenSSL team
   * and CeloCom
   */
 typedef struct ocsp_basic_response_st {
    OCSP_RESPDATA *tbsResponseData;
    X509_ALGOR *signatureAlgorithm;
    ASN1_BIT_STRING *signature;
    STACK_OF(X509) *certs;
 } OCSP_BASICRESP;
-/*
+/*-
 *   CRLReason ::= ENUMERATED {
 *        unspecified             (0),
 *        keyCompromise           (1),
@ -328,24 +322,24 @@ typedef struct ocsp_basic_response_st
 # define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
 # define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
-/* CrlID ::= SEQUENCE {
+/*-
 * CrlID ::= SEQUENCE {
 *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
 *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
 *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
 */
-typedef struct ocsp_crl_id_st
+typedef struct ocsp_crl_id_st {
        {
    ASN1_IA5STRING *crlUrl;
    ASN1_INTEGER *crlNum;
    ASN1_GENERALIZEDTIME *crlTime;
 } OCSP_CRLID;
-/* ServiceLocator ::= SEQUENCE {
+/*-
 * ServiceLocator ::= SEQUENCE {
 *      issuer    Name,
 *      locator   AuthorityInfoAccessSyntax OPTIONAL }
 */
-typedef struct ocsp_service_locator_st
+typedef struct ocsp_service_locator_st {
        {
    X509_NAME *issuer;
    STACK_OF(ACCESS_DESCRIPTION) *locator;
 } OCSP_SERVICELOC;
@ -394,17 +388,31 @@ typedef struct ocsp_service_locator_st
 # define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 #define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
 # define OCSP_CERTSTATUS_dup(cs)\
                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                               int maxline);
 int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
 OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
 void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
 int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
                     ASN1_VALUE *val);
 int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
                          const ASN1_ITEM *it);
 BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
 int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
                     ASN1_VALUE *val);
 int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
 int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
                             const char *name, const char *value);
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
@ -427,8 +435,7 @@ int OCSP_request_sign(OCSP_REQUEST   *req,
                      X509 *signer,
                      EVP_PKEY *key,
                      const EVP_MD *dgst,
-		      STACK_OF(X509) *certs,
+                      STACK_OF(X509) *certs, unsigned long flags);
 		      unsigned long flags);
 int OCSP_response_status(OCSP_RESPONSE *resp);
 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
@ -446,12 +453,13 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
                          ASN1_GENERALIZEDTIME **thisupd,
                          ASN1_GENERALIZEDTIME **nextupd);
 int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
-			ASN1_GENERALIZEDTIME *nextupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
 			long sec, long maxsec);
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
                        X509_STORE *store, unsigned long flags);
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
                   int *pssl);
 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
 int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
@ -468,17 +476,13 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
                                        OCSP_CERTID *cid,
                                        int status, int reason,
                                        ASN1_TIME *revtime,
-					ASN1_TIME *thisupd, ASN1_TIME *nextupd);
+                                        ASN1_TIME *thisupd,
                                        ASN1_TIME *nextupd);
 int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
 int OCSP_basic_sign(OCSP_BASICRESP *brsp,
                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                    STACK_OF(X509) *certs, unsigned long flags);
 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
 				void *data, STACK_OF(ASN1_OBJECT) *sk);
 #define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
 	ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
 X509_EXTENSION *OCSP_accept_responses_new(char **oids);
@ -489,11 +493,13 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
 int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
 int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
                                int lastpos);
 int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
 X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
 X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
                                int *idx);
 int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
                              unsigned long flags);
 int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
@ -511,24 +517,30 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
 int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
 int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
+                                  int lastpos);
 int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
                                       int lastpos);
 X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
 X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
+                                  int *idx);
-							unsigned long flags);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
                                int crit, unsigned long flags);
 int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
 int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
 int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
+                                   int lastpos);
 int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
                                        int lastpos);
 X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
 X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
+                                   int *idx);
-							unsigned long flags);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
                                 int crit, unsigned long flags);
 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
 DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
@ -547,9 +559,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-char *OCSP_response_status_str(long s);
+const char *OCSP_response_status_str(long s);
-char *OCSP_cert_status_str(long s);
+const char *OCSP_cert_status_str(long s);
-char *OCSP_crl_reason_str(long s);
+const char *OCSP_crl_reason_str(long s);
 int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
 int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
@ -558,7 +570,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                      X509_STORE *st, unsigned long flags);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_OCSP_strings(void);
@ -582,7 +595,8 @@ void ERR_load_OCSP_strings(void);
 # define OCSP_F_OCSP_REQUEST_VERIFY                       116
 # define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
 # define OCSP_F_OCSP_SENDREQ_BIO                          112
-#define OCSP_F_PARSE_HTTP_LINE1				 117
+# define OCSP_F_OCSP_SENDREQ_NBIO                         117
 # define OCSP_F_PARSE_HTTP_LINE1                          118
 # define OCSP_F_REQUEST_VERIFY                            113
 /* Reason codes. */
--- a/src/Mayaqua/win32_inc/openssl/opensslconf.h
+++ b/src/Mayaqua/win32_inc/openssl/opensslconf.h
@ -1,21 +1,18 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* OpenSSL was configured with the following options: */
-/*#ifndef OPENSSL_SYSNAME_WIN32
+#ifndef OPENSSL_SYSNAME_WIN32
 # define OPENSSL_SYSNAME_WIN32
-#endif*/
+#endif
 #ifndef OPENSSL_DOING_MAKEDEPEND
-#ifndef OPENSSL_NO_CAMELLIA
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
 #endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
 #ifndef OPENSSL_NO_CMS
 # define OPENSSL_NO_CMS
 #endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
@ -26,8 +23,11 @@
 #ifndef OPENSSL_NO_KRB5
 # define OPENSSL_NO_KRB5
 #endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef OPENSSL_NO_LIBUNBOUND
-# define OPENSSL_NO_MDC2
+# define OPENSSL_NO_LIBUNBOUND
 #endif
 #ifndef OPENSSL_NO_MD2
 # define OPENSSL_NO_MD2
 #endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
@ -35,8 +35,17 @@
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
-#ifndef OPENSSL_NO_SEED
+#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SEED
+# define OPENSSL_NO_SCTP
 #endif
 #ifndef OPENSSL_NO_SSL_TRACE
 # define OPENSSL_NO_SSL_TRACE
 #endif
 #ifndef OPENSSL_NO_STORE
 # define OPENSSL_NO_STORE
 #endif
 #ifndef OPENSSL_NO_UNIT_TEST
 # define OPENSSL_NO_UNIT_TEST
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
@ -50,14 +59,8 @@
   who haven't had the time to do the appropriate changes in their
   applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_CAMELLIA
+#  define NO_EC_NISTP_64_GCC_128
 # endif
 # if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
 #  define NO_CAPIENG
 # endif
 # if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
 #  define NO_CMS
 # endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
@ -68,8 +71,11 @@
 # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
 #  define NO_KRB5
 # endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
+# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
-#  define NO_MDC2
+#  define NO_LIBUNBOUND
 # endif
 # if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
 #  define NO_MD2
 # endif
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
@ -77,28 +83,24 @@
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SEED
+#  define NO_SCTP
 # endif
 # if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
 #  define NO_SSL_TRACE
 # endif
 # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
 #  define NO_STORE
 # endif
 # if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
 #  define NO_UNIT_TEST
 # endif
 #endif
 #define OPENSSL_CPUID_OBJ
 /* crypto/opensslconf.h.in */
 #ifdef OPENSSL_DOING_MAKEDEPEND
 /* Include any symbols here that have to be explicitly set to enable a feature
 * that should be visible to makedepend.
 *
 * [Our "make depend" doesn't actually look at this, we use actual build settings
 * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
 */
 #ifndef OPENSSL_FIPS
 #define OPENSSL_FIPS
 #endif
 #endif
 /* Generate 80386 code? */
 #undef I386_ONLY
@ -163,14 +165,9 @@
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
 /* The prime number generation stuff may not work when
 * EIGHT_BIT but I don't care since I've only used this mode
 * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
 #undef SIXTEEN_BIT
 #undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
@ -257,3 +254,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
 #ifdef  __cplusplus
 }
 #endif
--- a/src/Mayaqua/win32_inc/openssl/opensslv.h
+++ b/src/Mayaqua/win32_inc/openssl/opensslv.h
@ -1,7 +1,12 @@
 #ifndef HEADER_OPENSSLV_H
 # define HEADER_OPENSSLV_H
-/* Numeric release version identifier:
+#ifdef  __cplusplus
 extern "C" {
 #endif
 /*-
 * Numeric release version identifier:
 * MNNFFPPS: major minor fix patch status
 * The status nibble has one of the values 0 for development, 1 to e for betas
 * 1 to 14, and f for release.  The patch level is exactly that.
@ -25,16 +30,16 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x0090818fL
+# define OPENSSL_VERSION_NUMBER  0x1000201fL
 # ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8x-fips 10 May 2012"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2a-fips 19 Mar 2015"
 # else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8x 10 May 2012"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2a 19 Mar 2015"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
-
+/*-
-/* The macros below are to be used for shared library (.so, .dll, ...)
+ * The macros below are to be used for shared library (.so, .dll, ...)
 * versioning.  That kind of versioning works a bit differently between
 * operating systems.  The most usual scheme is to set a major and a minor
 * number, and have the runtime loader check that the major number is equal
@ -83,7 +88,10 @@
 * should only keep the versions that are binary compatible with the current.
 */
 # define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.8"
+# define SHLIB_VERSION_NUMBER "1.0.0"
 #ifdef  __cplusplus
 }
 #endif
 #endif                          /* HEADER_OPENSSLV_H */
--- a/src/Mayaqua/win32_inc/openssl/ossl_typ.h
+++ b/src/Mayaqua/win32_inc/openssl/ossl_typ.h
@ -55,6 +55,10 @@
 #ifndef HEADER_OPENSSL_TYPES_H
 # define HEADER_OPENSSL_TYPES_H
 #ifdef  __cplusplus
 extern "C" {
 #endif
 # include <openssl/e_os2.h>
 # ifdef NO_ASN1_TYPEDEFS
@ -91,10 +95,16 @@ typedef struct asn1_string_st ASN1_TIME;
 typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
 typedef struct asn1_string_st ASN1_VISIBLESTRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
 typedef struct asn1_string_st ASN1_STRING;
 typedef int ASN1_BOOLEAN;
 typedef int ASN1_NULL;
 # endif
 typedef struct asn1_object_st ASN1_OBJECT;
 typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
 # ifdef OPENSSL_SYS_WIN32
 #  undef X509_NAME
 #  undef X509_EXTENSIONS
@ -122,6 +132,11 @@ typedef struct env_md_st EVP_MD;
 typedef struct env_md_ctx_st EVP_MD_CTX;
 typedef struct evp_pkey_st EVP_PKEY;
 typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
 typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
 typedef struct dh_st DH;
 typedef struct dh_method DH_METHOD;
@ -139,11 +154,14 @@ typedef struct ecdsa_method ECDSA_METHOD;
 typedef struct x509_st X509;
 typedef struct X509_algor_st X509_ALGOR;
 typedef struct X509_crl_st X509_CRL;
 typedef struct x509_crl_method_st X509_CRL_METHOD;
 typedef struct x509_revoked_st X509_REVOKED;
 typedef struct X509_name_st X509_NAME;
 typedef struct X509_pubkey_st X509_PUBKEY;
 typedef struct x509_store_st X509_STORE;
 typedef struct x509_store_ctx_st X509_STORE_CTX;
-typedef struct ssl_st SSL;
+
-typedef struct ssl_ctx_st SSL_CTX;
+typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct conf_st CONF;
@ -157,12 +175,19 @@ typedef struct ui_method_st UI_METHOD;
 typedef struct st_ERR_FNS ERR_FNS;
 typedef struct engine_st ENGINE;
 typedef struct ssl_st SSL;
 typedef struct ssl_ctx_st SSL_CTX;
 typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
 typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
 typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
 typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
 typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
 typedef struct DIST_POINT_st DIST_POINT;
 typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
 typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
 # define DECLARE_PKCS12_STACK_OF(type)/* Nothing */
 # define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */
@ -173,11 +198,14 @@ typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                           int idx, long argl, void *argp);
 typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
                             int idx, long argl, void *argp);
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
-					int idx, long argl, void *argp);
+                           void *from_d, int idx, long argl, void *argp);
 typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
 typedef struct ocsp_response_st OCSP_RESPONSE;
 typedef struct ocsp_responder_id_st OCSP_RESPID;
 #ifdef  __cplusplus
 }
 #endif
 #endif                          /* def HEADER_OPENSSL_TYPES_H */
--- a/src/Mayaqua/win32_inc/openssl/pem.h
+++ b/src/Mayaqua/win32_inc/openssl/pem.h
@ -129,17 +129,20 @@ extern "C" {
 # define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
 # define PEM_STRING_PKCS8INF     "PRIVATE KEY"
 # define PEM_STRING_DHPARAMS     "DH PARAMETERS"
 # define PEM_STRING_DHXPARAMS    "X9.42 DH PARAMETERS"
 # define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
 # define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
 # define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
 # define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
-  /* Note that this structure is initialised by PEM_SealInit and cleaned up
+  /*
-     by PEM_SealFinal (at least for now) */
+   * Note that this structure is initialised by PEM_SealInit and cleaned up
-typedef struct PEM_Encode_Seal_st
+   * by PEM_SealFinal (at least for now)
-	{
+   */
 typedef struct PEM_Encode_Seal_st {
    EVP_ENCODE_CTX encode;
    EVP_MD_CTX md;
    EVP_CIPHER_CTX cipher;
@ -151,20 +154,16 @@ typedef struct PEM_Encode_Seal_st
 # define PEM_TYPE_MIC_CLEAR      30
 # define PEM_TYPE_CLEAR          40
-typedef struct pem_recip_st
+typedef struct pem_recip_st {
 	{
    char *name;
    X509_NAME *dn;
    int cipher;
    int key_enc;
    /*      char iv[8]; unused and wrong size */
 } PEM_USER;
-typedef struct pem_ctx_st
+typedef struct pem_ctx_st {
 	{
    int type;                   /* what type of object */
    struct {
        int version;
        int mode;
@ -174,7 +173,8 @@ typedef struct pem_ctx_st
    struct {
        int cipher;
-	/* unused, and wrong size
+        /*-
        unused, and wrong size
        unsigned char iv[8]; */
    } DEK_info;
@ -182,12 +182,9 @@ typedef struct pem_ctx_st
    int num_recipient;
    PEM_USER **recipient;
-
+/*-
-#ifndef OPENSSL_NO_STACK
+    XXX(ben): don#t think this is used!
        STACK *x509_chain;      / * certificate chain */
 #else
 	char *x509_chain;	/* certificate chain */
 #endif
    EVP_MD *md;                 /* signature type */
    int md_enc;                 /* is the md encrypted or not? */
@ -197,18 +194,19 @@ typedef struct pem_ctx_st
    EVP_CIPHER *dec;            /* date encryption cipher */
    int key_len;                /* key length */
    unsigned char *key;         /* key */
-	/* unused, and wrong size
+  /*-
    unused, and wrong size
    unsigned char iv[8]; */
    int data_enc;               /* is the data encrypted */
    int data_len;
    unsigned char *data;
 } PEM_CTX;
-/* These macros make the PEM_read/PEM_write functions easier to maintain and
+/*
- * write. Now they are all implemented with either:
+ * These macros make the PEM_read/PEM_write functions easier to maintain and
- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
 * IMPLEMENT_PEM_rw_cb(...)
 */
 # ifdef OPENSSL_NO_FP_API
@ -218,34 +216,24 @@ typedef struct pem_ctx_st
 #  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
 #  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
 #  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
 # else
 #  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
+return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
 				str, fp, \
 				CHECKED_PPTR_OF(type, x), \
 				cb, u); \
 }
 #  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, type *x) \
 { \
-    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
 			  str, fp, \
 			  CHECKED_PTR_OF(type, x), \
 			  NULL, NULL, 0, NULL, NULL); \
 }
 #  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, const type *x) \
 { \
-    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
 			  str, fp, \
 			  CHECKED_PTR_OF(const type, x), \
 			  NULL, NULL, 0, NULL, NULL); \
 }
 #  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@ -253,10 +241,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, \
                  void *u) \
        { \
-	    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
 				  str, fp, \
 				  CHECKED_PTR_OF(type, x), \
 				  enc, kstr, klen, cb, u); \
        }
 #  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
@ -264,10 +249,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, \
                  void *u) \
        { \
-	    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
 				  str, fp, \
 				  CHECKED_PTR_OF(const type, x), \
 				  enc, kstr, klen, cb, u); \
        }
 # endif
@ -275,48 +257,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
 # define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
 type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
+return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
 				    str, bp, \
 				    CHECKED_PPTR_OF(type, x), \
 				    cb, u); \
 }
 # define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x) \
 { \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
 			      str, bp, \
 			      CHECKED_PTR_OF(type, x), \
 			      NULL, NULL, 0, NULL, NULL); \
 }
 # define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, const type *x) \
 { \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
 			      str, bp, \
 			      CHECKED_PTR_OF(const type, x), \
 			      NULL, NULL, 0, NULL, NULL); \
 }
 # define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
        { \
-	    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
 				      str, bp, \
 				      CHECKED_PTR_OF(type, x), \
 				      enc, kstr, klen, cb, u); \
        }
 # define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
        { \
-	    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
 				      str, bp, \
 				      CHECKED_PTR_OF(const type, x), \
 				      enc, kstr, klen, cb, u); \
        }
 # define IMPLEMENT_PEM_write(name, type, str, asn1) \
@ -353,13 +320,11 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 /* These are the same except they are for the declarations */
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
+# if defined(OPENSSL_NO_FP_API)
 #  define DECLARE_PEM_read_fp(name, type) /**/
 #  define DECLARE_PEM_write_fp(name, type) /**/
 #define DECLARE_PEM_write_fp_const(name, type) /**/
 #  define DECLARE_PEM_write_cb_fp(name, type) /**/
 # else
 #  define DECLARE_PEM_read_fp(name, type) \
@ -397,169 +362,28 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 #  define DECLARE_PEM_write_bio(name, type) /**/
 #  define DECLARE_PEM_write_bio_const(name, type) /**/
 #  define DECLARE_PEM_write_cb_bio(name, type) /**/
 # endif
 # define DECLARE_PEM_write(name, type) \
        DECLARE_PEM_write_bio(name, type) \
        DECLARE_PEM_write_fp(name, type)
 # define DECLARE_PEM_write_const(name, type) \
        DECLARE_PEM_write_bio_const(name, type) \
        DECLARE_PEM_write_fp_const(name, type)
 # define DECLARE_PEM_write_cb(name, type) \
        DECLARE_PEM_write_cb_bio(name, type) \
        DECLARE_PEM_write_cb_fp(name, type)
 # define DECLARE_PEM_read(name, type) \
        DECLARE_PEM_read_bio(name, type) \
        DECLARE_PEM_read_fp(name, type)
 # define DECLARE_PEM_rw(name, type) \
        DECLARE_PEM_read(name, type) \
        DECLARE_PEM_write(name, type)
 # define DECLARE_PEM_rw_const(name, type) \
        DECLARE_PEM_read(name, type) \
        DECLARE_PEM_write_const(name, type)
 # define DECLARE_PEM_rw_cb(name, type) \
        DECLARE_PEM_read(name, type) \
        DECLARE_PEM_write_cb(name, type)
 #ifdef SSLEAY_MACROS
 #define PEM_write_SSL_SESSION(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
 			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
 			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
 		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
 			NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_CRL(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
 			fp,(char *)x, NULL,NULL,0,NULL,NULL)
 #define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
 			(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_RSAPublicKey(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
 			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
 			(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_PrivateKey,\
 		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
 			bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_PKCS7(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
 			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_DHparams(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
 			(char *)x,NULL,NULL,0,NULL,NULL)
 #define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
 			PEM_STRING_X509,fp, \
                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define	PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
 	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
 #define	PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
 	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
 #define	PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
 	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
 #define	PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
 	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
 #define	PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
 	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
 #define	PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
 	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
 #define	PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
 	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
 #define	PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
 	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
 #define	PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
 	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
 #define	PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
 	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
 #define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
 		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
 							(char **)x,cb,u)
 #define PEM_write_bio_X509(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
 			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
 		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
 			NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_CRL(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
 			bp,(char *)x, NULL,NULL,0,NULL,NULL)
 #define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
 			bp,(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_bio_RSAPublicKey(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
 			PEM_STRING_RSA_PUBLIC,\
 			bp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
 			bp,(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
 		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
 			bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_bio_PKCS7(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
 			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DHparams(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
 			bp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DSAparams(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
 			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
 			PEM_STRING_X509,bp, \
                        (char *)x, NULL,NULL,0,NULL,NULL)
 #define	PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
 #define	PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
 #define	PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
 #define	PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
 #define	PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
 #define	PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
 #define	PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
 #define	PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
 #define	PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
 #define	PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
 	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
 #define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
 		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
 							(char **)x,cb,u)
 #endif
 # if 1
 /* "userdata": new with OpenSSL 0.9.4 */
 typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
@ -575,46 +399,35 @@ int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
 # ifndef OPENSSL_NO_BIO
 int PEM_read_bio(BIO *bp, char **name, char **header,
                 unsigned char **data, long *len);
-int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
+int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
-		long len);
+                  const unsigned char *data, long len);
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
                       const char *name, BIO *bp, pem_password_cb *cb,
                       void *u);
 void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
                        pem_password_cb *cb, void *u);
-void *	PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
 			  void **x, pem_password_cb *cb, void *u);
 #define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
    ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
 			      name, bp,			\
 			      CHECKED_PPTR_OF(type, x), \
 			      cb, u))
 int	PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
                       const EVP_CIPHER *enc, unsigned char *kstr, int klen,
                       pem_password_cb *cb, void *u);
-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
-    (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
+                                            pem_password_cb *cb, void *u);
 			name, bp,		   \
 			CHECKED_PTR_OF(type, x), \
 			enc, kstr, klen, cb, u))
 STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
+                            unsigned char *kstr, int klen,
                            pem_password_cb *cd, void *u);
 # endif
 #ifndef OPENSSL_SYS_WIN16
 int PEM_read(FILE *fp, char **name, char **header,
             unsigned char **data, long *len);
-int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
+int PEM_write(FILE *fp, const char *name, const char *hdr,
              const unsigned char *data, long len);
 void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
                    pem_password_cb *cb, void *u);
 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-		       char *x,const EVP_CIPHER *enc,unsigned char *kstr,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                   int klen, pem_password_cb *callback, void *u);
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                        pem_password_cb *cb, void *u);
 #endif
 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
                 EVP_MD *md_type, unsigned char **ek, int *ekl,
@ -633,62 +446,38 @@ int	PEM_def_callback(char *buf, int num, int w, void *key);
 void PEM_proc_type(char *buf, int type);
 void PEM_dek_info(char *buf, const char *type, int len, char *str);
 #ifndef SSLEAY_MACROS
 # include <openssl/symhacks.h>
 DECLARE_PEM_rw(X509, X509)
 DECLARE_PEM_rw(X509_AUX, X509)
 DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
 DECLARE_PEM_rw(X509_REQ, X509_REQ)
 DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
 DECLARE_PEM_rw(X509_CRL, X509_CRL)
 DECLARE_PEM_rw(PKCS7, PKCS7)
 DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
 DECLARE_PEM_rw(PKCS8, X509_SIG)
 DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 # ifndef OPENSSL_NO_RSA
 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
 DECLARE_PEM_rw_const(RSAPublicKey, RSA)
 DECLARE_PEM_rw(RSA_PUBKEY, RSA)
 # endif
 # ifndef OPENSSL_NO_DSA
 DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 DECLARE_PEM_rw(DSA_PUBKEY, DSA)
 DECLARE_PEM_rw_const(DSAparams, DSA)
 # endif
 # ifndef OPENSSL_NO_EC
 DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
 DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
 DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 # endif
 # ifndef OPENSSL_NO_DH
 DECLARE_PEM_rw_const(DHparams, DH)
-
+DECLARE_PEM_write_const(DHxparams, DH)
 # endif
 DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
 DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
@ -702,7 +491,8 @@ int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
 int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
                                char *kstr, int klen,
                                pem_password_cb *cb, void *u);
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                  void *u);
 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                           char *kstr, int klen,
@ -714,16 +504,31 @@ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
                                  char *kstr, int klen,
                                  pem_password_cb *cb, void *u);
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
                                 void *u);
 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-			      char *kstr,int klen, pem_password_cb *cd, void *u);
+                              char *kstr, int klen, pem_password_cb *cd,
                              void *u);
-#endif /* SSLEAY_MACROS */
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
 EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
 EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
 EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
 EVP_PKEY *b2i_PublicKey_bio(BIO *in);
 int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
 int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
 # ifndef OPENSSL_NO_RC4
 EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
 int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
                pem_password_cb *cb, void *u);
 # endif
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_PEM_strings(void);
@ -731,10 +536,22 @@ void ERR_load_PEM_strings(void);
 /* Error codes for the PEM functions. */
 /* Function codes. */
 # define PEM_F_B2I_DSS                                    127
 # define PEM_F_B2I_PVK_BIO                                128
 # define PEM_F_B2I_RSA                                    129
 # define PEM_F_CHECK_BITLEN_DSA                           130
 # define PEM_F_CHECK_BITLEN_RSA                           131
 # define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
 # define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
 # define PEM_F_DO_B2I                                     132
 # define PEM_F_DO_B2I_BIO                                 133
 # define PEM_F_DO_BLOB_HEADER                             134
 # define PEM_F_DO_PK8PKEY                                 126
 # define PEM_F_DO_PK8PKEY_FP                              125
 # define PEM_F_DO_PVK_BODY                                135
 # define PEM_F_DO_PVK_HEADER                              136
 # define PEM_F_I2B_PVK                                    137
 # define PEM_F_I2B_PVK_BIO                                138
 # define PEM_F_LOAD_IV                                    101
 # define PEM_F_PEM_ASN1_READ                              102
 # define PEM_F_PEM_ASN1_READ_BIO                          103
@ -747,13 +564,17 @@ void ERR_load_PEM_strings(void);
 # define PEM_F_PEM_PK8PKEY                                119
 # define PEM_F_PEM_READ                                   108
 # define PEM_F_PEM_READ_BIO                               109
 # define PEM_F_PEM_READ_BIO_DHPARAMS                      141
 # define PEM_F_PEM_READ_BIO_PARAMETERS                    140
 # define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
 # define PEM_F_PEM_READ_DHPARAMS                          142
 # define PEM_F_PEM_READ_PRIVATEKEY                        124
 # define PEM_F_PEM_SEALFINAL                              110
 # define PEM_F_PEM_SEALINIT                               111
 # define PEM_F_PEM_SIGNFINAL                              112
 # define PEM_F_PEM_WRITE                                  113
 # define PEM_F_PEM_WRITE_BIO                              114
 # define PEM_F_PEM_WRITE_PRIVATEKEY                       139
 # define PEM_F_PEM_X509_INFO_READ                         115
 # define PEM_F_PEM_X509_INFO_READ_BIO                     116
 # define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
@ -763,18 +584,30 @@ void ERR_load_PEM_strings(void);
 # define PEM_R_BAD_DECRYPT                                101
 # define PEM_R_BAD_END_LINE                               102
 # define PEM_R_BAD_IV_CHARS                               103
 # define PEM_R_BAD_MAGIC_NUMBER                           116
 # define PEM_R_BAD_PASSWORD_READ                          104
 # define PEM_R_BAD_VERSION_NUMBER                         117
 # define PEM_R_BIO_WRITE_FAILURE                          118
 # define PEM_R_CIPHER_IS_NULL                             127
 # define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
 # define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
 # define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
 # define PEM_R_INCONSISTENT_HEADER                        121
 # define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
 # define PEM_R_KEYBLOB_TOO_SHORT                          123
 # define PEM_R_NOT_DEK_INFO                               105
 # define PEM_R_NOT_ENCRYPTED                              106
 # define PEM_R_NOT_PROC_TYPE                              107
 # define PEM_R_NO_START_LINE                              108
 # define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
 # define PEM_R_PUBLIC_KEY_NO_RSA                          110
 # define PEM_R_PVK_DATA_TOO_SHORT                         124
 # define PEM_R_PVK_TOO_SHORT                              125
 # define PEM_R_READ_KEY                                   111
 # define PEM_R_SHORT_HEADER                               112
 # define PEM_R_UNSUPPORTED_CIPHER                         113
 # define PEM_R_UNSUPPORTED_ENCRYPTION                     114
 # define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/pkcs12.h
+++ b/src/Mayaqua/win32_inc/openssl/pkcs12.h
@ -1,6 +1,7 @@
 /* pkcs12.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
- * project 1999.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@ -81,7 +82,9 @@ extern "C" {
 /* Uncomment out next line for unicode password and names, otherwise ASCII */
-/*#define PBE_UNICODE*/
+/*
 * #define PBE_UNICODE
 */
 # ifdef PBE_UNICODE
 #  define PKCS12_key_gen PKCS12_key_gen_uni
@ -108,8 +111,6 @@ PKCS12_MAC_DATA *mac;
    PKCS7 *authsafes;
 } PKCS12;
 PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
 typedef struct {
    ASN1_OBJECT *type;
    union {
@ -168,22 +169,21 @@ union {
 # define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
 PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
 PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
 X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
 X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
-	     int nid2);
+                                         int nid1, int nid2);
 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
 PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
                                   int passlen);
 PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
                                         const char *pass, int passlen);
 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-			const char *pass, int passlen,
+                        const char *pass, int passlen, unsigned char *salt,
-			unsigned char *salt, int saltlen, int iter,
+                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
 			PKCS8_PRIV_KEY_INFO *p8);
 PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
                                     int passlen, unsigned char *salt,
                                     int saltlen, int iter,
@ -193,37 +193,44 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                             unsigned char *salt, int saltlen, int iter,
                             STACK_OF(PKCS12_SAFEBAG) *bags);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
                                                  int passlen);
 int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
                          int namelen);
 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
                                int namelen);
 int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
                           int namelen);
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
-				int namelen);
+                                const unsigned char *name, int namelen);
 int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
 ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
 unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
                                int passlen, unsigned char *in, int inlen,
-				unsigned char **data, int *datalen, int en_de);
+                                unsigned char **data, int *datalen,
                                int en_de);
 void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
+                              const char *pass, int passlen,
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
+                              ASN1_OCTET_STRING *oct, int zbuf);
 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
                                           const ASN1_ITEM *it,
                                           const char *pass, int passlen,
                                           void *obj, int zbuf);
 PKCS12 *PKCS12_init(int mode);
 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
                       int saltlen, int id, int iter, int n,
                       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                       int saltlen, int id, int iter, int n,
                       unsigned char *out, const EVP_MD *md_type);
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
-			 int en_de);
+                        const EVP_MD *md_type, int en_de);
 int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                   unsigned char *mac, unsigned int *maclen);
 int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
@ -232,14 +239,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
                   const EVP_MD *md_type);
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
                     int saltlen, const EVP_MD *md_type);
-#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE)
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
-/* Rename these functions to avoid name clashes on NetWare OS */
+                               unsigned char **uni, int *unilen);
 unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
-#else
+
 unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
 char *uni2asc(unsigned char *uni, int unilen);
 #endif
 DECLARE_ASN1_FUNCTIONS(PKCS12)
 DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
 DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
@ -256,8 +259,8 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                      int mac_iter, int keytype);
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
-						int key_usage, int iter,
+                               EVP_PKEY *key, int key_usage, int iter,
                               int key_nid, char *pass);
 int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
                    int safe_nid, int iter, char *pass);
@ -270,7 +273,8 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
 int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_PKCS12_strings(void);
--- a/src/Mayaqua/win32_inc/openssl/pkcs7.h
+++ b/src/Mayaqua/win32_inc/openssl/pkcs7.h
@ -76,21 +76,19 @@ extern "C" {
 #  undef PKCS7_SIGNER_INFO
 # endif
-/*
+/*-
 Encryption_ID           DES-CBC
 Digest_ID               MD5
 Digest_Encryption_ID    rsaEncryption
 Key_Encryption_ID       rsaEncryption
 */
-typedef struct pkcs7_issuer_and_serial_st
+typedef struct pkcs7_issuer_and_serial_st {
 	{
    X509_NAME *issuer;
    ASN1_INTEGER *serial;
 } PKCS7_ISSUER_AND_SERIAL;
-typedef struct pkcs7_signer_info_st
+typedef struct pkcs7_signer_info_st {
 	{
    ASN1_INTEGER *version;      /* version 1 */
    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
    X509_ALGOR *digest_alg;
@ -98,7 +96,6 @@ typedef struct pkcs7_signer_info_st
    X509_ALGOR *digest_enc_alg;
    ASN1_OCTET_STRING *enc_digest;
    STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
    /* The private key to sign with */
    EVP_PKEY *pkey;
 } PKCS7_SIGNER_INFO;
@ -106,8 +103,7 @@ typedef struct pkcs7_signer_info_st
 DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
 DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
-typedef struct pkcs7_recip_info_st
+typedef struct pkcs7_recip_info_st {
 	{
    ASN1_INTEGER *version;      /* version 0 */
    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
    X509_ALGOR *key_enc_algor;
@ -118,99 +114,86 @@ typedef struct pkcs7_recip_info_st
 DECLARE_STACK_OF(PKCS7_RECIP_INFO)
 DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
-typedef struct pkcs7_signed_st
+typedef struct pkcs7_signed_st {
 	{
    ASN1_INTEGER *version;      /* version 1 */
    STACK_OF(X509_ALGOR) *md_algs; /* md used */
    STACK_OF(X509) *cert;       /* [ 0 ] */
    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
    struct pkcs7_st *contents;
 } PKCS7_SIGNED;
-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
+/*
- * How about merging the two */
+ * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about
 * merging the two
 */
-typedef struct pkcs7_enc_content_st
+typedef struct pkcs7_enc_content_st {
 	{
    ASN1_OBJECT *content_type;
    X509_ALGOR *algorithm;
    ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
    const EVP_CIPHER *cipher;
 } PKCS7_ENC_CONTENT;
-typedef struct pkcs7_enveloped_st
+typedef struct pkcs7_enveloped_st {
 	{
    ASN1_INTEGER *version;      /* version 0 */
    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
    PKCS7_ENC_CONTENT *enc_data;
 } PKCS7_ENVELOPE;
-typedef struct pkcs7_signedandenveloped_st
+typedef struct pkcs7_signedandenveloped_st {
 	{
    ASN1_INTEGER *version;      /* version 1 */
    STACK_OF(X509_ALGOR) *md_algs; /* md used */
    STACK_OF(X509) *cert;       /* [ 0 ] */
    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
    PKCS7_ENC_CONTENT *enc_data;
    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
 } PKCS7_SIGN_ENVELOPE;
-typedef struct pkcs7_digest_st
+typedef struct pkcs7_digest_st {
 	{
    ASN1_INTEGER *version;      /* version 0 */
    X509_ALGOR *md;             /* md used */
    struct pkcs7_st *contents;
    ASN1_OCTET_STRING *digest;
 } PKCS7_DIGEST;
-typedef struct pkcs7_encrypted_st
+typedef struct pkcs7_encrypted_st {
 	{
    ASN1_INTEGER *version;      /* version 0 */
    PKCS7_ENC_CONTENT *enc_data;
 } PKCS7_ENCRYPT;
-typedef struct pkcs7_st
+typedef struct pkcs7_st {
-	{
+    /*
-	/* The following is non NULL if it contains ASN1 encoding of
+     * The following is non NULL if it contains ASN1 encoding of this
-	 * this structure */
+     * structure
     */
    unsigned char *asn1;
    long length;
 # define PKCS7_S_HEADER  0
 # define PKCS7_S_BODY    1
 # define PKCS7_S_TAIL    2
    int state;                  /* used during processing */
    int detached;
    ASN1_OBJECT *type;
    /* content as defined by the type */
-	/* all encryption/message digests are applied to the 'contents',
+    /*
-	 * leaving out the 'type' field. */
+     * all encryption/message digests are applied to the 'contents', leaving
     * out the 'type' field.
