diff --git a/lib/modules/Crypto.pmod/aes.pike b/lib/modules/Crypto.pmod/aes.pike
index dd355ebaa990233d8293a6dc19512d39d701ce6c..271499db724600b97eba9b97b2159bc00fc18f18 100644
--- a/lib/modules/Crypto.pmod/aes.pike
+++ b/lib/modules/Crypto.pmod/aes.pike
@@ -1,17 +1,17 @@
 /*
- * $Id: aes.pike,v 1.2 2003/04/07 17:16:03 nilsson Exp $
+ * $Id: aes.pike,v 1.3 2004/02/03 13:49:21 nilsson Exp $
  *
  */
 
-//! Advanced Encryption Standard (AES), previously known as
-//! @[Crypto.rijndael].
+// Advanced Encryption Standard (AES), previously known as
+// @[Crypto.rijndael].
 
 #pike __REAL_VERSION__
 
-inherit Crypto.rijndael;
+inherit Nettle.AES_State;
 
-//! Returns the string @expr{"AES"@}.
-string name()
-{
-  return "AES";
-}
+string name() { return "AES"; }
+
+int query_key_length() { return 32; }
+int query_block_size() { return block_size(); }
+string crypt_block(string p) { return crypt(p); }
diff --git a/lib/modules/Crypto.pmod/des3.pike b/lib/modules/Crypto.pmod/des3.pike
index 370469335678d316df2fb911498d8042493d8137..30c4bcdbda15384307ca2b89d910761e0b069b6c 100644
--- a/lib/modules/Crypto.pmod/des3.pike
+++ b/lib/modules/Crypto.pmod/des3.pike
@@ -1,65 +1,14 @@
-/* $Id: des3.pike,v 1.1 2003/03/19 17:46:30 nilsson Exp $
+/* $Id: des3.pike,v 1.2 2004/02/03 13:49:35 nilsson Exp $
  *
  */
 
 #pike __REAL_VERSION__
 
-//! Triple-DES
-//!
-//! @seealso
-//!   @[pipe], @[des]
+inherit Nettle.DES3_State;
 
-inherit Crypto.pipe : pipe;
+string name() { return "DES"; } // Yep, it doesn't say DES3
 
-private array(object) d;
-
-void create()
-{
-  d = ({ Crypto.des(), Crypto.des(), Crypto.des() });
-  pipe::create( @ d); 
-}
-
-//! @fixme
-//!   Document this function.
-int query_key_size() { return 16; }
-
-//! @fixme
-//!   Document this function.
+array(int) query_key_length() { return ({ 8, 8, 8 }); }
 int query_block_size() { return 8; }
-
-private array(string) split_key(string key)
-{
-  string k1 = key[..7];
-  string k2 = key[8..15];
-  string k3 = (sizeof(key) > 16) ? key[16..] : k1;
-  return ({ k1, k2, k3 });
-}
-
-//! @fixme
-//!   Document this function.
-//!
-//! @throws
-//!   An exception will be raised if key is weak
-object set_encrypt_key(string key)
-{
-  array(string) keys = split_key(key);
-  pipe :: set_encrypt_key( @ keys);
-  /* Switch mode of middle crypto */
-  d[1]->set_decrypt_key(keys[1]);
-  return this_object();
-}
-
-//! @fixme
-//!   Document this function.
-//!
-//! @throws
-//!   An exception will be raised if key is weak
-object set_decrypt_key(string key)
-{
-  array(string) keys = split_key(key);
-  pipe :: set_decrypt_key( @ keys);
-  /* Switch mode of middle crypto */
-  d[1]->set_encrypt_key(keys[1]);
-  return this_object();
-}
-
+int query_key_size() { return 16; }
+string crypt_block(string p) { return crypt(p); }
diff --git a/lib/modules/Protocols.pmod/HTTP.pmod/Server.pmod/SSLPort.pike b/lib/modules/Protocols.pmod/HTTP.pmod/Server.pmod/SSLPort.pike
index e8589573b37f3872a7ddd4f4cd4a739648cce448..78fcf8ca902d5868e255cf9d9fbefb175c3800eb 100644
--- a/lib/modules/Protocols.pmod/HTTP.pmod/Server.pmod/SSLPort.pike
+++ b/lib/modules/Protocols.pmod/HTTP.pmod/Server.pmod/SSLPort.pike
@@ -132,7 +132,7 @@ void set_key(string skey)
     object p = key[4][1];
     object q = key[5][1];
 
