Changes for release

Fix for ASN1 parsing bugs.
make update
2003-09-30 12:08:23 +00:00 · 2003-09-30 12:05:44 +00:00 · 2003-09-29 20:17:37 +00:00 · 2003-09-29 17:10:01 +00:00 · 2003-09-28 14:07:01 +00:00 · 2003-09-28 09:25:33 +00:00
691 changed files with 361 additions and 260772 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -14,4 +14,3 @@ cctest.c
 cctest.a
 libcrypto.so.*
 libssl.so.*
-libcrypto.sha1
--- a/4
+++ b/4
@@ -2,10 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]
-
-  *)
-
 Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]

  *) Fix various bugs revealed by running the NISCC test suite:
--- a/30
+++ b/30
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

 # Options:
 #
@@ -135,12 +135,11 @@ my %table=(
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
@@ -631,8 +630,6 @@ my $rmd160_obj="";
 my $processor="";
 my $default_ranlib;
 my $perl;
-my $fips=0;
-my $debug=0;

 my $no_ssl2=0;
 my $no_ssl3=0;
@@ -806,15 +803,6 @@ PROCESS_ARGS:
 			}
 		elsif (/^386$/)
 			{ $processor=386; }
-		elsif (/^fips$/)
-			{
-			$fips=1;
-			$openssl_other_defines.="#define OPENSSL_FIPS\n";
-		        }
-		elsif (/^debug$/)
-			{
-			$debug=1;
-			}
 		elsif (/^rsaref$/)
 			{
 			# No RSAref support any more since it's not needed.
@@ -1150,11 +1138,7 @@ if ($ranlib eq "")

 $bn_obj = $bn_asm unless $bn_obj ne "";

-if ($fips)
-	{
-	$des_obj=$sha1_obj="";
-	}
-$des_obj=$des_enc	unless (!$fips && $des_obj =~ /\.o$/);
+$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
 $rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
@@ -1175,12 +1159,6 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}

-if ($debug)
-	{
-	$cflags.=" -g";
-	$cflags=~s/-fomit-frame-pointer//;
-	}
-
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
 $cflags =~ s/([\\\"])/\\\1/g;
--- a/Makefile.org
+++ b/Makefile.org
@@ -173,19 +173,17 @@ LIBKRB5=
 # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
 SHLIB_MARK=

-DIRS=   crypto fips ssl $(SHLIB_MARK) sigs apps test tools
-SHLIBDIRS= fips crypto ssl
+DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
+SHLIBDIRS= crypto ssl

 # dirs in crypto to build
-SDIRS=  objects \
+SDIRS=  \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn ec rsa dsa dh dso engine aes \
-	buffer bio stack lhash rand err \
+	buffer bio stack lhash rand err objects \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

-FDIRS=	sha1 rand des aes dsa rsa
-
 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
 TESTS = alltests
@@ -204,7 +202,6 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
-SIGS=	libcrypto.sha1
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
@@ -224,29 +221,12 @@ HEADER=         e_os.h

 all: Makefile.ssl sub_all openssl.pc

-sigs:	$(SIGS)
-libcrypto.sha1: libcrypto.a
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.sha1; \
-	fi
-
 sub_all:
 	@for i in $(DIRS); \
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
-	else \
-		$(MAKE) $$i; \
-	fi; \
-	done;
-
-sub_target:
-	@for i in $(DIRS); \
-	do \
-	if [ -d "$$i" ]; then \
-		(cd $$i && echo "making $(TARGET) in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -501,7 +481,7 @@ do_hpux-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		+vnocompatwarnings \
+ 		+vnocompatwarnings \
 		-b -z +s \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -524,7 +504,7 @@ do_hpux64-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-		-b -z \
+ 		-b -z \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a -ldl -lc ) || exit 1; \
@@ -851,16 +831,8 @@ install: all install_docs
 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
 		fi; \
 	fi
-	@for i in $(SIGS) ;\
-	do \
-		if [ -f "$$i" ]; then \
-		(       echo installing $$i; \
-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-		fi; \
-	done;
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig

 install_docs:
 	@$(PERL) $(TOP)/util/mkdir-p.pl \
@@ -885,7 +857,6 @@ install_docs:
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
 			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -902,7 +873,6 @@ install_docs:
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
 			grep -v $$filecase "^$$fn\$$" | \
-			grep -v "[	]" | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
--- a/2
+++ b/2
@@ -1,6 +1,6 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2003/10/02 10:55:20 $
+  ______________                           $Date: 2003/09/30 12:08:19 $