     */
    union {
        char *ptr;
        /* NID_pkcs7_data */
        ASN1_OCTET_STRING *data;
        /* NID_pkcs7_signed */
        PKCS7_SIGNED *sign;
        /* NID_pkcs7_enveloped */
        PKCS7_ENVELOPE *enveloped;
        /* NID_pkcs7_signedAndEnveloped */
        PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
        /* NID_pkcs7_digest */
        PKCS7_DIGEST *digest;
        /* NID_pkcs7_encrypted */
        PKCS7_ENCRYPT *encrypted;
        /* Anything else */
        ASN1_TYPE *other;
    } d;
@ -232,7 +215,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 # define PKCS7_type_is_signedAndEnveloped(a) \
                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 # define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
 # define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
 # define PKCS7_set_detached(p,v) \
@ -242,14 +224,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 # define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
 #ifdef SSLEAY_MACROS
 #ifndef PKCS7_ISSUER_AND_SERIAL_digest
 #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
 	                (char *)data,md,len)
 #endif
 #endif
 /* S/MIME related flags */
 # define PKCS7_TEXT              0x1
@ -266,6 +240,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 # define PKCS7_CRLFEOL           0x800
 # define PKCS7_STREAM            0x1000
 # define PKCS7_NOCRL             0x2000
 # define PKCS7_PARTIAL           0x4000
 # define PKCS7_REUSE_DIGEST      0x8000
 /* Flags: for compatibility with older code */
@ -281,9 +257,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-#ifndef SSLEAY_MACROS
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
+                                   const EVP_MD *type, unsigned char *md,
-	unsigned char *md,unsigned int *len);
+                                   unsigned int *len);
 # ifndef OPENSSL_NO_FP_API
 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
@ -291,7 +267,8 @@ int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 PKCS7 *PKCS7_dup(PKCS7 *p7);
 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
-#endif
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
 int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
 DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
 DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
@ -307,6 +284,7 @@ DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
 DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
 DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
 DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
@ -315,6 +293,7 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                          const EVP_MD *dgst);
 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
@ -328,7 +307,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
                                       EVP_PKEY *pkey, const EVP_MD *dgst);
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
@ -336,9 +314,13 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
 void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
                                 X509_ALGOR **pdig, X509_ALGOR **psig);
 void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
 int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
@ -350,30 +332,44 @@ ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
                                STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
-
+                         STACK_OF(X509_ATTRIBUTE) *sk);
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                  BIO *data, int flags);
 PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
                                         X509 *signcert, EVP_PKEY *pkey,
                                         const EVP_MD *md, int flags);
 int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                 BIO *indata, BIO *out, int flags);
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
                                   int flags);
 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                     int flags);
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
                  int flags);
 int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
                              STACK_OF(X509_ALGOR) *cap);
 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
 int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
 int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
 int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
                             const unsigned char *md, int mdlen);
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+
-int SMIME_text(BIO *in, BIO *out);
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_PKCS7_strings(void);
@ -383,12 +379,17 @@ void ERR_load_PKCS7_strings(void);
 /* Function codes. */
 # define PKCS7_F_B64_READ_PKCS7                           120
 # define PKCS7_F_B64_WRITE_PKCS7                          121
 # define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
 # define PKCS7_F_I2D_PKCS7_BIO_STREAM                     140
 # define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
 # define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
 # define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
 # define PKCS7_F_PKCS7_ADD_CRL                            101
 # define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
 # define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
 # define PKCS7_F_PKCS7_ADD_SIGNER                         103
 # define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
 # define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
 # define PKCS7_F_PKCS7_CTRL                               104
 # define PKCS7_F_PKCS7_DATADECODE                         112
 # define PKCS7_F_PKCS7_DATAFINAL                          128
@ -396,15 +397,22 @@ void ERR_load_PKCS7_strings(void);
 # define PKCS7_F_PKCS7_DATASIGN                           106
 # define PKCS7_F_PKCS7_DATAVERIFY                         107
 # define PKCS7_F_PKCS7_DECRYPT                            114
 # define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
 # define PKCS7_F_PKCS7_ENCODE_RINFO                       132
 # define PKCS7_F_PKCS7_ENCRYPT                            115
 # define PKCS7_F_PKCS7_FINAL                              134
 # define PKCS7_F_PKCS7_FIND_DIGEST                        127
 # define PKCS7_F_PKCS7_GET0_SIGNERS                       124
 # define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
 # define PKCS7_F_PKCS7_SET_CIPHER                         108
 # define PKCS7_F_PKCS7_SET_CONTENT                        109
 # define PKCS7_F_PKCS7_SET_DIGEST                         126
 # define PKCS7_F_PKCS7_SET_TYPE                           110
 # define PKCS7_F_PKCS7_SIGN                               116
 # define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
 # define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
 # define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
 # define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
 # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
 # define PKCS7_F_PKCS7_VERIFY                             117
 # define PKCS7_F_SMIME_READ_PKCS7                         122
@ -415,20 +423,26 @@ void ERR_load_PKCS7_strings(void);
 # define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
 # define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
 # define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
 # define PKCS7_R_CTRL_ERROR                               152
 # define PKCS7_R_DECODE_ERROR                             130
 # define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH            100
 # define PKCS7_R_DECRYPT_ERROR                            119
 # define PKCS7_R_DIGEST_FAILURE                           101
 # define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
 # define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
 # define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
 # define PKCS7_R_ERROR_SETTING_CIPHER                     121
 # define PKCS7_R_INVALID_MIME_TYPE                        131
 # define PKCS7_R_INVALID_NULL_POINTER                     143
 # define PKCS7_R_INVALID_SIGNED_DATA_TYPE                 155
 # define PKCS7_R_MIME_NO_CONTENT_TYPE                     132
 # define PKCS7_R_MIME_PARSE_ERROR                         133
 # define PKCS7_R_MIME_SIG_PARSE_ERROR                     134
 # define PKCS7_R_MISSING_CERIPEND_INFO                    103
 # define PKCS7_R_NO_CONTENT                               122
 # define PKCS7_R_NO_CONTENT_TYPE                          135
 # define PKCS7_R_NO_DEFAULT_DIGEST                        151
 # define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
 # define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
 # define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
 # define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
@ -438,6 +452,7 @@ void ERR_load_PKCS7_strings(void);
 # define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
 # define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
 # define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
 # define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
 # define PKCS7_R_PKCS7_DATAFINAL                          126
 # define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
 # define PKCS7_R_PKCS7_DATASIGN                           145
@ -446,6 +461,8 @@ void ERR_load_PKCS7_strings(void);
 # define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
 # define PKCS7_R_SIGNATURE_FAILURE                        105
 # define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
 # define PKCS7_R_SIGNING_CTRL_FAILURE                     147
 # define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
 # define PKCS7_R_SIG_INVALID_MIME_TYPE                    141
 # define PKCS7_R_SMIME_TEXT_ERROR                         129
 # define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
--- a/src/Mayaqua/win32_inc/openssl/pq_compat.h
+++ b/src/Mayaqua/win32_inc/openssl/pq_compat.h
@ -1,152 +0,0 @@
 /* crypto/pqueue/pqueue_compat.h */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
 */
 /* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef HEADER_PQ_COMPAT_H
 #define HEADER_PQ_COMPAT_H
 #include <openssl/opensslconf.h>
 #include <openssl/bn.h>
 /* 
 * The purpose of this header file is for supporting 64-bit integer
 * manipulation on 32-bit (and lower) machines.  Currently the only
 * such environment is VMS, Utrix and those with smaller default integer
 * sizes than 32 bits.  For all such environment, we fall back to using
 * BIGNUM.  We may need to fine tune the conditions for systems that
 * are incorrectly configured.
 *
 * The only clients of this code are (1) pqueue for priority, and
 * (2) DTLS, for sequence number manipulation.
 */
 #if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)
 #define PQ_64BIT_IS_INTEGER 0
 #define PQ_64BIT_IS_BIGNUM 1
 #define PQ_64BIT     BIGNUM
 #define PQ_64BIT_CTX BN_CTX
 #define pq_64bit_init(x)           BN_init(x)
 #define pq_64bit_free(x)           BN_free(x)
 #define pq_64bit_ctx_new(ctx)      BN_CTX_new()
 #define pq_64bit_ctx_free(x)       BN_CTX_free(x)
 #define pq_64bit_assign(x, y)      BN_copy(x, y)
 #define pq_64bit_assign_word(x, y) BN_set_word(x, y)
 #define pq_64bit_gt(x, y)          BN_ucmp(x, y) >= 1 ? 1 : 0
 #define pq_64bit_eq(x, y)          BN_ucmp(x, y) == 0 ? 1 : 0
 #define pq_64bit_add_word(x, w)    BN_add_word(x, w)
 #define pq_64bit_sub(r, x, y)      BN_sub(r, x, y)
 #define pq_64bit_sub_word(x, w)    BN_sub_word(x, w)
 #define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)
 #define pq_64bit_bin2num(bn, bytes, len)   BN_bin2bn(bytes, len, bn)
 #define pq_64bit_num2bin(bn, bytes)        BN_bn2bin(bn, bytes)
 #define pq_64bit_get_word(x)               BN_get_word(x)
 #define pq_64bit_is_bit_set(x, offset)     BN_is_bit_set(x, offset)
 #define pq_64bit_lshift(r, x, shift)       BN_lshift(r, x, shift)
 #define pq_64bit_set_bit(x, num)           BN_set_bit(x, num)
 #define pq_64bit_get_length(x)             BN_num_bits((x))
 #else
 #define PQ_64BIT_IS_INTEGER 1
 #define PQ_64BIT_IS_BIGNUM 0
 #if defined(SIXTY_FOUR_BIT)
 #define PQ_64BIT BN_ULONG
 #define PQ_64BIT_PRINT "%lld"
 #elif defined(SIXTY_FOUR_BIT_LONG)
 #define PQ_64BIT BN_ULONG
 #define PQ_64BIT_PRINT "%ld"
 #elif defined(THIRTY_TWO_BIT)
 #define PQ_64BIT BN_ULLONG
 #define PQ_64BIT_PRINT "%lld"
 #endif
 #define PQ_64BIT_CTX      void
 #define pq_64bit_init(x)
 #define pq_64bit_free(x)
 #define pq_64bit_ctx_new(ctx)        (ctx)
 #define pq_64bit_ctx_free(x)
 #define pq_64bit_assign(x, y)        (*(x) = *(y))
 #define pq_64bit_assign_word(x, y)   (*(x) = y)
 #define pq_64bit_gt(x, y)	         (*(x) > *(y))
 #define pq_64bit_eq(x, y)            (*(x) == *(y))
 #define pq_64bit_add_word(x, w)      (*(x) = (*(x) + (w)))
 #define pq_64bit_sub(r, x, y)        (*(r) = (*(x) - *(y)))
 #define pq_64bit_sub_word(x, w)      (*(x) = (*(x) - (w)))
 #define pq_64bit_mod(r, x, n, ctx)
 #define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)
 #define pq_64bit_num2bin(num, bytes)      long_long_to_bytes(num, bytes)
 #define pq_64bit_get_word(x)              *(x)
 #define pq_64bit_lshift(r, x, shift)      (*(r) = (*(x) << (shift)))
 #define pq_64bit_set_bit(x, num)          do { \
                                              PQ_64BIT mask = 1; \
                                              mask = mask << (num); \
                                              *(x) |= mask; \
                                          } while(0)
 #endif /* OPENSSL_SYS_VMS */
 #endif
--- a/src/Mayaqua/win32_inc/openssl/pqueue.h
+++ b/src/Mayaqua/win32_inc/openssl/pqueue.h
@ -64,20 +64,20 @@
 # include <stdlib.h>
 # include <string.h>
-#include <openssl/pq_compat.h>
+#ifdef  __cplusplus
-
+extern "C" {
 #endif
 typedef struct _pqueue *pqueue;
-typedef struct _pitem
+typedef struct _pitem {
-	{
+    unsigned char priority[8];  /* 64-bit value in big-endian encoding */
 	PQ_64BIT priority;
    void *data;
    struct _pitem *next;
 } pitem;
 typedef struct _pitem *piterator;
-pitem *pitem_new(PQ_64BIT priority, void *data);
+pitem *pitem_new(unsigned char *prio64be, void *data);
 void pitem_free(pitem *item);
 pqueue pqueue_new(void);
@ -86,11 +86,14 @@ void   pqueue_free(pqueue pq);
 pitem *pqueue_insert(pqueue pq, pitem *item);
 pitem *pqueue_peek(pqueue pq);
 pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, PQ_64BIT priority);
+pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
 pitem *pqueue_iterator(pqueue pq);
 pitem *pqueue_next(piterator *iter);
 void pqueue_print(pqueue pq);
 int pqueue_size(pqueue pq);
 #ifdef  __cplusplus
 }
 #endif
 #endif                          /* ! HEADER_PQUEUE_H */
--- a/src/Mayaqua/win32_inc/openssl/rand.h
+++ b/src/Mayaqua/win32_inc/openssl/rand.h
@ -72,14 +72,13 @@ extern "C" {
 #endif
 # if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T int
+#  define FIPS_RAND_SIZE_T size_t
 # endif
 /* Already defined in ossl_typ.h */
 /* typedef struct rand_meth_st RAND_METHOD; */
-struct rand_meth_st
+struct rand_meth_st {
 	{
    void (*seed) (const void *buf, int num);
    int (*bytes) (unsigned char *buf, int num);
    void (*cleanup) (void);
@ -111,15 +110,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path, int bytes);
 int RAND_poll(void);
 #ifndef OPENSSL_NO_ENGINE
 #ifdef OPENSSL_FIPS
 void int_RAND_init_engine_callbacks(void);
 void int_RAND_set_callbacks(
 	int (*set_rand_func)(const RAND_METHOD *meth,
 						const RAND_METHOD **pmeth),
 	const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
 #endif
 #endif
 # if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@ -128,8 +118,14 @@ int RAND_event(UINT, WPARAM, LPARAM);
 # endif
 # ifdef OPENSSL_FIPS
 void RAND_set_fips_drbg_type(int type, int flags);
 int RAND_init_fips(void);
 # endif
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_RAND_strings(void);
@ -137,29 +133,16 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 /* Function codes. */
 #define RAND_F_ENG_RAND_GET_RAND_METHOD			 108
 #define RAND_F_FIPS_RAND				 103
 #define RAND_F_FIPS_RAND_BYTES				 102
 #define RAND_F_FIPS_RAND_GET_RAND_METHOD		 109
 #define RAND_F_FIPS_RAND_SET_DT				 106
 #define RAND_F_FIPS_SET_DT				 104
 #define RAND_F_FIPS_SET_PRNG_SEED			 107
 #define RAND_F_FIPS_SET_TEST_MODE			 105
 # define RAND_F_RAND_GET_RAND_METHOD                      101
 # define RAND_F_RAND_INIT_FIPS                            102
 # define RAND_F_SSLEAY_RAND_BYTES                         100
 /* Reason codes. */
-#define RAND_R_NON_FIPS_METHOD				 105
+# define RAND_R_DUAL_EC_DRBG_DISABLED                     104
-#define RAND_R_NOT_IN_TEST_MODE				 106
+# define RAND_R_ERROR_INITIALISING_DRBG                   102
-#define RAND_R_NO_KEY_SET				 107
+# define RAND_R_ERROR_INSTANTIATING_DRBG                  103
-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH			 101
+# define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
 #define RAND_R_PRNG_ERROR				 108
 #define RAND_R_PRNG_KEYED				 109
 #define RAND_R_PRNG_NOT_REKEYED				 102
 #define RAND_R_PRNG_NOT_RESEEDED			 103
 # define RAND_R_PRNG_NOT_SEEDED                           100
 #define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY		 110
 #define RAND_R_PRNG_STUCK				 104
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/rc2.h
+++ b/src/Mayaqua/win32_inc/openssl/rc2.h
@ -74,17 +74,17 @@
 extern "C" {
 #endif
-typedef struct rc2_key_st
+typedef struct rc2_key_st {
 	{
    RC2_INT data[64];
 } RC2_KEY;
 # ifdef OPENSSL_FIPS
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
                         int bits);
 # endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
-		     int enc);
+                     RC2_KEY *key, int enc);
 void RC2_encrypt(unsigned long *data, RC2_KEY *key);
 void RC2_decrypt(unsigned long *data, RC2_KEY *key);
 void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
--- a/src/Mayaqua/win32_inc/openssl/rc4.h
+++ b/src/Mayaqua/win32_inc/openssl/rc4.h
@ -64,23 +64,21 @@
 #  error RC4 is disabled.
 # endif
 # include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-typedef struct rc4_key_st
+typedef struct rc4_key_st {
 	{
    RC4_INT x, y;
    RC4_INT data[256];
 } RC4_KEY;
 const char *RC4_options(void);
 #ifdef OPENSSL_FIPS
 void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 #endif
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
         unsigned char *outdata);
 #ifdef  __cplusplus
--- a/src/Mayaqua/win32_inc/openssl/rc5.h
+++ b/src/Mayaqua/win32_inc/openssl/rc5.h
@ -1,120 +0,0 @@
 /* crypto/rc5/rc5.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 #ifndef HEADER_RC5_H
 #define HEADER_RC5_H
 #ifdef  __cplusplus
 extern "C" {
 #endif
 #ifdef OPENSSL_NO_RC5
 #error RC5 is disabled.
 #endif
 #define RC5_ENCRYPT	1
 #define RC5_DECRYPT	0
 /* 32 bit.  For Alpha, things may get weird */
 #define RC5_32_INT unsigned long
 #define RC5_32_BLOCK		8
 #define RC5_32_KEY_LENGTH	16 /* This is a default, max is 255 */
 /* This are the only values supported.  Tweak the code if you want more
 * The most supported modes will be
 * RC5-32/12/16
 * RC5-32/16/8
 */
 #define RC5_8_ROUNDS	8
 #define RC5_12_ROUNDS	12
 #define RC5_16_ROUNDS	16
 typedef struct rc5_key_st
 	{
 	/* Number of rounds */
 	int rounds;
 	RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
 	} RC5_32_KEY;
 #ifdef OPENSSL_FIPS 
 void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
 	int rounds);
 #endif
 void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
 	int rounds);
 void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
 	int enc);
 void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
 void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
 void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			long length, RC5_32_KEY *ks, unsigned char *iv,
 			int enc);
 void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 			  long length, RC5_32_KEY *schedule,
 			  unsigned char *ivec, int *num, int enc);
 void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
 			  long length, RC5_32_KEY *schedule,
 			  unsigned char *ivec, int *num);
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/ripemd.h
+++ b/src/Mayaqua/win32_inc/openssl/ripemd.h
@ -70,7 +70,7 @@ extern "C" {
 #  error RIPEMD is disabled.
 # endif
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# if defined(__LP32__)
 #  define RIPEMD160_LONG unsigned long
 # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #  define RIPEMD160_LONG unsigned long
@ -83,21 +83,20 @@ extern "C" {
 # define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
 # define RIPEMD160_DIGEST_LENGTH 20
-typedef struct RIPEMD160state_st
+typedef struct RIPEMD160state_st {
 	{
    RIPEMD160_LONG A, B, C, D, E;
    RIPEMD160_LONG Nl, Nh;
    RIPEMD160_LONG data[RIPEMD160_LBLOCK];
    unsigned int num;
 } RIPEMD160_CTX;
 # ifdef OPENSSL_FIPS
 int private_RIPEMD160_Init(RIPEMD160_CTX *c);
 # endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(const unsigned char *d, size_t n,
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
 	unsigned char *md);
 void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/rsa.h
+++ b/src/Mayaqua/win32_inc/openssl/rsa.h
@ -74,25 +74,6 @@
 #  error RSA is disabled.
 # endif
 /* If this flag is set the RSA method is FIPS compliant and can be used
 * in FIPS mode. This is set in the validated module method. If an
 * application sets this flag in its own methods it is its reposibility
 * to ensure the result is compliant.
 */
 #define RSA_FLAG_FIPS_METHOD			0x0400
 /* If this flag is set the operations normally disabled in FIPS mode are
 * permitted it is then the applications responsibility to ensure that the
 * usage is compliant.
 */
 #define RSA_FLAG_NON_FIPS_ALLOW			0x0400
 #ifdef OPENSSL_FIPS
 #define FIPS_RSA_SIZE_T	int
 #endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@ -101,53 +82,58 @@ extern "C" {
 /* typedef struct rsa_st RSA; */
 /* typedef struct rsa_meth_st RSA_METHOD; */
-struct rsa_meth_st
+struct rsa_meth_st {
 	{
    const char *name;
    int (*rsa_pub_enc) (int flen, const unsigned char *from,
-			   unsigned char *to,
+                        unsigned char *to, RSA *rsa, int padding);
 			   RSA *rsa,int padding);
    int (*rsa_pub_dec) (int flen, const unsigned char *from,
-			   unsigned char *to,
+                        unsigned char *to, RSA *rsa, int padding);
 			   RSA *rsa,int padding);
    int (*rsa_priv_enc) (int flen, const unsigned char *from,
-			    unsigned char *to,
+                         unsigned char *to, RSA *rsa, int padding);
 			    RSA *rsa,int padding);
    int (*rsa_priv_dec) (int flen, const unsigned char *from,
-			    unsigned char *to,
+                         unsigned char *to, RSA *rsa, int padding);
-			    RSA *rsa,int padding);
+    /* Can be null */
-	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */
+    int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
    /* Can be null */
    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-			  BN_MONT_CTX *m_ctx); /* Can be null */
+    /* called at new */
-	int (*init)(RSA *rsa);		/* called at new */
+    int (*init) (RSA *rsa);
-	int (*finish)(RSA *rsa);	/* called at free */
+    /* called at free */
-	int flags;			/* RSA_METHOD_FLAG_* things */
+    int (*finish) (RSA *rsa);
-	char *app_data;			/* may be needed! */
+    /* RSA_METHOD_FLAG_* things */
-/* New sign and verify functions: some libraries don't allow arbitrary data
+    int flags;
- * to be signed/verified: this allows them to be used. Note: for this to work
+    /* may be needed! */
- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
+    char *app_data;
- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
+    /*
- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
+     * New sign and verify functions: some libraries don't allow arbitrary
- * option is set in 'flags'.
