diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 0e5f57f677..9eef889e02 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.c,v 1.61 2002/12/13 02:37:33 marka Exp $ */
+/* $Id: os.c,v 1.62 2002/12/13 02:51:39 marka Exp $ */
 
 #include <config.h>
 #include <stdarg.h>
@@ -357,10 +357,6 @@ void
 ns_os_chroot(const char *root) {
 	char strbuf[ISC_STRERRORSIZE];
 	if (root != NULL) {
-		isc_uint32_t dummy;
-
-		isc_random_get(&dummy);
-
 		if (chroot(root) < 0) {
 			isc__strerror(errno, strbuf, sizeof(strbuf));
 			ns_main_earlyfatal("chroot(): %s", strbuf);
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in
index 412bbde8b2..ad91dde5e9 100644
--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.135 2002/12/13 02:37:34 marka Exp $
+# $Id: Makefile.in,v 1.136 2002/12/13 02:51:40 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -34,13 +34,13 @@ LIBS =		@LIBS@
 
 # Alphabetically
 
-DSTOBJS =	sec/dst/dst_api.@O@ sec/dst/dst_lib.@O@ sec/dst/dst_parse.@O@ \
-		sec/dst/dst_result.@O@ sec/dst/hmac_link.@O@ sec/dst/key.@O@
-
-OPENSSLOBJS =	sec/dst/openssl_link.@O@ sec/dst/openssldh_link.@O@ \
-		sec/dst/openssldsa_link.@O@ sec/dst/opensslrsa_link.@O@
-
-GSSAPIOBJS =	sec/dst/gssapi_link.@O@ sec/dst/gssapictx.@O@
+DSTOBJS =	sec/dst/dst_api.@O@ \
+		sec/dst/dst_lib.@O@ sec/dst/dst_parse.@O@ \
+		sec/dst/dst_result.@O@ sec/dst/gssapi_link.@O@ \
+		sec/dst/gssapictx.@O@ sec/dst/hmac_link.@O@ \
+		sec/dst/key.@O@ sec/dst/openssl_link.@O@ \
+		sec/dst/openssldh_link.@O@ sec/dst/openssldsa_link.@O@ \
+		sec/dst/opensslrsa_link.@O@
 
 # Alphabetically
 OBJS =		acl.@O@ adb.@O@ byaddr.@O@ \
@@ -56,7 +56,7 @@ OBJS =		acl.@O@ adb.@O@ byaddr.@O@ \
 		stats.@O@ tcpmsg.@O@ time.@O@ timer.@O@ tkey.@O@ \
 		tsig.@O@ ttl.@O@ validator.@O@ \
 		version.@O@ view.@O@ xfrin.@O@ zone.@O@ zonekey.@O@ zt.@O@ \
-		${OTHEROBJS} ${DSTOBJS} ${OPENSSLOBJS} ${GSSAPIOBJS}
+		${OTHEROBJS} ${DSTOBJS}
 
 # Alphabetically
 SRCS =		acl.c adb.c byaddr.c \
@@ -100,26 +100,6 @@ libdns.la: ${OBJS}
 		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
 		${OBJS} ${LIBS}
 
-libdstcypto.@SA@: ${OPENSSLOBJS}
-	${AR} ${ARFLAGS} $@ ${OPENSSLOBJS}
-	${RANLIB} $@
-
-libdstcypto.la: ${OPENSSLOBJS}
-	${LIBTOOL} --mode=link \
-		${CC} ${ALL_CFLAGS} -o $@ -rpath ${libdir} \
-		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
-		${OPENSSLOBJS} ${LIBS}
-
-libdstgssapi.@SA@: ${GSSAPIOBJS}
-	${AR} ${ARFLAGS} $@ ${GSSAPIOBJS}
-	${RANLIB} $@
-
-libdstgssapi.la: ${GSSAPIOBJS}
-	${LIBTOOL} --mode=link \
-		${CC} ${ALL_CFLAGS} -o $@ -rpath ${libdir} \
-		-version-info ${LIBINTERFACE}:${LIBREVISION}:${LIBAGE} \
-		${GSSAPIOBJS} ${LIBS}
-
 timestamp: libdns.@A@
 	touch timestamp
 
diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c
index f9a4567971..d00fc518b3 100644
--- a/lib/dns/sec/dst/dst_api.c
+++ b/lib/dns/sec/dst/dst_api.c
@@ -19,7 +19,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.105 2002/12/13 02:37:34 marka Exp $
+ * $Id: dst_api.c,v 1.106 2002/12/13 02:51:40 marka Exp $
  */
 
 #include <config.h>
@@ -103,14 +103,6 @@ static isc_result_t	addsuffix(char *filename, unsigned int len,
 			goto out;		\
 	} while (0)
 
