26 files changed, 204 insertions, 204 deletions

diff --git a/ssl/kssl.c b/ssl/kssl.c
index 38ba725373..b3791b32aa 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -62,7 +62,7 @@
 */
 
 #include <openssl/opensslconf.h>
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 #include <string.h>
 #include <openssl/ssl.h>
 
@@ -73,7 +73,7 @@
  * and we do not link to a .LIB file.
  */
 
-#if defined(WINDOWS) || defined(WIN32)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 /* 
  * The purpose of the following pre-processor statements is to provide
  * compatibility with different releases of MIT Kerberos for Windows.
@@ -470,7 +470,7 @@ kssl_krb5_cc_get_principal
 	else
 		return(krb5_x ((cache)->ops->get_princ,(context, cache, principal)));
 	}
-#endif  /* WINDOWS || WIN32 */
+#endif  /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
 
 char
 *kstring(char *string)
@@ -1031,11 +1031,11 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
 #endif
 	}
 
-#else /* !NO_KRB5 */
+#else /* !OPENSSL_NO_KRB5 */
 
 #ifdef PEDANTIC
 static int dummy=(int)&dummy;
 #endif
 
-#endif	/* !NO_KRB5	*/
+#endif	/* !OPENSSL_NO_KRB5	*/
 
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 5050a13ef2..1eafb4b446 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -68,7 +68,7 @@ static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
 static SSL_METHOD *ssl23_get_client_method(int ver)
 	{
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
 #endif
@@ -322,7 +322,7 @@ static int ssl23_get_server_hello(SSL *s)
 	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
 		(p[5] == 0x00) && (p[6] == 0x02))
 		{
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
 		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
 		goto err;
 #else
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
index dded7a19c5..ec739deff1 100644
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -110,7 +110,7 @@ SSL_METHOD *sslv23_base_method(void)
 static int ssl23_num_ciphers(void)
 	{
 	return(ssl3_num_ciphers()
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	       + ssl2_num_ciphers()
 #endif
 	    );
@@ -123,7 +123,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 	if (u < uu)
 		return(ssl3_get_cipher(u));
 	else
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		return(ssl2_get_cipher(u-uu));
 #else
 		return(NULL);
@@ -143,7 +143,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
 	c.id=id;
 	cp=ssl3_get_cipher_by_char(p);
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	if (cp == NULL)
 		cp=ssl2_get_cipher_by_char(p);
 #endif
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 050618235f..131054b411 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -67,7 +67,7 @@ static SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
 static SSL_METHOD *ssl23_get_server_method(int ver)
 	{
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
 #endif
@@ -208,7 +208,7 @@ int ssl23_get_client_hello(SSL *s)
 	int n=0,j;
 	int type=0;
 	int v[2];
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	int use_sslv2_strong=0;
 #endif
 
@@ -474,7 +474,7 @@ int ssl23_get_client_hello(SSL *s)
 
 	if (type == 1)
 		{
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
 		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
 		goto err;
 #else
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 3e06286375..b549628dbd 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -57,7 +57,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
@@ -1001,7 +1001,7 @@ end:
 	EVP_PKEY_free(pkey);
 	return(i);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index 35acdf8276..c05ce5ddc0 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -57,7 +57,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 
 int ssl2_enc_init(SSL *s, int client)
@@ -178,7 +178,7 @@ void ssl2_mac(SSL *s, unsigned char *md, int send)
 	EVP_DigestFinal(&c,md,NULL);
 	/* some would say I should zero the md context */
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index a590dbfa5c..09fde61b5b 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -57,7 +57,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
@@ -479,7 +479,7 @@ int ssl2_shutdown(SSL *s)
 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	return(1);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index deb9e1d6f3..d30b7179f7 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -57,7 +57,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/objects.h>
 
@@ -86,7 +86,7 @@ SSL_METHOD *SSLv2_method(void)
 		}
 	return(&SSLv2_data);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index 1f119442b4..d2dbf348ca 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -110,7 +110,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
@@ -708,7 +708,7 @@ static int ssl_mt_error(int n)
 		}
 	return(ret);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 974d6e6de7..10de5ec3db 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -57,7 +57,7 @@
  */
 