+     * data to be signed/verified: this allows them to be used. Note: for
     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
     * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:
     * for backwards compatibility this functionality is only enabled if the
     * RSA_FLAG_SIGN_VER option is set in 'flags'.
     */
    int (*rsa_sign) (int type,
                     const unsigned char *m, unsigned int m_length,
-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+                     unsigned char *sigret, unsigned int *siglen,
-	int (*rsa_verify)(int dtype,
+                     const RSA *rsa);
-		const unsigned char *m, unsigned int m_length,
+    int (*rsa_verify) (int dtype, const unsigned char *m,
-		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+                       unsigned int m_length, const unsigned char *sigbuf,
-/* If this callback is NULL, the builtin software RSA key-gen will be used. This
+                       unsigned int siglen, const RSA *rsa);
- * is for behavioural compatibility whilst the code gets rewired, but one day
+    /*
- * it would be nice to assume there are no such things as "builtin software"
+     * If this callback is NULL, the builtin software RSA key-gen will be
- * implementations. */
+     * used. This is for behavioural compatibility whilst the code gets
     * rewired, but one day it would be nice to assume there are no such
     * things as "builtin software" implementations.
     */
    int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
 };
-struct rsa_st
+struct rsa_st {
-	{
+    /*
-	/* The first parameter is used to pickup errors where
+     * The first parameter is used to pickup errors where this is passed
-	 * this is passed instead of aEVP_PKEY, it is set to 0 */
+     * instead of aEVP_PKEY, it is set to 0
     */
    int pad;
    long version;
    const RSA_METHOD *meth;
@ -165,14 +151,14 @@ struct rsa_st
    CRYPTO_EX_DATA ex_data;
    int references;
    int flags;
    /* Used to cache montgomery values */
    BN_MONT_CTX *_method_mod_n;
    BN_MONT_CTX *_method_mod_p;
    BN_MONT_CTX *_method_mod_q;
-
+    /*
-	/* all BIGNUM values are actually in the following data, if it is not
+     * all BIGNUM values are actually in the following data, if it is not
-	 * NULL */
+     * NULL
     */
    char *bignum_data;
    BN_BLINDING *blinding;
    BN_BLINDING *mt_blinding;
@ -182,41 +168,48 @@ struct rsa_st
 #  define OPENSSL_RSA_MAX_MODULUS_BITS   16384
 # endif
 #define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
 # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
 #  define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
 # endif
 # ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS	64 /* exponent limit enforced for "large" modulus only */
+
 /* exponent limit enforced for "large" modulus only */
 #  define OPENSSL_RSA_MAX_PUBEXP_BITS    64
 # endif
 # define RSA_3   0x3L
 # define RSA_F4  0x10001L
-#define RSA_METHOD_FLAG_NO_CHECK	0x0001 /* don't check pub/private match */
+# define RSA_METHOD_FLAG_NO_CHECK        0x0001/* don't check pub/private
                                                * match */
 # define RSA_FLAG_CACHE_PUBLIC           0x0002
 # define RSA_FLAG_CACHE_PRIVATE          0x0004
 # define RSA_FLAG_BLINDING               0x0008
 # define RSA_FLAG_THREAD_SAFE            0x0010
-/* This flag means the private key operations will be handled by rsa_mod_exp
+/*
 * This flag means the private key operations will be handled by rsa_mod_exp
 * and that they do not depend on the private key components being present:
- * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * for example a key stored in external hardware. Without this flag
- * gets called when private key components are absent.
+ * bn_mod_exp gets called when private key components are absent.
 */
 # define RSA_FLAG_EXT_PKEY               0x0020
-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
+/*
 * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify
 * functions.
 */
 # define RSA_FLAG_SIGN_VER               0x0040
-#define RSA_FLAG_NO_BLINDING		0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
+/*
 * new with 0.9.6j and 0.9.7b; the built-in
 * RSA implementation now uses blinding by
 * default (ignoring RSA_FLAG_BLINDING),
 * but other engines might not need it
 */
-#define RSA_FLAG_NO_CONSTTIME		0x0100 /* new with 0.9.8f; the built-in RSA
+# define RSA_FLAG_NO_BLINDING            0x0080
 /*
 * new with 0.9.8f; the built-in RSA
 * implementation now uses constant time
 * operations by default in private key operations,
 * e.g., constant time modular exponentiation,
@ -226,23 +219,98 @@ struct rsa_st
 * operations and results in faster RSA
 * private key operations.
 */
-#ifndef OPENSSL_NO_DEPRECATED
+# define RSA_FLAG_NO_CONSTTIME           0x0100
-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
+# ifdef OPENSSL_USE_DEPRECATED
-                                                /* new with 0.9.7h; the built-in RSA
+/* deprecated name for the flag*/
 /*
 * new with 0.9.7h; the built-in RSA
 * implementation now uses constant time
 * modular exponentiation for secret exponents
 * by default. This flag causes the
 * faster variable sliding window method to
 * be used for all exponents.
 */
 #  define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
 # endif
 # define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
                                pad, NULL)
 # define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
                                EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
 # define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
                                len, NULL)
 # define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
                                EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
                                0, plen)
 # define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
 # define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
 # define  EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)  \
                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
                        EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
                                EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
 # define  EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md)  \
                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
                                EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md)
 # define  EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
                        EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
                                EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
 # define  EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
                                EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd)
 # define  EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
                                EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l)
 # define  EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l)       \
                EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
                                EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l)
 # define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
 # define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
 # define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
 # define EVP_PKEY_CTRL_RSA_MGF1_MD       (EVP_PKEY_ALG_CTRL + 5)
 # define EVP_PKEY_CTRL_GET_RSA_PADDING           (EVP_PKEY_ALG_CTRL + 6)
 # define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN       (EVP_PKEY_ALG_CTRL + 7)
 # define EVP_PKEY_CTRL_GET_RSA_MGF1_MD           (EVP_PKEY_ALG_CTRL + 8)
 # define EVP_PKEY_CTRL_RSA_OAEP_MD       (EVP_PKEY_ALG_CTRL + 9)
 # define EVP_PKEY_CTRL_RSA_OAEP_LABEL    (EVP_PKEY_ALG_CTRL + 10)
 # define EVP_PKEY_CTRL_GET_RSA_OAEP_MD   (EVP_PKEY_ALG_CTRL + 11)
 # define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
 # define RSA_PKCS1_PADDING       1
 # define RSA_SSLV23_PADDING      2
 # define RSA_NO_PADDING          3
 # define RSA_PKCS1_OAEP_PADDING  4
 # define RSA_X931_PADDING        5
 /* EVP_PKEY_ only */
 # define RSA_PKCS1_PSS_PADDING   6
 # define RSA_PKCS1_PADDING_SIZE  11
@ -251,7 +319,7 @@ struct rsa_st
 RSA *RSA_new(void);
 RSA *RSA_new_method(ENGINE *engine);
-int	RSA_size(const RSA *);
+int RSA_size(const RSA *rsa);
 /* Deprecated version */
 # ifndef OPENSSL_NO_DEPRECATED
@ -261,11 +329,6 @@ RSA *	RSA_generate_key(int bits, unsigned long e,void
 /* New version */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
 int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
 			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
 			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
 			const BIGNUM *e, BN_GENCB *cb);
 int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
 int RSA_check_key(const RSA *);
        /* next 4 return -1 on error */
@ -283,11 +346,6 @@ int	RSA_up_ref(RSA *r);
 int RSA_flags(const RSA *r);
 #ifdef OPENSSL_FIPS
 RSA *FIPS_rsa_new(void);
 void FIPS_rsa_free(RSA *r);
 #endif
 void RSA_set_default_method(const RSA_METHOD *meth);
 const RSA_METHOD *RSA_get_default_method(void);
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
@ -304,6 +362,23 @@ const RSA_METHOD *RSA_null_method(void);
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
 typedef struct rsa_pss_params_st {
    X509_ALGOR *hashAlgorithm;
    X509_ALGOR *maskGenAlgorithm;
    ASN1_INTEGER *saltLength;
    ASN1_INTEGER *trailerField;
 } RSA_PSS_PARAMS;
 DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 typedef struct rsa_oaep_params_st {
    X509_ALGOR *hashFunc;
    X509_ALGOR *maskGenFunc;
    X509_ALGOR *pSourceFunc;
 } RSA_OAEP_PARAMS;
 DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
 # ifndef OPENSSL_NO_FP_API
 int RSA_print_fp(FILE *fp, const RSA *r, int offset);
 # endif
@ -314,11 +389,11 @@ int	RSA_print(BIO *bp, const RSA *r,int offset);
 # ifndef OPENSSL_NO_RC4
 int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-		int (*cb)(char *buf, int len, const char *prompt, int verify),
+                int (*cb) (char *buf, int len, const char *prompt,
-		int sgckey);
+                           int verify), int sgckey);
 RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-		 int (*cb)(char *buf, int len, const char *prompt, int verify),
+                 int (*cb) (char *buf, int len, const char *prompt,
-		 int sgckey);
+                            int verify), int sgckey);
 int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
                     int (*cb) (char *buf, int len, const char *prompt,
@ -328,21 +403,26 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
                                 int verify));
 # endif
-/* The following 2 functions sign and verify a X509_SIG ASN1 object
+/*
- * inside PKCS#1 padded RSA encryption */
+ * The following 2 functions sign and verify a X509_SIG ASN1 object inside
 * PKCS#1 padded RSA encryption
 */
 int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-/* The following 2 function sign and verify a ASN1_OCTET_STRING
+/*
- * object inside PKCS#1 padded RSA encryption */
+ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside
 * PKCS#1 padded RSA encryption
 */
 int RSA_sign_ASN1_OCTET_STRING(int type,
                               const unsigned char *m, unsigned int m_length,
-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+                               unsigned char *sigret, unsigned int *siglen,
-int RSA_verify_ASN1_OCTET_STRING(int type,
+                               RSA *rsa);
-	const unsigned char *m, unsigned int m_length,
+int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+                                 unsigned int m_length, unsigned char *sigbuf,
                                 unsigned int siglen, RSA *rsa);
 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
 void RSA_blinding_off(RSA *rsa);
@ -351,38 +431,59 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
 int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
                                 const unsigned char *f, int fl);
 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-	const unsigned char *f,int fl,int rsa_len);
+                                   const unsigned char *f, int fl,
                                   int rsa_len);
 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
                                 const unsigned char *f, int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-	const unsigned char *f,int fl,int rsa_len);
+                                   const unsigned char *f, int fl,
-int PKCS1_MGF1(unsigned char *mask, long len,
+                                   int rsa_len);
-	const unsigned char *seed, long seedlen, const EVP_MD *dgst);
+int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
               long seedlen, const EVP_MD *dgst);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
                               const unsigned char *f, int fl,
                               const unsigned char *p, int pl);
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
                                 const unsigned char *f, int fl, int rsa_len,
                                 const unsigned char *p, int pl);
 int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
                                    const unsigned char *from, int flen,
                                    const unsigned char *param, int plen,
                                    const EVP_MD *md, const EVP_MD *mgf1md);
 int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
                                      const unsigned char *from, int flen,
                                      int num, const unsigned char *param,
                                      int plen, const EVP_MD *md,
                                      const EVP_MD *mgf1md);
 int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
                           const unsigned char *f, int fl);
 int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
                             const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_none(unsigned char *to,int tlen,
+int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
-	const unsigned char *f,int fl);
+                         int fl);
 int RSA_padding_check_none(unsigned char *to, int tlen,
                           const unsigned char *f, int fl, int rsa_len);
-int RSA_padding_add_X931(unsigned char *to,int tlen,
+int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
-	const unsigned char *f,int fl);
+                         int fl);
 int RSA_padding_check_X931(unsigned char *to, int tlen,
                           const unsigned char *f, int fl, int rsa_len);
 int RSA_X931_hash_id(int nid);
 int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const unsigned char *EM, int sLen);
+                         const EVP_MD *Hash, const unsigned char *EM,
                         int sLen);
 int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                              const unsigned char *mHash, const EVP_MD *Hash,
                              int sLen);
 int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
                              const unsigned char *EM, int sLen);
 int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
                                   const unsigned char *mHash,
-			const EVP_MD *Hash, int sLen);
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
                                   int sLen);
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@ -392,8 +493,31 @@ void *RSA_get_ex_data(const RSA *r, int idx);
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
 /*
 * If this flag is set the RSA method is FIPS compliant and can be used in
 * FIPS mode. This is set in the validated module method. If an application
 * sets this flag in its own methods it is its responsibility to ensure the
 * result is compliant.
 */
 # define RSA_FLAG_FIPS_METHOD                    0x0400
 /*
 * If this flag is set the operations normally disabled in FIPS mode are
 * permitted it is then the applications responsibility to ensure that the
 * usage is compliant.
 */
 # define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
 /*
 * Application has decided PRNG is good enough to generate a key: don't
 * check.
 */
 # define RSA_FLAG_CHECKED                        0x0800
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_RSA_strings(void);
@ -401,17 +525,29 @@ void ERR_load_RSA_strings(void);
 /* Error codes for the RSA functions. */
 /* Function codes. */
-#define RSA_F_FIPS_RSA_SIGN				 140
+# define RSA_F_CHECK_PADDING_MD                           140
-#define RSA_F_FIPS_RSA_VERIFY				 141
+# define RSA_F_DO_RSA_PRINT                               146
 # define RSA_F_INT_RSA_VERIFY                             145
 # define RSA_F_MEMORY_LOCK                                100
 # define RSA_F_OLD_RSA_PRIV_DECODE                        147
 # define RSA_F_PKEY_RSA_CTRL                              143
 # define RSA_F_PKEY_RSA_CTRL_STR                          144
 # define RSA_F_PKEY_RSA_SIGN                              142
 # define RSA_F_PKEY_RSA_VERIFY                            154
 # define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
 # define RSA_F_RSA_ALGOR_TO_MD                            157
 # define RSA_F_RSA_BUILTIN_KEYGEN                         129
 # define RSA_F_RSA_CHECK_KEY                              123
 # define RSA_F_RSA_CMS_DECRYPT                            158
 # define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
 # define RSA_F_RSA_EAY_PRIVATE_ENCRYPT                    102
 # define RSA_F_RSA_EAY_PUBLIC_DECRYPT                     103
 # define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                     104
 # define RSA_F_RSA_GENERATE_KEY                           105
 # define RSA_F_RSA_GENERATE_KEY_EX                        155
 # define RSA_F_RSA_ITEM_VERIFY                            156
 # define RSA_F_RSA_MEMORY_LOCK                            130
 # define RSA_F_RSA_MGF1_TO_MD                             159
 # define RSA_F_RSA_NEW_METHOD                             106
 # define RSA_F_RSA_NULL                                   124
 # define RSA_F_RSA_NULL_MOD_EXP                           131
@ -421,29 +557,37 @@ void ERR_load_RSA_strings(void);
 # define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
 # define RSA_F_RSA_PADDING_ADD_NONE                       107
 # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
 # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1            160
 # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
 # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1             148
 # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
 # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
 # define RSA_F_RSA_PADDING_ADD_SSLV23                     110
 # define RSA_F_RSA_PADDING_ADD_X931                       127
 # define RSA_F_RSA_PADDING_CHECK_NONE                     111
 # define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
 # define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1          161
 # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
 # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
 # define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
 # define RSA_F_RSA_PADDING_CHECK_X931                     128
 # define RSA_F_RSA_PRINT                                  115
 # define RSA_F_RSA_PRINT_FP                               116
-#define RSA_F_RSA_PRIVATE_ENCRYPT			 137
+# define RSA_F_RSA_PRIVATE_DECRYPT                        150
-#define RSA_F_RSA_PUBLIC_DECRYPT			 138
+# define RSA_F_RSA_PRIVATE_ENCRYPT                        151
 # define RSA_F_RSA_PRIV_DECODE                            137
 # define RSA_F_RSA_PRIV_ENCODE                            138
 # define RSA_F_RSA_PSS_TO_CTX                             162
 # define RSA_F_RSA_PUBLIC_DECRYPT                         152
 # define RSA_F_RSA_PUBLIC_ENCRYPT                         153
 # define RSA_F_RSA_PUB_DECODE                             139
 # define RSA_F_RSA_SETUP_BLINDING                         136
 #define RSA_F_RSA_SET_DEFAULT_METHOD			 139
 #define RSA_F_RSA_SET_METHOD				 142
 # define RSA_F_RSA_SIGN                                   117
 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
 # define RSA_F_RSA_VERIFY                                 119
 # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
 # define RSA_F_RSA_VERIFY_PKCS1_PSS                       126
 # define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                  149
 /* Reason codes. */
 # define RSA_R_ALGORITHM_MISMATCH                         100
@ -459,26 +603,41 @@ void ERR_load_RSA_strings(void);
 # define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
 # define RSA_R_DATA_TOO_SMALL                             111
 # define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
 # define RSA_R_DIGEST_DOES_NOT_MATCH                      166
 # define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
 # define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
 # define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
 # define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
 # define RSA_R_FIRST_OCTET_INVALID                        133
 # define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
 # define RSA_R_INVALID_DIGEST                             160
 # define RSA_R_INVALID_DIGEST_LENGTH                      143
 # define RSA_R_INVALID_HEADER                             137
 # define RSA_R_INVALID_KEYBITS                            145
 # define RSA_R_INVALID_LABEL                              161
 # define RSA_R_INVALID_MESSAGE_LENGTH                     131
 # define RSA_R_INVALID_MGF1_MD                            156
 # define RSA_R_INVALID_OAEP_PARAMETERS                    162
 # define RSA_R_INVALID_PADDING                            138
 # define RSA_R_INVALID_PADDING_MODE                       141
 # define RSA_R_INVALID_PSS_PARAMETERS                     149
 # define RSA_R_INVALID_PSS_SALTLEN                        146
 # define RSA_R_INVALID_SALT_LENGTH                        150
 # define RSA_R_INVALID_TRAILER                            139
 # define RSA_R_INVALID_X931_DIGEST                        142
 # define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
 # define RSA_R_KEY_SIZE_TOO_SMALL                         120
 # define RSA_R_LAST_OCTET_INVALID                         134
 # define RSA_R_MODULUS_TOO_LARGE                          105
-#define RSA_R_NON_FIPS_METHOD				 141
+# define RSA_R_NON_FIPS_RSA_METHOD                        157
 # define RSA_R_NO_PUBLIC_EXPONENT                         140
 # define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
 # define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
 # define RSA_R_OAEP_DECODING_ERROR                        121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 142
+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         158
 # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
 # define RSA_R_PADDING_CHECK_FAILED                       114
 # define RSA_R_PKCS_DECODING_ERROR                        159
 # define RSA_R_P_NOT_PRIME                                128
 # define RSA_R_Q_NOT_PRIME                                129
 # define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
@ -487,7 +646,16 @@ void ERR_load_RSA_strings(void);
 # define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
 # define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 # define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
 # define RSA_R_UNKNOWN_DIGEST                             163
 # define RSA_R_UNKNOWN_MASK_DIGEST                        151
 # define RSA_R_UNKNOWN_PADDING_TYPE                       118
 # define RSA_R_UNKNOWN_PSS_DIGEST                         152
 # define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE                164
 # define RSA_R_UNSUPPORTED_LABEL_SOURCE                   165
 # define RSA_R_UNSUPPORTED_MASK_ALGORITHM                 153
 # define RSA_R_UNSUPPORTED_MASK_PARAMETER                 154
 # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                 155
 # define RSA_R_VALUE_MISSING                              147
 # define RSA_R_WRONG_SIGNATURE_LENGTH                     119
 #ifdef  __cplusplus
--- a/src/Mayaqua/win32_inc/openssl/safestack.h
+++ b/src/Mayaqua/win32_inc/openssl/safestack.h
--- a/src/Mayaqua/win32_inc/openssl/seed.h
+++ b/src/Mayaqua/win32_inc/openssl/seed.h
@ -0,0 +1,149 @@
 /*
 * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Neither the name of author nor the names of its contributors may
 *    be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 */
 /* ====================================================================
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef HEADER_SEED_H
 # define HEADER_SEED_H
 # include <openssl/opensslconf.h>
 # include <openssl/e_os2.h>
 # include <openssl/crypto.h>
 # ifdef OPENSSL_NO_SEED
 #  error SEED is disabled.
 # endif
 /* look whether we need 'long' to get 32 bits */
 # ifdef AES_LONG
 #  ifndef SEED_LONG
 #   define SEED_LONG 1
 #  endif
 # endif
 # if !defined(NO_SYS_TYPES_H)
 #  include <sys/types.h>
 # endif
 # define SEED_BLOCK_SIZE 16
 # define SEED_KEY_LENGTH 16
 #ifdef  __cplusplus
 extern "C" {
 #endif
 typedef struct seed_key_st {
 # ifdef SEED_LONG
    unsigned long data[32];
 # else
    unsigned int data[32];
 # endif
 } SEED_KEY_SCHEDULE;
 # ifdef OPENSSL_FIPS
 void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
                          SEED_KEY_SCHEDULE *ks);
 # endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
                  SEED_KEY_SCHEDULE *ks);
 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
                  unsigned char d[SEED_BLOCK_SIZE],
                  const SEED_KEY_SCHEDULE *ks);
 void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
                  unsigned char d[SEED_BLOCK_SIZE],
                  const SEED_KEY_SCHEDULE *ks);
 void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
                      const SEED_KEY_SCHEDULE *ks, int enc);
 void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
                      const SEED_KEY_SCHEDULE *ks,
                      unsigned char ivec[SEED_BLOCK_SIZE], int enc);
 void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                         size_t len, const SEED_KEY_SCHEDULE *ks,
                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
                         int enc);
 void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                         size_t len, const SEED_KEY_SCHEDULE *ks,
                         unsigned char ivec[SEED_BLOCK_SIZE], int *num);
 #ifdef  __cplusplus
 }
 #endif
 #endif                          /* HEADER_SEED_H */
--- a/src/Mayaqua/win32_inc/openssl/sha.h
+++ b/src/Mayaqua/win32_inc/openssl/sha.h
@ -74,14 +74,14 @@ extern "C" {
 #  define FIPS_SHA_SIZE_T size_t
 # endif
-/*
+/*-
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
 * ! SHA_LONG_LOG2 has to be defined along.                        !
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 */
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# if defined(__LP32__)
 #  define SHA_LONG unsigned long
 # elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #  define SHA_LONG unsigned long
@ -92,13 +92,12 @@ extern "C" {
 # define SHA_LBLOCK      16
 # define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
-					 * contiguous array of 32 bit
+                                        * contiguous array of 32 bit wide
-					 * wide big-endian values. */
+                                        * big-endian values. */
 # define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
 # define SHA_DIGEST_LENGTH 20
-typedef struct SHAstate_st
+typedef struct SHAstate_st {
 	{
    SHA_LONG h0, h1, h2, h3, h4;
    SHA_LONG Nl, Nh;
    SHA_LONG data[SHA_LBLOCK];
@ -116,6 +115,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 # endif
 # ifndef OPENSSL_NO_SHA1
 #  ifdef OPENSSL_FIPS
 int private_SHA1_Init(SHA_CTX *c);
 #  endif
 int SHA1_Init(SHA_CTX *c);
 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
@ -124,13 +126,12 @@ void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 # endif
 # define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
-					 * contiguous array of 32 bit
+                                        * contiguous array of 32 bit wide
-					 * wide big-endian values. */
+                                        * big-endian values. */
 # define SHA224_DIGEST_LENGTH    28
 # define SHA256_DIGEST_LENGTH    32
-typedef struct SHA256state_st
+typedef struct SHA256state_st {
 	{
    SHA_LONG h[8];
    SHA_LONG Nl, Nh;
    SHA_LONG data[SHA_LBLOCK];
@ -138,6 +139,10 @@ typedef struct SHA256state_st
 } SHA256_CTX;
 # ifndef OPENSSL_NO_SHA256
 #  ifdef OPENSSL_FIPS
 int private_SHA224_Init(SHA256_CTX *c);
 int private_SHA256_Init(SHA256_CTX *c);
 #  endif
 int SHA224_Init(SHA256_CTX *c);
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@ -158,9 +163,12 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
 * being exactly 64-bit wide. See Implementation Notes in sha512.c
 * for further details.
 */
-#define SHA512_CBLOCK	(SHA_LBLOCK*8)	/* SHA-512 treats input data as a
+/*
 * SHA-512 treats input data as a
 * contiguous array of 64 bit
-					 * wide big-endian values. */
+ * wide big-endian values.
 */
 #  define SHA512_CBLOCK   (SHA_LBLOCK*8)
 #  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
 #   define SHA_LONG64 unsigned __int64
 #   define U64(C)     C##UI64
@ -172,8 +180,7 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
 #   define U64(C)     C##ULL
 #  endif
-typedef struct SHA512state_st
+typedef struct SHA512state_st {
 	{
    SHA_LONG64 h[8];
    SHA_LONG64 Nl, Nh;
    union {
@ -185,6 +192,10 @@ typedef struct SHA512state_st
 # endif
 # ifndef OPENSSL_NO_SHA512
 #  ifdef OPENSSL_FIPS
 int private_SHA384_Init(SHA512_CTX *c);
 int private_SHA512_Init(SHA512_CTX *c);
 #  endif
 int SHA384_Init(SHA512_CTX *c);
 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
--- a/src/Mayaqua/win32_inc/openssl/srp.h
+++ b/src/Mayaqua/win32_inc/openssl/srp.h
@ -0,0 +1,169 @@
 /* crypto/srp/srp.h */
 /*
 * Written by Christophe Renou (christophe.renou@edelweb.fr) with the
 * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the
 * EdelKey project and contributed to the OpenSSL project 2004.