  DEVELOPMENT STATE

--- a/54
+++ b/54
@@ -1502,7 +1502,7 @@ $arflags      =

 *** debug-ben
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1527,7 +1527,7 @@ $arflags      =

 *** debug-ben-debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1550,31 +1550,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

-*** debug-ben-fips-debug
-$cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = 
-$lflags       = 
-$bn_ops       = 
-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** debug-ben-openbsd
 $cc           = gcc
 $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe
@@ -4375,31 +4350,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

-*** vxworks-ppc860
-$cc           = ccppc
-$cflags       = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
-$unistd       = 
-$thread_cflag = 
-$sys_id       = VXWORKS
-$lflags       = -r
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** vxworks-ppc860
 $cc           = ccppc
 $cflags       = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -126,6 +126,16 @@
 #include <openssl/engine.h>
 #endif

+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
+#endif
+
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
@@ -368,6 +378,22 @@ int WIN32_rename(char *from, char *to)
 	}
 #endif

+#ifdef OPENSSL_SYS_VMS
+int VMS_strcasecmp(const char *str1, const char *str2)
+	{
+	while (*str1 && *str2)
+		{
+		int res = toupper(*str1) - toupper(*str2);
+		if (res) return res < 0 ? -1 : 1;
+		}
+	if (*str1)
+		return 1;
+	if (*str2)
+		return -1;
+	return 0;
+	}
+#endif
+
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -141,6 +141,12 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
 int WIN32_rename(char *oldname,char *newname);
 #endif

+/* VMS below version 7.0 doesn't have strcasecmp() */
+#ifdef OPENSSL_SYS_VMS
+#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2))
+int VMS_strcasecmp(const char *str1, const char *str2);
+#endif
+
 #ifndef MONOLITH

 #define MAIN(a,v)	main(a,v)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -76,6 +76,16 @@
 #include <openssl/ocsp.h>
 #include <openssl/pem.h>

+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
+#endif
+
 #ifndef W_OK
 #  ifdef OPENSSL_SYS_VMS
 #    if defined(__DECC)
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -36,14 +36,14 @@ GENERAL=Makefile README crypto-lib.com install.com

 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c
-LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o

 SRC= $(LIBSRC)

 EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
 	ossl_typ.h
-HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER)
+HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)

@@ -203,8 +203,6 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
-o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c
-o_str.o: o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
 tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
--- a/crypto/aes/Makefile.ssl
+++ b/crypto/aes/Makefile.ssl
@@ -91,8 +91,7 @@ aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
 aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
-aes_core.o: aes_core.c aes_locl.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
 aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -95,15 +95,6 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
 	unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-			    const int nbits,const AES_KEY *key,
-			    unsigned char *ivec,const int enc);
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
 	unsigned char *ivec, int *num);
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -155,96 +155,3 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	*num=n;
 }

-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-/* Untested, once it is working, it will be optimised */
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-			    const int nbits,const AES_KEY *key,
-			    unsigned char *ivec,const int enc)
-    {
-    int n;
-    unsigned char ovec[AES_BLOCK_SIZE*2];
-
-    assert(in && out && key && ivec);
-    if(enc)
-	{
-	/* construct the new IV */
-	AES_encrypt(ivec,ovec,key);
-	/* encrypt the input */
-	for(n=0 ; n < (nbits+7)/8 ; ++n)
-	    out[n]=in[n]^ovec[n];
-	/* fill in the first half of the new IV with the current IV */
-	memcpy(ovec,ivec,AES_BLOCK_SIZE);
-	/* and put the ciphertext in the second half */
-	memcpy(ovec+AES_BLOCK_SIZE,out,(nbits+7)/8);
-	/* shift ovec left most of the bits... */
-	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
-	/* now the remaining bits */
-	if(nbits%8 != 0)
-	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-		{
-		ovec[n]<<=nbits%8;
-		ovec[n]|=ovec[n+1]>>(8-nbits%8);
-		}
-	/* finally, move it back into place */
-	memcpy(ivec,ovec,AES_BLOCK_SIZE);
-	}
-    else
-	{
-	/* construct the new IV in the first half of ovec */
-	AES_encrypt(ivec,ovec,key);
-	/* decrypt the input */
-	for(n=0 ; n < (nbits+7)/8 ; ++n)
-	    out[n]=in[n]^ovec[n];
-	/* fill in the first half of the new IV with the current IV */
-	memcpy(ovec,ivec,AES_BLOCK_SIZE);
-	/* append the ciphertext */
-	memcpy(ovec+AES_BLOCK_SIZE,in,(nbits+7)/8);
-	/* shift ovec left most of the bits... */
-	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
-	/* now the remaining bits */
-	if(nbits%8 != 0)
-	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-		{
-		ovec[n]<<=nbits%8;
-		ovec[n]|=ovec[n+1]>>(8-nbits%8);
-		}
-	/* finally, move it back into place */
-	memcpy(ivec,ovec,AES_BLOCK_SIZE);
-	}
-    /* it is not necessary to cleanse ovec, since the IV is not secret */
-    }
-
-/* N.B. This expects the input to be packed, MS bit first */
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-		      const unsigned long length, const AES_KEY *key,
-		      unsigned char *ivec, int *num, const int enc)
-    {
-    unsigned int n;
-    unsigned char c[1],d[1];
-
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
-    memset(out,0,(length+7)/8);
-    for(n=0 ; n < length ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-	out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-	}
-    }
-
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-		      const unsigned long length, const AES_KEY *key,
-		      unsigned char *ivec, int *num, const int enc)
-    {
-    unsigned int n;
-
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
-    for(n=0 ; n < length ; ++n)
-	AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
-    }
-
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -37,11 +37,8 @@