 #include "ssl_locl.h"
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <openssl/bio.h>
 #include <openssl/rand.h>
@@ -983,7 +983,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
 	return(i);
 	}
-#else /* !NO_SSL2 */
+#else /* !OPENSSL_NO_SSL2 */
 
 # if PEDANTIC
 static void *dummy=&dummy;
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 10d8d3b15a..3e98cb00cf 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -158,7 +158,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		p+=i;
 		l=i;
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 		/* MSVC 1.5 does not clear the top bytes of the word unless
 		 * I do this.
 		 */
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3b3c35b9d3..6212adfee6 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -65,7 +65,7 @@
 #include <openssl/evp.h>
 #include "ssl_locl.h"
 
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 #include "kssl.h"
 #endif
 
@@ -697,7 +697,7 @@ static int ssl3_get_server_certificate(SSL *s)
 		SSL3_ST_CR_CERT_A,
 		SSL3_ST_CR_CERT_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
 		1024*30, /* 30k max cert list :-) */
 #else
 		1024*100, /* 100k max cert list :-) */
@@ -864,7 +864,7 @@ err:
 
 static int ssl3_get_key_exchange(SSL *s)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
 #endif
 	EVP_MD_CTX md_ctx;
@@ -872,10 +872,10 @@ static int ssl3_get_key_exchange(SSL *s)
 	int al,i,j,param_len,ok;
 	long n,alg;
 	EVP_PKEY *pkey=NULL;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh=NULL;
 #endif
 
@@ -898,14 +898,14 @@ static int ssl3_get_key_exchange(SSL *s)
 
 	if (s->session->sess_cert != NULL)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (s->session->sess_cert->peer_rsa_tmp != NULL)
 			{
 			RSA_free(s->session->sess_cert->peer_rsa_tmp);
 			s->session->sess_cert->peer_rsa_tmp=NULL;
 			}
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		if (s->session->sess_cert->peer_dh_tmp)
 			{
 			DH_free(s->session->sess_cert->peer_dh_tmp);
@@ -921,7 +921,7 @@ static int ssl3_get_key_exchange(SSL *s)
 	param_len=0;
 	alg=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (alg & SSL_kRSA)
 		{
 		if ((rsa=RSA_new()) == NULL)
@@ -971,11 +971,11 @@ static int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert->peer_rsa_tmp=rsa;
 		rsa=NULL;
 		}
-#else /* NO_RSA */
+#else /* OPENSSL_NO_RSA */
 	if (0)
 		;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	else if (alg & SSL_kEDH)
 		{
 		if ((dh=DH_new()) == NULL)
@@ -1029,14 +1029,14 @@ static int ssl3_get_key_exchange(SSL *s)
 		p+=i;
 		n-=param_len;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (alg & SSL_aRSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 #else
 		if (0)
 			;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		else if (alg & SSL_aDSS)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
 #endif
@@ -1051,7 +1051,7 @@ static int ssl3_get_key_exchange(SSL *s)
 		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
 		goto f_err;
 		}
-#endif /* !NO_DH */
+#endif /* !OPENSSL_NO_DH */
 	if (alg & SSL_aFZA)
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1078,7 +1078,7 @@ static int ssl3_get_key_exchange(SSL *s)
 			goto f_err;
 			}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			int num;
@@ -1114,7 +1114,7 @@ static int ssl3_get_key_exchange(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA)
 			{
 			/* lets do DSS */
@@ -1158,11 +1158,11 @@ f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
 	EVP_PKEY_free(pkey);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (rsa != NULL)
 		RSA_free(rsa);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (dh != NULL)
 		DH_free(dh);
 #endif
@@ -1182,7 +1182,7 @@ static int ssl3_get_certificate_request(SSL *s)
 		SSL3_ST_CR_CERT_REQ_A,
 		SSL3_ST_CR_CERT_REQ_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
 		1024*30,  /* 30k max cert list :-) */
 #else
 		1024*100, /* 100k max cert list :-) */
@@ -1348,13 +1348,13 @@ static int ssl3_send_client_key_exchange(SSL *s)
 	unsigned char *p,*d;
 	int n;
 	unsigned long l;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q;
 	EVP_PKEY *pkey=NULL;
 #endif
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
         KSSL_ERR kssl_err;
-#endif /* NO_KRB5 */
+#endif /* OPENSSL_NO_KRB5 */
 