 */
 /* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef __SRP_H__
 # define __SRP_H__
 # ifndef OPENSSL_NO_SRP
 #  include <stdio.h>
 #  include <string.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
 #  include <openssl/safestack.h>
 #  include <openssl/bn.h>
 #  include <openssl/crypto.h>
 typedef struct SRP_gN_cache_st {
    char *b64_bn;
    BIGNUM *bn;
 } SRP_gN_cache;
 DECLARE_STACK_OF(SRP_gN_cache)
 typedef struct SRP_user_pwd_st {
    char *id;
    BIGNUM *s;
    BIGNUM *v;
    const BIGNUM *g;
    const BIGNUM *N;
    char *info;
 } SRP_user_pwd;
 DECLARE_STACK_OF(SRP_user_pwd)
 typedef struct SRP_VBASE_st {
    STACK_OF(SRP_user_pwd) *users_pwd;
    STACK_OF(SRP_gN_cache) *gN_cache;
 /* to simulate a user */
    char *seed_key;
    BIGNUM *default_g;
    BIGNUM *default_N;
 } SRP_VBASE;
 /*
 * Structure interne pour retenir les couples N et g
 */
 typedef struct SRP_gN_st {
    char *id;
    BIGNUM *g;
    BIGNUM *N;
 } SRP_gN;
 DECLARE_STACK_OF(SRP_gN)
 SRP_VBASE *SRP_VBASE_new(char *seed_key);
 int SRP_VBASE_free(SRP_VBASE *vb);
 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
 char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                          char **verifier, const char *N, const char *g);
 int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
                           BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
 #  define SRP_NO_ERROR 0
 #  define SRP_ERR_VBASE_INCOMPLETE_FILE 1
 #  define SRP_ERR_VBASE_BN_LIB 2
 #  define SRP_ERR_OPEN_FILE 3
 #  define SRP_ERR_MEMORY 4
 #  define DB_srptype      0
 #  define DB_srpverifier  1
 #  define DB_srpsalt      2
 #  define DB_srpid        3
 #  define DB_srpgN        4
 #  define DB_srpinfo      5
 #  undef  DB_NUMBER
 #  define DB_NUMBER       6
 #  define DB_SRP_INDEX    'I'
 #  define DB_SRP_VALID    'V'
 #  define DB_SRP_REVOKED  'R'
 #  define DB_SRP_MODIF    'v'
 /* see srp.c */
 char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N);
 SRP_gN *SRP_get_default_gN(const char *id);
 /* server side .... */
 BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
                            BIGNUM *N);
 BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
 int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
 BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N);
 /* client side .... */
 BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
 BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
 BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
                            BIGNUM *a, BIGNUM *u);
 int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
 #  define SRP_MINIMAL_N 1024
 #ifdef  __cplusplus
 }
 #endif
 # endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/srtp.h
+++ b/src/Mayaqua/win32_inc/openssl/srtp.h
@ -0,0 +1,147 @@
 /* ssl/srtp.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 /*
 * DTLS code by Eric Rescorla <ekr@rtfm.com>
 *
 * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
 */
 #ifndef HEADER_D1_SRTP_H
 # define HEADER_D1_SRTP_H
 # include <openssl/ssl.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
 # define SRTP_AES128_CM_SHA1_80 0x0001
 # define SRTP_AES128_CM_SHA1_32 0x0002
 # define SRTP_AES128_F8_SHA1_80 0x0003
 # define SRTP_AES128_F8_SHA1_32 0x0004
 # define SRTP_NULL_SHA1_80      0x0005
 # define SRTP_NULL_SHA1_32      0x0006
 # ifndef OPENSSL_NO_SRTP
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
 int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 # endif
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/ssl.h
+++ b/src/Mayaqua/win32_inc/openssl/ssl.h
--- a/src/Mayaqua/win32_inc/openssl/ssl2.h
+++ b/src/Mayaqua/win32_inc/openssl/ssl2.h
@ -136,12 +136,15 @@ extern "C" {
 # ifdef OPENSSL_SYS_MPE
 #  define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    29998u
 # else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */
+#  define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u
                                                       /* 2^15-1 */
 # endif
 # define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383/* 2^14-1 */
 # define SSL2_CHALLENGE_LENGTH   16
-/*#define SSL2_CHALLENGE_LENGTH	32 */
+/*
 * #define SSL2_CHALLENGE_LENGTH 32
 */
 # define SSL2_MIN_CHALLENGE_LENGTH       16
 # define SSL2_MAX_CHALLENGE_LENGTH       32
 # define SSL2_CONNECTION_ID_LENGTH       16
@ -155,32 +158,29 @@ extern "C" {
 #  define  CERT           char
 # endif
-typedef struct ssl2_state_st
+# ifndef OPENSSL_NO_SSL_INTERN
-	{
+
 typedef struct ssl2_state_st {
    int three_byte_header;
    int clear_text;             /* clear text */
    int escape;                 /* not used in SSLv2 */
    int ssl2_rollback;          /* used if SSLv23 rolled back to SSLv2 */
-
+    /*
-	/* non-blocking io info, used to make sure the same
+     * non-blocking io info, used to make sure the same args were passwd
-	 * args were passwd */
+     */
    unsigned int wnum;          /* number of bytes sent so far */
    int wpend_tot;
    const unsigned char *wpend_buf;
    int wpend_off;              /* offset to data to write */
    int wpend_len;              /* number of bytes passwd to write */
    int wpend_ret;              /* number of bytes to return to caller */
    /* buffer raw data */
    int rbuf_left;
    int rbuf_offs;
    unsigned char *rbuf;
    unsigned char *wbuf;
-
+    unsigned char *write_ptr;   /* used to point to the start due to 2/3 byte
-	unsigned char *write_ptr;/* used to point to the start due to
+                                 * header. */
 				  * 2/3 byte header. */
    unsigned int padding;
    unsigned int rlength;       /* passed to ssl2_enc */
    int ract_data_length;       /* Set when things are encrypted. */
@ -189,10 +189,8 @@ typedef struct ssl2_state_st
    unsigned char *ract_data;
    unsigned char *wact_data;
    unsigned char *mac_data;
    unsigned char *read_key;
    unsigned char *write_key;
    /* Stuff specifically to do with this SSL session */
    unsigned int challenge_length;
    unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
@ -200,10 +198,8 @@ typedef struct ssl2_state_st
    unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
    unsigned int key_material_length;
    unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2];
    unsigned long read_sequence;
    unsigned long write_sequence;
    struct {
        unsigned int conn_id_length;
        unsigned int cert_type;
@ -219,6 +215,8 @@ typedef struct ssl2_state_st
    } tmp;
 } SSL2_STATE;
 # endif
 /* SSLv2 */
 /* client */
 # define SSL2_ST_SEND_CLIENT_HELLO_A             (0x10|SSL_ST_CONNECT)
@ -265,4 +263,3 @@ typedef struct ssl2_state_st
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/ssl23.h
+++ b/src/Mayaqua/win32_inc/openssl/ssl23.h
@ -63,7 +63,9 @@
 extern "C" {
 #endif
-/*client */
+/*
 * client
 */
 /* write to server */
 # define SSL23_ST_CW_CLNT_HELLO_A        (0x210|SSL_ST_CONNECT)
 # define SSL23_ST_CW_CLNT_HELLO_B        (0x211|SSL_ST_CONNECT)
@ -80,4 +82,3 @@ extern "C" {
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/ssl3.h
+++ b/src/Mayaqua/win32_inc/openssl/ssl3.h
@ -123,15 +123,23 @@
 # include <openssl/buffer.h>
 # include <openssl/evp.h>
 # include <openssl/ssl.h>
 #include <openssl/pq_compat.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+/*
 * Signalling cipher suite value from RFC 5746
 * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
 */
 # define SSL3_CK_SCSV                            0x030000FF
 /*
 * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
 * (TLS_FALLBACK_SCSV)
 */
 # define SSL3_CK_FALLBACK_SCSV                   0x03005600
 # define SSL3_CK_RSA_NULL_MD5                    0x03000001
 # define SSL3_CK_RSA_NULL_SHA                    0x03000002
 # define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
@ -151,11 +159,17 @@ extern "C" {
 # define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
 # define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
 # define SSL3_CK_DHE_DSS_DES_40_CBC_SHA          SSL3_CK_EDH_DSS_DES_40_CBC_SHA
 # define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
 # define SSL3_CK_DHE_DSS_DES_64_CBC_SHA          SSL3_CK_EDH_DSS_DES_64_CBC_SHA
 # define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
 # define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA
 # define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
 # define SSL3_CK_DHE_RSA_DES_40_CBC_SHA          SSL3_CK_EDH_RSA_DES_40_CBC_SHA
 # define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
 # define SSL3_CK_DHE_RSA_DES_64_CBC_SHA          SSL3_CK_EDH_RSA_DES_64_CBC_SHA
 # define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
 # define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA
 # define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
 # define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
@ -163,15 +177,20 @@ extern "C" {
 # define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
 # define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
 # if 0
 #  define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
 #  define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+#  if 0                         /* Because it clashes with KRB5, is never
-	 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+                                 * used any more, and is safe to remove
-	 of the ietf-tls list */
+                                 * according to David Hopwood
                                 * <david.hopwood@zetnet.co.uk> of the
                                 * ietf-tls list */
 #   define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
 #  endif
 # endif
-/*    VRS Additional Kerberos5 entries
+/*
 * VRS Additional Kerberos5 entries
 */
 # define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
 # define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
@ -207,6 +226,18 @@ extern "C" {
 # define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
 # define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
 # define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA         "EXP-DHE-DSS-DES-CBC-SHA"
 # define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA         "DHE-DSS-DES-CBC-SHA"
 # define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA       "DHE-DSS-DES-CBC3-SHA"
 # define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA         "EXP-DHE-RSA-DES-CBC-SHA"
 # define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA         "DHE-RSA-DES-CBC-SHA"
 # define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA       "DHE-RSA-DES-CBC3-SHA"
 /*
 * This next block of six "EDH" labels is for backward compatibility with
 * older versions of OpenSSL.  New code should use the six "DHE" labels above
 * instead:
 */
 # define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
 # define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
 # define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
@ -220,9 +251,11 @@ extern "C" {
 # define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
 # define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
 # if 0
 #  define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
 #  define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
 #  define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
 # endif
 # define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
 # define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
@ -248,23 +281,73 @@ extern "C" {
 # define SSL3_SESSION_ID_SIZE                    32
 # define SSL3_RT_HEADER_LENGTH                   5
-/* Due to MS stuffing up, this can change.... */
+# define SSL3_HM_HEADER_LENGTH                  4
-#if defined(OPENSSL_SYS_WIN16) || \
+
-	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
+# ifndef SSL3_ALIGN_PAYLOAD
-#define SSL3_RT_MAX_EXTRA			(14000)
+ /*
  * Some will argue that this increases memory footprint, but it's not
  * actually true. Point is that malloc has to return at least 64-bit aligned
  * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
  * Suggested pre-gaping simply moves these wasted bytes from the end of
  * allocated region to its front, but makes data payload aligned, which
  * improves performance:-)
  */
 #  define SSL3_ALIGN_PAYLOAD                     8
 # else
-#define SSL3_RT_MAX_EXTRA			(16384)
+#  if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
 #   error "insane SSL3_ALIGN_PAYLOAD"
 #   undef SSL3_ALIGN_PAYLOAD
 #  endif
 # endif
 /*
 * This is the maximum MAC (digest) size used by the SSL library. Currently
 * maximum of 20 is used by SHA1, but we reserve for future extension for
 * 512-bit hashes.
 */
 # define SSL3_RT_MAX_MD_SIZE                     64
 /*
 * Maximum block size used in all ciphersuites. Currently 16 for AES.
 */
 # define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
 # define SSL3_RT_MAX_EXTRA                       (16384)
 /* Maximum plaintext length: defined by SSL/TLS standards */
 # define SSL3_RT_MAX_PLAIN_LENGTH                16384
 /* Maximum compression overhead: defined by SSL/TLS standards */
 # define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
 /*
 * The standards give a maximum encryption overhead of 1024 bytes. In
 * practice the value is lower than this. The overhead is the maximum number
 * of padding bytes (256) plus the mac size.
 */
 # define SSL3_RT_MAX_ENCRYPTED_OVERHEAD  (256 + SSL3_RT_MAX_MD_SIZE)
 /*
 * OpenSSL currently only uses a padding length of at most one block so the
 * send overhead is smaller.
 */
 # define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
 /* If compression isn't used don't include the compression overhead */
 # ifdef OPENSSL_NO_COMP
 #  define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
 # else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH	(1024+SSL3_RT_MAX_PLAIN_LENGTH)
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH   \
                (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
 # endif
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH	(1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
+# define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
-#define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+                (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_DATA_SIZE			(1024*1024)
+# define SSL3_RT_MAX_PACKET_SIZE         \
                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 # define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
 # define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
@ -277,6 +360,24 @@ extern "C" {
 # define SSL3_RT_ALERT                   21
 # define SSL3_RT_HANDSHAKE               22
 # define SSL3_RT_APPLICATION_DATA        23
 # define TLS1_RT_HEARTBEAT               24
 /* Pseudo content types to indicate additional parameters */
 # define TLS1_RT_CRYPTO                  0x1000
 # define TLS1_RT_CRYPTO_PREMASTER        (TLS1_RT_CRYPTO | 0x1)
 # define TLS1_RT_CRYPTO_CLIENT_RANDOM    (TLS1_RT_CRYPTO | 0x2)
 # define TLS1_RT_CRYPTO_SERVER_RANDOM    (TLS1_RT_CRYPTO | 0x3)
 # define TLS1_RT_CRYPTO_MASTER           (TLS1_RT_CRYPTO | 0x4)
 # define TLS1_RT_CRYPTO_READ             0x0000
 # define TLS1_RT_CRYPTO_WRITE            0x0100
 # define TLS1_RT_CRYPTO_MAC              (TLS1_RT_CRYPTO | 0x5)
 # define TLS1_RT_CRYPTO_KEY              (TLS1_RT_CRYPTO | 0x6)
 # define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
 # define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)
 /* Pseudo content type for SSL/TLS header info */
 # define SSL3_RT_HEADER                  0x100
 # define SSL3_AL_WARNING                 1
 # define SSL3_AL_FATAL                   2
@ -294,27 +395,59 @@ extern "C" {
 # define SSL3_AD_CERTIFICATE_UNKNOWN     46
 # define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
-typedef struct ssl3_record_st
+# define TLS1_HB_REQUEST         1
-	{
+# define TLS1_HB_RESPONSE        2
-/*r */	int type;               /* type of record */
+
-/*rw*/	unsigned int length;    /* How many bytes available */
+# ifndef OPENSSL_NO_SSL_INTERN
-/*r */	unsigned int off;       /* read/write offset into 'buf' */
+
-/*rw*/	unsigned char *data;    /* pointer to the record data */
+typedef struct ssl3_record_st {
-/*rw*/	unsigned char *input;   /* where the decode bytes are */
+    /* type of record */
-/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
+    /*
-/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
+     * r
-/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
+     */ int type;
    /* How many bytes available */
    /*
     * rw
     */ unsigned int length;
    /* read/write offset into 'buf' */
    /*
     * r
     */ unsigned int off;
    /* pointer to the record data */
    /*
     * rw
     */ unsigned char *data;
    /* where the decode bytes are */
    /*
     * rw
     */ unsigned char *input;
    /* only used with decompression - malloc()ed */
    /*
     * r
     */ unsigned char *comp;
    /* epoch number, needed by DTLS1 */
    /*
     * r
     */ unsigned long epoch;
    /* sequence number, needed by DTLS1 */
    /*
     * r
     */ unsigned char seq_num[8];
 } SSL3_RECORD;
-typedef struct ssl3_buffer_st
+typedef struct ssl3_buffer_st {
-	{
+    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
-	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+    unsigned char *buf;
-	                         * see ssl3_setup_buffers() */
+    /* buffer size */
-	size_t len;             /* buffer size */
+    size_t len;
-	int offset;             /* where to 'copy from' */
+    /* where to 'copy from' */
-	int left;               /* how many bytes left */
+    int offset;
    /* how many bytes left */
    int left;
 } SSL3_BUFFER;
 # endif
 # define SSL3_CT_RSA_SIGN                        1
 # define SSL3_CT_DSS_SIGN                        2
 # define SSL3_CT_RSA_FIXED_DH                    3
@ -322,130 +455,134 @@ typedef struct ssl3_buffer_st
 # define SSL3_CT_RSA_EPHEMERAL_DH                5
 # define SSL3_CT_DSS_EPHEMERAL_DH                6
 # define SSL3_CT_FORTEZZA_DMS                    20
-/* SSL3_CT_NUMBER is used to size arrays and it must be large
+/*
- * enough to contain all of the cert types defined either for
+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
- * SSLv3 and TLSv1.
+ * contain all of the cert types defined either for SSLv3 and TLSv1.
 */
-#define SSL3_CT_NUMBER			7
+# define SSL3_CT_NUMBER                  9
 # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
 # define SSL3_FLAGS_DELAY_CLIENT_FINISHED        0x0002
 # define SSL3_FLAGS_POP_BUFFER                   0x0004
 # define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
- 
+# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+# define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
- * restart a handshake because of MS SGC and so prevents us
+/*
- * from restarting the handshake in a loop. It's reset on a
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
- * renegotiation, so effectively limits the client to one restart
+ * Cleared after the message has been processed.
 * per negotiation. This limits the possibility of a DDoS
 * attack where the client handshakes in a loop using SGC to
 * restart. Servers which permit renegotiation can still be
 * effected, but we can't prevent that.
 */
 # define SSL3_FLAGS_CCS_OK                       0x0080
 /* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */
 # define SSL3_FLAGS_SGC_RESTART_DONE             0x0040
-typedef struct ssl3_state_st
+# ifndef OPENSSL_NO_SSL_INTERN
-	{
+
 typedef struct ssl3_state_st {
    long flags;
    int delay_buf_pop_ret;
    unsigned char read_sequence[8];
    int read_mac_secret_size;
    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
    unsigned char write_sequence[8];
    int write_mac_secret_size;
    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
    unsigned char server_random[SSL3_RANDOM_SIZE];
    unsigned char client_random[SSL3_RANDOM_SIZE];
    /* flags for countermeasure against known-IV weakness */
    int need_empty_fragments;
    int empty_fragment_done;
-
+    /* The value of 'extra' when the buffers were initialized */
    int init_extra;
    SSL3_BUFFER rbuf;           /* read IO goes into here */
    SSL3_BUFFER wbuf;           /* write IO goes into here */
    SSL3_RECORD rrec;           /* each decoded record goes in here */
    SSL3_RECORD wrec;           /* goes out from here */
-
+    /*
-	/* storage for Alert/Handshake protocol data received but not
+     * storage for Alert/Handshake protocol data received but not yet
-	 * yet processed by ssl3_read_bytes: */
+     * processed by ssl3_read_bytes:
     */
    unsigned char alert_fragment[2];
    unsigned int alert_fragment_len;
    unsigned char handshake_fragment[4];
    unsigned int handshake_fragment_len;
    /* partial write - check the numbers match */
    unsigned int wnum;          /* number of bytes sent so far */
    int wpend_tot;              /* number bytes written */
    int wpend_type;
    int wpend_ret;              /* number of bytes submitted */
    const unsigned char *wpend_buf;
    /* used during startup, digest all incoming/outgoing packets */
-	EVP_MD_CTX finish_dgst1;
+    BIO *handshake_buffer;
-	EVP_MD_CTX finish_dgst2;
+    /*
-
+     * When set of handshake digests is determined, buffer is hashed and
-	/* this is set whenerver we see a change_cipher_spec message
+     * freed and MD_CTX-es for all required digests are stored in this array
-	 * come in when we are not looking for one */
+     */
    EVP_MD_CTX **handshake_dgst;
    /*
     * Set whenever an expected ChangeCipherSpec message is processed.
     * Unset when the peer's Finished message is received.
     * Unexpected ChangeCipherSpec messages trigger a fatal alert.
     */
    int change_cipher_spec;
    int warn_alert;
    int fatal_alert;
-	/* we allow one fatal and one warning alert to be outstanding,
+    /*
-	 * send close alert via the warning alert */
+     * we allow one fatal and one warning alert to be outstanding, send close
     * alert via the warning alert
     */
    int alert_dispatch;
    unsigned char send_alert[2];
-
+    /*
-	/* This flag is set when we should renegotiate ASAP, basically when
+     * This flag is set when we should renegotiate ASAP, basically when there
-	 * there is no more data in the read or write buffers */
+     * is no more data in the read or write buffers
     */
    int renegotiate;
    int total_renegotiations;
    int num_renegotiations;
    int in_read_app_data;
-
+    /*
     * Opaque PRF input as used for the current handshake. These fields are
     * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they
     * are merely present to improve binary compatibility)
     */
    void *client_opaque_prf_input;
    size_t client_opaque_prf_input_len;
    void *server_opaque_prf_input;
    size_t server_opaque_prf_input_len;
    struct {
        /* actually only needs to be 16+20 */
        unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
        int finish_md_len;
        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
        int peer_finish_md_len;
        unsigned long message_size;
        int message_type;
        /* used to hold the new cipher we are going to use */
-		SSL_CIPHER *new_cipher;
+        const SSL_CIPHER *new_cipher;
 #  ifndef OPENSSL_NO_DH
        DH *dh;
 #  endif
 #  ifndef OPENSSL_NO_ECDH
        EC_KEY *ecdh;           /* holds short lived ECDH key */
 #  endif
        /* used when SSL_ST_FLUSH_DATA is entered */
        int next_state;
        int reuse_message;
        /* used for certificate requests */
        int cert_req;
        int ctype_num;
        char ctype[SSL3_CT_NUMBER];
        STACK_OF(X509_NAME) *ca_names;
        int use_rsa_tmp;
        int key_block_length;
        unsigned char *key_block;
        const EVP_CIPHER *new_sym_enc;
        const EVP_MD *new_hash;
        int new_mac_pkey_type;
        int new_mac_secret_size;
 #  ifndef OPENSSL_NO_COMP
        const SSL_COMP *new_compression;
 #  else
@ -460,13 +597,51 @@ typedef struct ssl3_state_st
    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
    unsigned char previous_server_finished_len;
    int send_connection_binding; /* TODOEKR */
 #  ifndef OPENSSL_NO_NEXTPROTONEG
    /*
     * Set if we saw the Next Protocol Negotiation extension from our peer.
     */
    int next_proto_neg_seen;
 #  endif
 #  ifndef OPENSSL_NO_TLSEXT
 #   ifndef OPENSSL_NO_EC
    /*
     * This is set to true if we believe that this is a version of Safari
     * running on OS X 10.6 or newer. We wish to know this because Safari on
     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
     */
    char is_probably_safari;
 #   endif                       /* !OPENSSL_NO_EC */
    /*
     * ALPN information (we are in the process of transitioning from NPN to
     * ALPN.)
     */
    /*
     * In a server these point to the selected ALPN protocol after the
     * ClientHello has been processed. In a client these contain the protocol
     * that the server selected once the ServerHello has been processed.
     */
    unsigned char *alpn_selected;
    unsigned alpn_selected_len;
 #  endif                        /* OPENSSL_NO_TLSEXT */
 } SSL3_STATE;
 # endif
 /* SSLv3 */
-/*client */
+/*
 * client
 */
 /* extra state */
 # define SSL3_ST_CW_FLUSH                (0x100|SSL_ST_CONNECT)
 # ifndef OPENSSL_NO_SCTP
 #  define DTLS1_SCTP_ST_CW_WRITE_SOCK                     (0x310|SSL_ST_CONNECT)
 #  define DTLS1_SCTP_ST_CR_READ_SOCK                      (0x320|SSL_ST_CONNECT)
 # endif
 /* write to server */
 # define SSL3_ST_CW_CLNT_HELLO_A         (0x110|SSL_ST_CONNECT)
 # define SSL3_ST_CW_CLNT_HELLO_B         (0x111|SSL_ST_CONNECT)
@ -494,6 +669,10 @@ typedef struct ssl3_state_st
 # define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
 # define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
 # define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_ST_CW_NEXT_PROTO_A         (0x200|SSL_ST_CONNECT)
 #  define SSL3_ST_CW_NEXT_PROTO_B         (0x201|SSL_ST_CONNECT)
 # endif
 # define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
 # define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
 /* read from server */
@ -509,11 +688,16 @@ typedef struct ssl3_state_st
 /* server */
 /* extra state */
 # define SSL3_ST_SW_FLUSH                (0x100|SSL_ST_ACCEPT)
 # ifndef OPENSSL_NO_SCTP
 #  define DTLS1_SCTP_ST_SW_WRITE_SOCK                     (0x310|SSL_ST_ACCEPT)
 #  define DTLS1_SCTP_ST_SR_READ_SOCK                      (0x320|SSL_ST_ACCEPT)
 # endif
 /* read from client */
 /* Do not change the number values, they do matter */
 # define SSL3_ST_SR_CLNT_HELLO_A         (0x110|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_CLNT_HELLO_D         (0x115|SSL_ST_ACCEPT)
 /* write to client */
 # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
 # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
@ -539,6 +723,10 @@ typedef struct ssl3_state_st
 # define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_ST_SR_NEXT_PROTO_A         (0x210|SSL_ST_ACCEPT)
 #  define SSL3_ST_SR_NEXT_PROTO_B         (0x211|SSL_ST_ACCEPT)
 # endif
 # define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
@ -563,9 +751,11 @@ typedef struct ssl3_state_st
 # define SSL3_MT_CLIENT_KEY_EXCHANGE             16
 # define SSL3_MT_FINISHED                        20
 # define SSL3_MT_CERTIFICATE_STATUS              22
 # ifndef OPENSSL_NO_NEXTPROTONEG
 #  define SSL3_MT_NEXT_PROTO                      67
 # endif
 # define DTLS1_MT_HELLO_VERIFY_REQUEST    3
 # define SSL3_MT_CCS                             1
 /* These are used when changing over to a new cipher */
@ -582,4 +772,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/stack.h
+++ b/src/Mayaqua/win32_inc/openssl/stack.h
@ -63,44 +63,42 @@
 extern "C" {
 #endif
-typedef struct stack_st
+typedef struct stack_st {
 	{
    int num;
    char **data;
    int sorted;
    int num_alloc;
-	int (*comp)(const char * const *, const char * const *);
+    int (*comp) (const void *, const void *);
-	} STACK;
+} _STACK;                       /* Use STACK_OF(...) instead */
 # define M_sk_num(sk)            ((sk) ? (sk)->num:-1)
 # define M_sk_value(sk,n)        ((sk) ? (sk)->data[n] : NULL)
-int sk_num(const STACK *);
+int sk_num(const _STACK *);
-char *sk_value(const STACK *, int);
+void *sk_value(const _STACK *, int);
-char *sk_set(STACK *, int, char *);
+void *sk_set(_STACK *, int, void *);
-STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
+_STACK *sk_new(int (*cmp) (const void *, const void *));
-STACK *sk_new_null(void);
+_STACK *sk_new_null(void);
-void sk_free(STACK *);
+void sk_free(_STACK *);
-void sk_pop_free(STACK *st, void (*func)(void *));
+void sk_pop_free(_STACK *st, void (*func) (void *));
-int sk_insert(STACK *sk,char *data,int where);
+_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *));
-char *sk_delete(STACK *st,int loc);
+int sk_insert(_STACK *sk, void *data, int where);
-char *sk_delete_ptr(STACK *st, char *p);
+void *sk_delete(_STACK *st, int loc);
-int sk_find(STACK *st,char *data);
+void *sk_delete_ptr(_STACK *st, void *p);
-int sk_find_ex(STACK *st,char *data);
+int sk_find(_STACK *st, void *data);
-int sk_push(STACK *st,char *data);
+int sk_find_ex(_STACK *st, void *data);
-int sk_unshift(STACK *st,char *data);
+int sk_push(_STACK *st, void *data);
-char *sk_shift(STACK *st);
+int sk_unshift(_STACK *st, void *data);
-char *sk_pop(STACK *st);
+void *sk_shift(_STACK *st);
-void sk_zero(STACK *st);
+void *sk_pop(_STACK *st);
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
+void sk_zero(_STACK *st);
-			const char * const *)))
+int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *)))
-			(const char * const *, const char * const *);
+ (const void *, const void *);
-STACK *sk_dup(STACK *st);
+_STACK *sk_dup(_STACK *st);
-void sk_sort(STACK *st);
+void sk_sort(_STACK *st);
-int sk_is_sorted(const STACK *st);
+int sk_is_sorted(const _STACK *st);
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/store.h
+++ b/src/Mayaqua/win32_inc/openssl/store.h
@ -1,554 +0,0 @@
 /* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
 /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
 * project 2003.
 */
 /* ====================================================================
 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef HEADER_STORE_H
 #define HEADER_STORE_H
 #include <openssl/ossl_typ.h>
 #ifndef OPENSSL_NO_DEPRECATED
 #include <openssl/evp.h>
 #include <openssl/bn.h>
 #include <openssl/x509.h>
 #endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* Already defined in ossl_typ.h */
 /* typedef struct store_st STORE; */
 /* typedef struct store_method_st STORE_METHOD; */
 /* All the following functions return 0, a negative number or NULL on error.