 #include <stdlib.h>
 #include <openssl/aes.h>
-#include <openssl/fips.h>
 #include "aes_locl.h"

-#ifndef OPENSSL_FIPS
-
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -1258,4 +1255,3 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	PUTU32(out + 12, s3);
 }

-#endif /* ndef OPENSSL_FIPS */
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -115,7 +115,7 @@ err:

 #endif

-int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[9]={99, 99,12,31,23,59,59,12,59};
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -114,7 +114,7 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}

-int ASN1_TIME_check(const ASN1_TIME *t)
+int ASN1_TIME_check(ASN1_TIME *t)
 	{
 	if (t->type == V_ASN1_GENERALIZEDTIME)
 		return ASN1_GENERALIZEDTIME_check(t);
@@ -124,8 +124,7 @@ int ASN1_TIME_check(const ASN1_TIME *t)
 	}

 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
-						   ASN1_GENERALIZEDTIME **out)
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
 	{
 	ASN1_GENERALIZEDTIME *ret;
 	char *str;
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -112,7 +112,7 @@ err:

 #endif

-int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[8]={99,12,31,23,59,59,12,59};
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -754,7 +754,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);

 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)

-int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
@@ -762,7 +762,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 #endif

-int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 

@@ -793,8 +793,8 @@ DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(const ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);

 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
--- a/crypto/cast/asm/.cvsignore
+++ b/crypto/cast/asm/.cvsignore
@@ -1,2 +1 @@
 cx86unix.cpp
-cx86-elf.s
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -66,11 +66,6 @@
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif

-#ifdef OPENSSL_FIPS
-int FIPS_mode;
-void *FIPS_rand_check;
-#endif /* def OPENSSL_FIPS */
-
 DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)

--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -158,7 +158,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -140,114 +140,3 @@ void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
 	}
 #endif
-
-/* This is compatible with the single key CFB-r for DES, even thought that's
- * not what EVP needs.
- */
-
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-			  int numbits,long length,DES_key_schedule *ks1,
-			  DES_key_schedule *ks2,DES_key_schedule *ks3,
-			  DES_cblock *ivec,int enc)
-	{
-	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
-	register unsigned long l=length;
-	register int num=numbits;
-	DES_LONG ti[2];
-	unsigned char *iv;
-	unsigned char ovec[16];
-
-	if (num > 64) return;
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	if (enc)
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt3(ti,ks1,ks2,ks3);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-				/* shift ovec left most of the bits... */
-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-				/* now the remaining bits */
-				if(num%8 != 0)
-					for(n=0 ; n < 8 ; ++n)
-						{
-						ovec[n]<<=num%8;
-						ovec[n]|=ovec[n+1]>>(8-num%8);
-						}
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-				}
-			}
-		}
-	else
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt3(ti,ks1,ks2,ks3);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-				/* shift ovec left most of the bits... */
-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-				/* now the remaining bits */
-				if(num%8 != 0)
-					for(n=0 ; n < 8 ; ++n)
-						{
-						ovec[n]<<=num%8;
-						ovec[n]|=ovec[n+1]>>(8-num%8);
-						}
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-				}
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			}
-		}
-	iv = &(*ivec)[0];
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
-	}
-
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */

