Fix a variety of warnings generated by some elevated compiler-fascism,
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
diff --git a/apps/ocsp.c b/apps/ocsp.c
index c436c8b..eb38e4d 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -63,8 +63,11 @@
 #include <time.h>
 #include "apps.h" /* needs to be included before the openssl headers! */
 #include <openssl/e_os2.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
+#include <openssl/bn.h>
 
 #if defined(NETWARE_CLIB)
 #  ifdef NETWARE_BSDSOCK
diff --git a/apps/s_client.c b/apps/s_client.c
index 0c3545a..ad8760c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -162,6 +162,7 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/ocsp.h>
+#include <openssl/bn.h>
 #include "s_apps.h"
 #include "timeouts.h"
 
diff --git a/apps/ts.c b/apps/ts.c
index f092336..edeab82 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -65,6 +65,7 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/ts.h>
+#include <openssl/bn.h>
 
 #undef PROG
 #define PROG	ts_main
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 6e4ae3b..f1a5a1e 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -62,6 +62,7 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
+#include <openssl/bn.h>
 
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	{
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index f7dbdf7..e18f4bc 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -100,7 +100,7 @@
 		BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
 		return NULL;
 	}
-	sz = (len<0) ? strlen(buf) : len;
+	sz = (len<0) ? strlen(buf) : (size_t)len;
 	if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
 	b = (BUF_MEM *)ret->ptr;
 	b->data = buf;
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index d6363de..e5af9a0 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -306,7 +306,7 @@
 							void *exarg)
 	{
 	ASN1_STREAM_ARG *sarg = exarg;
-	CMS_ContentInfo *cms;
+	CMS_ContentInfo *cms = NULL;
 	if (pval)
 		cms = (CMS_ContentInfo *)*pval;
 	else
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
index a927caa..e3da755 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -121,7 +121,7 @@
 
 	if (verify)
 		{
-		if (mdlen != dd->digest->length)
+		if (mdlen != (unsigned int)dd->digest->length)
 			{
 			CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
 				CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index f96c46f..fad756e 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -151,7 +151,7 @@
 			goto err;
 		keep_key = 1;
 		}
-	else if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx))
+	else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
 		{
 		/* If necessary set key length */
 		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
@@ -200,7 +200,7 @@
 	return NULL;
 	}
 
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
+static int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
 				const EVP_CIPHER *cipher,
 				const unsigned char *key, size_t keylen)
 	{
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 39ebe5a..796b0d3 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -118,7 +118,7 @@
 /* Add a recipient certificate. For now only handle key transport.
  * If we ever handle key agreement will need updating.
  */
-
+#if 0 /* currently unused/undeclared */
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 					X509 *recip, unsigned int flags)
 	{
@@ -208,6 +208,7 @@
 	return NULL;
 
 	}
+#endif
 
 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
 					EVP_PKEY **pk, X509 **recip,
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 7b118b8..a8cefd0 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -414,7 +414,7 @@
 		}
 	}
 
-STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
+static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
 	{
 	switch (OBJ_obj2nid(cms->contentType))
 		{
@@ -492,7 +492,7 @@
 	return r;
 	}
 
-STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
+static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
 	{
 	switch (OBJ_obj2nid(cms->contentType))
 		{
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index dc8e896..4483593 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -451,7 +451,7 @@
 
 	}
 
-int CMS_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
 	{
 	ASN1_TIME *tt;
 	int r = 0;
@@ -608,7 +608,7 @@
 		*psig = si->signatureAlgorithm;
 	}
 
-int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
+static int cms_SignerInfo_content_sign(CMS_SignerInfo *si, BIO *chain)
 	{
 	EVP_MD_CTX mctx;
 	int r = 0;
@@ -699,7 +699,7 @@
 
 	if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
 		{
-		if (!CMS_add1_signingTime(si, NULL))
+		if (!cms_add1_signingTime(si, NULL))
 			goto err;
 		}
 
@@ -856,7 +856,7 @@
 				CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
 			goto err;
 			}
-		if (mlen != os->length)
+		if (mlen != (unsigned int)os->length)
 			{
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
 				CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 420cfcd..b56edda 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -60,6 +60,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/dh.h>
+#include <openssl/bn.h>
 #include "asn1_locl.h"
 
 static void int_dh_free(EVP_PKEY *pkey)
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 5803b1d..d415575 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -61,6 +61,8 @@
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
 #include "evp_locl.h"
 
 /* DH pkey context structure */
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index a39f4ce..52290f8 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -60,6 +60,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/dsa.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 73db6d2..3f7638c 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -60,6 +60,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/evp.h>
+#include <openssl/bn.h>
 #include "evp_locl.h"
 #include "dsa_locl.h"
 