-    rsa = Crypto.rsa();
+    rsa = Crypto.RSA();
     rsa->set_public_key(n, e);
     rsa->set_private_key(d);
 #else /* !0 */
diff --git a/lib/modules/SSL.pmod/context.pike b/lib/modules/SSL.pmod/context.pike
index b024f6d47c6594003ea52a9311194c6618add75c..47be590bd84b6ae2e1a78120bba8480c8f61b489 100644
--- a/lib/modules/SSL.pmod/context.pike
+++ b/lib/modules/SSL.pmod/context.pike
@@ -1,5 +1,5 @@
 //
-// $Id: context.pike,v 1.28 2004/01/30 21:44:05 bill Exp $
+// $Id: context.pike,v 1.29 2004/02/03 13:52:12 nilsson Exp $
 
 #pike __REAL_VERSION__
 #pragma strict_types
@@ -12,7 +12,7 @@
 import .Constants;
 
 //! The server's private key
-Crypto.rsa rsa;
+Crypto.RSA rsa;
 
 /* For client authentication */
 
@@ -95,8 +95,8 @@ int verify_certificates = 0;
 //! message with the (public part of) the long_rsa key.
 //!
 //! Otherwise, dont send any server_key_exchange message.
-Crypto.rsa long_rsa;
-Crypto.rsa short_rsa;
+Crypto.RSA long_rsa;
+Crypto.RSA short_rsa;
 
 //! Servers dsa key.
 Crypto.dsa dsa;
diff --git a/lib/modules/SSL.pmod/handshake.pike b/lib/modules/SSL.pmod/handshake.pike
index 5f88adc448d77b79d305b20d3a0484bf1e835133..e7b17c035bd0ea7261ef5b8aa2d400f6f4298788 100644
--- a/lib/modules/SSL.pmod/handshake.pike
+++ b/lib/modules/SSL.pmod/handshake.pike
@@ -1,7 +1,7 @@
 #pike __REAL_VERSION__
 #pragma strict_types
 
-/* $Id: handshake.pike,v 1.45 2004/01/30 21:44:05 bill Exp $
+/* $Id: handshake.pike,v 1.46 2004/02/03 13:52:27 nilsson Exp $
  *
  */
 
@@ -52,7 +52,7 @@ int certificate_state;
 int expect_change_cipher; /* Reset to 0 if a change_cipher message is
 			   * received */
 
-Crypto.rsa temp_key; /* Key used for session key exchange (if not the same
+Crypto.RSA temp_key; /* Key used for session key exchange (if not the same
 		      * as the server's certified key) */
 
 .Cipher.DHKeyExchange dh_state; /* For diffie-hellman key exchange */
@@ -1072,7 +1072,7 @@ int(-1..1) handle_handshake(int type, string data, string raw)
 
 	if(public_key->type == "rsa")
 	  {
-	    Crypto.rsa rsa = Crypto.rsa();
+	    Crypto.RSA rsa = Crypto.RSA();
 	    rsa->set_public_key(public_key->rsa->get_n(),
 				public_key->rsa->get_e());
 	    context->rsa = rsa;
@@ -1119,7 +1119,7 @@ int(-1..1) handle_handshake(int type, string data, string raw)
 			    backtrace()));
 	  return -1;
 	}
-	Crypto.rsa rsa = Crypto.rsa();
+	Crypto.RSA rsa = Crypto.RSA();
 	rsa->set_public_key(n, e);
 	context->rsa = rsa;
 	break;
diff --git a/lib/modules/SSL.pmod/https.pike b/lib/modules/SSL.pmod/https.pike
index 6b549bc84ca99bb0945cfc18586b1728086860ea..7b8772541c185632e850fd2379394c11f850db11 100644
--- a/lib/modules/SSL.pmod/https.pike
+++ b/lib/modules/SSL.pmod/https.pike
@@ -1,6 +1,6 @@
 #pike __REAL_VERSION__
 