   When everything is fine, they return a positive value or a non-NULL
   pointer, all depending on their purpose. */
 /* Creators and destructor.   */
 STORE *STORE_new_method(const STORE_METHOD *method);
 STORE *STORE_new_engine(ENGINE *engine);
 void STORE_free(STORE *ui);
 /* Give a user interface parametrised control commands.  This can be used to
   send down an integer, a data pointer or a function pointer, as well as
   be used to get information from a STORE. */
 int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));
 /* A control to set the directory with keys and certificates.  Used by the
   built-in directory level method. */
 #define STORE_CTRL_SET_DIRECTORY	0x0001
 /* A control to set a file to load.  Used by the built-in file level method. */
 #define STORE_CTRL_SET_FILE		0x0002
 /* A control to set a configuration file to load.  Can be used by any method
   that wishes to load a configuration file. */
 #define STORE_CTRL_SET_CONF_FILE	0x0003
 /* A control to set a the section of the loaded configuration file.  Can be
   used by any method that wishes to load a configuration file. */
 #define STORE_CTRL_SET_CONF_SECTION	0x0004
 /* Some methods may use extra data */
 #define STORE_set_app_data(s,arg)	STORE_set_ex_data(s,0,arg)
 #define STORE_get_app_data(s)		STORE_get_ex_data(s,0)
 int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int STORE_set_ex_data(STORE *r,int idx,void *arg);
 void *STORE_get_ex_data(STORE *r, int idx);
 /* Use specific methods instead of the built-in one */
 const STORE_METHOD *STORE_get_method(STORE *store);
 const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
 /* The standard OpenSSL methods. */
 /* This is the in-memory method.  It does everything except revoking and updating,
   and is of course volatile.  It's used by other methods that have an in-memory
   cache. */
 const STORE_METHOD *STORE_Memory(void);
 #if 0 /* Not yet implemented */
 /* This is the directory store.  It does everything except revoking and updating,
   and uses STORE_Memory() to cache things in memory. */
 const STORE_METHOD *STORE_Directory(void);
 /* This is the file store.  It does everything except revoking and updating,
   and uses STORE_Memory() to cache things in memory.  Certificates are added
   to it with the store operation, and it will only get cached certificates. */
 const STORE_METHOD *STORE_File(void);
 #endif
 /* Store functions take a type code for the type of data they should store
   or fetch */
 typedef enum STORE_object_types
 	{
 	STORE_OBJECT_TYPE_X509_CERTIFICATE=	0x01, /* X509 * */
 	STORE_OBJECT_TYPE_X509_CRL=		0x02, /* X509_CRL * */
 	STORE_OBJECT_TYPE_PRIVATE_KEY=		0x03, /* EVP_PKEY * */
 	STORE_OBJECT_TYPE_PUBLIC_KEY=		0x04, /* EVP_PKEY * */
 	STORE_OBJECT_TYPE_NUMBER=		0x05, /* BIGNUM * */
 	STORE_OBJECT_TYPE_ARBITRARY=		0x06, /* BUF_MEM * */
 	STORE_OBJECT_TYPE_NUM=			0x06  /* The amount of known
 							 object types */
 	} STORE_OBJECT_TYPES;
 /* List of text strings corresponding to the object types. */
 extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];
 /* Some store functions take a parameter list.  Those parameters come with
   one of the following codes. The comments following the codes below indicate
   what type the value should be a pointer to. */
 typedef enum STORE_params
 	{
 	STORE_PARAM_EVP_TYPE=			0x01, /* int */
 	STORE_PARAM_BITS=			0x02, /* size_t */
 	STORE_PARAM_KEY_PARAMETERS=		0x03, /* ??? */
 	STORE_PARAM_KEY_NO_PARAMETERS=		0x04, /* N/A */
 	STORE_PARAM_AUTH_PASSPHRASE=		0x05, /* char * */
 	STORE_PARAM_AUTH_KRB5_TICKET=		0x06, /* void * */
 	STORE_PARAM_TYPE_NUM=			0x06  /* The amount of known
 							 parameter types */
 	} STORE_PARAM_TYPES;
 /* Parameter value sizes.  -1 means unknown, anything else is the required size. */
 extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];
 /* Store functions take attribute lists.  Those attributes come with codes.
   The comments following the codes below indicate what type the value should
   be a pointer to. */
 typedef enum STORE_attribs
 	{
 	STORE_ATTR_END=				0x00,
 	STORE_ATTR_FRIENDLYNAME=		0x01, /* C string */
 	STORE_ATTR_KEYID=			0x02, /* 160 bit string (SHA1) */
 	STORE_ATTR_ISSUERKEYID=			0x03, /* 160 bit string (SHA1) */
 	STORE_ATTR_SUBJECTKEYID=		0x04, /* 160 bit string (SHA1) */
 	STORE_ATTR_ISSUERSERIALHASH=		0x05, /* 160 bit string (SHA1) */
 	STORE_ATTR_ISSUER=			0x06, /* X509_NAME * */
 	STORE_ATTR_SERIAL=			0x07, /* BIGNUM * */
 	STORE_ATTR_SUBJECT=			0x08, /* X509_NAME * */
 	STORE_ATTR_CERTHASH=			0x09, /* 160 bit string (SHA1) */
 	STORE_ATTR_EMAIL=			0x0a, /* C string */
 	STORE_ATTR_FILENAME=			0x0b, /* C string */
 	STORE_ATTR_TYPE_NUM=			0x0b, /* The amount of known
 							 attribute types */
 	STORE_ATTR_OR=				0xff  /* This is a special
 							 separator, which
 							 expresses the OR
 							 operation.  */
 	} STORE_ATTR_TYPES;
 /* Attribute value sizes.  -1 means unknown, anything else is the required size. */
 extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];
 typedef enum STORE_certificate_status
 	{
 	STORE_X509_VALID=			0x00,
 	STORE_X509_EXPIRED=			0x01,
 	STORE_X509_SUSPENDED=			0x02,
 	STORE_X509_REVOKED=			0x03
 	} STORE_CERTIFICATE_STATUS;
 /* Engine store functions will return a structure that contains all the necessary
 * information, including revokation status for certificates.  This is really not
 * needed for application authors, as the ENGINE framework functions will extract
 * the OpenSSL-specific information when at all possible.  However, for engine
 * authors, it's crucial to know this structure.  */
 typedef struct STORE_OBJECT_st
 	{
 	STORE_OBJECT_TYPES type;
 	union
 		{
 		struct
 			{
 			STORE_CERTIFICATE_STATUS status;
 			X509 *certificate;
 			} x509;
 		X509_CRL *crl;
 		EVP_PKEY *key;
 		BIGNUM *number;
 		BUF_MEM *arbitrary;
 		} data;
 	} STORE_OBJECT;
 DECLARE_STACK_OF(STORE_OBJECT)
 STORE_OBJECT *STORE_OBJECT_new(void);
 void STORE_OBJECT_free(STORE_OBJECT *data);
 /* The following functions handle the storage. They return 0, a negative number
   or NULL on error, anything else on success. */
 X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
 	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
 	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
 int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 X509 *STORE_list_certificate_next(STORE *e, void *handle);
 int STORE_list_certificate_end(STORE *e, void *handle);
 int STORE_list_certificate_endp(STORE *e, void *handle);
 EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_store_private_key(STORE *e, EVP_PKEY *data,
 	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
 	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
 	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
 int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
 int STORE_list_private_key_end(STORE *e, void *handle);
 int STORE_list_private_key_endp(STORE *e, void *handle);
 EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
 	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
 	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
 int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
 int STORE_list_public_key_end(STORE *e, void *handle);
 int STORE_list_public_key_endp(STORE *e, void *handle);
 X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
 	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
 	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
 int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
 int STORE_list_crl_end(STORE *e, void *handle);
 int STORE_list_crl_endp(STORE *e, void *handle);
 int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
 	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
 	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
 BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
 	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
 	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
 BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
 	OPENSSL_ITEM parameters[]);
 /* Create and manipulate methods */
 STORE_METHOD *STORE_create_method(char *name);
 void STORE_destroy_method(STORE_METHOD *store_method);
 /* These callback types are use for store handlers */
 typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);
 typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);
 typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
 typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);
 typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
 typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));
 int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);
 int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);
 int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);
 int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);
 int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);
 int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);
 int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
 int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
 int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);
 int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);
 int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);
 int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
 int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
 int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
 int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);
 STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);
 STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
 STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);
 STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
 STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
 STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);
 STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);
 STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);
 STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);
 STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);
 STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);
 STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);
 STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
 STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);
 STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
 /* Method helper structures and functions. */
 /* This structure is the result of parsing through the information in a list
   of OPENSSL_ITEMs.  It stores all the necessary information in a structured
   way.*/
 typedef struct STORE_attr_info_st STORE_ATTR_INFO;
 /* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
   Note that we do this in the list form, since the list of OPENSSL_ITEMs can
   come in blocks separated with STORE_ATTR_OR.  Note that the value returned
   by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */
 void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
 STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
 int STORE_parse_attrs_end(void *handle);
 int STORE_parse_attrs_endp(void *handle);
 /* Creator and destructor */
 STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
 int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
 /* Manipulators */
 char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
 unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
 	STORE_ATTR_TYPES code);
 X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
 BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
 int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	char *cstr, size_t cstr_size);
 int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	unsigned char *sha1str, size_t sha1str_size);
 int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	X509_NAME *dn);
 int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	BIGNUM *number);
 int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	char *cstr, size_t cstr_size);
 int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	unsigned char *sha1str, size_t sha1str_size);
 int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	X509_NAME *dn);
 int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
 	BIGNUM *number);
 /* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values
   in each contained attribute. */
 int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
 /* Check if the set of attributes in a is within the range of attributes
   set in b. */
 int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
 /* Check if the set of attributes in a are also set in b. */
 int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
 /* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
 int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_STORE_strings(void);
 /* Error codes for the STORE functions. */
 /* Function codes. */
 #define STORE_F_MEM_DELETE				 134
 #define STORE_F_MEM_GENERATE				 135
 #define STORE_F_MEM_LIST_END				 168
 #define STORE_F_MEM_LIST_NEXT				 136
 #define STORE_F_MEM_LIST_START				 137
 #define STORE_F_MEM_MODIFY				 169
 #define STORE_F_MEM_STORE				 138
 #define STORE_F_STORE_ATTR_INFO_GET0_CSTR		 139
 #define STORE_F_STORE_ATTR_INFO_GET0_DN			 140
 #define STORE_F_STORE_ATTR_INFO_GET0_NUMBER		 141
 #define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR		 142
 #define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR		 143
 #define STORE_F_STORE_ATTR_INFO_MODIFY_DN		 144
 #define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER		 145
 #define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR		 146
 #define STORE_F_STORE_ATTR_INFO_SET_CSTR		 147
 #define STORE_F_STORE_ATTR_INFO_SET_DN			 148
 #define STORE_F_STORE_ATTR_INFO_SET_NUMBER		 149
 #define STORE_F_STORE_ATTR_INFO_SET_SHA1STR		 150
 #define STORE_F_STORE_CERTIFICATE			 170
 #define STORE_F_STORE_CTRL				 161
 #define STORE_F_STORE_DELETE_ARBITRARY			 158
 #define STORE_F_STORE_DELETE_CERTIFICATE		 102
 #define STORE_F_STORE_DELETE_CRL			 103
 #define STORE_F_STORE_DELETE_NUMBER			 104
 #define STORE_F_STORE_DELETE_PRIVATE_KEY		 105
 #define STORE_F_STORE_DELETE_PUBLIC_KEY			 106
 #define STORE_F_STORE_GENERATE_CRL			 107
 #define STORE_F_STORE_GENERATE_KEY			 108
 #define STORE_F_STORE_GET_ARBITRARY			 159
 #define STORE_F_STORE_GET_CERTIFICATE			 109
 #define STORE_F_STORE_GET_CRL				 110
 #define STORE_F_STORE_GET_NUMBER			 111
 #define STORE_F_STORE_GET_PRIVATE_KEY			 112
 #define STORE_F_STORE_GET_PUBLIC_KEY			 113
 #define STORE_F_STORE_LIST_CERTIFICATE_END		 114
 #define STORE_F_STORE_LIST_CERTIFICATE_ENDP		 153
 #define STORE_F_STORE_LIST_CERTIFICATE_NEXT		 115
 #define STORE_F_STORE_LIST_CERTIFICATE_START		 116
 #define STORE_F_STORE_LIST_CRL_END			 117
 #define STORE_F_STORE_LIST_CRL_ENDP			 154
 #define STORE_F_STORE_LIST_CRL_NEXT			 118
 #define STORE_F_STORE_LIST_CRL_START			 119
 #define STORE_F_STORE_LIST_PRIVATE_KEY_END		 120
 #define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP		 155
 #define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT		 121
 #define STORE_F_STORE_LIST_PRIVATE_KEY_START		 122
 #define STORE_F_STORE_LIST_PUBLIC_KEY_END		 123
 #define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP		 156
 #define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT		 124
 #define STORE_F_STORE_LIST_PUBLIC_KEY_START		 125
 #define STORE_F_STORE_MODIFY_ARBITRARY			 162
 #define STORE_F_STORE_MODIFY_CERTIFICATE		 163
 #define STORE_F_STORE_MODIFY_CRL			 164
 #define STORE_F_STORE_MODIFY_NUMBER			 165
 #define STORE_F_STORE_MODIFY_PRIVATE_KEY		 166
 #define STORE_F_STORE_MODIFY_PUBLIC_KEY			 167
 #define STORE_F_STORE_NEW_ENGINE			 133
 #define STORE_F_STORE_NEW_METHOD			 132
 #define STORE_F_STORE_PARSE_ATTRS_END			 151
 #define STORE_F_STORE_PARSE_ATTRS_ENDP			 172
 #define STORE_F_STORE_PARSE_ATTRS_NEXT			 152
 #define STORE_F_STORE_PARSE_ATTRS_START			 171
 #define STORE_F_STORE_REVOKE_CERTIFICATE		 129
 #define STORE_F_STORE_REVOKE_PRIVATE_KEY		 130
 #define STORE_F_STORE_REVOKE_PUBLIC_KEY			 131
 #define STORE_F_STORE_STORE_ARBITRARY			 157
 #define STORE_F_STORE_STORE_CERTIFICATE			 100
 #define STORE_F_STORE_STORE_CRL				 101
 #define STORE_F_STORE_STORE_NUMBER			 126
 #define STORE_F_STORE_STORE_PRIVATE_KEY			 127
 #define STORE_F_STORE_STORE_PUBLIC_KEY			 128
 /* Reason codes. */
 #define STORE_R_ALREADY_HAS_A_VALUE			 127
 #define STORE_R_FAILED_DELETING_ARBITRARY		 132
 #define STORE_R_FAILED_DELETING_CERTIFICATE		 100
 #define STORE_R_FAILED_DELETING_KEY			 101
 #define STORE_R_FAILED_DELETING_NUMBER			 102
 #define STORE_R_FAILED_GENERATING_CRL			 103
 #define STORE_R_FAILED_GENERATING_KEY			 104
 #define STORE_R_FAILED_GETTING_ARBITRARY		 133
 #define STORE_R_FAILED_GETTING_CERTIFICATE		 105
 #define STORE_R_FAILED_GETTING_KEY			 106
 #define STORE_R_FAILED_GETTING_NUMBER			 107
 #define STORE_R_FAILED_LISTING_CERTIFICATES		 108
 #define STORE_R_FAILED_LISTING_KEYS			 109
 #define STORE_R_FAILED_MODIFYING_ARBITRARY		 138
 #define STORE_R_FAILED_MODIFYING_CERTIFICATE		 139
 #define STORE_R_FAILED_MODIFYING_CRL			 140
 #define STORE_R_FAILED_MODIFYING_NUMBER			 141
 #define STORE_R_FAILED_MODIFYING_PRIVATE_KEY		 142
 #define STORE_R_FAILED_MODIFYING_PUBLIC_KEY		 143
 #define STORE_R_FAILED_REVOKING_CERTIFICATE		 110
 #define STORE_R_FAILED_REVOKING_KEY			 111
 #define STORE_R_FAILED_STORING_ARBITRARY		 134
 #define STORE_R_FAILED_STORING_CERTIFICATE		 112
 #define STORE_R_FAILED_STORING_KEY			 113
 #define STORE_R_FAILED_STORING_NUMBER			 114
 #define STORE_R_NOT_IMPLEMENTED				 128
 #define STORE_R_NO_CONTROL_FUNCTION			 144
 #define STORE_R_NO_DELETE_ARBITRARY_FUNCTION		 135
 #define STORE_R_NO_DELETE_NUMBER_FUNCTION		 115
 #define STORE_R_NO_DELETE_OBJECT_FUNCTION		 116
 #define STORE_R_NO_GENERATE_CRL_FUNCTION		 117
 #define STORE_R_NO_GENERATE_OBJECT_FUNCTION		 118
 #define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION	 136
 #define STORE_R_NO_GET_OBJECT_FUNCTION			 119
 #define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION		 120
 #define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION		 131
 #define STORE_R_NO_LIST_OBJECT_END_FUNCTION		 121
 #define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION		 122
 #define STORE_R_NO_LIST_OBJECT_START_FUNCTION		 123
 #define STORE_R_NO_MODIFY_OBJECT_FUNCTION		 145
 #define STORE_R_NO_REVOKE_OBJECT_FUNCTION		 124
 #define STORE_R_NO_STORE				 129
 #define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION	 137
 #define STORE_R_NO_STORE_OBJECT_FUNCTION		 125
 #define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION		 126
 #define STORE_R_NO_VALUE				 130
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/symhacks.h
+++ b/src/Mayaqua/win32_inc/openssl/symhacks.h
@ -57,20 +57,20 @@
 # include <openssl/e_os2.h>
-/* Hacks to solve the problem with linkers incapable of handling very long
+/*
-   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
+ * Hacks to solve the problem with linkers incapable of handling very long
-   VAX. */
+ * symbol names.  In the case of VMS, the limit is 31 characters on VMS for
-/* Note that this affects util/libeay.num and util/ssleay.num...  you may
+ * VAX.
-   change those manually, but that's not recommended, as those files are
+ */
-   controlled centrally and updated on Unix, and the central definition
+/*
-   may disagree with yours, which in turn may come with shareable library
+ * Note that this affects util/libeay.num and util/ssleay.num...  you may
-   incompatibilities. */
+ * change those manually, but that's not recommended, as those files are
 * controlled centrally and updated on Unix, and the central definition may
 * disagree with yours, which in turn may come with shareable library
 * incompatibilities.
 */
 # ifdef OPENSSL_SYS_VMS
 /* Hack a long name in crypto/cryptlib.c */
 #undef int_CRYPTO_set_do_dynlock_callback
 #define int_CRYPTO_set_do_dynlock_callback	int_CRYPTO_set_do_dynlock_cb
 /* Hack a long name in crypto/ex_data.c */
 #  undef CRYPTO_get_ex_data_implementation
 #  define CRYPTO_get_ex_data_implementation       CRYPTO_get_ex_data_impl
@ -81,7 +81,8 @@
 #  undef ASN1_STRING_set_default_mask_asc
 #  define ASN1_STRING_set_default_mask_asc        ASN1_STRING_set_def_mask_asc
-#if 0 /* No longer needed, since safestack macro magic does the job */
+#  if 0                         /* No longer needed, since safestack macro
                                 * magic does the job */
 /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
 #   undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
 #   define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       i2d_ASN1_SET_OF_PKCS7_SIGINF
@ -89,7 +90,8 @@
 #   define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       d2i_ASN1_SET_OF_PKCS7_SIGINF
 #  endif
-#if 0 /* No longer needed, since safestack macro magic does the job */
+#  if 0                         /* No longer needed, since safestack macro
                                 * magic does the job */
 /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
 #   undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
 #   define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        i2d_ASN1_SET_OF_PKCS7_RECINF
@ -97,7 +99,8 @@
 #   define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        d2i_ASN1_SET_OF_PKCS7_RECINF
 #  endif
-#if 0 /* No longer needed, since safestack macro magic does the job */
+#  if 0                         /* No longer needed, since safestack macro
                                 * magic does the job */
 /* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
 #   undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
 #   define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      i2d_ASN1_SET_OF_ACC_DESC
@ -163,7 +166,7 @@
 #  undef CRYPTO_get_locked_mem_ex_functions
 #  define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
-/* Hack some long SSL names */
+/* Hack some long SSL/TLS names */
 #  undef SSL_CTX_set_default_verify_paths
 #  define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
 #  undef SSL_get_ex_data_X509_STORE_CTX_idx
@ -180,7 +183,10 @@
 #  define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
 #  undef SSL_COMP_get_compression_methods
 #  define SSL_COMP_get_compression_methods        SSL_COMP_get_compress_methods
-
+#  undef SSL_COMP_set0_compression_methods
 #  define SSL_COMP_set0_compression_methods       SSL_COMP_set0_compress_methods
 #  undef SSL_COMP_free_compression_methods
 #  define SSL_COMP_free_compression_methods       SSL_COMP_free_compress_methods
 #  undef ssl_add_clienthello_renegotiate_ext
 #  define ssl_add_clienthello_renegotiate_ext     ssl_add_clienthello_reneg_ext
 #  undef ssl_add_serverhello_renegotiate_ext
@ -189,8 +195,48 @@
 #  define ssl_parse_clienthello_renegotiate_ext   ssl_parse_clienthello_reneg_ext
 #  undef ssl_parse_serverhello_renegotiate_ext
 #  define ssl_parse_serverhello_renegotiate_ext   ssl_parse_serverhello_reneg_ext
 #  undef SSL_srp_server_param_with_username
 #  define SSL_srp_server_param_with_username      SSL_srp_server_param_with_un
 #  undef SSL_CTX_set_srp_client_pwd_callback
 #  define SSL_CTX_set_srp_client_pwd_callback     SSL_CTX_set_srp_client_pwd_cb
 #  undef SSL_CTX_set_srp_verify_param_callback
 #  define SSL_CTX_set_srp_verify_param_callback   SSL_CTX_set_srp_vfy_param_cb
 #  undef SSL_CTX_set_srp_username_callback
 #  define SSL_CTX_set_srp_username_callback       SSL_CTX_set_srp_un_cb
 #  undef ssl_add_clienthello_use_srtp_ext
 #  define ssl_add_clienthello_use_srtp_ext        ssl_add_clihello_use_srtp_ext
 #  undef ssl_add_serverhello_use_srtp_ext
 #  define ssl_add_serverhello_use_srtp_ext        ssl_add_serhello_use_srtp_ext
 #  undef ssl_parse_clienthello_use_srtp_ext
 #  define ssl_parse_clienthello_use_srtp_ext      ssl_parse_clihello_use_srtp_ext
 #  undef ssl_parse_serverhello_use_srtp_ext
 #  define ssl_parse_serverhello_use_srtp_ext      ssl_parse_serhello_use_srtp_ext
 #  undef SSL_CTX_set_next_protos_advertised_cb
 #  define SSL_CTX_set_next_protos_advertised_cb   SSL_CTX_set_next_protos_adv_cb
 #  undef SSL_CTX_set_next_proto_select_cb
 #  define SSL_CTX_set_next_proto_select_cb        SSL_CTX_set_next_proto_sel_cb
-/* Hack some long ENGINE names */
+#  undef tls1_send_server_supplemental_data
 #  define tls1_send_server_supplemental_data      tls1_send_server_suppl_data
 #  undef tls1_send_client_supplemental_data
 #  define tls1_send_client_supplemental_data      tls1_send_client_suppl_data
 #  undef tls1_get_server_supplemental_data
 #  define tls1_get_server_supplemental_data       tls1_get_server_suppl_data
 #  undef tls1_get_client_supplemental_data
 #  define tls1_get_client_supplemental_data       tls1_get_client_suppl_data
 #  undef ssl3_cbc_record_digest_supported
 #  define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
 #  undef ssl_check_clienthello_tlsext_late
 #  define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
 #  undef ssl_check_clienthello_tlsext_early
 #  define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
 /* Hack some RSA long names */
 #  undef RSA_padding_check_PKCS1_OAEP_mgf1
 #  define RSA_padding_check_PKCS1_OAEP_mgf1       RSA_pad_check_PKCS1_OAEP_mgf1
 /* Hack some ENGINE long names */
 #  undef ENGINE_get_default_BN_mod_exp_crt
 #  define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt
 #  undef ENGINE_set_default_BN_mod_exp_crt
@ -199,6 +245,14 @@
 #  define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
 #  undef ENGINE_get_load_privkey_function
 #  define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
 #  undef ENGINE_unregister_pkey_asn1_meths
 #  define ENGINE_unregister_pkey_asn1_meths       ENGINE_unreg_pkey_asn1_meths
 #  undef ENGINE_register_all_pkey_asn1_meths
 #  define ENGINE_register_all_pkey_asn1_meths     ENGINE_reg_all_pkey_asn1_meths
 #  undef ENGINE_set_default_pkey_asn1_meths
 #  define ENGINE_set_default_pkey_asn1_meths      ENGINE_set_def_pkey_asn1_meths
 #  undef ENGINE_get_pkey_asn1_meth_engine
 #  define ENGINE_get_pkey_asn1_meth_engine        ENGINE_get_pkey_asn1_meth_eng
 #  undef ENGINE_set_load_ssl_client_cert_function
 #  define ENGINE_set_load_ssl_client_cert_function \
                                                ENGINE_set_ld_ssl_clnt_cert_fn
@ -224,6 +278,8 @@
 #  define OPENSSL_add_all_algorithms_noconf       OPENSSL_add_all_algo_noconf
 #  undef OPENSSL_add_all_algorithms_conf
 #  define OPENSSL_add_all_algorithms_conf         OPENSSL_add_all_algo_conf
 #  undef EVP_PKEY_meth_set_verify_recover
 #  define EVP_PKEY_meth_set_verify_recover        EVP_PKEY_meth_set_vrfy_recover
 /* Hack some long EC names */
 #  undef EC_GROUP_set_point_conversion_form
@ -232,6 +288,9 @@
 #  define EC_GROUP_get_point_conversion_form      EC_GROUP_get_point_conv_form
 #  undef EC_GROUP_clear_free_all_extra_data
 #  define EC_GROUP_clear_free_all_extra_data      EC_GROUP_clr_free_all_xtra_data
 #  undef EC_KEY_set_public_key_affine_coordinates
 #  define EC_KEY_set_public_key_affine_coordinates \
                                                EC_KEY_set_pub_key_aff_coords
 #  undef EC_POINT_set_Jprojective_coordinates_GFp
 #  define EC_POINT_set_Jprojective_coordinates_GFp \
                                                EC_POINT_set_Jproj_coords_GFp
@ -288,8 +347,6 @@
 #  define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #  undef ec_GFp_simple_points_make_affine
 #  define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
 #undef ec_GFp_simple_group_get_curve_GFp
 #define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #  undef ec_GFp_simple_set_Jprojective_coordinates_GFp
 #  define ec_GFp_simple_set_Jprojective_coordinates_GFp \
                                                ec_GFp_smp_set_Jproj_coords_GFp
@ -367,6 +424,14 @@
 #  undef STORE_method_get_unlock_store_function
 #  define STORE_method_get_unlock_store_function  STORE_meth_get_unlock_store_fn
 /* Hack some long TS names */
 #  undef TS_RESP_CTX_set_status_info_cond
 #  define TS_RESP_CTX_set_status_info_cond        TS_RESP_CTX_set_stat_info_cond
 #  undef TS_RESP_CTX_set_clock_precision_digits
 #  define TS_RESP_CTX_set_clock_precision_digits  TS_RESP_CTX_set_clk_prec_digits
 #  undef TS_CONF_set_clock_precision_digits
 #  define TS_CONF_set_clock_precision_digits      TS_CONF_set_clk_prec_digits
 /* Hack some long CMS names */
 #  undef CMS_RecipientInfo_ktri_get0_algs
 #  define CMS_RecipientInfo_ktri_get0_algs        CMS_RecipInfo_ktri_get0_algs
@ -380,16 +445,39 @@
 #  define CMS_OriginatorIdentifierOrKey_it        CMS_OriginatorIdOrKey_it
 #  undef cms_SignerIdentifier_get0_signer_id
 #  define cms_SignerIdentifier_get0_signer_id     cms_SignerId_get0_signer_id
 #  undef CMS_RecipientInfo_kari_get0_orig_id
 #  define CMS_RecipientInfo_kari_get0_orig_id     CMS_RecipInfo_kari_get0_orig_id
 #  undef CMS_RecipientInfo_kari_get0_reks
 #  define CMS_RecipientInfo_kari_get0_reks        CMS_RecipInfo_kari_get0_reks
 #  undef CMS_RecipientEncryptedKey_cert_cmp
 #  define CMS_RecipientEncryptedKey_cert_cmp      CMS_RecipEncryptedKey_cert_cmp
 #  undef CMS_RecipientInfo_kari_set0_pkey
 #  define CMS_RecipientInfo_kari_set0_pkey        CMS_RecipInfo_kari_set0_pkey
 #  undef CMS_RecipientEncryptedKey_get0_id
 #  define CMS_RecipientEncryptedKey_get0_id       CMS_RecipEncryptedKey_get0_id
 #  undef CMS_RecipientInfo_kari_orig_id_cmp
 #  define CMS_RecipientInfo_kari_orig_id_cmp      CMS_RecipInfo_kari_orig_id_cmp
 /* Hack some long DTLS1 names */
 #  undef dtls1_retransmit_buffered_messages
 #  define dtls1_retransmit_buffered_messages      dtls1_retransmit_buffered_msgs
 /* Hack some long SRP names */
 #  undef SRP_generate_server_master_secret
 #  define SRP_generate_server_master_secret       SRP_gen_server_master_secret
 #  undef SRP_generate_client_master_secret
 #  define SRP_generate_client_master_secret       SRP_gen_client_master_secret
 /* Hack some long UI names */
 #  undef UI_method_get_prompt_constructor
 #  define UI_method_get_prompt_constructor        UI_method_get_prompt_constructr
 #  undef UI_method_set_prompt_constructor
 #  define UI_method_set_prompt_constructor        UI_method_set_prompt_constructr
 # endif                         /* defined OPENSSL_SYS_VMS */
-
+/* Case insensitive linking causes problems.... */
-/* Case insensiteve linking causes problems.... */
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
 #if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
 #  undef ERR_load_CRYPTO_strings
 #  define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
 #  undef OCSP_crlID_new
@ -404,12 +492,12 @@
 #  undef i2d_ECPKPARAMETERS
 #  define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
-/* These functions do not seem to exist!  However, I'm paranoid...