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index b10e944..c1deea8 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -59,6 +59,7 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/ec.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
index 3a523c0..7d3e175 100644
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -65,6 +65,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/ec.h>
+#include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_FP_API
 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
index 0972813..7509033 100644
--- a/crypto/engine/tb_asnmth.c
+++ b/crypto/engine/tb_asnmth.c
@@ -54,6 +54,7 @@
 
 #include "eng_int.h"
 #include "asn1_locl.h"
+#include <openssl/evp.h>
 
 /* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
  * function that is used by EVP to hook in pkey_asn1_meth code and cache
diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c
index 999fc0a..1cdb967 100644
--- a/crypto/engine/tb_pkmeth.c
+++ b/crypto/engine/tb_pkmeth.c
@@ -53,6 +53,7 @@
  */
 
 #include "eng_int.h"
+#include <openssl/evp.h>
 
 /* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
  * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index 4fd8c41..f78d781 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -223,7 +223,7 @@
 			return 1;
 			}
 		return 0;
-#if PBE_PRF_TEST
+#ifdef PBE_PRF_TEST
 	case EVP_CTRL_PBE_PRF_NID:
 		*(int *)ptr = NID_hmacWithMD5;
 		return 1;
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 17e0d54..30f8b05 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -61,6 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#include <openssl/bn.h>
 #include "evp_locl.h"
 
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 818eda5..fa4496c 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -63,6 +63,7 @@
 #include <openssl/lhash.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
+#include <openssl/bn.h>
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #ifndef OPENSSL_NO_OBJECT
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 58a7f24..b694242 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -62,6 +62,9 @@
 #include "cryptlib.h"
 #include <openssl/pem.h>
 #include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
 
 /* Utility function: read a DWORD (4 byte unsigned integer) in little endian
  * format
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index e705f16..53e29c6 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -61,6 +61,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 7d6fef8..9dd0d4c 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -61,6 +61,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/rsa.h>
+#include <openssl/bn.h>
 #include <openssl/evp.h>
 #include "evp_locl.h"
 #include "rsa_locl.h"
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index fef8eee..fbd294b 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -58,6 +58,8 @@
 
 #include <string.h>
 
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <openssl/ts.h>
diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index 1236d5e..0a89603 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -7,10 +7,12 @@
  *       for OpenSSL                                                  *
  *          Requires OpenSSL 0.9.9 for compilation                    *
  **********************************************************************/
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
-#include <string.h>
 #include "gost_params.h"
 #include "gost_lcl.h"
 #include "e_gost_err.h"
diff --git a/engines/ccgost/gost_ctl.c b/engines/ccgost/gost_ctl.c
index 85c2a0f..d3cd171 100644
--- a/engines/ccgost/gost_ctl.c
+++ b/engines/ccgost/gost_ctl.c
@@ -8,6 +8,8 @@
  **********************************************************************/            
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 #include <openssl/engine.h>
 #include <openssl/buffer.h>
 #include "gost_lcl.h"
diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c
index 6acc508..d2cbe3b 100644
--- a/engines/ccgost/gost_eng.c
+++ b/engines/ccgost/gost_eng.c
@@ -8,6 +8,8 @@
  *          Requires OpenSSL 0.9.9 for compilation                    *
  **********************************************************************/
 #include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/engine.h>
 #include <openssl/obj_mac.h>
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 1623a2a..322c017 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -120,6 +120,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 9401105..c6f98a8 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -121,6 +121,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 615a1c4..170b45d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -196,7 +196,9 @@
 int tls1_ec_curve_id2nid(int curve_id)
 	{
 	/* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
-	if ((curve_id < 1) || (curve_id > sizeof(nid_list)/sizeof(nid_list[0]))) return 0;
+	if ((curve_id < 1) || ((unsigned int)curve_id >
+				sizeof(nid_list)/sizeof(nid_list[0])))
+		return 0;
 	return nid_list[curve_id-1];
 	}
 
@@ -1058,7 +1060,8 @@
 			SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
 			return -1;
 			}
-		for (i = 1, j = s->tlsext_ellipticcurvelist; i <= sizeof(nid_list)/sizeof(nid_list[0]); i++)
+		for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=
+				sizeof(nid_list)/sizeof(nid_list[0]); i++)
 			s2n(i,j);
 		}
 #endif /* OPENSSL_NO_EC */
diff --git a/test/igetest.c b/test/igetest.c
index 527c6c7..1ba9002 100644
--- a/test/igetest.c
+++ b/test/igetest.c
@@ -190,7 +190,7 @@
 
 static int run_test_vectors(void)
 	{
-	int n;
+	unsigned int n;
 	int errs = 0;
 
 	for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
@@ -292,7 +292,7 @@
 	unsigned char iv[AES_BLOCK_SIZE*4];
 	unsigned char saved_iv[AES_BLOCK_SIZE*4];
 	int err = 0;
-	int n;
+	unsigned int n;
 	unsigned matches;
 
 	assert(BIG_TEST_SIZE >= TEST_SIZE);