 	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
 		{
@@ -1365,7 +1365,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
 
                 /* Fool emacs indentation */
                 if (0) {}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		else if (l & SSL_kRSA)
 			{
 			RSA *rsa;
@@ -1424,7 +1424,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
 			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
 			}
 #endif
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 		else if (l & SSL_kKRB5)
                         {
                         krb5_error_code	krb5rc;
@@ -1490,7 +1490,7 @@ static int ssl3_send_client_key_exchange(SSL *s)
                                         s->session->master_key,	kssl_ctx->key,kssl_ctx->length);
                         }
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			{
 			DH *dh_srvr,*dh_clnt;
@@ -1573,11 +1573,11 @@ static int ssl3_send_client_verify(SSL *s)
 	unsigned char *p,*d;
 	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	EVP_PKEY *pkey;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned u=0;
 #endif
 	unsigned long n;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	int j;
 #endif
 
@@ -1590,7 +1590,7 @@ static int ssl3_send_client_verify(SSL *s)
 		s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
 			&(data[MD5_DIGEST_LENGTH]));
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			s->method->ssl3_enc->cert_verify_mac(s,
@@ -1607,7 +1607,7 @@ static int ssl3_send_client_verify(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA)
 			{
 			if (!DSA_sign(pkey->save_type,
@@ -1723,10 +1723,10 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 	long algs;
 	EVP_PKEY *pkey=NULL;
 	SESS_CERT *sc;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh;
 #endif
 
@@ -1744,10 +1744,10 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 	if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
 		return(1);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	rsa=s->session->sess_cert->peer_rsa_tmp;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	dh=s->session->sess_cert->peer_dh_tmp;
 #endif
 
@@ -1765,14 +1765,14 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
 		goto f_err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
 		goto f_err;
 		}
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if ((algs & SSL_kRSA) &&
 		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
 		{
@@ -1780,7 +1780,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		goto f_err;
 		}
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if ((algs & SSL_kEDH) &&
 		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
 		{
@@ -1792,7 +1792,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
 		goto f_err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
@@ -1803,7 +1803,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 
 	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (algs & SSL_kRSA)
 			{
 			if (rsa == NULL
@@ -1815,7 +1815,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 76c499e67a..e9aae569df 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -526,7 +526,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_ALL_STRENGTHS,
 	},
 
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 /* The Kerberos ciphers
 ** 20000107 VRS: And the first shall be last,
 ** in hopes of avoiding the lynx ssl renegotiation problem.
@@ -614,7 +614,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_ALL_CIPHERS,
 	SSL_ALL_STRENGTHS,
 	},
-#endif	/* NO_KRB5 */
+#endif	/* OPENSSL_NO_KRB5 */
 
 
 #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
@@ -973,7 +973,7 @@ void ssl3_free(SSL *s)
 		OPENSSL_free(s->s3->wbuf.buf);
 	if (s->s3->rrec.comp != NULL)
 		OPENSSL_free(s->s3->rrec.comp);
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
 		DH_free(s->s3->tmp.dh);
 #endif
@@ -997,7 +997,7 @@ void ssl3_clear(SSL *s)
 		OPENSSL_free(s->s3->rrec.comp);
 		s->s3->rrec.comp=NULL;
 		}
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
 		DH_free(s->s3->tmp.dh);
 #endif
@@ -1023,13 +1023,13 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 	{
 	int ret=0;
 
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
 	if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	    cmd == SSL_CTRL_SET_TMP_RSA ||
 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	    cmd == SSL_CTRL_SET_TMP_DH ||
 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
 #endif
@@ -1063,7 +1063,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 	case SSL_CTRL_GET_FLAGS:
 		ret=(int)(s->s3->flags);
 		break;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_NEED_TMP_RSA:
 		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
 		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -1096,7 +1096,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, char *parg)
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
 			DH *dh = (DH *)parg;
@@ -1142,12 +1142,12 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
 	{
 	int ret=0;
 