+/*
-   Original command in x509v3.h:
+ * These functions do not seem to exist! However, I'm paranoid... Original
-   These functions are being redefined in another directory,
+ * command in x509v3.h: These functions are being redefined in another
-   and clash when the linker is case-insensitive, so let's
+ * directory, and clash when the linker is case-insensitive, so let's hide
-   hide them a little, by giving them an extra 'o' at the
+ * them a little, by giving them an extra 'o' at the beginning of the name...
-   beginning of the name... */
+ */
 #  undef X509v3_cleanup_extensions
 #  define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
 #  undef X509v3_add_extension
@ -419,11 +507,10 @@
 #  undef X509v3_add_standard_extensions
 #  define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
 #endif
 #endif /* ! defined HEADER_VMS_IDHACKS_H */
 /* This one clashes with CMS_data_create */
 #  undef cms_Data_create
 #  define cms_Data_create                         priv_cms_Data_create
 # endif
 #endif                          /* ! defined HEADER_VMS_IDHACKS_H */
--- a/src/Mayaqua/win32_inc/openssl/tls1.h
+++ b/src/Mayaqua/win32_inc/openssl/tls1.h
@ -55,6 +55,59 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 /* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
@ -68,6 +121,32 @@
 * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
 *
 */
 /* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
 #ifndef HEADER_TLS1_H
 # define HEADER_TLS1_H
@ -81,9 +160,25 @@ extern "C" {
 # define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
 # define TLS1_2_VERSION                  0x0303
 # define TLS_MAX_VERSION                 TLS1_2_VERSION
 # define TLS1_VERSION_MAJOR              0x03
 # define TLS1_VERSION_MINOR              0x01
 # define TLS1_1_VERSION_MAJOR            0x03
 # define TLS1_1_VERSION_MINOR            0x02
 # define TLS1_2_VERSION_MAJOR            0x03
 # define TLS1_2_VERSION_MINOR            0x03
 # define TLS1_get_version(s) \
                ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
 # define TLS1_get_client_version(s) \
                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
 # define TLS1_AD_DECRYPTION_FAILED       21
 # define TLS1_AD_RECORD_OVERFLOW         22
 # define TLS1_AD_UNKNOWN_CA              48/* fatal */
@ -94,6 +189,7 @@ extern "C" {
 # define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
 # define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
 # define TLS1_AD_INTERNAL_ERROR          80/* fatal */
 # define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
 # define TLS1_AD_USER_CANCELLED          90
 # define TLS1_AD_NO_RENEGOTIATION        100
 /* codes 110-114 are from RFC3546 */
@ -104,31 +200,137 @@ extern "C" {
 # define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 # define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
-/* ExtensionType values from RFC 3546 */
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
 # define TLSEXT_TYPE_server_name                 0
 # define TLSEXT_TYPE_max_fragment_length         1
 # define TLSEXT_TYPE_client_certificate_url      2
 # define TLSEXT_TYPE_trusted_ca_keys             3
 # define TLSEXT_TYPE_truncated_hmac              4
 # define TLSEXT_TYPE_status_request              5
 /* ExtensionType values from RFC4681 */
 # define TLSEXT_TYPE_user_mapping                6
 /* ExtensionType values from RFC5878 */
 # define TLSEXT_TYPE_client_authz                7
 # define TLSEXT_TYPE_server_authz                8
 /* ExtensionType values from RFC6091 */
 # define TLSEXT_TYPE_cert_type           9
 /* ExtensionType values from RFC4492 */
 # define TLSEXT_TYPE_elliptic_curves             10
 # define TLSEXT_TYPE_ec_point_formats            11
 /* ExtensionType value from RFC5054 */
 # define TLSEXT_TYPE_srp                         12
 /* ExtensionType values from RFC5246 */
 # define TLSEXT_TYPE_signature_algorithms        13
 /* ExtensionType value from RFC5764 */
 # define TLSEXT_TYPE_use_srtp    14
 /* ExtensionType value from RFC5620 */
 # define TLSEXT_TYPE_heartbeat   15
 /* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
 # define TLSEXT_TYPE_application_layer_protocol_negotiation 16
 /*
 * ExtensionType value for TLS padding extension.
 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
 * http://tools.ietf.org/html/draft-agl-tls-padding-03
 */
 # define TLSEXT_TYPE_padding     21
 /* ExtensionType value from RFC4507 */
 # define TLSEXT_TYPE_session_ticket              35
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
 # if 0
 /*
 * will have to be provided externally for now ,
 * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
 * using whatever extension number you'd like to try
 */
 #  define TLSEXT_TYPE_opaque_prf_input           ??
 # endif
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
 # ifndef OPENSSL_NO_NEXTPROTONEG
 /* This is not an IANA defined extension number */
 #  define TLSEXT_TYPE_next_proto_neg              13172
 # endif
 /* NameType value from RFC 3546 */
 # define TLSEXT_NAMETYPE_host_name 0
 /* status request value from RFC 3546 */
 # define TLSEXT_STATUSTYPE_ocsp 1
 /* ECPointFormat values from draft-ietf-tls-ecc-12 */
 # define TLSEXT_ECPOINTFORMAT_first                      0
 # define TLSEXT_ECPOINTFORMAT_uncompressed               0
 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
 # define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
 # define TLSEXT_ECPOINTFORMAT_last                       2
 /* Signature and hash algorithms from RFC 5246 */
 # define TLSEXT_signature_anonymous                      0
 # define TLSEXT_signature_rsa                            1
 # define TLSEXT_signature_dsa                            2
 # define TLSEXT_signature_ecdsa                          3
 /* Total number of different signature algorithms */
 # define TLSEXT_signature_num                            4
 # define TLSEXT_hash_none                                0
 # define TLSEXT_hash_md5                                 1
 # define TLSEXT_hash_sha1                                2
 # define TLSEXT_hash_sha224                              3
 # define TLSEXT_hash_sha256                              4
 # define TLSEXT_hash_sha384                              5
 # define TLSEXT_hash_sha512                              6
 /* Total number of different digest algorithms */
 # define TLSEXT_hash_num                                 7
 /* Flag set for unrecognised algorithms */
 # define TLSEXT_nid_unknown                              0x1000000
 /* ECC curves */
 # define TLSEXT_curve_P_256                              23
 # define TLSEXT_curve_P_384                              24
 # ifndef OPENSSL_NO_TLSEXT
 #  define TLSEXT_MAXLEN_host_name 255
 const char *SSL_get_servername(const SSL *s, const int type);
 int SSL_get_servername_type(const SSL *s);
 /*
 * SSL_export_keying_material exports a value derived from the master secret,
 * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
 * optional context. (Since a zero length context is allowed, the |use_context|
 * flag controls whether a context is included.) It returns 1 on success and
 * zero otherwise.
 */
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                               const char *label, size_t llen,
                               const unsigned char *p, size_t plen,
                               int use_context);
 int SSL_get_sigalgs(SSL *s, int idx,
                    int *psign, int *phash, int *psignandhash,
                    unsigned char *rsig, unsigned char *rhash);
 int SSL_get_shared_sigalgs(SSL *s, int idx,
                           int *psign, int *phash, int *psignandhash,
                           unsigned char *rsig, unsigned char *rhash);
 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
 #  define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@ -182,17 +384,45 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
 #  define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
 SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
 #  define SSL_set_tlsext_opaque_prf_input(s, src, len) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
 #  define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
 SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
 #  define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
 #  define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #  ifndef OPENSSL_NO_HEARTBEATS
 #   define SSL_TLSEXT_HB_ENABLED                           0x01
 #   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS        0x02
 #   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS        0x04
 #   define SSL_get_tlsext_heartbeat_pending(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
 #   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
 #  endif
 # endif
-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+/* PSK ciphersuites from 4279 */
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+# define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
- * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
+# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
- * shouldn't. */
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061
+
 /*
 * Additional TLS ciphersuites from expired Internet Draft
 * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if
 * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c).  We
 * actually treat them like SSL 3.0 ciphers, which we probably shouldn't.
 * Note that the first two are actually not in the IDs.
 */
 # define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060/* not in
                                                                    * ID */
 # define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061/* not in
                                                                    * ID */
 # define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
 # define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA     0x03000063
 # define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA          0x03000064
@ -215,6 +445,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
 # define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
 /* TLS v1.2 ciphersuites */
 # define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
 # define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
 # define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
 # define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
 # define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
 # define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
 /* Camellia ciphersuites from RFC4132 */
 # define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
 # define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
@ -223,6 +461,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
 # define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
 /* TLS v1.2 ciphersuites */
 # define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
 # define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
 # define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
 # define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
 # define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
 # define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
 # define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
 /* Camellia ciphersuites from RFC4132 */
 # define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
 # define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
 # define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
@ -238,7 +486,24 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
 # define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
 # define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
 # define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
 # define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
 # define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
 # define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
 # define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
 # define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
 # define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
 # define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
 # define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
 # define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
 # define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
 /*
 * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in
 * draft 13
 */
 # define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
 # define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
 # define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
@ -269,13 +534,44 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
 # define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
-/* XXX
+/* SRP ciphersuites from RFC 5054 */
- * Inconsistency alert:
+# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
- * The OpenSSL names of ciphers with ephemeral DH here include the string
+# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
- * "DHE", while elsewhere it has always been "EDH".
+# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
- * (The alias for the list of all such ciphers also is "EDH".)
+# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
- * The specifications speak of "EDH"; maybe we should allow both forms
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
- * for everything. */
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
 # define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
 # define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
 # define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
 /* ECDH HMAC based ciphersuites from RFC5289 */
 # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
 # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
 # define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
 # define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
 # define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
 # define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
 # define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
 # define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
 /* ECDH GCM based ciphersuites from RFC5289 */
 # define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
 # define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
 # define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
 # define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
 # define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
 # define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
 # define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
 # define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
 /*
 * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave
 * some DHE ciphers names with "EDH" + * instead of "DHE".  Going forward, we
 * should be using DHE + * everywhere, though we may indefinitely maintain
 * aliases for users + * or configurations that used "EDH" +
 */
 # define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
 # define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
 # define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"
@ -330,6 +626,23 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
 # define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
 /* PSK ciphersuites from RFC 4279 */
 # define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
 # define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
 # define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
 # define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
 /* SRP ciphersuite from RFC 5054 */
 # define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
 # define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
 /* Camellia ciphersuites from RFC4132 */
 # define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
 # define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
@ -353,6 +666,56 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
 # define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
 /* TLS v1.2 ciphersuites */
 # define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
 # define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
 # define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
 # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
 # define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
 # define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
 # define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
 # define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
 # define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
 # define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
 # define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
 # define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
 # define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
 /* TLS v1.2 GCM ciphersuites from RFC5288 */
 # define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
 # define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
 # define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
 # define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
 # define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
 # define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
 # define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
 # define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
 # define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
 # define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
 # define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
 # define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
 /* ECDH HMAC based ciphersuites from RFC5289 */
 # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
 # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
 # define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
 # define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
 # define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
 # define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
 # define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
 # define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
 /* ECDH GCM based ciphersuites from RFC5289 */
 # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
 # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
 # define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
 # define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
 # define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
 # define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
 # define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
 # define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
 # define TLS_CT_RSA_SIGN                 1
 # define TLS_CT_DSS_SIGN                 2
 # define TLS_CT_RSA_FIXED_DH             3
@ -360,7 +723,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS_CT_ECDSA_SIGN               64
 # define TLS_CT_RSA_FIXED_ECDH           65
 # define TLS_CT_ECDSA_FIXED_ECDH         66
-#define TLS_CT_NUMBER			7
+# define TLS_CT_GOST94_SIGN              21
 # define TLS_CT_GOST01_SIGN              22
 /*
 * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
 * comment there)
 */
 # define TLS_CT_NUMBER                   9
 # define TLS1_FINISH_MAC_LENGTH          12
@ -384,27 +753,61 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # ifdef CHARSET_EBCDIC
 #  undef TLS_MD_CLIENT_FINISH_CONST
-#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
+/*
 * client finished
 */
 #  define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
 #  undef TLS_MD_SERVER_FINISH_CONST
-#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
+/*
 * server finished
 */
 #  define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
 #  undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+/*
 * server write key
 */
 #  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
 #  undef TLS_MD_KEY_EXPANSION_CONST
-#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
+/*
 * key expansion
 */
 #  define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
 #  undef TLS_MD_CLIENT_WRITE_KEY_CONST
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
+/*
 * client write key
 */
 #  define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
 #  undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+/*
 * server write key
 */
 #  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
 #  undef TLS_MD_IV_BLOCK_CONST
-#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
+/*
 * IV block
 */
 #  define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
 #  undef TLS_MD_MASTER_SECRET_CONST
-#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
+/*
 * master secret
 */
 #  define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
 # endif
 /* TLS Session Ticket extension struct */
 struct tls_session_ticket_ext_st {
    unsigned short length;
    void *data;
 };
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/tmdiff.h
+++ b/src/Mayaqua/win32_inc/openssl/tmdiff.h
@ -1,93 +0,0 @@
 /* crypto/tmdiff.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
 /* Header for dynamic hash table routines
 * Author - Eric Young
 */
 /* ... erm yeah, "dynamic hash tables" you say?
 * 
 * And what would dynamic hash tables have to do with any of this code *now*?
 * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused
 * file that I doubt compiles any more. speed.c is the only thing that could
 * use this (and it has nothing to do with hash tables), yet it instead has its
 * own duplication of all this stuff and looks, if anything, more complete. See
 * the corresponding note in apps/speed.c.
 * The Bemused - Geoff
 */
 #ifndef HEADER_TMDIFF_H
 #define HEADER_TMDIFF_H
 #ifdef  __cplusplus
 extern "C" {
 #endif
 typedef struct ms_tm MS_TM;
 MS_TM *ms_time_new(void );
 void ms_time_free(MS_TM *a);
 void ms_time_get(MS_TM *a);
 double ms_time_diff(MS_TM *start, MS_TM *end);
 int ms_time_cmp(const MS_TM *ap, const MS_TM *bp);
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/ts.h
+++ b/src/Mayaqua/win32_inc/openssl/ts.h
@ -0,0 +1,862 @@
 /* crypto/ts/ts.h */
 /*
 * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project
 * 2002, 2003, 2004.
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #ifndef HEADER_TS_H
 # define HEADER_TS_H
 # include <openssl/opensslconf.h>
 # include <openssl/symhacks.h>
 # ifndef OPENSSL_NO_BUFFER
 #  include <openssl/buffer.h>
 # endif
 # ifndef OPENSSL_NO_EVP
 #  include <openssl/evp.h>
 # endif
 # ifndef OPENSSL_NO_BIO
 #  include <openssl/bio.h>
 # endif
 # include <openssl/stack.h>
 # include <openssl/asn1.h>
 # include <openssl/safestack.h>
 # ifndef OPENSSL_NO_RSA
 #  include <openssl/rsa.h>
 # endif
 # ifndef OPENSSL_NO_DSA
 #  include <openssl/dsa.h>
 # endif
 # ifndef OPENSSL_NO_DH
 #  include <openssl/dh.h>
 # endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
 # ifdef WIN32
 /* Under Win32 this is defined in wincrypt.h */
 #  undef X509_NAME
 # endif
 # include <openssl/x509.h>
 # include <openssl/x509v3.h>
 /*-
 MessageImprint ::= SEQUENCE  {
     hashAlgorithm                AlgorithmIdentifier,
     hashedMessage                OCTET STRING  }
 */
 typedef struct TS_msg_imprint_st {
    X509_ALGOR *hash_algo;
    ASN1_OCTET_STRING *hashed_msg;
 } TS_MSG_IMPRINT;
 /*-
 TimeStampReq ::= SEQUENCE  {
   version                  INTEGER  { v1(1) },
   messageImprint           MessageImprint,
     --a hash algorithm OID and the hash value of the data to be
     --time-stamped
   reqPolicy                TSAPolicyId                OPTIONAL,
   nonce                    INTEGER                    OPTIONAL,
   certReq                  BOOLEAN                    DEFAULT FALSE,
   extensions               [0] IMPLICIT Extensions    OPTIONAL  }
 */
 typedef struct TS_req_st {
    ASN1_INTEGER *version;
    TS_MSG_IMPRINT *msg_imprint;
    ASN1_OBJECT *policy_id;     /* OPTIONAL */
    ASN1_INTEGER *nonce;        /* OPTIONAL */
    ASN1_BOOLEAN cert_req;      /* DEFAULT FALSE */
    STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
 } TS_REQ;
 /*-
 Accuracy ::= SEQUENCE {
                seconds        INTEGER           OPTIONAL,
                millis     [0] INTEGER  (1..999) OPTIONAL,
                micros     [1] INTEGER  (1..999) OPTIONAL  }
 */
 typedef struct TS_accuracy_st {
    ASN1_INTEGER *seconds;
    ASN1_INTEGER *millis;
    ASN1_INTEGER *micros;
 } TS_ACCURACY;
 /*-
 TSTInfo ::= SEQUENCE  {
    version                      INTEGER  { v1(1) },
    policy                       TSAPolicyId,
    messageImprint               MessageImprint,
      -- MUST have the same value as the similar field in
      -- TimeStampReq
    serialNumber                 INTEGER,
     -- Time-Stamping users MUST be ready to accommodate integers
     -- up to 160 bits.
    genTime                      GeneralizedTime,
    accuracy                     Accuracy                 OPTIONAL,
    ordering                     BOOLEAN             DEFAULT FALSE,
    nonce                        INTEGER                  OPTIONAL,
      -- MUST be present if the similar field was present
      -- in TimeStampReq.  In that case it MUST have the same value.
    tsa                          [0] GeneralName          OPTIONAL,
    extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
 */
 typedef struct TS_tst_info_st {
    ASN1_INTEGER *version;
    ASN1_OBJECT *policy_id;
    TS_MSG_IMPRINT *msg_imprint;
    ASN1_INTEGER *serial;
    ASN1_GENERALIZEDTIME *time;
    TS_ACCURACY *accuracy;
    ASN1_BOOLEAN ordering;
    ASN1_INTEGER *nonce;
    GENERAL_NAME *tsa;
    STACK_OF(X509_EXTENSION) *extensions;
 } TS_TST_INFO;
 /*-
 PKIStatusInfo ::= SEQUENCE {
    status        PKIStatus,
    statusString  PKIFreeText     OPTIONAL,
    failInfo      PKIFailureInfo  OPTIONAL  }
 From RFC 1510 - section 3.1.1:
 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
        -- text encoded as UTF-8 String (note:  each UTF8String SHOULD
        -- include an RFC 1766 language tag to indicate the language
        -- of the contained text)
 */
 /* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
 # define TS_STATUS_GRANTED                       0
 # define TS_STATUS_GRANTED_WITH_MODS             1
 # define TS_STATUS_REJECTION                     2
 # define TS_STATUS_WAITING                       3
 # define TS_STATUS_REVOCATION_WARNING            4
 # define TS_STATUS_REVOCATION_NOTIFICATION       5
 /*
 * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c
 */
 # define TS_INFO_BAD_ALG                 0
 # define TS_INFO_BAD_REQUEST             2
 # define TS_INFO_BAD_DATA_FORMAT         5
 # define TS_INFO_TIME_NOT_AVAILABLE      14
 # define TS_INFO_UNACCEPTED_POLICY       15
 # define TS_INFO_UNACCEPTED_EXTENSION    16
 # define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
 # define TS_INFO_SYSTEM_FAILURE          25
 typedef struct TS_status_info_st {
    ASN1_INTEGER *status;
    STACK_OF(ASN1_UTF8STRING) *text;
    ASN1_BIT_STRING *failure_info;
 } TS_STATUS_INFO;
 DECLARE_STACK_OF(ASN1_UTF8STRING)
 DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
 /*-
 TimeStampResp ::= SEQUENCE  {
     status                  PKIStatusInfo,
     timeStampToken          TimeStampToken     OPTIONAL }
 */
 typedef struct TS_resp_st {
    TS_STATUS_INFO *status_info;
    PKCS7 *token;
    TS_TST_INFO *tst_info;
 } TS_RESP;
 /* The structure below would belong to the ESS component. */
 /*-
 IssuerSerial ::= SEQUENCE {
        issuer                   GeneralNames,
        serialNumber             CertificateSerialNumber
        }
 */
 typedef struct ESS_issuer_serial {
    STACK_OF(GENERAL_NAME) *issuer;
    ASN1_INTEGER *serial;
 } ESS_ISSUER_SERIAL;
 /*-
 ESSCertID ::=  SEQUENCE {
        certHash                 Hash,
        issuerSerial             IssuerSerial OPTIONAL
 }
 */
 typedef struct ESS_cert_id {
    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
    ESS_ISSUER_SERIAL *issuer_serial;
 } ESS_CERT_ID;
 DECLARE_STACK_OF(ESS_CERT_ID)
 DECLARE_ASN1_SET_OF(ESS_CERT_ID)
 /*-
 SigningCertificate ::=  SEQUENCE {
       certs        SEQUENCE OF ESSCertID,
       policies     SEQUENCE OF PolicyInformation OPTIONAL
 }
 */
 typedef struct ESS_signing_cert {
    STACK_OF(ESS_CERT_ID) *cert_ids;
    STACK_OF(POLICYINFO) *policy_info;
 } ESS_SIGNING_CERT;
 TS_REQ *TS_REQ_new(void);
 void TS_REQ_free(TS_REQ *a);
 int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
 TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
 TS_REQ *TS_REQ_dup(TS_REQ *a);
 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
 TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void);
 void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
 int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
                                   const unsigned char **pp, long length);
 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
 int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
 TS_RESP *TS_RESP_new(void);
 void TS_RESP_free(TS_RESP *a);
 int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
 TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
 TS_RESP *TS_RESP_dup(TS_RESP *a);
 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
 TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
 int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
 int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
 TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a,
                                   const unsigned char **pp, long length);
 TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
 TS_TST_INFO *TS_TST_INFO_new(void);
 void TS_TST_INFO_free(TS_TST_INFO *a);
 int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
 TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
                             long length);
 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
 TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
 int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
 TS_ACCURACY *TS_ACCURACY_new(void);
 void TS_ACCURACY_free(TS_ACCURACY *a);
 int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
 TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
                             long length);
 TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a);
 ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
 void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
 int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp);
 ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
                                         const unsigned char **pp,
                                         long length);
 ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
 ESS_CERT_ID *ESS_CERT_ID_new(void);
 void ESS_CERT_ID_free(ESS_CERT_ID *a);
 int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
 ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
                             long length);
 ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a);
 ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
 void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
 int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp);
 ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
                                       const unsigned char **pp, long length);
 ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
 void ERR_load_TS_strings(void);
 int TS_REQ_set_version(TS_REQ *a, long version);
 long TS_REQ_get_version(const TS_REQ *a);
 int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
 TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
 int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
 X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
 int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
 ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
 int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
 ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
 int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
 const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
 int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
 int TS_REQ_get_cert_req(const TS_REQ *a);
 STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
 void TS_REQ_ext_free(TS_REQ *a);
 int TS_REQ_get_ext_count(TS_REQ *a);
 int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
 int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
 int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
 X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
 X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
 int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
 void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
 /* Function declarations for TS_REQ defined in ts/ts_req_print.c */
 int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
 /* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
 TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
 /* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
 void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
 PKCS7 *TS_RESP_get_token(TS_RESP *a);
 TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
 int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
 long TS_TST_INFO_get_version(const TS_TST_INFO *a);
 int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
 ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
 int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
 TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
 int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
 const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
 int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
 const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
 int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
 TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
 int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
 const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
 int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
 const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
 int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
 const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
 int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
 int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
 int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
 const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
 int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
 GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
 STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
 void TS_TST_INFO_ext_free(TS_TST_INFO *a);
 int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
 int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
 int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
 int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
 X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
 X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
 int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
 void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
 /*
 * Declarations related to response generation, defined in ts/ts_resp_sign.c.
 */
 /* Optional flags for response generation. */
 /* Don't include the TSA name in response. */
 # define TS_TSA_NAME             0x01
 /* Set ordering to true in response. */
 # define TS_ORDERING             0x02
 /*
 * Include the signer certificate and the other specified certificates in
 * the ESS signing certificate attribute beside the PKCS7 signed data.
 * Only the signer certificates is included by default.
 */
 # define TS_ESS_CERT_ID_CHAIN    0x04
 /* Forward declaration. */
 struct TS_resp_ctx;
 /* This must return a unique number less than 160 bits long. */
 typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *);
 /*
 * This must return the seconds and microseconds since Jan 1, 1970 in the sec
 * and usec variables allocated by the caller. Return non-zero for success
 * and zero for failure.
 */
 typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
                           long *usec);
 /*
 * This must process the given extension. It can modify the TS_TST_INFO
 * object of the context. Return values: !0 (processed), 0 (error, it must
 * set the status info/failure info of the response).
 */
 typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
                                void *);
 typedef struct TS_resp_ctx {
    X509 *signer_cert;
    EVP_PKEY *signer_key;
    STACK_OF(X509) *certs;      /* Certs to include in signed data. */
    STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
    ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
    STACK_OF(EVP_MD) *mds;      /* Acceptable message digests. */
    ASN1_INTEGER *seconds;      /* accuracy, 0 means not specified. */
    ASN1_INTEGER *millis;       /* accuracy, 0 means not specified. */
    ASN1_INTEGER *micros;       /* accuracy, 0 means not specified. */
    unsigned clock_precision_digits; /* fraction of seconds in time stamp
                                      * token. */
    unsigned flags;             /* Optional info, see values above. */
    /* Callback functions. */
    TS_serial_cb serial_cb;
    void *serial_cb_data;       /* User data for serial_cb. */
    TS_time_cb time_cb;
    void *time_cb_data;         /* User data for time_cb. */
    TS_extension_cb extension_cb;
    void *extension_cb_data;    /* User data for extension_cb. */
    /* These members are used only while creating the response. */
    TS_REQ *request;
    TS_RESP *response;
    TS_TST_INFO *tst_info;
 } TS_RESP_CTX;
 DECLARE_STACK_OF(EVP_MD)
 DECLARE_ASN1_SET_OF(EVP_MD)
 /* Creates a response context that can be used for generating responses. */
 TS_RESP_CTX *TS_RESP_CTX_new(void);
 void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
 /* This parameter must be set. */
 int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
 /* This parameter must be set. */
 int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
 /* This parameter must be set. */
 int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
 /* No additional certs are included in the response by default. */
 int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
 /*
 * Adds a new acceptable policy, only the default policy is accepted by
 * default.
 */
 int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
 /*
 * Adds a new acceptable message digest. Note that no message digests are
 * accepted by default. The md argument is shared with the caller.
 */
 int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
 /* Accuracy is not included by default. */
 int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
                             int secs, int millis, int micros);
 /*
 * Clock precision digits, i.e. the number of decimal digits: '0' means sec,
 * '3' msec, '6' usec, and so on. Default is 0.
 */
 int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
                                           unsigned clock_precision_digits);
 /* At most we accept usec precision. */
 # define TS_MAX_CLOCK_PRECISION_DIGITS   6
 /* No flags are set by default. */
 void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
 /* Default callback always returns a constant. */
 void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
 /* Default callback uses the gettimeofday() and gmtime() system calls. */
 void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
 /*
 * Default callback rejects all extensions. The extension callback is called
 * when the TS_TST_INFO object is already set up and not signed yet.
 */
 /* FIXME: extension handling is not tested yet. */
 void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
                                  TS_extension_cb cb, void *data);
 /* The following methods can be used in the callbacks. */
 int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
                                int status, const char *text);
 /* Sets the status info only if it is still TS_STATUS_GRANTED. */
 int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
                                     int status, const char *text);
 int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
 /* The get methods below can be used in the extension callback. */
 TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
 TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
 /*
 * Creates the signed TS_TST_INFO and puts it in TS_RESP.
 * In case of errors it sets the status info properly.
 * Returns NULL only in case of memory allocation/fatal error.
 */
 TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
 /*
 * Declarations related to response verification,
 * they are defined in ts/ts_resp_verify.c.
 */
 int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
                             X509_STORE *store, X509 **signer_out);
 /* Context structure for the generic verify method. */
 /* Verify the signer's certificate and the signature of the response. */
 # define TS_VFY_SIGNATURE        (1u << 0)
 /* Verify the version number of the response. */
 # define TS_VFY_VERSION          (1u << 1)
 /* Verify if the policy supplied by the user matches the policy of the TSA. */
 # define TS_VFY_POLICY           (1u << 2)
 /*
 * Verify the message imprint provided by the user. This flag should not be
 * specified with TS_VFY_DATA.
