diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl
index 09fdd07305e5ed72b96542cf531e3b7d02159dde..789063b3c142217ee4b030bc9ae375937cda0e0c 100644
--- a/crypto/des/Makefile.ssl
+++ b/crypto/des/Makefile.ssl
@@ -15,6 +15,7 @@ MAKE=		make -f Makefile.ssl
 MAKEDEPEND=	$(TOP)/util/domd $(TOP)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
+RANLIB=		ranlib
 DES_ENC=	des_enc.o fcrypt_b.o
 # or use
 #DES_ENC=	dx86-elf.o yx86-elf.o
diff --git a/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c
index 3863a676d4141af4dbbca7960a8ccdc8926d0c26..527e74f3dedf37d0e4cbb4c538312d4bbfdcdb72 100644
--- a/crypto/des/cbc3_enc.c
+++ b/crypto/des/cbc3_enc.c
@@ -58,7 +58,7 @@
 
 #include "des_locl.h"
 
-/* HAS BUGS? DON'T USE - this is only present for use in des.c */
+/* HAS BUGS! DON'T USE - this is only present for use in des.c */
 void des_3cbc_encrypt(des_cblock *input, des_cblock *output, long length,
 	     des_key_schedule ks1, des_key_schedule ks2, des_cblock *iv1,
 	     des_cblock *iv2, int enc)
@@ -69,11 +69,14 @@ void des_3cbc_encrypt(des_cblock *input, des_cblock *output, long length,
 
 	if (enc == DES_ENCRYPT)
 		{
-		des_cbc_encrypt(input,output,length,ks1,iv1,enc);
+		des_cbc_encrypt((unsigned char*)input,
+				(unsigned char*)output,length,ks1,iv1,enc);
 		if (length >= sizeof(des_cblock))
 			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
-		des_cbc_encrypt(output,output,l8,ks1,iv2, enc);
+		des_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,ks2,iv1,!enc);
+		des_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,ks1,iv2,enc);
 		if (length >= sizeof(des_cblock))
 			memcpy(niv2,output[off],sizeof(des_cblock));
 		}
@@ -81,11 +84,14 @@ void des_3cbc_encrypt(des_cblock *input, des_cblock *output, long length,
 		{
 		if (length >= sizeof(des_cblock))
 			memcpy(niv2,input[off],sizeof(des_cblock));
-		des_cbc_encrypt(input,output,l8,ks1,iv2,enc);
-		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
+		des_cbc_encrypt((unsigned char*)input,
+				(unsigned char*)output,l8,ks1,iv2,enc);
+		des_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,ks2,iv1,!enc);
 		if (length >= sizeof(des_cblock))
 			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt(output,output,length,ks1,iv1, enc);
+		des_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,length,ks1,iv1,enc);
 		}
 	memcpy(*iv1,niv1,sizeof(des_cblock));
 	memcpy(*iv2,niv2,sizeof(des_cblock));
diff --git a/crypto/pkcs7/dec.c b/crypto/pkcs7/dec.c
index b3661f28d368ad0f127af0815cffcb3236dc8454..5150006f092b0bca6931d92f0879cc2ef04646ff 100644
--- a/crypto/pkcs7/dec.c
+++ b/crypto/pkcs7/dec.c
@@ -121,9 +121,10 @@ char *argv[];
 	}
 
         if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
-        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
         BIO_reset(in);
-        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)
+		goto err;
         BIO_free(in);
 
 	if (pp == NULL)
@@ -131,7 +132,7 @@ char *argv[];
 
 
 	/* Load the PKCS7 object from a file */
-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
 
 
 
diff --git a/crypto/pkcs7/enc.c b/crypto/pkcs7/enc.c
index 43bfd10a238048335f16720b8e9eac33748ac966..968c47726b37ecd603e3a625197f2e572257179a 100644
--- a/crypto/pkcs7/enc.c
+++ b/crypto/pkcs7/enc.c
@@ -98,7 +98,8 @@ char *argv[];
 			argc-=2;
 			argv+=2;
 			if (!(in=BIO_new_file(keyfile,"r"))) goto err;
-			if (!(x509=PEM_read_bio_X509(in,NULL,NULL))) goto err;
+			if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))
+				goto err;
 			if(!recips) recips = sk_X509_new_null();
 			sk_X509_push(recips, x509);
 			BIO_free(in);
diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c
index d5f11540064c21e76c8e85602867caef8af125ba..61dc2b187e14da29f03570b7fbb717bb10bb4c0d 100644
--- a/crypto/pkcs7/sign.c
+++ b/crypto/pkcs7/sign.c
@@ -97,9 +97,9 @@ again:
 		BIO_set_fp(data,stdin,BIO_NOCLOSE);
 
 	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
-	if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+	if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
 	BIO_reset(in);
-	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
 	BIO_free(in);
 
 	p7=PKCS7_new();
diff --git a/crypto/pkcs7/verify.c b/crypto/pkcs7/verify.c
index 32d9783e4515c92b50dbaffa7cca11b3c41906cd..6973fca63548a2f5287f933d94abc0ceaf26a2f6 100644
--- a/crypto/pkcs7/verify.c
+++ b/crypto/pkcs7/verify.c
@@ -121,7 +121,7 @@ char *argv[];
 
 
 	/* Load the PKCS7 object from a file */
-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
 
 	/* This stuff is being setup for certificate verification.
 	 * When using SSL, it could be replaced with a 
diff --git a/util/libeay.num b/util/libeay.num
index 350a3a879342c039a935440fa20dae1e1f46c147..7a480bf8a1f48a3f341c4a640e26ad6bb9bb49d2 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1850,3 +1850,7 @@ BIO_nwrite                              1874
 X509_REQ_extension_nid                  1875
 BIO_nread                               1876
 X509_REQ_get_extesion_nids              1877
+BIO_nwrite0                             1878
+X509_REQ_add_extensions_nid             1879
+BIO_nread0                              1880
+X509_REQ_add_extensions                 1881