-#define RETERR2(x) 				\
-	do {					\
-		result = (x);			\
-		if (result != ISC_R_SUCCESS &&	\
-		    result != ISC_R_NOTIMPLEMENTED)	\
-			goto out;		\
-	} while (0)
-
 #define CHECKALG(alg)				\
 	do {					\
 		isc_result_t _r;		\
@@ -127,7 +119,22 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
 	REQUIRE(dst_initialized == ISC_FALSE);
 
 	dst__memory_pool = NULL;
+
+#ifdef OPENSSL
+	UNUSED(mctx);
+	/*
+	 * When using --with-openssl, there seems to be no good way of not
+	 * leaking memory due to the openssl error handling mechanism.
+	 * Avoid assertions by using a local memory context and not checking
+	 * for leaks on exit.
+	 */
+	result = isc_mem_create(0, 0, &dst__memory_pool);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+	isc_mem_setdestroycheck(dst__memory_pool, ISC_FALSE);
+#else
 	isc_mem_attach(mctx, &dst__memory_pool);
+#endif
 	isc_entropy_attach(ectx, &dst_entropy_pool);
 	dst_entropy_flags = eflags;
 
@@ -135,12 +142,16 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
 
 	memset(dst_t_func, 0, sizeof(dst_t_func));
 	RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
-	RETERR2(dst__openssl_init());
-	RETERR2(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
-	RETERR2(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
-	RETERR2(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
-	RETERR2(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
-	RETERR2(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
+#ifdef OPENSSL
+	RETERR(dst__openssl_init());
+	RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
+	RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
+	RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
+	RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
+#endif
+#ifdef GSSAPI
+	RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
+#endif
 	dst_initialized = ISC_TRUE;
 	return (ISC_R_SUCCESS);
 
@@ -158,11 +169,14 @@ dst_lib_destroy(void) {
 	for (i = 0; i < DST_MAX_ALGS; i++)
 		if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL)
 			dst_t_func[i]->cleanup();
+#ifdef OPENSSL
 	dst__openssl_destroy();
+#endif
 	if (dst__memory_pool != NULL)
 		isc_mem_detach(&dst__memory_pool);
 	if (dst_entropy_pool != NULL)
 		isc_entropy_detach(&dst_entropy_pool);
+
 }
 
 isc_boolean_t
diff --git a/lib/dns/sec/dst/gssapi_link.c b/lib/dns/sec/dst/gssapi_link.c
index 873811ba74..8b19b40779 100644
--- a/lib/dns/sec/dst/gssapi_link.c
+++ b/lib/dns/sec/dst/gssapi_link.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: gssapi_link.c,v 1.11 2002/12/13 02:37:34 marka Exp $
+ * $Id: gssapi_link.c,v 1.12 2002/12/13 02:51:40 marka Exp $
  */
 
 #ifdef GSSAPI
@@ -216,17 +216,5 @@ dst__gssapi_init(dst_func_t **funcp) {
 }
 
 #else
-
-#include <config.h>
-#include <stdlib.h>
-#include <isc/util.h>
-#include "dst_internal.h"
-
-isc_result_t
-dst__gssapi_init(dst_func_t **funcp) {
-	REQUIRE(funcp != NULL);
-	UNUSED(funcp);
-	return (ISC_R_NOTIMPLEMENTED);
-}
-
+int  gssapi_link_unneeded = 1;
 #endif
diff --git a/lib/dns/sec/dst/openssl_link.c b/lib/dns/sec/dst/openssl_link.c
index c7449d3204..f284ca287e 100644
--- a/lib/dns/sec/dst/openssl_link.c
+++ b/lib/dns/sec/dst/openssl_link.c
@@ -19,7 +19,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssl_link.c,v 1.52 2002/12/13 02:37:35 marka Exp $
+ * $Id: openssl_link.c,v 1.53 2002/12/13 02:51:40 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -56,7 +56,6 @@ static int nlocks;
 static ENGINE *e;
 #endif
 
-static isc_mem_t *openssl__memory_pool = NULL;
 
 static int
 entropy_get(unsigned char *buf, int num) {
@@ -103,22 +102,22 @@ id_callback(void) {
 
 static void *
 mem_alloc(size_t size) {
-	INSIST(openssl__memory_pool != NULL);
-	return (isc_mem_allocate(openssl__memory_pool, size));
+	INSIST(dst__memory_pool != NULL);
+	return (isc_mem_allocate(dst__memory_pool, size));
 }
 
 static void
 mem_free(void *ptr) {
-	INSIST(openssl__memory_pool != NULL);
+	INSIST(dst__memory_pool != NULL);
 	if (ptr != NULL)
-		isc_mem_free(openssl__memory_pool, ptr);
+		isc_mem_free(dst__memory_pool, ptr);
 }
 
 static void *
 mem_realloc(void *ptr, size_t size) {
 	void *p;
 
-	INSIST(openssl__memory_pool != NULL);
+	INSIST(dst__memory_pool != NULL);
 	p = NULL;
 	if (size > 0) {
 		p = mem_alloc(size);
@@ -131,14 +130,9 @@ mem_realloc(void *ptr, size_t size) {
 }
 
 isc_result_t
-dst__openssl_init(void) {
+dst__openssl_init() {
 	isc_result_t result;
 
