diff -urN openssl.orig/Makefile.org openssl.old/Makefile.org
--- openssl.orig/Makefile.org	Tue Apr  8 04:54:32 2003
+++ openssl.old/Makefile.org	Wed Jul  2 14:03:43 2003
@@ -59,7 +59,7 @@
 
 CC= gcc
 #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG += -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
 DEPFLAG= 
 PEX_LIBS= 
 EX_LIBS= 
diff -urN openssl.orig/crypto/Makefile.ssl openssl.old/crypto/Makefile.ssl
--- openssl.orig/crypto/Makefile.ssl	Fri Dec 20 07:28:45 2002
+++ openssl.old/crypto/Makefile.ssl	Sat Jun 28 20:13:22 2003
@@ -36,8 +36,8 @@
 
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
-LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c ftime.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o ftime.o
 
 SRC= $(LIBSRC)
 
diff -urN openssl.orig/crypto/asn1/asn1_lib.c openssl.old/crypto/asn1/asn1_lib.c
--- openssl.orig/crypto/asn1/asn1_lib.c	Fri Aug  2 12:03:41 2002
+++ openssl.old/crypto/asn1/asn1_lib.c	Fri Oct 24 15:38:25 2003
@@ -104,10 +104,12 @@
 			l<<=7L;
 			l|= *(p++)&0x7f;
 			if (--max == 0) goto err;
+			if (l > (INT_MAX >> 7L)) goto err;
 			}
 		l<<=7L;
 		l|= *(p++)&0x7f;
 		tag=(int)l;
+		if (l > (INT_MAX >> 7L)) goto err;
 		}
 	else
 		{ 
diff -urN openssl.orig/crypto/asn1/tasn_dec.c openssl.old/crypto/asn1/tasn_dec.c
--- openssl.orig/crypto/asn1/tasn_dec.c	Tue Nov 12 05:21:26 2002
+++ openssl.old/crypto/asn1/tasn_dec.c	Fri Oct 24 15:38:25 2003
@@ -691,6 +691,7 @@
 
 int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
 {
+	ASN1_VALUE **opval = NULL;
 	ASN1_STRING *stmp;
 	ASN1_TYPE *typ = NULL;
 	int ret = 0;
@@ -705,6 +706,7 @@
 			*pval = (ASN1_VALUE *)typ;
 		} else typ = (ASN1_TYPE *)*pval;
 		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+		opval = pval;
 		pval = (ASN1_VALUE **)&typ->value.ptr;
 	}
 	switch(utype) {
@@ -796,7 +798,12 @@
 
 	ret = 1;
 	err:
-	if(!ret) ASN1_TYPE_free(typ);
+	if(!ret)
+	{
+		ASN1_TYPE_free(typ);
+		if(opval)
+			*opval = NULL;
+	}
 	return ret;
 }
 
diff -urN openssl.orig/crypto/des/set_key.c openssl.old/crypto/des/set_key.c
--- openssl.orig/crypto/des/set_key.c	Fri Aug  2 04:13:50 2002
+++ openssl.old/crypto/des/set_key.c	Fri Oct 24 15:38:55 2003
@@ -65,7 +65,7 @@
  */
 #include "des_locl.h"
 
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key) = 0;	/* defaults to false */
 
 static const unsigned char odd_parity[256]={
   1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
diff -urN openssl.orig/crypto/engine/vendor_defns/hwcryptohook.h openssl.old/crypto/engine/vendor_defns/hwcryptohook.h
--- openssl.orig/crypto/engine/vendor_defns/hwcryptohook.h	Wed Jul  4 05:26:39 2001
+++ openssl.old/crypto/engine/vendor_defns/hwcryptohook.h	Fri Oct 24 15:38:55 2003
@@ -65,7 +65,7 @@
  * please contact nCipher.
  *
  *
- * $Id: OpenSSL-22-OpenSSL-0-9-7b.diff,v 1.3 2004/02/17 02:02:02 fkr Exp $
+ * $Id: OpenSSL-22-OpenSSL-0-9-7b.diff,v 1.3 2004/02/17 02:02:02 fkr Exp $
  */
 
 #ifndef HWCRYPTOHOOK_H
diff -urN openssl.orig/crypto/ftime.c openssl.old/crypto/ftime.c
--- openssl.orig/crypto/ftime.c	Wed Dec 31 16:00:00 1969
+++ openssl.old/crypto/ftime.c	Fri Oct 24 15:38:55 2003
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1994 Christopher G. Demetriou
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Christopher G. Demetriou.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef lint
+static const char rcsid[] = "$FreeBSD: src/lib/libcompat/4.1/ftime.c,v 1.5 1999/08/28 00:04:12 peter Exp $";
+#endif /* not lint */
+
+#ifdef __APPLE__
+/* Dude, this was deprecated a loooong time ago. */
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/timeb.h>
+
+int
+ftime(tbp)
+        struct timeb *tbp;
+{
+        struct timezone tz;
+        struct timeval t;
+
+        if (gettimeofday(&t, &tz) < 0)
+                return (-1);
+        tbp->millitm = t.tv_usec / 1000;
+        tbp->time = t.tv_sec;
+        tbp->timezone = tz.tz_minuteswest;
+        tbp->dstflag = tz.tz_dsttime;
+
+	return (0);
+}
+#endif
diff -urN openssl.orig/crypto/x509/x509_vfy.c openssl.old/crypto/x509/x509_vfy.c
--- openssl.orig/crypto/x509/x509_vfy.c	Mon Mar 24 08:58:01 2003
+++ openssl.old/crypto/x509/x509_vfy.c	Fri Oct 24 15:38:55 2003
@@ -674,7 +674,7 @@
 				ok=(*cb)(0,ctx);
 				if (!ok) goto end;
 				}
-			if (X509_verify(xs,pkey) <= 0)
+			else if (X509_verify(xs,pkey) <= 0)
 				/* XXX  For the final trusted self-signed cert,
 				 * this is a waste of time.  That check should
 				 * optional so that e.g. 'openssl x509' can be
diff -urN openssl.orig/ssl/kssl.c openssl.old/ssl/kssl.c
--- openssl.orig/ssl/kssl.c	Tue Mar 25 13:17:31 2003
+++ openssl.old/ssl/kssl.c	Fri Oct 24 15:39:25 2003
@@ -73,6 +73,8 @@
 #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
 #include <string.h>
 
+#include <errno.h>
+
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
diff -urN openssl.orig/util/domd openssl.old/util/domd
--- openssl.orig/util/domd	Wed Oct  9 06:21:33 2002
+++ openssl.old/util/domd	Sat Jun 28 20:13:42 2003
@@ -2,6 +2,8 @@
 # Do a makedepend, only leave out the standard headers
 # Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
 
+export PATH=$PATH:/usr/X11R6/bin
+
 TOP=$1
 shift
 if [ "$1" = "-MD" ]; then