-#if !defined(NO_DSA) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
 	if (
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
 #endif
 		0)
@@ -1162,14 +1162,14 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
 
 	switch (cmd)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_SET_TMP_RSA_CB:
 		{
 		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH_CB:
 		{
 		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
@@ -1190,7 +1190,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 
 	switch (cmd)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_NEED_TMP_RSA:
 		if (	(cert->rsa_tmp == NULL) &&
 			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -1235,7 +1235,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg)
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
 		DH *new=NULL,*dh;
@@ -1292,14 +1292,14 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
 
 	switch (cmd)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_SET_TMP_RSA_CB:
 		{
 		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
 		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH_CB:
 		{
 		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
@@ -1461,31 +1461,31 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 	alg=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (alg & (SSL_kDHr|SSL_kEDH))
 		{
-#  ifndef NO_RSA
+#  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_FIXED_DH;
 #  endif
-#  ifndef NO_DSA
+#  ifndef OPENSSL_NO_DSA
 		p[ret++]=SSL3_CT_DSS_FIXED_DH;
 #  endif
 		}
 	if ((s->version == SSL3_VERSION) &&
 		(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
 		{
-#  ifndef NO_RSA
+#  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
 #  endif
-#  ifndef NO_DSA
+#  ifndef OPENSSL_NO_DSA
 		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
 #  endif
 		}
-#endif /* !NO_DH */
-#ifndef NO_RSA
+#endif /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
 	p[ret++]=SSL3_CT_RSA_SIGN;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	p[ret++]=SSL3_CT_DSS_SIGN;
 #endif
 	return(ret);
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 9ab76604a6..a128d616b5 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1052,7 +1052,7 @@ start:
 	switch (rr->type)
 		{
 	default:
-#ifndef NO_TLS
+#ifndef OPENSSL_NO_TLS
 		/* TLS just ignores unknown message types */
 		if (s->version == TLS1_VERSION)
 			{
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4841109c4b..0a46e4ab74 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -70,9 +70,9 @@
 #include <openssl/x509.h>
 #include "ssl_locl.h"
 
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 #include "kssl.h"
-#endif /* NO_KRB5 */
+#endif /* OPENSSL_NO_KRB5 */
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -267,9 +267,9 @@ int ssl3_accept(SSL *s)
 			/* clear this, it may get reset by
 			 * send_server_key_exchange */
 			if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 				&& !(l & SSL_KRB5)
-#endif /* NO_KRB5 */
+#endif /* OPENSSL_NO_KRB5 */
 				)
 				s->s3->tmp.use_rsa_tmp=1;
 			else
@@ -555,7 +555,7 @@ static int ssl3_check_client_hello(SSL *s)
 		 * which will now be aborted. (A full SSL_clear would be too much.)
 		 * I hope that tmp.dh is the only thing that may need to be cleared
 		 * when a handshake is not completed ... */
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		if (s->s3->tmp.dh != NULL)
 			{
 			DH_free(s->s3->tmp.dh);
@@ -927,14 +927,14 @@ static int ssl3_send_server_done(SSL *s)
 
 static int ssl3_send_server_key_exchange(SSL *s)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q;
 	int j,num;
 	RSA *rsa;
 	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	unsigned int u;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh=NULL,*dhp;
 #endif
 	EVP_PKEY *pkey;
@@ -957,7 +957,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 
 		r[0]=r[1]=r[2]=r[3]=NULL;
 		n=0;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (type & SSL_kRSA)
 			{
 			rsa=cert->rsa_tmp;
@@ -987,7 +987,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			}
 		else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 			if (type & SSL_kEDH)
 			{
 			dhp=cert->dh_tmp;
@@ -1091,7 +1091,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 			{
 			/* n is the length of the params, they start at &(d[4])
 			 * and p points to the space at the end. */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			if (pkey->type == EVP_PKEY_RSA)
 				{
 				q=md_buf;
@@ -1119,7 +1119,7 @@ static int ssl3_send_server_key_exchange(SSL *s)
 				}
 			else
 #endif
-#if !defined(NO_DSA)
+#if !defined(OPENSSL_NO_DSA)
 				if (pkey->type == EVP_PKEY_DSA)
 				{
 				/* lets do DSS */
@@ -1257,17 +1257,17 @@ static int ssl3_get_client_key_exchange(SSL *s)
 	long n;
 	unsigned long l;
 	unsigned char *p;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
 	EVP_PKEY *pkey=NULL;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	BIGNUM *pub=NULL;
 	DH *dh_srvr;
 #endif
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
         KSSL_ERR kssl_err;
-#endif /* NO_KRB5 */
+#endif /* OPENSSL_NO_KRB5 */
 