-/* $Id: https.pike,v 1.14 2003/01/27 01:41:17 nilsson Exp $
+/* $Id: https.pike,v 1.15 2004/02/03 13:52:40 nilsson Exp $
  *
  * dummy https server
  */
@@ -74,15 +74,13 @@ class conn {
 }
 
 class no_random {
-  object arcfour = Crypto.arcfour();
+  object arcfour = Crypto.Arcfour();
   
   void create(string|void secret)
   {
     if (!secret)
       secret = sprintf("Foo!%4c", time());
-    object sha = Crypto.sha();
-    sha->update(secret);
-    arcfour->set_encrypt_key(sha->digest());
+    arcfour->set_encrypt_key(Crypto.SHA->hash(secret));
   }
 
   string read(int size)
@@ -135,7 +133,7 @@ int main()
   werror("n =  %s\np =  %s\nq =  %s\npq = %s\n",
 	 n->digits(), p->digits(), q->digits(), (p*q)->digits());
 
-  rsa = Crypto.rsa();
+  rsa = Crypto.RSA();
   rsa->set_public_key(n, e);
   rsa->set_private_key(d);
 #else /* !0 */
diff --git a/lib/modules/SSL.pmod/testsuite.in b/lib/modules/SSL.pmod/testsuite.in
index 92a39f0fd98bdb437e9e185fb5777bc1d0f0594d..b6b6913d68886dce7fb91ac7ae40c0c7cc3038bc 100644
--- a/lib/modules/SSL.pmod/testsuite.in
+++ b/lib/modules/SSL.pmod/testsuite.in
@@ -1,4 +1,4 @@
-dnl $Id: testsuite.in,v 1.5 2003/11/13 16:04:49 grubba Exp $
+dnl $Id: testsuite.in,v 1.6 2004/02/03 13:51:43 nilsson Exp $
 
 test_any([[
 #pike 7.4
@@ -17,7 +17,7 @@ string _key;
 string _cert;
 
 void make_cert() {
-  object rsa = Crypto.rsa();
+  object rsa = Crypto.RSA();
   rsa->generate_key( 1024, random_string );
   _key = Tools.PEM.simple_build_pem("RSA PRIVATE KEY",
     Standards.PKCS.RSA.private_key(rsa));
@@ -29,7 +29,7 @@ void make_cert() {
   ASSERT(rsa->public_key_equal(rsa_again));
 
   array attrs = ({
-    (["organizationName":Standards.ASN1.Types.asn1_printable_string("Pike")]),
+    (["organizationName":Standards.ASN1.Types.asn1_printable_string("Test")]),
     (["commonName":Standards.ASN1.Types.asn1_printable_string("*")]),
   });
 
@@ -57,7 +57,7 @@ class Server {
     object rsa = Standards.PKCS.RSA.parse_private_key(key);
     ctx->rsa = rsa;
     ASSERT(rsa->rsa_size()>512);
-    ctx->short_rsa = Crypto.rsa()->generate_key(512, ctx->random);
+    ctx->short_rsa = Crypto.RSA()->generate_key(512, ctx->random);
     ctx->rsa_mode();
 
     object tbs = Tools.X509.decode_certificate(cert);
@@ -68,7 +68,7 @@ class Server {
 
 int a() {
   make_cert();
-  Server();
+  object s = Server();
   return 1;
 }
 ]])
diff --git a/lib/modules/Standards.pmod/PKCS.pmod/CSR.pmod b/lib/modules/Standards.pmod/PKCS.pmod/CSR.pmod
index edc021174cea909dc89a9b225ce6894d97716c2e..1faaab23364994620e4acf07cd7b10f8fd264bae 100644
--- a/lib/modules/Standards.pmod/PKCS.pmod/CSR.pmod
+++ b/lib/modules/Standards.pmod/PKCS.pmod/CSR.pmod
@@ -1,5 +1,5 @@
 //
-// $Id: CSR.pmod,v 1.9 2003/01/27 02:54:02 nilsson Exp $
+// $Id: CSR.pmod,v 1.10 2004/02/03 13:50:10 nilsson Exp $
 