-#include "e_os.h"
 #include "des_locl.h"

 /* The input and output are loaded in multiples of 8 bits.
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -128,7 +128,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */
 #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)

 const char *DES_options(void);
-void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output,
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
 		      DES_key_schedule *ks1,DES_key_schedule *ks2,
 		      DES_key_schedule *ks3, int enc);
 DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
@@ -187,10 +187,6 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
 			    long length,DES_key_schedule *ks1,
 			    DES_key_schedule *ks2,DES_key_schedule *ks3,
 			    DES_cblock *ivec,int *num,int enc);
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-			  int numbits,long length,DES_key_schedule *ks1,
-			  DES_key_schedule *ks2,DES_key_schedule *ks3,
-			  DES_cblock *ivec,int enc);
 void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
 			    long length,DES_key_schedule *ks1,
 			    DES_key_schedule *ks2,DES_key_schedule *ks3,
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,8 +58,6 @@

 #include "des_locl.h"

-#ifndef OPENSSL_FIPS
-
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
@@ -289,8 +287,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 	data[1]=r;
 	}

-#endif /* ndef OPENSSL_FIPS */
-
 #ifndef DES_DEFAULT_OPTIONS

 #undef CBC_ENC_C__DONT_UPDATE_IV
--- a/crypto/des/des_old.c
+++ b/crypto/des/des_old.c
@@ -84,7 +84,7 @@ void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock
 	des_key_schedule ks1,des_key_schedule ks2,
 	des_key_schedule ks3, int enc)
 	{
-	DES_ecb3_encrypt((const unsigned char *)input, (unsigned char *)output,
+	DES_ecb3_encrypt((const_DES_cblock *)input, output,
 		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
 		(DES_key_schedule *)ks3, enc);
 	}
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -439,8 +439,8 @@ int main(int argc, char *argv[])
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb2_encrypt(in,out,ks,ks2,DES_ENCRYPT);
-		des_ecb2_encrypt(out,outin,ks,ks2,DES_DECRYPT);
+		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
+		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);

 		if (memcmp(out,cipher_ecb2[i],8) != 0)
 			{
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
@@ -58,13 +58,15 @@

 #include "des_locl.h"

-void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out,
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
 		      DES_key_schedule *ks1, DES_key_schedule *ks2,
 		      DES_key_schedule *ks3,
 	     int enc)
 	{
 	register DES_LONG l0,l1;
 	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];

 	c2l(in,l0);
 	c2l(in,l1);
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -153,23 +153,19 @@ dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_sign.o: ../cryptlib.h dsa_sign.c
 dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -80,7 +80,6 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>

-#ifndef OPENSSL_FIPS
 DSA *DSA_generate_parameters(int bits,
 		unsigned char *seed_in, int seed_len,
 		int *counter_ret, unsigned long *h_ret,
@@ -294,6 +293,4 @@ err:
 	if (mont != NULL) BN_MONT_CTX_free(mont);
 	return(ok?ret:NULL);
 	}
-#endif /* ndef OPENSSL_FIPS */
-#endif /* ndef OPENSSL_NO_SHA */
-
+#endif
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -65,7 +65,6 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>

-#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -347,4 +346,3 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 {
 	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
-#endif
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -64,17 +64,9 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>

 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-#ifdef OPENSSL_FIPS
-	if(FIPS_mode && !FIPS_dsa_check(dsa))
-		return NULL;
-#endif
 	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 	}

@@ -95,10 +87,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,

 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
-#ifdef OPENSSL_FIPS
-	if(FIPS_mode && !FIPS_dsa_check(dsa))
-		return 0;
-#endif
 	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}

--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -65,18 +65,10 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>

 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
-#ifdef OPENSSL_FIPS
-	if(FIPS_mode && !FIPS_dsa_check(dsa))
-		return -1;
-#endif
 	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
 	}

--- a/crypto/engine/hw_cryptodev.c
+++ b/crypto/engine/hw_cryptodev.c
@@ -80,7 +80,7 @@ static int cryptodev_max_iv(int cipher);
 static int cryptodev_key_length_valid(int cipher, int len);
 static int cipher_nid_to_cryptodev(int nid);
 static int get_cryptodev_ciphers(const int **cnids);
-/*static int get_cryptodev_digests(const int **cnids);*/
+static int get_cryptodev_digests(const int **cnids);
 static int cryptodev_usable_ciphers(const int **nids);
 static int cryptodev_usable_digests(const int **nids);
 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -140,7 +140,6 @@ static struct {
 	{ 0,				NID_undef,		0,	 0, },
 };