 	n=ssl3_get_message(s,
 		SSL3_ST_SR_KEY_EXCH_A,
@@ -1281,7 +1281,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 
 	l=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (l & SSL_kRSA)
 		{
 		/* FIX THIS UP EAY EAY EAY EAY */
@@ -1366,7 +1366,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		}
 	else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 		{
 		n2s(p,i);
@@ -1429,7 +1429,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 		}
 	else
 #endif
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
         if (l & SSL_kKRB5)
                 {
                 krb5_error_code	krb5rc;
@@ -1475,7 +1475,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
                 */
                 }
 	else
-#endif	/* NO_KRB5 */
+#endif	/* OPENSSL_NO_KRB5 */
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE);
@@ -1485,7 +1485,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(NO_DH) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
 err:
 #endif
 	return(-1);
@@ -1574,7 +1574,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		goto f_err;
 		}
 
-#ifndef NO_RSA 
+#ifndef OPENSSL_NO_RSA 
 	if (pkey->type == EVP_PKEY_RSA)
 		{
 		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
@@ -1595,7 +1595,7 @@ static int ssl3_get_cert_verify(SSL *s)
 		}
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		j=DSA_verify(pkey->save_type,
@@ -1641,7 +1641,7 @@ static int ssl3_get_client_certificate(SSL *s)
 		SSL3_ST_SR_CERT_A,
 		SSL3_ST_SR_CERT_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
 		1024*30, /* 30k max cert list :-) */
 #else
 		1024*100, /* 100k max cert list :-) */
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 549c3e8d5e..3d1299ee7b 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -64,38 +64,38 @@
 int SSL_library_init(void)
 	{
 
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cbc());
 	EVP_add_cipher(EVP_des_ede3_cbc());
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	EVP_add_cipher(EVP_idea_cbc());
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	EVP_add_cipher(EVP_rc4());
 #endif  
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	EVP_add_cipher(EVP_rc2_cbc());
 #endif
-#ifndef NO_AES
+#ifndef OPENSSL_NO_AES
 	EVP_add_cipher(EVP_aes_128_cbc());
 	EVP_add_cipher(EVP_aes_192_cbc());
 	EVP_add_cipher(EVP_aes_256_cbc());
 #endif
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 	EVP_add_digest(EVP_md2());
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
 	EVP_add_digest_alias(SN_md5,"ssl2-md5");
 	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
-#ifndef NO_SHA
+#ifndef OPENSSL_NO_SHA
 	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
 	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
 	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 #endif
-#if !defined(NO_SHA) && !defined(NO_DSA)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
 	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
 	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
 	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 85d58c8668..7f4739d108 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -107,12 +107,11 @@
 #include <stdio.h>
 
 #include "openssl/e_os.h"
-
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
 #endif
 
-#if !defined(WIN32) && !defined(VSM) && !defined(NeXT) && !defined(MAC_OS_pre_X)
+#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X)
 #include <dirent.h>
 #endif
 
@@ -188,7 +187,7 @@ CERT *ssl_cert_dup(CERT *cert)
 	ret->mask = cert->mask;
 	ret->export_mask = cert->export_mask;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (cert->rsa_tmp != NULL)
 		{
 		ret->rsa_tmp = cert->rsa_tmp;
@@ -197,7 +196,7 @@ CERT *ssl_cert_dup(CERT *cert)
 	ret->rsa_tmp_cb = cert->rsa_tmp_cb;
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (cert->dh_tmp != NULL)
 		{
 		/* DH parameters don't have a reference count */
@@ -280,14 +279,14 @@ CERT *ssl_cert_dup(CERT *cert)
 
 	return(ret);
 	
-#ifndef NO_DH /* avoid 'unreferenced label' warning if NO_DH is defined */
+#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
 err:
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (ret->rsa_tmp != NULL)
 		RSA_free(ret->rsa_tmp);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (ret->dh_tmp != NULL)
 		DH_free(ret->dh_tmp);
 #endif
@@ -324,10 +323,10 @@ void ssl_cert_free(CERT *c)
 		}
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (c->dh_tmp) DH_free(c->dh_tmp);
 #endif
 