 //! Handling of Certifikate Signing Requests (PKCS-10)
 
@@ -18,8 +18,8 @@ class CSR_Attributes
 }
 
 //!
-Sequence build_csr(Crypto.rsa rsa, object name,
-		 mapping(string:array(object)) attributes)
+Sequence build_csr(Crypto.RSA rsa, object name,
+		   mapping(string:array(object)) attributes)
 {
   Sequence info = Sequence( ({ Integer(0), name,
 			       .RSA.build_rsa_public_key(rsa),
@@ -29,7 +29,7 @@ Sequence build_csr(Crypto.rsa rsa, object name,
 		      Sequence(
 			       ({ .Identifiers.rsa_md5_id, Null() }) ),
 		      BitString(rsa->sign(info->get_der(),
-					  Crypto.md5)
+					  Crypto.MD5)
 				->digits(256)) }) );
 }
 
diff --git a/lib/modules/Standards.pmod/PKCS.pmod/RSA.pmod b/lib/modules/Standards.pmod/PKCS.pmod/RSA.pmod
index 397df29e4f59ac1df78dfe235e08a45a3df2f8b7..7ac1b83ba9193ba630b73e43d350f60d21b53aae 100644
--- a/lib/modules/Standards.pmod/PKCS.pmod/RSA.pmod
+++ b/lib/modules/Standards.pmod/PKCS.pmod/RSA.pmod
@@ -1,4 +1,4 @@
-// $Id: RSA.pmod,v 1.18 2003/01/27 02:54:02 nilsson Exp $
+// $Id: RSA.pmod,v 1.19 2004/02/03 13:50:22 nilsson Exp $
 
 //! RSA operations and types as described in PKCS-1.
 
@@ -17,10 +17,10 @@ import Standards.ASN1.Types;
 
 //! Create a DER-coded RSAPublicKey structure
 //! @param rsa
-//!   @[Crypto.rsa] object
+//!   @[Crypto.RSA] object
 //! @returns
 //!   ASN1 coded RSAPublicKey structure
-string public_key(Crypto.rsa rsa)
+string public_key(Crypto.RSA rsa)
 {
   return Sequence(map( ({ rsa->get_n(), rsa->get_e() }),
 		       Integer))->get_der();
@@ -28,10 +28,10 @@ string public_key(Crypto.rsa rsa)
 
 //! Create a DER-coded RSAPrivateKey structure
 //! @param rsa
-//!   @[Crypto.rsa] object
+//!   @[Crypto.RSA] object
 //! @returns
 //!   ASN1 coded RSAPrivateKey structure
-string private_key(Crypto.rsa rsa)
+string private_key(Crypto.RSA rsa)
 {
   Gmp.mpz n = rsa->get_n();
   Gmp.mpz e = rsa->get_e();
@@ -52,8 +52,8 @@ string private_key(Crypto.rsa rsa)
 //! @param key
 //!   RSAPublicKey provided in ASN1 encoded format
 //! @returns
-//!   @[Crypto.rsa] object
-Crypto.rsa parse_public_key(string key)
+//!   @[Crypto.RSA] object
+Crypto.RSA parse_public_key(string key)
 {
   Object a = Standards.ASN1.Decode.simple_der_decode(key);
 
@@ -63,7 +63,7 @@ Crypto.rsa parse_public_key(string key)
       || (sizeof(a->elements->type_name - ({ "INTEGER" }))) )
     return 0;
 
