Security fixes brought forward from 0.9.7.

diff --git a/demos/b64.c b/demos/b64.c
index 113da89..efdd444 100644
--- a/demos/b64.c
+++ b/demos/b64.c

@@ -83,7 +83,6 @@
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
-	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
 	char *str=NULL;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
@@ -92,7 +91,6 @@
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
-        char pname[PROG_NAME_SIZE+1];
 
 
 	apps_startup();

diff --git a/demos/spkigen.c b/demos/spkigen.c
index d878811..2cd5dfe 100644
--- a/demos/spkigen.c
+++ b/demos/spkigen.c

@@ -65,7 +65,8 @@
 
 	fprintf(stderr,"please enter challenge string:");
 	fflush(stderr);
-	fgets(buf,120,stdin);
+	buf[0]='\0';
+	fgets(buf,sizeof buf,stdin);
 	i=strlen(buf);
 	if (i > 0) buf[--i]='\0';
 	if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,