-#if 0 /* UNUSED */
 static struct {
 	int	id;
 	int	nid;
@@ -153,7 +152,6 @@ static struct {
 	{ CRYPTO_SHA1,			NID_undef,		},
 	{ 0,				NID_undef,		},
 };
-#endif

 /*
 * Return a fd if /dev/crypto seems usable, 0 otherwise.
@@ -294,7 +292,6 @@ get_cryptodev_ciphers(const int **cnids)
 * returning them here is harmless, as long as we return NULL
 * when asked for a handler in the cryptodev_engine_digests routine
 */
-#if 0 /* UNUSED */
 static int
 get_cryptodev_digests(const int **cnids)
 {
@@ -324,7 +321,6 @@ get_cryptodev_digests(const int **cnids)
 		*cnids = NULL;
 	return (count);
 }
-#endif

 /*
 * Find the useable ciphers|digests from dev/crypto - this is the first
@@ -630,7 +626,7 @@ static int
 bn2crparam(const BIGNUM *a, struct crparam *crp)
 {
 	int i, j, k;
-	ssize_t bytes, bits;
+	ssize_t words, bytes, bits;
 	u_char *b;

 	crp->crp_p = NULL;
--- a/crypto/err/Makefile.ssl
+++ b/crypto/err/Makefile.ssl
@@ -94,23 +94,22 @@ err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
 err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-err_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
-err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-err_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-err_all.o: err_all.c
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
 err_prn.o: ../../e_os.h ../../include/openssl/bio.h
 err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -131,7 +131,6 @@ typedef struct err_state_st
 #define ERR_LIB_OCSP            39
 #define ERR_LIB_UI              40
 #define ERR_LIB_COMP            41
-#define ERR_LIB_FIPS		42

 #define ERR_LIB_USER		128

@@ -160,7 +159,6 @@ typedef struct err_state_st
 #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
 #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
 #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)

 /* Borland C seems too stupid to be able to shift and do longs in
 * the pre-processor :-( */
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -87,7 +87,6 @@
 #endif
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#include <openssl/fips.h>

 void ERR_load_crypto_strings(void)
 	{
@@ -130,8 +129,5 @@ void ERR_load_crypto_strings(void)
 #endif
 	ERR_load_OCSP_strings();
 	ERR_load_UI_strings();
-#endif
-#ifdef OPENSSL_FIPS
-	ERR_load_FIPS_strings();
 #endif
 	}
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -27,7 +27,6 @@ L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c
 L ENGINE	crypto/engine/engine.h		crypto/engine/eng_err.c
 L OCSP		crypto/ocsp/ocsp.h		crypto/ocsp/ocsp_err.c
 L UI		crypto/ui/ui.h			crypto/ui/ui_err.c
-L FIPS		fips/fips.h			fips/fips_err.h

 # additional header files to be scanned for function names
 L NONE		crypto/x509/x509_vfy.h		NONE
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -67,8 +67,6 @@ void OpenSSL_add_all_ciphers(void)

 #ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cfb());
-	EVP_add_cipher(EVP_des_cfb1());
-	EVP_add_cipher(EVP_des_cfb8());
 	EVP_add_cipher(EVP_des_ede_cfb());
 	EVP_add_cipher(EVP_des_ede3_cfb());

@@ -152,8 +150,6 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher(EVP_aes_128_ecb());
 	EVP_add_cipher(EVP_aes_128_cbc());
 	EVP_add_cipher(EVP_aes_128_cfb());
-	EVP_add_cipher(EVP_aes_128_cfb1());
-	EVP_add_cipher(EVP_aes_128_cfb8());
 	EVP_add_cipher(EVP_aes_128_ofb());
 #if 0
 	EVP_add_cipher(EVP_aes_128_ctr());
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -84,35 +84,17 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)

-#define IMPLEMENT_AES_CFBR(ksize,cbits)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
-
-IMPLEMENT_AES_CFBR(128,1)
-IMPLEMENT_AES_CFBR(192,1)
-IMPLEMENT_AES_CFBR(256,1)
-
-IMPLEMENT_AES_CFBR(128,8)
-IMPLEMENT_AES_CFBR(192,8)
-IMPLEMENT_AES_CFBR(256,8)
-
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		   const unsigned char *iv, int enc)
-	{
-	int ret;
+		   const unsigned char *iv, int enc) {

 	if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
 	    || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
 	    || enc) 
-		ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+		AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
 	else
-		ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
-
-	if(ret < 0)
-		{
-		EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
-		return 0;
-		}
+		AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);

 	return 1;
-	}
+}

 #endif
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -92,61 +92,20 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	return 1;
 }