 */
 # define TS_VFY_IMPRINT          (1u << 3)
 /*
 * Verify the message imprint computed by the verify method from the user
 * provided data and the MD algorithm of the response. This flag should not
 * be specified with TS_VFY_IMPRINT.
 */
 # define TS_VFY_DATA             (1u << 4)
 /* Verify the nonce value. */
 # define TS_VFY_NONCE            (1u << 5)
 /* Verify if the TSA name field matches the signer certificate. */
 # define TS_VFY_SIGNER           (1u << 6)
 /* Verify if the TSA name field equals to the user provided name. */
 # define TS_VFY_TSA_NAME         (1u << 7)
 /* You can use the following convenience constants. */
 # define TS_VFY_ALL_IMPRINT      (TS_VFY_SIGNATURE       \
                                 | TS_VFY_VERSION       \
                                 | TS_VFY_POLICY        \
                                 | TS_VFY_IMPRINT       \
                                 | TS_VFY_NONCE         \
                                 | TS_VFY_SIGNER        \
                                 | TS_VFY_TSA_NAME)
 # define TS_VFY_ALL_DATA         (TS_VFY_SIGNATURE       \
                                 | TS_VFY_VERSION       \
                                 | TS_VFY_POLICY        \
                                 | TS_VFY_DATA          \
                                 | TS_VFY_NONCE         \
                                 | TS_VFY_SIGNER        \
                                 | TS_VFY_TSA_NAME)
 typedef struct TS_verify_ctx {
    /* Set this to the union of TS_VFY_... flags you want to carry out. */
    unsigned flags;
    /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
    X509_STORE *store;
    STACK_OF(X509) *certs;
    /* Must be set only with TS_VFY_POLICY. */
    ASN1_OBJECT *policy;
    /*
     * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
     * algorithm from the response is used.
     */
    X509_ALGOR *md_alg;
    unsigned char *imprint;
    unsigned imprint_len;
    /* Must be set only with TS_VFY_DATA. */
    BIO *data;
    /* Must be set only with TS_VFY_TSA_NAME. */
    ASN1_INTEGER *nonce;
    /* Must be set only with TS_VFY_TSA_NAME. */
    GENERAL_NAME *tsa_name;
 } TS_VERIFY_CTX;
 int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
 int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
 /*
 * Declarations related to response verification context,
 * they are defined in ts/ts_verify_ctx.c.
 */
 /* Set all fields to zero. */
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
 void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
 void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
 /*-
 * If ctx is NULL, it allocates and returns a new object, otherwise
 * it returns ctx. It initialises all the members as follows:
 * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
 * certs = NULL
 * store = NULL
 * policy = policy from the request or NULL if absent (in this case
 *      TS_VFY_POLICY is cleared from flags as well)
 * md_alg = MD algorithm from request
 * imprint, imprint_len = imprint from request
 * data = NULL
 * nonce, nonce_len = nonce from the request or NULL if absent (in this case
 *      TS_VFY_NONCE is cleared from flags as well)
 * tsa_name = NULL
 * Important: after calling this method TS_VFY_SIGNATURE should be added!
 */
 TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
 /* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
 int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
 int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
 int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
 /* Common utility functions defined in ts/ts_lib.c */
 int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
 int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
 int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
 int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
 int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
 /*
 * Function declarations for handling configuration options, defined in
 * ts/ts_conf.c
 */
 X509 *TS_CONF_load_cert(const char *file);
 STACK_OF(X509) *TS_CONF_load_certs(const char *file);
 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
                       TS_RESP_CTX *ctx);
 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
                              const char *device);
 int TS_CONF_set_default_engine(const char *name);
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
                            const char *cert, TS_RESP_CTX *ctx);
 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
                      TS_RESP_CTX *ctx);
 int TS_CONF_set_signer_key(CONF *conf, const char *section,
                           const char *key, const char *pass,
                           TS_RESP_CTX *ctx);
 int TS_CONF_set_def_policy(CONF *conf, const char *section,
                           const char *policy, TS_RESP_CTX *ctx);
 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
                                       TS_RESP_CTX *ctx);
 int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
                                  TS_RESP_CTX *ctx);
 /* -------------------------------------------------- */
 /* BEGIN ERROR CODES */
 /*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_TS_strings(void);
 /* Error codes for the TS functions. */
 /* Function codes. */
 # define TS_F_D2I_TS_RESP                                 147
 # define TS_F_DEF_SERIAL_CB                               110
 # define TS_F_DEF_TIME_CB                                 111
 # define TS_F_ESS_ADD_SIGNING_CERT                        112
 # define TS_F_ESS_CERT_ID_NEW_INIT                        113
 # define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
 # define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
 # define TS_F_PKCS7_TO_TS_TST_INFO                        148
 # define TS_F_TS_ACCURACY_SET_MICROS                      115
 # define TS_F_TS_ACCURACY_SET_MILLIS                      116
 # define TS_F_TS_ACCURACY_SET_SECONDS                     117
 # define TS_F_TS_CHECK_IMPRINTS                           100
 # define TS_F_TS_CHECK_NONCES                             101
 # define TS_F_TS_CHECK_POLICY                             102
 # define TS_F_TS_CHECK_SIGNING_CERTS                      103
 # define TS_F_TS_CHECK_STATUS_INFO                        104
 # define TS_F_TS_COMPUTE_IMPRINT                          145
 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
 # define TS_F_TS_GET_STATUS_TEXT                          105
 # define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
 # define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
 # define TS_F_TS_REQ_SET_NONCE                            120
 # define TS_F_TS_REQ_SET_POLICY_ID                        121
 # define TS_F_TS_RESP_CREATE_RESPONSE                     122
 # define TS_F_TS_RESP_CREATE_TST_INFO                     123
 # define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
 # define TS_F_TS_RESP_CTX_ADD_MD                          125
 # define TS_F_TS_RESP_CTX_ADD_POLICY                      126
 # define TS_F_TS_RESP_CTX_NEW                             127
 # define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
 # define TS_F_TS_RESP_CTX_SET_CERTS                       129
 # define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
 # define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
 # define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
 # define TS_F_TS_RESP_GET_POLICY                          133
 # define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
 # define TS_F_TS_RESP_SET_STATUS_INFO                     135
 # define TS_F_TS_RESP_SET_TST_INFO                        150
 # define TS_F_TS_RESP_SIGN                                136
 # define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
 # define TS_F_TS_RESP_VERIFY_TOKEN                        107
 # define TS_F_TS_TST_INFO_SET_ACCURACY                    137
 # define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
 # define TS_F_TS_TST_INFO_SET_NONCE                       139
 # define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
 # define TS_F_TS_TST_INFO_SET_SERIAL                      141
 # define TS_F_TS_TST_INFO_SET_TIME                        142
 # define TS_F_TS_TST_INFO_SET_TSA                         143
 # define TS_F_TS_VERIFY                                   108
 # define TS_F_TS_VERIFY_CERT                              109
 # define TS_F_TS_VERIFY_CTX_NEW                           144
 /* Reason codes. */
 # define TS_R_BAD_PKCS7_TYPE                              132
 # define TS_R_BAD_TYPE                                    133
 # define TS_R_CERTIFICATE_VERIFY_ERROR                    100
 # define TS_R_COULD_NOT_SET_ENGINE                        127
 # define TS_R_COULD_NOT_SET_TIME                          115
 # define TS_R_D2I_TS_RESP_INT_FAILED                      128
 # define TS_R_DETACHED_CONTENT                            134
 # define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
 # define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
 # define TS_R_INVALID_NULL_POINTER                        102
 # define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
 # define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
 # define TS_R_NONCE_MISMATCH                              104
 # define TS_R_NONCE_NOT_RETURNED                          105
 # define TS_R_NO_CONTENT                                  106
 # define TS_R_NO_TIME_STAMP_TOKEN                         107
 # define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
 # define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
 # define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
 # define TS_R_POLICY_MISMATCH                             108
 # define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
 # define TS_R_RESPONSE_SETUP_ERROR                        121
 # define TS_R_SIGNATURE_FAILURE                           109
 # define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
 # define TS_R_TIME_SYSCALL_ERROR                          122
 # define TS_R_TOKEN_NOT_PRESENT                           130
 # define TS_R_TOKEN_PRESENT                               131
 # define TS_R_TSA_NAME_MISMATCH                           111
 # define TS_R_TSA_UNTRUSTED                               112
 # define TS_R_TST_INFO_SETUP_ERROR                        123
 # define TS_R_TS_DATASIGN                                 124
 # define TS_R_UNACCEPTABLE_POLICY                         125
 # define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
 # define TS_R_UNSUPPORTED_VERSION                         113
 # define TS_R_WRONG_CONTENT_TYPE                          114
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/txt_db.h
+++ b/src/Mayaqua/win32_inc/openssl/txt_db.h
@ -77,16 +77,18 @@
 extern "C" {
 #endif
-typedef struct txt_db_st
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
-	{
+DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
 typedef struct txt_db_st {
    int num_fields;
-	STACK /* char ** */ *data;
+    STACK_OF(OPENSSL_PSTRING) *data;
-	LHASH **index;
+    LHASH_OF(OPENSSL_STRING) **index;
-	int (**qual)(char **);
+    int (**qual) (OPENSSL_STRING *);
    long error;
    long arg1;
    long arg2;
-	char **arg_row;
+    OPENSSL_STRING *arg_row;
 } TXT_DB;
 # ifndef OPENSSL_NO_BIO
@ -96,11 +98,12 @@ long TXT_DB_write(BIO *out, TXT_DB *db);
 TXT_DB *TXT_DB_read(char *in, int num);
 long TXT_DB_write(char *out, TXT_DB *db);
 # endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **),
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
 void TXT_DB_free(TXT_DB *db);
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
-int TXT_DB_insert(TXT_DB *db,char **value);
+                                    OPENSSL_STRING *value);
 int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/ui.h
+++ b/src/Mayaqua/win32_inc/openssl/ui.h
@ -1,6 +1,7 @@
 /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+/*
- * project 2001.
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
 */
 /* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@ -73,18 +74,20 @@ extern "C" {
 /* typedef struct ui_st UI; */
 /* typedef struct ui_method_st UI_METHOD; */
-
+/*
-/* All the following functions return -1 or NULL on error and in some cases
+ * All the following functions return -1 or NULL on error and in some cases
-   (UI_process()) -2 if interrupted or in some other way cancelled.
+ * (UI_process()) -2 if interrupted or in some other way cancelled. When
-   When everything is fine, they return 0, a positive value or a non-NULL
+ * everything is fine, they return 0, a positive value or a non-NULL pointer,
-   pointer, all depending on their purpose. */
+ * all depending on their purpose.
 */
 /* Creators and destructor.   */
 UI *UI_new(void);
 UI *UI_new_method(const UI_METHOD *method);
 void UI_free(UI *ui);
-/* The following functions are used to add strings to be printed and prompt
+/*-
   The following functions are used to add strings to be printed and prompt
   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
   and UI_{add,dup}_input_boolean.
@ -107,7 +110,6 @@ void UI_free(UI *ui);
   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
   and are typically used when one wants to prompt for a yes/no response.
   All of the functions in this group take a UI and a prompt string.
   The string input and verify addition functions also take a flag argument,
   a buffer for the result to end up with, a minimum input size and a maximum
@ -132,9 +134,11 @@ int UI_add_input_string(UI *ui, const char *prompt, int flags,
 int UI_dup_input_string(UI *ui, const char *prompt, int flags,
                        char *result_buf, int minsize, int maxsize);
 int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf);
+                         char *result_buf, int minsize, int maxsize,
                         const char *test_buf);
 int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf);
+                         char *result_buf, int minsize, int maxsize,
                         const char *test_buf);
 int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
                         const char *ok_chars, const char *cancel_chars,
                         int flags, char *result_buf);
@ -149,55 +153,59 @@ int UI_dup_error_string(UI *ui, const char *text);
 /* These are the possible flags.  They can be or'ed together. */
 /* Use to have echoing of input */
 # define UI_INPUT_FLAG_ECHO              0x01
-/* Use a default password.  Where that password is found is completely
+/*
-   up to the application, it might for example be in the user data set
+ * Use a default password.  Where that password is found is completely up to
-   with UI_add_user_data().  It is not recommended to have more than
+ * the application, it might for example be in the user data set with
-   one input in each UI being marked with this flag, or the application
+ * UI_add_user_data().  It is not recommended to have more than one input in
-   might get confused. */
+ * each UI being marked with this flag, or the application might get
 * confused.
 */
 # define UI_INPUT_FLAG_DEFAULT_PWD       0x02
-/* The user of these routines may want to define flags of their own.  The core
+/*-
-   UI won't look at those, but will pass them on to the method routines.  They
+ * The user of these routines may want to define flags of their own.  The core
-   must use higher bits so they don't get confused with the UI bits above.
+ * UI won't look at those, but will pass them on to the method routines.  They
-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+ * must use higher bits so they don't get confused with the UI bits above.
-   example of use is this:
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
-
+ * example of use is this:
-	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
-
+ *    #define MY_UI_FLAG1       (0x01 << UI_INPUT_FLAG_USER_BASE)
 *
 */
 # define UI_INPUT_FLAG_USER_BASE 16
-
+/*-
-/* The following function helps construct a prompt.  object_desc is a
+ * The following function helps construct a prompt.  object_desc is a
-   textual short description of the object, for example "pass phrase",
+ * textual short description of the object, for example "pass phrase",
-   and object_name is the name of the object (might be a card name or
+ * and object_name is the name of the object (might be a card name or
-   a file name.
+ * a file name.
-   The returned string shall always be allocated on the heap with
+ * The returned string shall always be allocated on the heap with
-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
+ *
-   If the ui_method doesn't contain a pointer to a user-defined prompt
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
-   constructor, a default string is built, looking like this:
+ * constructor, a default string is built, looking like this:
-
+ *
-	"Enter {object_desc} for {object_name}:"
+ *       "Enter {object_desc} for {object_name}:"
-
+ *
-   So, if object_desc has the value "pass phrase" and object_name has
+ * So, if object_desc has the value "pass phrase" and object_name has
-   the value "foo.key", the resulting string is:
+ * the value "foo.key", the resulting string is:
-
+ *
-	"Enter pass phrase for foo.key:"
+ *       "Enter pass phrase for foo.key:"
 */
 char *UI_construct_prompt(UI *ui_method,
                          const char *object_desc, const char *object_name);
-
+/*
-/* The following function is used to store a pointer to user-specific data.
+ * The following function is used to store a pointer to user-specific data.
-   Any previous such pointer will be returned and replaced.
+ * Any previous such pointer will be returned and replaced.
-
+ *
-   For callback purposes, this function makes a lot more sense than using
+ * For callback purposes, this function makes a lot more sense than using
-   ex_data, since the latter requires that different parts of OpenSSL or
+ * ex_data, since the latter requires that different parts of OpenSSL or
-   applications share the same ex_data index.
+ * applications share the same ex_data index.
-
+ *
-   Note that the UI_OpenSSL() method completely ignores the user data.
+ * Note that the UI_OpenSSL() method completely ignores the user data. Other
-   Other methods may not, however.  */
+ * methods may not, however.
 */
 void *UI_add_user_data(UI *ui, void *user_data);
 /* We need a user data retrieving function as well.  */
 void *UI_get0_user_data(UI *ui);
@ -208,22 +216,27 @@ const char *UI_get0_result(UI *ui, int i);
 /* When all strings have been added, process the whole thing. */
 int UI_process(UI *ui);
-/* Give a user interface parametrised control commands.  This can be used to
+/*
-   send down an integer, a data pointer or a function pointer, as well as
+ * Give a user interface parametrised control commands.  This can be used to
-   be used to get information from a UI. */
+ * send down an integer, a data pointer or a function pointer, as well as be
 * used to get information from a UI.
 */
 int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
 /* The commands */
-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+/*
-   OpenSSL error stack before printing any info or added error messages and
+ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
-   before any prompting. */
+ * OpenSSL error stack before printing any info or added error messages and
 * before any prompting.
 */
 # define UI_CTRL_PRINT_ERRORS            1
-/* Check if a UI_process() is possible to do again with the same instance of
+/*
-   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+ * Check if a UI_process() is possible to do again with the same instance of
-   if not. */
+ * a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
 * if not.
 */
 # define UI_CTRL_IS_REDOABLE             2
 /* Some methods may use extra data */
 # define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
 # define UI_get_app_data(s)             UI_get_ex_data(s,0)
@ -241,9 +254,9 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
 /* The method with all the built-in thingies */
 UI_METHOD *UI_OpenSSL(void);
 /* ---------- For method writers ---------- */
-/* A method contains a number of functions that implement the low level
+/*-
   A method contains a number of functions that implement the low level
   of the User Interface.  The functions are:
        an opener       This function starts a session, maybe by opening
@ -284,16 +297,18 @@ UI_METHOD *UI_OpenSSL(void);
   the reader take a UI_STRING.
 */
-/* The UI_STRING type is the data structure that contains all the needed info
+/*
-   about a string or a prompt, including test data for a verification prompt.
+ * The UI_STRING type is the data structure that contains all the needed info
 * about a string or a prompt, including test data for a verification prompt.
 */
 DECLARE_STACK_OF(UI_STRING)
 typedef struct ui_string_st UI_STRING;
 DECLARE_STACK_OF(UI_STRING)
-/* The different types of strings that are currently supported.
+/*
-   This is only needed by method authors. */
+ * The different types of strings that are currently supported. This is only
-enum UI_string_types
+ * needed by method authors.
-	{
+ */
 enum UI_string_types {
    UIT_NONE = 0,
    UIT_PROMPT,                 /* Prompt for a string */
    UIT_VERIFY,                 /* Prompt for a string and verify */
@ -306,18 +321,31 @@ enum UI_string_types
 UI_METHOD *UI_create_method(char *name);
 void UI_destroy_method(UI_METHOD *ui_method);
 int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
+int UI_method_set_writer(UI_METHOD *method,
                         int (*writer) (UI *ui, UI_STRING *uis));
 int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
+int UI_method_set_reader(UI_METHOD *method,
                         int (*reader) (UI *ui, UI_STRING *uis));
 int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
 int UI_method_set_prompt_constructor(UI_METHOD *method,
                                     char *(*prompt_constructor) (UI *ui,
                                                                  const char
                                                                  *object_desc,
                                                                  const char
                                                                  *object_name));
 int (*UI_method_get_opener(UI_METHOD *method)) (UI *);
 int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *);
 int (*UI_method_get_flusher(UI_METHOD *method)) (UI *);
 int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *);
 int (*UI_method_get_closer(UI_METHOD *method)) (UI *);
 char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,
                                                              const char *,
                                                              const char *);
-/* The following functions are helpers for method writers to access relevant
+/*
-   data from a UI_STRING. */
+ * The following functions are helpers for method writers to access relevant
 * data from a UI_STRING.
 */
 /* Return type of the UI_STRING */
 enum UI_string_types UI_get_string_type(UI_STRING *uis);
@ -325,11 +353,16 @@ enum UI_string_types UI_get_string_type(UI_STRING *uis);
 int UI_get_input_flags(UI_STRING *uis);
 /* Return the actual string to output (the prompt, info or error) */
 const char *UI_get0_output_string(UI_STRING *uis);
-/* Return the optional action string to output (the boolean promtp instruction) */
+/*
 * Return the optional action string to output (the boolean promtp
 * instruction)
 */
 const char *UI_get0_action_string(UI_STRING *uis);
 /* Return the result of a prompt */
 const char *UI_get0_result_string(UI_STRING *uis);
-/* Return the string to test the result against.  Only useful with verifies. */
+/*
 * Return the string to test the result against.  Only useful with verifies.
 */
 const char *UI_get0_test_string(UI_STRING *uis);
 /* Return the required minimum size of the result */
 int UI_get_result_minsize(UI_STRING *uis);
@ -338,14 +371,15 @@ int UI_get_result_maxsize(UI_STRING *uis);
 /* Set the result of a UI_STRING. */
 int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
 /* A couple of popular utility functions */
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+                           int verify);
-
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
                    int verify);
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_UI_strings(void);
--- a/src/Mayaqua/win32_inc/openssl/ui_compat.h
+++ b/src/Mayaqua/win32_inc/openssl/ui_compat.h
@ -1,6 +1,7 @@
 /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+/*
- * project 2001.
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
 */
 /* ====================================================================
 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@ -66,16 +67,20 @@
 extern "C" {
 #endif
-/* The following functions were previously part of the DES section,
+/*
-   and are provided here for backward compatibility reasons. */
+ * The following functions were previously part of the DES section, and are
 * provided here for backward compatibility reasons.
 */
 # define des_read_pw_string(b,l,p,v) \
        _ossl_old_des_read_pw_string((b),(l),(p),(v))
 # define des_read_pw(b,bf,s,p,v) \
        _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+                                 int verify);
 int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
                          int verify);
 #ifdef  __cplusplus
 }
--- a/src/Mayaqua/win32_inc/openssl/whrlpool.h
+++ b/src/Mayaqua/win32_inc/openssl/whrlpool.h
@ -0,0 +1,41 @@
 #ifndef HEADER_WHRLPOOL_H
 # define HEADER_WHRLPOOL_H
 # include <openssl/e_os2.h>
 # include <stddef.h>
 #ifdef __cplusplus
 extern "C" {
 #endif
 # define WHIRLPOOL_DIGEST_LENGTH (512/8)
 # define WHIRLPOOL_BBLOCK        512
 # define WHIRLPOOL_COUNTER       (256/8)
 typedef struct {
    union {
        unsigned char c[WHIRLPOOL_DIGEST_LENGTH];
        /* double q is here to ensure 64-bit alignment */
        double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)];
    } H;
    unsigned char data[WHIRLPOOL_BBLOCK / 8];
    unsigned int bitoff;
    size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)];
 } WHIRLPOOL_CTX;
 # ifndef OPENSSL_NO_WHIRLPOOL
 #  ifdef OPENSSL_FIPS
 int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
 #  endif
 int WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits);
 int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c);
 unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md);
 # endif
 #ifdef __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/x509.h
+++ b/src/Mayaqua/win32_inc/openssl/x509.h
--- a/src/Mayaqua/win32_inc/openssl/x509_vfy.h
+++ b/src/Mayaqua/win32_inc/openssl/x509_vfy.h
@ -58,8 +58,10 @@
 #ifndef HEADER_X509_H
 # include <openssl/x509.h>
-/* openssl/x509.h ends up #include-ing this file at about the only
+/*
- * appropriate moment. */
+ * openssl/x509.h ends up #include-ing this file at about the only
 * appropriate moment.
 */
 #endif
 #ifndef HEADER_X509_VFY_H
@ -77,17 +79,17 @@
 extern "C" {
 #endif
 # if 0
 /* Outer object */
-typedef struct x509_hash_dir_st
+typedef struct x509_hash_dir_st {
 	{
    int num_dirs;
    char **dirs;
    int *dirs_type;
    int num_dirs_alloced;
 } X509_HASH_DIR_CTX;
 # endif
-typedef struct x509_file_st
+typedef struct x509_file_st {
 	{
    int num_paths;              /* number of paths to files or directories */
    int num_alloced;
    char **paths;               /* the list of paths or directories */
@ -95,7 +97,7 @@ typedef struct x509_file_st
 } X509_CERT_FILE_CTX;
 /*******************************/
-/*
+/*-
 SSL_CTX -> X509_STORE
                -> X509_LOOKUP
                        ->X509_LOOKUP_METHOD
@ -118,8 +120,7 @@ certificate chain.
 # define X509_LU_CRL             2
 # define X509_LU_PKEY            3
-typedef struct x509_object_st
+typedef struct x509_object_st {
 	{
    /* one of the above types */
    int type;
    union {
@ -136,8 +137,7 @@ DECLARE_STACK_OF(X509_LOOKUP)
 DECLARE_STACK_OF(X509_OBJECT)
 /* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st
+typedef struct x509_lookup_method_st {
 	{
    const char *name;
    int (*new_item) (X509_LOOKUP *ctx);
    void (*free) (X509_LOOKUP *ctx);
@ -156,13 +156,15 @@ typedef struct x509_lookup_method_st
                         X509_OBJECT *ret);
 } X509_LOOKUP_METHOD;
-/* This structure hold all parameters associated with a verify operation
+typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
- * by including an X509_VERIFY_PARAM structure in related structures the
+
 /*
 * This structure hold all parameters associated with a verify operation by
 * including an X509_VERIFY_PARAM structure in related structures the
 * parameters used can be customized
 */
-typedef struct X509_VERIFY_PARAM_st
+typedef struct X509_VERIFY_PARAM_st {
 	{
    char *name;
    time_t check_time;          /* Time to use */
    unsigned long inh_flags;    /* Inheritance flags */
@ -171,35 +173,43 @@ typedef struct X509_VERIFY_PARAM_st
    int trust;                  /* trust setting to check */
    int depth;                  /* Verify depth */
    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
    X509_VERIFY_PARAM_ID *id;   /* opaque ID data */
 } X509_VERIFY_PARAM;
 DECLARE_STACK_OF(X509_VERIFY_PARAM)
-/* This is used to hold everything.  It is used for all certificate
+/*
- * validation.  Once we have a certificate chain, the 'verify'
+ * This is used to hold everything.  It is used for all certificate
- * function is then called to actually check the cert chain. */
+ * validation.  Once we have a certificate chain, the 'verify' function is
-struct x509_store_st
+ * then called to actually check the cert chain.
-	{
+ */
 struct x509_store_st {
    /* The following is a cache of trusted certs */
    int cache;                  /* if true, stash any hits */
    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
    /* These are external lookup methods */
    STACK_OF(X509_LOOKUP) *get_cert_methods;
    X509_VERIFY_PARAM *param;
    /* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
+    /* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
+    int (*verify) (X509_STORE_CTX *ctx);
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
+    /* error callback */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+    /* get issuers cert from ctx */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+    /* check issued */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
    /* Check revocation status of chain */
    int (*check_revocation) (X509_STORE_CTX *ctx);
    /* retrieve CRL */
    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
    /* Check CRL validity */
    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
    /* Check certificate against CRL */
    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
    int (*cleanup) (X509_STORE_CTX *ctx);
    CRYPTO_EX_DATA ex_data;
    int references;
 } /* X509_STORE */ ;
@ -210,59 +220,79 @@ int X509_STORE_set_depth(X509_STORE *store, int depth);
 # define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
 /* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st
+struct x509_lookup_st {
 	{
    int init;                   /* have we been started */
    int skip;                   /* don't use us. */
    X509_LOOKUP_METHOD *method; /* the functions */
    char *method_data;          /* method data */
    X509_STORE *store_ctx;      /* who owns us */
 } /* X509_LOOKUP */ ;
-/* This is a used when verifying cert chains.  Since the
+/*
- * gathering of the cert chain can take some time (and have to be
+ * This is a used when verifying cert chains.  Since the gathering of the
- * 'retried', this needs to be kept and passed around. */
+ * cert chain can take some time (and have to be 'retried', this needs to be
-struct x509_store_ctx_st      /* X509_STORE_CTX */
+ * kept and passed around.