@@ -428,11 +427,11 @@ void ssl_sess_cert_free(SESS_CERT *sc)
 #endif
 		}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (sc->peer_rsa_tmp != NULL)
 		RSA_free(sc->peer_rsa_tmp);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (sc->peer_dh_tmp != NULL)
 		DH_free(sc->peer_dh_tmp);
 #endif
@@ -476,7 +475,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
 	else
 		{
-#ifndef NO_X509_VERIFY
+#ifndef OPENSSL_NO_X509_VERIFY
 		i=X509_verify_cert(&ctx);
 #else
 		i=0;
@@ -586,7 +585,7 @@ static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
 	return(X509_NAME_cmp(*a,*b));
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 /*!
  * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
  * it doesn't really have anything to do with clients (except that a common use
@@ -716,8 +715,8 @@ err:
  * certs may have been added to \c stack.
  */
 
-#ifndef WIN32
-#ifndef VMS			/* XXXX This may be fixed in the future */
+#ifndef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_SYS_VMS		/* XXXX This may be fixed in the future */
 #ifndef MAC_OS_pre_X
 
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 368f90e3b8..752ba648ed 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -300,16 +300,16 @@ static unsigned long ssl_cipher_get_disabled(void)
 	unsigned long mask;
 
 	mask = SSL_kFZA;
-#ifdef NO_RSA
+#ifdef OPENSSL_NO_RSA
 	mask |= SSL_aRSA|SSL_kRSA;
 #endif
-#ifdef NO_DSA
+#ifdef OPENSSL_NO_DSA
 	mask |= SSL_aDSS;
 #endif
-#ifdef NO_DH
+#ifdef OPENSSL_NO_DH
 	mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
 #endif
-#ifdef NO_KRB5
+#ifdef OPENSSL_NO_KRB5
 	mask |= SSL_kKRB5|SSL_aKRB5;
 #endif
 
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 25d1446e54..4a46099002 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -63,7 +63,7 @@
 #include <openssl/ssl.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA SSL_str_functs[]=
 	{
 {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),	"CLIENT_CERTIFICATE"},
@@ -432,7 +432,7 @@ void ERR_load_SSL_strings(void)
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
 #endif
diff --git a/ssl/ssl_err2.c b/ssl/ssl_err2.c
index cc089a612b..ea95a5f983 100644
--- a/ssl/ssl_err2.c
+++ b/ssl/ssl_err2.c
@@ -62,7 +62,7 @@
 
 void SSL_load_error_strings(void)
 	{
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 	ERR_load_crypto_strings();
 	ERR_load_SSL_strings();
 #endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 24f314e5b9..21e4d6e921 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -191,9 +191,9 @@ SSL *SSL_new(SSL_CTX *ctx)
 	if (s == NULL) goto err;
 	memset(s,0,sizeof(SSL));
 
-#ifndef	NO_KRB5
+#ifndef	OPENSSL_NO_KRB5
 	s->kssl_ctx = kssl_ctx_new();
-#endif	/* NO_KRB5 */
+#endif	/* OPENSSL_NO_KRB5 */
 
 	if (ctx->cert != NULL)
 		{
@@ -425,7 +425,7 @@ int SSL_get_fd(SSL *s)
 	return(ret);
 	}
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 int SSL_set_fd(SSL *s,int fd)
 	{
 	int ret=0;
@@ -1316,14 +1316,14 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 
 	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
 	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
 		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
 #else
 	rsa_tmp=rsa_tmp_export=0;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
 	dh_tmp_export=(c->dh_tmp_cb != NULL ||
 		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
@@ -1397,7 +1397,7 @@ void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 	mask|=SSL_aNULL;
 	emask|=SSL_aNULL;
 
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 	mask|=SSL_kKRB5|SSL_aKRB5;
 	emask|=SSL_kKRB5|SSL_aKRB5;
 #endif
@@ -1946,7 +1946,7 @@ SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
 	return(ssl->ctx);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 	{
 	return(X509_STORE_set_default_paths(ctx->cert_store));
@@ -2048,7 +2048,7 @@ int SSL_want(SSL *s)
  * \param cb the callback
  */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
 							  int is_export,
 							  int keylength))
@@ -2085,7 +2085,7 @@ RSA *cb(SSL *ssl,int is_export,int keylength)
  * \param dh the callback
  */
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
 							int keylength))
     {
@@ -2099,7 +2099,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
     }
 #endif
 