-        result = isc_mem_create(0, 0, &openssl__memory_pool);
-        if (result != ISC_R_SUCCESS)
-                return (result);
-        isc_mem_setdestroycheck(openssl__memory_pool, ISC_FALSE);
-
 	CRYPTO_set_mem_functions(mem_alloc, mem_realloc, mem_free);
 	nlocks = CRYPTO_num_locks();
 	locks = mem_alloc(sizeof(isc_mutex_t) * nlocks);
@@ -185,7 +179,7 @@ dst__openssl_init(void) {
 }
 
 void
-dst__openssl_destroy(void) {
+dst__openssl_destroy() {
 	ERR_clear_error();
 #ifdef USE_ENGINE
 	if (e != NULL)
@@ -197,8 +191,6 @@ dst__openssl_destroy(void) {
 	}
 	if (rm != NULL)
 		mem_free(rm);
-	if (openssl__memory_pool != NULL)
-		isc_mem_detach(&openssl__memory_pool);
 }
 
 isc_result_t
@@ -220,23 +212,7 @@ dst__openssl_toresult(isc_result_t fallback) {
 #else /* OPENSSL */
 
 #include <isc/util.h>
-#include "dst_internal.h"
-#include "dst_openssl.h"
 
-isc_result_t
-dst__openssl_init(void) {
-	return (ISC_R_NOTIMPLEMENTED);
-}
-
-void
-dst__openssl_destroy(void) {
-	/* empty */
-}
-
-isc_result_t
-dst__openssl_toresult(isc_result_t fallback) {
-	UNUSED(fallback);
-	return (ISC_R_NOTIMPLEMENTED);
-}
+EMPTY_TRANSLATION_UNIT
 
 #endif /* OPENSSL */
diff --git a/lib/dns/sec/dst/openssldh_link.c b/lib/dns/sec/dst/openssldh_link.c
index 2615447f47..55ff695844 100644
--- a/lib/dns/sec/dst/openssldh_link.c
+++ b/lib/dns/sec/dst/openssldh_link.c
@@ -19,7 +19,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: openssldh_link.c,v 1.49 2002/12/13 02:37:35 marka Exp $
+ * $Id: openssldh_link.c,v 1.50 2002/12/13 02:51:40 marka Exp $
  */
 
 #ifdef OPENSSL
@@ -602,17 +602,8 @@ dst__openssldh_init(dst_func_t **funcp) {
 
 #else /* OPENSSL */
 
-#include <config.h>
 #include <isc/util.h>
-#include <stdlib.h>		/* NULL */
-#include "dst_internal.h"
 
-isc_result_t
-dst__openssldh_init(dst_func_t **funcp) {
-	REQUIRE(funcp != NULL);
-	UNUSED(funcp);
-	
-	return (ISC_R_NOTIMPLEMENTED);
-}
+EMPTY_TRANSLATION_UNIT
 
 #endif /* OPENSSL */
diff --git a/lib/dns/sec/dst/openssldsa_link.c b/lib/dns/sec/dst/openssldsa_link.c
index dfd14beb23..4f3a443f36 100644
--- a/lib/dns/sec/dst/openssldsa_link.c
+++ b/lib/dns/sec/dst/openssldsa_link.c
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: openssldsa_link.c,v 1.12 2002/12/13 02:37:35 marka Exp $ */
+/* $Id: openssldsa_link.c,v 1.13 2002/12/13 02:51:41 marka Exp $ */
 
 #ifdef OPENSSL
 
@@ -437,17 +437,8 @@ dst__openssldsa_init(dst_func_t **funcp) {
 
 #else /* OPENSSL */
 
-#include <config.h>
-#include <stdlib.h>
 #include <isc/util.h>
-#include "dst_internal.h"
 
-isc_result_t
-dst__openssldsa_init(dst_func_t **funcp) {
-	REQUIRE(funcp != NULL);
-	UNUSED(funcp);
-
-	return (ISC_R_NOTIMPLEMENTED);
-}
+EMPTY_TRANSLATION_UNIT
 
 #endif /* OPENSSL */
diff --git a/lib/dns/sec/dst/opensslrsa_link.c b/lib/dns/sec/dst/opensslrsa_link.c
index 2d3646b96d..2214fc3e27 100644
--- a/lib/dns/sec/dst/opensslrsa_link.c
+++ b/lib/dns/sec/dst/opensslrsa_link.c
@@ -17,7 +17,7 @@
 
 /*
  * Principal Author: Brian Wellington
- * $Id: opensslrsa_link.c,v 1.24 2002/12/13 02:37:35 marka Exp $
+ * $Id: opensslrsa_link.c,v 1.25 2002/12/13 02:51:41 marka Exp $
  */
 #ifdef OPENSSL
 
@@ -521,17 +521,8 @@ dst__opensslrsa_init(dst_func_t **funcp) {
 
 #else /* OPENSSL */
 
-#include <config.h>
-#include <stdlib.h>
 #include <isc/util.h>
-#include "dst_internal.h"
 
-isc_result_t
-dst__opensslrsa_init(dst_func_t **funcp) {
-	REQUIRE(funcp != NULL);
-	UNUSED(funcp);
-
-	return (ISC_R_NOTIMPLEMENTED);
-}
+EMPTY_TRANSLATION_UNIT
 
 #endif /* OPENSSL */