-	{
+ */
 struct x509_store_ctx_st {      /* X509_STORE_CTX */
    X509_STORE *ctx;
-	int current_method;	/* used when looking up certs */
+    /* used when looking up certs */
-
+    int current_method;
    /* The following are set by the caller */
-	X509 *cert;		/* The cert to check */
+    /* The cert to check */
-	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */
+    X509 *cert;
-	STACK_OF(X509_CRL) *crls;	/* set of CRLs passed in */
+    /* chain of X509s - untrusted - passed in */
-
+    STACK_OF(X509) *untrusted;
    /* set of CRLs passed in */
    STACK_OF(X509_CRL) *crls;
    X509_VERIFY_PARAM *param;
-	void *other_ctx;	/* Other info for use with get_issuer() */
+    /* Other info for use with get_issuer() */
-
+    void *other_ctx;
    /* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
+    /* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */
+    int (*verify) (X509_STORE_CTX *ctx);
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
+    /* error callback */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+    /* get issuers cert from ctx */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+    /* check issued */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
    /* Check revocation status of chain */
    int (*check_revocation) (X509_STORE_CTX *ctx);
    /* retrieve CRL */
    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
    /* Check CRL validity */
    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
    /* Check certificate against CRL */
    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
    int (*check_policy) (X509_STORE_CTX *ctx);
    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
    int (*cleanup) (X509_STORE_CTX *ctx);
    /* The following is built up */
-	int valid;		/* if 0, rebuild chain */
+    /* if 0, rebuild chain */
-	int last_untrusted;	/* index of last untrusted cert */
+    int valid;
-	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */
+    /* index of last untrusted cert */
-	X509_POLICY_TREE *tree;	/* Valid policy tree */
+    int last_untrusted;
-
+    /* chain of X509s - built up and trusted */
-	int explicit_policy;	/* Require explicit policy value */
+    STACK_OF(X509) *chain;
-
+    /* Valid policy tree */
    X509_POLICY_TREE *tree;
    /* Require explicit policy value */
    int explicit_policy;
    /* When something goes wrong, this is why */
    int error_depth;
    int error;
    X509 *current_cert;
-	X509 *current_issuer;	/* cert currently being tested as valid issuer */
+    /* cert currently being tested as valid issuer */
-	X509_CRL *current_crl;	/* current CRL */
+    X509 *current_issuer;
-
+    /* current CRL */
    X509_CRL *current_crl;
    /* score of current CRL */
    int current_crl_score;
    /* Reason mask */
    unsigned int current_reasons;
    /* For CRL path validation: parent context */
    X509_STORE_CTX *parent;
    CRYPTO_EX_DATA ex_data;
 } /* X509_STORE_CTX */ ;
@ -330,8 +360,31 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define         X509_V_ERR_INVALID_EXTENSION                    41
 # define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
 # define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
 # define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
 # define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
-#define		X509_V_ERR_UNNESTED_RESOURCE			44
+# define         X509_V_ERR_UNNESTED_RESOURCE                    46
 # define         X509_V_ERR_PERMITTED_VIOLATION                  47
 # define         X509_V_ERR_EXCLUDED_VIOLATION                   48
 # define         X509_V_ERR_SUBTREE_MINMAX                       49
 # define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
 # define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
 # define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
 # define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
 /* Suite B mode algorithm violation */
 # define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
 # define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
 # define         X509_V_ERR_SUITE_B_INVALID_CURVE                58
 # define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
 # define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
 # define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
 /* Host, email and IP check errors */
 # define         X509_V_ERR_HOSTNAME_MISMATCH                    62
 # define         X509_V_ERR_EMAIL_MISMATCH                       63
 # define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
 /* The application is not happy */
 # define         X509_V_ERR_APPLICATION_VERIFICATION             50
@ -362,9 +415,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define X509_V_FLAG_INHIBIT_MAP                 0x400
 /* Notify callback that policy is OK */
 # define X509_V_FLAG_NOTIFY_POLICY               0x800
-
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
 # define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
 /* Delta CRL support */
 # define X509_V_FLAG_USE_DELTAS                  0x2000
 /* Check selfsigned CA signature */
 # define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
 /* Use trusted store first */
 # define X509_V_FLAG_TRUSTED_FIRST               0x8000
 /* Suite B 128 bit only mode: not normally used */
 # define X509_V_FLAG_SUITEB_128_LOS_ONLY         0x10000
 /* Suite B 192 bit only mode */
 # define X509_V_FLAG_SUITEB_192_LOS              0x20000
 /* Suite B 128 bit mode allowing 192 bit algorithms */
 # define X509_V_FLAG_SUITEB_128_LOS              0x30000
 /* Allow partial chains if at least one certificate is in trusted store */
 # define X509_V_FLAG_PARTIAL_CHAIN               0x80000
 # define X509_VP_FLAG_DEFAULT                    0x1
 # define X509_VP_FLAG_OVERWRITE                  0x2
@ -380,18 +447,30 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
                               X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
+                                             int type, X509_NAME *name);
 X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
                                        X509_OBJECT *x);
 void X509_OBJECT_up_ref_count(X509_OBJECT *a);
 void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void);
 void X509_STORE_free(X509_STORE *v);
 STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
 int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
 void X509_STORE_set_verify_cb(X509_STORE *ctx,
                              int (*verify_cb) (int, X509_STORE_CTX *));
 void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
                                   STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX
                                                              *ctx,
                                                              X509_NAME *nm));
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
@ -402,6 +481,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
@ -422,7 +503,6 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 # endif
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
 void X509_LOOKUP_free(X509_LOOKUP *ctx);
 int X509_LOOKUP_init(X509_LOOKUP *ctx);
@ -431,9 +511,10 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
 int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
                                 ASN1_INTEGER *serial, X509_OBJECT *ret);
 int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-	unsigned char *bytes, int len, X509_OBJECT *ret);
+                               unsigned char *bytes, int len,
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
+                               X509_OBJECT *ret);
-	int len, X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
                         X509_OBJECT *ret);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 # ifndef OPENSSL_NO_STDIO
@ -442,14 +523,19 @@ int	X509_STORE_load_locations (X509_STORE *ctx,
 int X509_STORE_set_default_paths(X509_STORE *ctx);
 # endif
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+                                    CRYPTO_EX_new *new_func,
                                    CRYPTO_EX_dup *dup_func,
                                    CRYPTO_EX_free *free_func);
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
@ -481,7 +567,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
 int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                           const X509_VERIFY_PARAM *from);
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
                                unsigned long flags);
 int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
                                  unsigned long flags);
 unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
@ -493,42 +580,62 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                  ASN1_OBJECT *policy);
 int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
                                    STACK_OF(ASN1_OBJECT) *policies);
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                const char *name, size_t namelen);
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
                                const char *name, size_t namelen);
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
                                     unsigned int flags);
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
                                 const char *email, size_t emaillen);
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
                              const unsigned char *ip, size_t iplen);
 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
                                  const char *ipasc);
 int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
 const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_get_count(void);
 const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
 const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
 void X509_VERIFY_PARAM_table_cleanup(void);
 int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
                      STACK_OF(X509) *certs,
-			STACK_OF(ASN1_OBJECT) *policy_oids,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
 			unsigned int flags);
 void X509_policy_tree_free(X509_POLICY_TREE *tree);
 int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
-X509_POLICY_LEVEL *
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
+                                               int i);
-STACK_OF(X509_POLICY_NODE) *
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
-	X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
+                                                           X509_POLICY_TREE
                                                           *tree);
-STACK_OF(X509_POLICY_NODE) *
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
+                                                                X509_POLICY_TREE
                                                                *tree);
 int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
                                              int i);
 const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
-STACK_OF(POLICYQUALINFO) *
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
-	X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
+                                                           X509_POLICY_NODE
-const X509_POLICY_NODE *
+                                                           *node);
-	X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
                                                     *node);
 #ifdef  __cplusplus
 }
 #endif
 #endif
--- a/src/Mayaqua/win32_inc/openssl/x509v3.h
+++ b/src/Mayaqua/win32_inc/openssl/x509v3.h
@ -1,6 +1,7 @@
 /* x509v3.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
- * project 1999.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
@ -66,6 +67,13 @@
 extern "C" {
 #endif
 # ifdef OPENSSL_SYS_WIN32
 /* Under Win32 these are defined in wincrypt.h */
 #  undef X509_NAME
 #  undef X509_CERT_PAIR
 #  undef X509_EXTENSIONS
 # endif
 /* Forward reference */
 struct v3_ext_method;
 struct v3_ext_ctx;
@ -76,12 +84,20 @@ typedef void * (*X509V3_EXT_NEW)(void);
 typedef void (*X509V3_EXT_FREE) (void *);
 typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
 typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef STACK_OF(CONF_VALUE) *
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
+    (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+                       STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+                                struct v3_ext_ctx *ctx,
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+                                STACK_OF(CONF_VALUE) *values);
 typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
                                void *ext);
 typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
                                struct v3_ext_ctx *ctx, const char *str);
 typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
                               BIO *out, int indent);
 typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
                                struct v3_ext_ctx *ctx, const char *str);
 /* V3 extension structure */
@ -95,19 +111,15 @@ X509V3_EXT_NEW ext_new;
    X509V3_EXT_FREE ext_free;
    X509V3_EXT_D2I d2i;
    X509V3_EXT_I2D i2d;
 /* The following pair is used for string extensions */
    X509V3_EXT_I2S i2s;
    X509V3_EXT_S2I s2i;
 /* The following pair is used for multi-valued extensions */
    X509V3_EXT_I2V i2v;
    X509V3_EXT_V2I v2i;
 /* The following are used for raw extensions */
    X509V3_EXT_I2R i2r;
    X509V3_EXT_R2I r2i;
    void *usr_data;             /* Any extension specific data */
 };
@ -147,7 +159,6 @@ int ca;
    ASN1_INTEGER *pathlen;
 } BASIC_CONSTRAINTS;
 typedef struct PKEY_USAGE_PERIOD_st {
    ASN1_GENERALIZEDTIME *notBefore;
    ASN1_GENERALIZEDTIME *notAfter;
@ -164,7 +175,6 @@ typedef struct EDIPartyName_st {
 } EDIPARTYNAME;
 typedef struct GENERAL_NAME_st {
 # define GEN_OTHERNAME   0
 # define GEN_EMAIL       1
 # define GEN_DNS         2
@ -174,7 +184,6 @@ typedef struct GENERAL_NAME_st {
 # define GEN_URI         6
 # define GEN_IPADD       7
 # define GEN_RID         8
    int type;
    union {
        char *ptr;
@ -187,11 +196,11 @@ union {
        ASN1_IA5STRING *uniformResourceIdentifier;
        ASN1_OCTET_STRING *iPAddress;
        ASN1_OBJECT *registeredID;
        /* Old names */
        ASN1_OCTET_STRING *ip;  /* iPAddress */
        X509_NAME *dirn;        /* dirn */
-	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+        ASN1_IA5STRING *ia5;    /* rfc822Name, dNSName,
                                 * uniformResourceIdentifier */
        ASN1_OBJECT *rid;       /* registeredID */
        ASN1_TYPE *other;       /* x400Address */
    } d;
@ -220,24 +229,41 @@ union {
        GENERAL_NAMES *fullname;
        STACK_OF(X509_NAME_ENTRY) *relativename;
    } name;
 /* If relativename then this contains the full distribution point name */
    X509_NAME *dpname;
 } DIST_POINT_NAME;
 /* All existing reasons */
 # define CRLDP_ALL_REASONS       0x807f
-typedef struct DIST_POINT_st {
+# define CRL_REASON_NONE                         -1
 # define CRL_REASON_UNSPECIFIED                  0
 # define CRL_REASON_KEY_COMPROMISE               1
 # define CRL_REASON_CA_COMPROMISE                2
 # define CRL_REASON_AFFILIATION_CHANGED          3
 # define CRL_REASON_SUPERSEDED                   4
 # define CRL_REASON_CESSATION_OF_OPERATION       5
 # define CRL_REASON_CERTIFICATE_HOLD             6
 # define CRL_REASON_REMOVE_FROM_CRL              8
 # define CRL_REASON_PRIVILEGE_WITHDRAWN          9
 # define CRL_REASON_AA_COMPROMISE                10
 struct DIST_POINT_st {
    DIST_POINT_NAME *distpoint;
    ASN1_BIT_STRING *reasons;
    GENERAL_NAMES *CRLissuer;
-} DIST_POINT;
+    int dp_reasons;
 };
 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 DECLARE_STACK_OF(DIST_POINT)
 DECLARE_ASN1_SET_OF(DIST_POINT)
-typedef struct AUTHORITY_KEYID_st {
+struct AUTHORITY_KEYID_st {
    ASN1_OCTET_STRING *keyid;
    GENERAL_NAMES *issuer;
    ASN1_INTEGER *serial;
-} AUTHORITY_KEYID;
+};
 /* Strong extranet structures */
@ -303,10 +329,10 @@ typedef struct GENERAL_SUBTREE_st {
 DECLARE_STACK_OF(GENERAL_SUBTREE)
-typedef struct NAME_CONSTRAINTS_st {
+struct NAME_CONSTRAINTS_st {
    STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
    STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-} NAME_CONSTRAINTS;
+};
 typedef struct POLICY_CONSTRAINTS_st {
    ASN1_INTEGER *requireExplicitPolicy;
@ -314,14 +340,12 @@ typedef struct POLICY_CONSTRAINTS_st {
 } POLICY_CONSTRAINTS;
 /* Proxy certificate structures, see RFC 3820 */
-typedef struct PROXY_POLICY_st
+typedef struct PROXY_POLICY_st {
 	{
    ASN1_OBJECT *policyLanguage;
    ASN1_OCTET_STRING *policy;
 } PROXY_POLICY;
-typedef struct PROXY_CERT_INFO_EXTENSION_st
+typedef struct PROXY_CERT_INFO_EXTENSION_st {
 	{
    ASN1_INTEGER *pcPathLengthConstraint;
    PROXY_POLICY *proxyPolicy;
 } PROXY_CERT_INFO_EXTENSION;
@ -329,6 +353,30 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st
 DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
 DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 struct ISSUING_DIST_POINT_st {
    DIST_POINT_NAME *distpoint;
    int onlyuser;
    int onlyCA;
    ASN1_BIT_STRING *onlysomereasons;
    int indirectCRL;
    int onlyattr;
 };
 /* Values in idp_flags field */
 /* IDP present */
 # define IDP_PRESENT     0x1
 /* IDP values inconsistent */
 # define IDP_INVALID     0x2
 /* onlyuser true */
 # define IDP_ONLYUSER    0x4
 /* onlyCA true */
 # define IDP_ONLYCA      0x8
 /* onlyattr true */
 # define IDP_ONLYATTR    0x10
 /* indirectCRL true */
 # define IDP_INDIRECT    0x20
 /* onlysomereasons present */
 # define IDP_REASONS     0x40
 # define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
 ",name:", val->name, ",value:", val->value);
@ -354,7 +402,6 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 # define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
 /* X509_PURPOSE stuff */
 # define EXFLAG_BCONS            0x1
@ -365,7 +412,6 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 # define EXFLAG_CA               0x10
 /* Really self issued not necessarily self signed */
 # define EXFLAG_SI               0x20
 #define EXFLAG_SS		0x20
 # define EXFLAG_V1               0x40
 # define EXFLAG_INVALID          0x80
 # define EXFLAG_SET              0x100
@ -373,6 +419,9 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 # define EXFLAG_PROXY            0x400
 # define EXFLAG_INVALID_POLICY   0x800
 # define EXFLAG_FRESHEST         0x1000
 /* Self signed */
 # define EXFLAG_SS               0x2000
 # define KU_DIGITAL_SIGNATURE    0x0080
 # define KU_NON_REPUDIATION      0x0040
@ -401,6 +450,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 # define XKU_OCSP_SIGN           0x20
 # define XKU_TIMESTAMP           0x40
 # define XKU_DVCS                0x80
 # define XKU_ANYEKU              0x100
 # define X509_PURPOSE_DYNAMIC    0x1
 # define X509_PURPOSE_DYNAMIC_NAME       0x2
@ -409,8 +459,7 @@ typedef struct x509_purpose_st {
    int purpose;
    int trust;                  /* Default trust ID */
    int flags;
-	int (*check_purpose)(const struct x509_purpose_st *,
+    int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
 				const X509 *, int);
    char *name;
    char *sname;
    void *usr_data;
@ -424,9 +473,10 @@ typedef struct x509_purpose_st {
 # define X509_PURPOSE_CRL_SIGN           6
 # define X509_PURPOSE_ANY                7
 # define X509_PURPOSE_OCSP_HELPER        8
 # define X509_PURPOSE_TIMESTAMP_SIGN     9
 # define X509_PURPOSE_MIN                1
-#define X509_PURPOSE_MAX		8
+# define X509_PURPOSE_MAX                9
 /* Flags for X509V3_EXT_print() */
@ -459,8 +509,10 @@ DECLARE_ASN1_FUNCTIONS(SXNET)
 DECLARE_ASN1_FUNCTIONS(SXNETID)
 int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
+                       int userlen);
 int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user,
                         int userlen);
 ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
@ -471,29 +523,43 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
 DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
-
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
 int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                     X509V3_CTX *ctx,
                                     STACK_OF(CONF_VALUE) *nval);
 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
                                          ASN1_BIT_STRING *bits,
                                          STACK_OF(CONF_VALUE) *extlist);
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                                       GENERAL_NAME *gen,
                                       STACK_OF(CONF_VALUE) *ret);
 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
 DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
+                                        GENERAL_NAMES *gen,
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                        STACK_OF(CONF_VALUE) *extlist);
 GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 DECLARE_ASN1_FUNCTIONS(OTHERNAME)
 DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
 int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
 void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
 void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
 int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
                                ASN1_OBJECT *oid, ASN1_TYPE *value);
 int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+                            ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
                                         X509V3_CTX *ctx, char *str);
 DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
 int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a);
@ -507,6 +573,11 @@ DECLARE_ASN1_FUNCTIONS(NOTICEREF)
 DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
 DECLARE_ASN1_FUNCTIONS(DIST_POINT)
 DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
 DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
 int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
 int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
@ -524,32 +595,51 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
                               const X509V3_EXT_METHOD *method,
                               X509V3_CTX *ctx, int gen_type, char *value,
                               int is_nc);
 # ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
-							CONF_VALUE *cnf);
+                               X509V3_CTX *ctx, CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-				X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
+                                  const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, CONF_VALUE *cnf,
                                  int is_nc);
 void X509V3_conf_free(CONF_VALUE *val);
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+                                     char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+                                 char *value);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+                            STACK_OF(X509_EXTENSION) **sk);
 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
                         X509 *cert);
 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
                             X509_REQ *req);
 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
                             X509_CRL *crl);
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+                                    X509V3_CTX *ctx, int ext_nid,
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+                                    char *value);
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+                                char *name, char *value);
 int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
                        char *section, X509 *cert);
 int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
                            char *section, X509_REQ *req);
 int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
                            char *section, X509_CRL *crl);
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
                             STACK_OF(CONF_VALUE) **extlist);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
 # endif
 char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
@ -570,39 +660,46 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
 ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
                                ASN1_ENUMERATED *aint);
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
 int X509V3_EXT_add_alias(int nid_to, int nid_from);
 void X509V3_EXT_cleanup(void);
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
-
+                     int *idx);
 int X509V3_EXT_free(int nid, void *ext_data);
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
                    int crit, unsigned long flags);
-char *hex_to_string(unsigned char *buffer, long len);
+char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(char *str, long *len);
+unsigned char *string_to_hex(const char *str, long *len);
 int name_cmp(const char *name, const char *cmp);
 void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
                        int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
                     int indent);
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
+int X509V3_extensions_print(BIO *out, char *title,
                            STACK_OF(X509_EXTENSION) *exts,
                            unsigned long flag, int indent);
 int X509_check_ca(X509 *x);
 int X509_check_purpose(X509 *x, int id, int ca);
 int X509_supported_extension(X509_EXTENSION *ex);
 int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE *X509_PURPOSE_get0(int idx);
 int X509_PURPOSE_get_by_sname(char *sname);
@ -616,10 +713,38 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(X509_PURPOSE *);
-STACK *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
-STACK *X509_REQ_get1_email(X509_REQ *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK *sk);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
-STACK *X509_get1_ocsp(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 /* Flags for X509_check_* functions */
 /*
 * Always check subject name for host match even if subject alt names present
 */
 # define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT    0x1
 /* Disable wildcard matching for dnsName fields and common name. */
 # define X509_CHECK_FLAG_NO_WILDCARDS    0x2
 /* Wildcards must not match a partial label. */
 # define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
 /* Allow (non-partial) wildcards to match multiple labels. */
 # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
 /* Constraint verifier subdomain patterns to match a single labels. */
 # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
 /*
 * Match reference identifiers starting with "." to any sub-domain.
 * This is a non-public flag, turned on implicitly when the subject
 * reference identity is a DNS name.
 */
 # define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
 int X509_check_host(X509 *x, const char *chk, size_t chklen,
                    unsigned int flags, char **peername);
 int X509_check_email(X509 *x, const char *chk, size_t chklen,
                     unsigned int flags);
 int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
                  unsigned int flags);
 int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
@ -628,6 +753,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
                             unsigned long chtype);
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 DECLARE_STACK_OF(X509_POLICY_NODE)
 # ifndef OPENSSL_NO_RFC3779
@ -669,7 +795,6 @@ DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
 DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
 DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
 typedef struct IPAddressRange_st {
    ASN1_BIT_STRING *min, *max;
 } IPAddressRange;
@ -770,16 +895,15 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
 int v3_asid_validate_path(X509_STORE_CTX *);
 int v3_addr_validate_path(X509_STORE_CTX *);
 int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-				  ASIdentifiers *ext,
+                                  ASIdentifiers *ext, int allow_inheritance);
 				  int allow_inheritance);
 int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-				  IPAddrBlocks *ext,
+                                  IPAddrBlocks *ext, int allow_inheritance);
 				  int allow_inheritance);
 # endif                         /* OPENSSL_NO_RFC3779 */
 /* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
+/*
 * The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
 void ERR_load_X509V3_strings(void);
@ -787,8 +911,9 @@ void ERR_load_X509V3_strings(void);
 /* Error codes for the X509V3 functions. */
 /* Function codes. */
-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE		 156
+# define X509V3_F_A2I_GENERAL_NAME                        164
-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL	 157
+# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
 # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
 # define X509V3_F_COPY_EMAIL                              122
 # define X509V3_F_COPY_ISSUER                             123
 # define X509V3_F_DO_DIRNAME                              144
@ -796,6 +921,7 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_F_DO_EXT_I2D                              135
 # define X509V3_F_DO_EXT_NCONF                            151
 # define X509V3_F_DO_I2V_NAME_CONSTRAINTS                 148
 # define X509V3_F_GNAMES_FROM_SECTNAME                    156
 # define X509V3_F_HEX_TO_STRING                           111
 # define X509V3_F_I2S_ASN1_ENUMERATED                     121
 # define X509V3_F_I2S_ASN1_IA5STRING                      149
@ -812,13 +938,14 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_F_S2I_ASN1_OCTET_STRING                   112
 # define X509V3_F_S2I_ASN1_SKEY_ID                        114
 # define X509V3_F_S2I_SKEY_ID                             115
 # define X509V3_F_SET_DIST_POINT_NAME                     158
 # define X509V3_F_STRING_TO_HEX                           113
 # define X509V3_F_SXNET_ADD_ID_ASC                        125
 # define X509V3_F_SXNET_ADD_ID_INTEGER                    126
 # define X509V3_F_SXNET_ADD_ID_ULONG                      127
 # define X509V3_F_SXNET_GET_ID_ASC                        128
 # define X509V3_F_SXNET_GET_ID_ULONG                      129
-#define X509V3_F_V2I_ASIDENTIFIERS			 158
+# define X509V3_F_V2I_ASIDENTIFIERS                       163
 # define X509V3_F_V2I_ASN1_BIT_STRING                     101
 # define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
 # define X509V3_F_V2I_AUTHORITY_KEYID                     119
@ -827,6 +954,7 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
 # define X509V3_F_V2I_GENERAL_NAMES                       118
 # define X509V3_F_V2I_GENERAL_NAME_EX                     117
 # define X509V3_F_V2I_IDP                                 157
 # define X509V3_F_V2I_IPADDRBLOCKS                        159
 # define X509V3_F_V2I_ISSUER_ALT                          153
 # define X509V3_F_V2I_NAME_CONSTRAINTS                    147
@ -840,6 +968,7 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_F_X509V3_EXT_ADD                          104
 # define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
 # define X509V3_F_X509V3_EXT_CONF                         107
 # define X509V3_F_X509V3_EXT_FREE                         165
 # define X509V3_F_X509V3_EXT_I2D                          136
 # define X509V3_F_X509V3_EXT_NCONF                        152
 # define X509V3_F_X509V3_GET_SECTION                      142
@ -854,7 +983,9 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_R_BAD_OBJECT                              119
 # define X509V3_R_BN_DEC2BN_ERROR                         100
 # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
 # define X509V3_R_CANNOT_FIND_FREE_FUNCTION               168
 # define X509V3_R_DIRNAME_ERROR                           149
 # define X509V3_R_DISTPOINT_ALREADY_SET                   160
 # define X509V3_R_DUPLICATE_ZONE_ID                       133
 # define X509V3_R_ERROR_CONVERTING_ZONE                   131
 # define X509V3_R_ERROR_CREATING_EXTENSION                144
@ -868,12 +999,13 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
 # define X509V3_R_ILLEGAL_HEX_DIGIT                       113
 # define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
-#define X509V3_R_INVALID_ASNUMBER			 160
+# define X509V3_R_INVALID_ASNUMBER                        162
-#define X509V3_R_INVALID_ASRANGE			 161
+# define X509V3_R_INVALID_ASRANGE                         163
 # define X509V3_R_INVALID_BOOLEAN_STRING                  104
 # define X509V3_R_INVALID_EXTENSION_STRING                105
-#define X509V3_R_INVALID_INHERITANCE			 162
+# define X509V3_R_INVALID_INHERITANCE                     165
-#define X509V3_R_INVALID_IPADDRESS			 163
+# define X509V3_R_INVALID_IPADDRESS                       166
 # define X509V3_R_INVALID_MULTIPLE_RDNS                   161
 # define X509V3_R_INVALID_NAME                            106
 # define X509V3_R_INVALID_NULL_ARGUMENT                   107
 # define X509V3_R_INVALID_NULL_NAME                       108
@ -901,9 +1033,9 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_R_ODD_NUMBER_OF_DIGITS                    112
 # define X509V3_R_OPERATION_NOT_DEFINED                   148
 # define X509V3_R_OTHERNAME_ERROR                         147
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED	 155
+# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
 # define X509V3_R_POLICY_PATH_LENGTH                      156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED	 157
+# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
 # define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   158
 # define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
 # define X509V3_R_SECTION_NOT_FOUND                       150
@ -914,6 +1046,7 @@ void ERR_load_X509V3_strings(void);
 # define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
 # define X509V3_R_UNKNOWN_OPTION                          120
 # define X509V3_R_UNSUPPORTED_OPTION                      117
 # define X509V3_R_UNSUPPORTED_TYPE                        167
 # define X509V3_R_USER_TOO_LONG                           132
 #ifdef  __cplusplus
--- a/src/bin/hamcore/SeLow_x64.sys
+++ b/src/bin/hamcore/SeLow_x64.sys
--- a/src/bin/hamcore/SeLow_x86.sys
+++ b/src/bin/hamcore/SeLow_x86.sys
--- a/src/bin/hamcore/chain_certs.txt
+++ b/src/bin/hamcore/chain_certs.txt
@ -0,0 +1,24 @@
 What is "chain_certs" directory?
 --------------------------------
 If you are using a child SSL certificate file, which is issued by
 a CA (Certificate Authority), as the server certificate of VPN Server,
 you need to install X.509 format certificate files of the root
 certificate and all intermediate certificates on this "chain_certs"
 directory.
 If you don't know how to obtain root and intermediate certificate
 files of your certificate authority (CA), please refer to the CA's
 web site or contact support staffs of the CA.
 "chain_certs" ディレクトリについて
 ----------------------------------
 VPN Server に登録する SSL 証明書が証明機関 (CA) によって発行されたもので
 ある場合は、この "chain_certs" ディレクトリに X.509 証明書のルート証明書
 および中間証明書ファイルをインストールしてください。
 ルート証明書および中間証明書ファイルの取得方法は、証明機関 (CA) が発行して
 いる Web サイトをお読みいただくか、証明機関 (CA) のサポートに問い合わせて
 ください。
--- a/src/bin/hamcore/inf/selow_x64/SeLow_x64.inf
+++ b/src/bin/hamcore/inf/selow_x64/SeLow_x64.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= NetTrans
 ClassGUID					= {4D36E975-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 02/02/2015, 4.14.0.9529
+DriverVer					= 03/26/2015, 4.15.0.9537
 CatalogFile.NT				= inf_selow.cat
@ -66,5 +66,5 @@ SeLow_Description			= "A lightweight helper kernel-mode module for PacketiX VPN
-; Auto Generated 20150202_175649.910
+; Auto Generated 20150326_170722.063
--- a/src/bin/hamcore/inf/selow_x64/inf.cat
+++ b/src/bin/hamcore/inf/selow_x64/inf.cat
--- a/src/bin/hamcore/inf/selow_x86/SeLow_x86.inf
+++ b/src/bin/hamcore/inf/selow_x86/SeLow_x86.inf
@ -8,7 +8,7 @@ Signature					= "$Windows NT$"
 Class						= NetTrans
 ClassGUID					= {4D36E975-E325-11CE-BFC1-08002BE10318}
 Provider					= %CompanyName%
-DriverVer					= 02/02/2015, 4.14.0.9529
+DriverVer					= 03/26/2015, 4.15.0.9537
 CatalogFile.NT				= inf_selow.cat
@ -66,5 +66,5 @@ SeLow_Description			= "A lightweight helper kernel-mode module for PacketiX VPN
-; Auto Generated 20150202_175359.897
+; Auto Generated 20150326_170553.448
--- a/Show More
+++ b/Show More