-#if defined(_WINDLL) && defined(WIN16)
+#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
 #include "../crypto/bio/bss_file.c"
 #endif
 
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f0ee7443aa..55f0b6c516 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -127,6 +127,7 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
+#include <openssl/symhacks.h>
 
 #ifdef OPENSSL_BUILD_SHLIBSSL
 # undef OPENSSL_EXTERN
@@ -376,11 +377,11 @@ typedef struct cert_st
 	int valid;
 	unsigned long mask;
 	unsigned long export_mask;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa_tmp;
 	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh_tmp;
 	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
 #endif
@@ -403,10 +404,10 @@ typedef struct sess_cert_st
 	/* Obviously we don't have the private keys of these,
 	 * so maybe we shouldn't even use the CERT_PKEY type here. */
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	RSA *peer_rsa_tmp; /* not used for SSL 2 */
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *peer_dh_tmp; /* not used for SSL 2 */
 #endif
 
@@ -463,9 +464,9 @@ OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
 OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
 OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
+#define SSL_COMP_get_compression_methods	SSL_COMP_get_compress_methods
 #endif
 
 
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 34a4d27dbe..80d9f79812 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -81,7 +81,7 @@ int SSL_use_certificate(SSL *ssl, X509 *x)
 	return(ssl_set_cert(ssl->cert,x));
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 	{
 	int j;
@@ -148,7 +148,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
 	return(ret);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 	{
 	EVP_PKEY *pkey;
@@ -198,7 +198,7 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 		EVP_PKEY_free(pktmp);
 		ERR_clear_error();
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((pkey->type == EVP_PKEY_RSA) &&
@@ -251,8 +251,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 	return(1);
 	}
 
-#ifndef NO_RSA
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_STDIO
 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
@@ -317,7 +317,7 @@ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
 
 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 	{
@@ -337,7 +337,7 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 	return(ret);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
@@ -438,7 +438,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
 		EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
 		ERR_clear_error();
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
@@ -471,7 +471,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
 			}
 		else
 			ok=1;
-		} /* NO_RSA */
+		} /* OPENSSL_NO_RSA */
 		}
 	else
 		ok=1;
@@ -493,7 +493,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
 	return(1);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j;
@@ -560,7 +560,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
 	return(ret);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 	{
 	int ret;
@@ -590,7 +590,7 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 	return(ret);
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
@@ -655,7 +655,7 @@ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
 
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 	{
@@ -672,7 +672,7 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 	return(ssl_set_pkey(ctx->cert,pkey));
 	}
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
@@ -735,7 +735,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
 	}
 
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 /* Read a file that contains our certificate in "PEM" format,
  * possibly followed by a sequence of CA certificates that should be
  * sent to the peer in the Certificate message.
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index 8e12461f3b..8355e9b859 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -74,7 +74,7 @@ case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
 case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
 case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
 case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
 case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
@@ -115,7 +115,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificat
 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
 #endif
 
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
 case SSL3_ST_CW_CLNT_HELLO_A:	str="SSLv3 write client hello A"; break;
 case SSL3_ST_CW_CLNT_HELLO_B:	str="SSLv3 write client hello B"; break;
@@ -182,7 +182,7 @@ case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;
 #endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 /* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:	str="SSLv2/v3 write client hello A"; break;
@@ -223,7 +223,7 @@ case SSL_ST_BEFORE:				str="PINIT "; break;
 case SSL_ST_ACCEPT:				str="AINIT "; break;
 case SSL_ST_CONNECT:				str="CINIT "; break;
 case SSL_ST_OK:			 		str="SSLOK "; break;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION:		str="2CSENC"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION:		str="2SSENC"; break;
 case SSL2_ST_SEND_CLIENT_HELLO_A:		str="2SCH_A"; break;
@@ -264,7 +264,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE:	str="2X9GSC"; break;
 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:	str="2X9GCC"; break;
 #endif
 