-  Crypto.rsa rsa = Crypto.rsa();
+  Crypto.RSA rsa = Crypto.RSA();
   rsa->set_public_key(a->elements[0]->value, a->elements[1]->value);
   return rsa;
 }
@@ -72,8 +72,8 @@ Crypto.rsa parse_public_key(string key)
 //! @param key
 //!   RSAPrivateKey provided in ASN1 encoded format
 //! @returns
-//!   @[Crypto.rsa] object
-Crypto.rsa parse_private_key(string key)
+//!   @[Crypto.RSA] object
+Crypto.RSA parse_private_key(string key)
 {
   WERROR(sprintf("rsa->parse_private_key: '%s'\n", key));
   Object a = Standards.ASN1.Decode.simple_der_decode(key);
@@ -86,7 +86,7 @@ Crypto.rsa parse_private_key(string key)
       || a->elements[0]->value)
     return 0;
   
-  Crypto.rsa rsa = Crypto.rsa();
+  Crypto.RSA rsa = Crypto.RSA();
   rsa->set_public_key(a->elements[1]->value, a->elements[2]->value);
   rsa->set_private_key(a->elements[3]->value, a->elements[4..]->value);
   return rsa;
@@ -98,7 +98,7 @@ Sequence build_rsa_public_key(object rsa)
     Sequence(
       ({ .Identifiers.rsa_id, Null() }) ),
     BitString(Sequence(
-      ({ Integer(rsa->n), Integer(rsa->e) }) )->get_der()) }) );
+      ({ Integer(rsa->get_n()), Integer(rsa->get_e()) }) )->get_der()) }) );
 }
 
 #endif
diff --git a/lib/modules/Tools.pmod/X509.pmod b/lib/modules/Tools.pmod/X509.pmod
index 937e52eaf8470f4fb52de690f4609c291d586b79..ec5289ea7b8f0a9157f9d14826b07903d80de17d 100644
--- a/lib/modules/Tools.pmod/X509.pmod
+++ b/lib/modules/Tools.pmod/X509.pmod
@@ -2,7 +2,7 @@
 //#pragma strict_types
 
 /* 
- * $Id: X509.pmod,v 1.25 2004/01/30 10:33:11 nilsson Exp $
+ * $Id: X509.pmod,v 1.26 2004/02/03 13:53:02 nilsson Exp $
  *
  * Some random functions for creating RFC-2459 style X.509 certificates.
  *
@@ -164,7 +164,7 @@ string make_selfsigned_dsa_certificate(Crypto.dsa dsa, int ttl, array name,
 }
 
 //!
-string rsa_sign_digest(Crypto.rsa rsa, object digest_id, string digest)
+string rsa_sign_digest(Crypto.RSA rsa, object digest_id, string digest)
 {
   Sequence digest_info = Sequence( ({ Sequence( ({ digest_id, Null() }) ),
 				      OctetString(digest) }) );
@@ -172,7 +172,7 @@ string rsa_sign_digest(Crypto.rsa rsa, object digest_id, string digest)
 }
 
 //!
-int(0..1) rsa_verify_digest(Crypto.rsa rsa, object digest_id,
+int(0..1) rsa_verify_digest(Crypto.RSA rsa, object digest_id,
 		      string digest, string s)
 {
   Sequence digest_info = Sequence( ({ Sequence( ({ digest_id, Null() }) ),
@@ -181,7 +181,7 @@ int(0..1) rsa_verify_digest(Crypto.rsa rsa, object digest_id,
 }
 
 //!
-string make_selfsigned_rsa_certificate(Crypto.rsa rsa, int ttl, array name,
+string make_selfsigned_rsa_certificate(Crypto.RSA rsa, int ttl, array name,
 				       array|void extensions)
 {
   Integer serial = Integer(1); /* Hard coded serial number */
@@ -219,14 +219,14 @@ class Verifier {
   int(0..1) verify(object,string,string);
   this_program init(string key);
 
-  optional Crypto.rsa rsa; // Ugly
+  optional Crypto.RSA rsa; // Ugly
 }
 
 //!
 class rsa_verifier
 {
   inherit Verifier;
-  Crypto.rsa rsa;
+  Crypto.RSA rsa;
 
   constant type = "rsa";