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
 case SSL3_ST_SW_FLUSH:
 case SSL3_ST_CW_FLUSH:				str="3FLUSH"; break;
@@ -330,7 +330,7 @@ case SSL3_ST_SR_CERT_VRFY_A:			str="3RCV_A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:			str="3RCV_B"; break;
 #endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 /* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:			str="23WCHA"; break;
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 6e33eec3e4..8b37a37e40 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -60,7 +60,7 @@
 #include <openssl/buffer.h>
 #include "ssl_locl.h"
 
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
 	{
 	BIO *b;
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 9d513baf80..cbcb00c89b 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -126,12 +126,12 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 #include <winsock.h>
 #include "../crypto/bio/bss_file.c"
 #endif
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
 #  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
 #else
@@ -145,11 +145,11 @@
 #define COMP_ZLIB	2
 
 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 static void free_tmp_rsa(void);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 static DH *get_dh512(void);
 static DH *get_dh1024(void);
 static DH *get_dh1024dsa(void);
@@ -183,18 +183,18 @@ static void sv_usage(void)
 	fprintf(stderr," -reuse        - use session-id reuse\n");
 	fprintf(stderr," -num <val>    - number of connections to perform\n");
 	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
 	fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
 	fprintf(stderr," -no_dhe       - disable DHE\n");
 #endif
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 	fprintf(stderr," -ssl3         - use SSLv3\n");
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 	fprintf(stderr," -tls1         - use TLSv1\n");
 #endif
 	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
@@ -230,7 +230,7 @@ static void print_details(SSL *c_ssl, const char *prefix)
 			{
 			if (0) 
 				;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
 				&& pkey->pkey.rsa->n != NULL)
 				{
@@ -238,7 +238,7 @@ static void print_details(SSL *c_ssl, const char *prefix)
 					BN_num_bits(pkey->pkey.rsa->n));
 				}
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
 				&& pkey->pkey.dsa->p != NULL)
 				{
@@ -337,7 +337,7 @@ int main(int argc, char *argv[])
 	SSL *c_ssl,*s_ssl;
 	int number=1,reuse=0;
 	long bytes=1L;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh;
 	int dhe1024 = 0, dhe1024dsa = 0;
 #endif
@@ -375,7 +375,7 @@ int main(int argc, char *argv[])
 			debug=1;
 		else if	(strcmp(*argv,"-reuse") == 0)
 			reuse=1;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		else if	(strcmp(*argv,"-dhe1024") == 0)
 			dhe1024=1;
 		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
@@ -527,7 +527,7 @@ bad:
 			}
 		}
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	if (ssl2)
 		meth=SSLv2_method();
 	else 
@@ -539,7 +539,7 @@ bad:
 	else
 		meth=SSLv23_method();
 #else
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
 	meth=SSLv3_method();
 #else
 	meth=SSLv2_method();
@@ -560,7 +560,7 @@ bad:
 		SSL_CTX_set_cipher_list(s_ctx,cipher);
 		}
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (!no_dhe)
 		{
 		if (dhe1024dsa)
@@ -580,7 +580,7 @@ bad:
 	(void)no_dhe;
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
 #endif
 
@@ -636,7 +636,7 @@ bad:
 	c_ssl=SSL_new(c_ctx);
 	s_ssl=SSL_new(s_ctx);
 
-#ifndef NO_KRB5
+#ifndef OPENSSL_NO_KRB5
 	if (c_ssl  &&  c_ssl->kssl_ctx)
                 {
                 char	localhost[257];
@@ -647,7 +647,7 @@ bad:
                                 localhost);
 			}
 		}
-#endif    /* NO_KRB5  */
+#endif    /* OPENSSL_NO_KRB5  */
 
 	for (i=0; i<number; i++)
 		{
@@ -695,7 +695,7 @@ end:
 
 	if (bio_stdout != NULL) BIO_free(bio_stdout);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	free_tmp_rsa();
 #endif
 	ERR_free_strings();
@@ -1411,7 +1411,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	return(ok);
 	}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static RSA *rsa_tmp=NULL;
 
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
@@ -1437,7 +1437,7 @@ static void free_tmp_rsa(void)
 	}
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 /* These DH parameters have been generated as follows:
  *    $ openssl dhparam -C -noout 512
  *    $ openssl dhparam -C -noout 1024