-static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			    const unsigned char *in, unsigned int inl)
+static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
 {
 	DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
 			  (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
 	return 1;
 }

-/* Although we have a CFB-r implementation for DES, it doesn't pack the right
-   way, so wrap it here */
-static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, unsigned int inl)
-    {
-    unsigned int n;
-    unsigned char c[8],d[8]; /* DES_cfb_encrypt rudely overwrites the whole buffer*/
-
-    memset(out,0,(inl+7)/8);
-    for(n=0 ; n < inl ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
-			ctx->encrypt);
-	out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
-	}
-
-    return 1;
-    }
-
-static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, unsigned int inl)
-    {
-    unsigned char *tmp; /* DES_cfb_encrypt rudely overwrites the whole buffer*/
-
-    tmp=alloca(inl+7);
-    memcpy(tmp,in,inl);
-    DES_cfb_encrypt(tmp,tmp,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
-		    ctx->encrypt);
-    memcpy(out,tmp,inl);
-
-    return 1;
-    }
-
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
 			0, des_init_key, NULL,
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)

-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,0,des_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,NULL)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,0,des_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,NULL)

 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			const unsigned char *iv, int enc)
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -85,7 +85,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, unsigned int inl)
 {
 	BLOCK_CIPHER_ecb_loop()
-		DES_ecb3_encrypt(in + i,out + i, 
+		DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), 
 				 &data(ctx)->ks1, &data(ctx)->ks2,
 				 &data(ctx)->ks3,
 				 ctx->encrypt);
@@ -121,7 +121,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	return 1;
 }

-static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			      const unsigned char *in, unsigned int inl)
 {
 	DES_ede3_cfb64_encrypt(in, out, (long)inl, 
@@ -130,49 +130,13 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	return 1;
 }

-/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
-   way, so wrap it here */
-static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-				const unsigned char *in, unsigned int inl)
-    {
-    unsigned int n;
-    unsigned char c[8],d[8]; /* DES_cfb_encrypt rudely overwrites the whole buffer*/
-
-    memset(out,0,(inl+7)/8);
-    for(n=0 ; n < inl ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	DES_ede3_cfb_encrypt(c,d,1,1,
-			     &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-			     (DES_cblock *)ctx->iv,ctx->encrypt);
-	out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
-	}
-
-    return 1;
-    }
-
-static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-				const unsigned char *in, unsigned int inl)
-    {
-    unsigned char *tmp; /* DES_cfb_encrypt rudely overwrites the whole buffer*/
-
-    tmp=alloca(inl+7);
-    memcpy(tmp,in,inl);
-    DES_ede3_cfb_encrypt(tmp,tmp,8,inl,
-			 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-			 (DES_cblock *)ctx->iv,ctx->encrypt);
-    memcpy(out,tmp,inl);
-
-    return 1;
-    }
-
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 			0, des_ede_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)

-#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+#define des_ede3_cfb_cipher des_ede_cfb_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
 #define des_ede3_cbc_cipher des_ede_cbc_cipher
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
@@ -183,16 +147,6 @@ BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)

-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,0,
-		     des_ede3_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,NULL)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,0,
-		     des_ede3_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,NULL)
-
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			    const unsigned char *iv, int enc)
 	{
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -638,20 +638,9 @@ const EVP_CIPHER *EVP_des_ede(void);
 const EVP_CIPHER *EVP_des_ede3(void);
 const EVP_CIPHER *EVP_des_ede_ecb(void);
 const EVP_CIPHER *EVP_des_ede3_ecb(void);
-const EVP_CIPHER *EVP_des_cfb64(void);
-# define EVP_des_cfb EVP_des_cfb64
-const EVP_CIPHER *EVP_des_cfb1(void);
-const EVP_CIPHER *EVP_des_cfb8(void);
-const EVP_CIPHER *EVP_des_ede_cfb64(void);
-# define EVP_des_ede_cfb EVP_des_ede_cfb64
-#if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-#endif
-const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
-const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
 const EVP_CIPHER *EVP_des_ofb(void);
 const EVP_CIPHER *EVP_des_ede_ofb(void);
 const EVP_CIPHER *EVP_des_ede3_ofb(void);
@@ -675,8 +664,7 @@ const EVP_CIPHER *EVP_rc4_40(void);
 #endif
 #ifndef OPENSSL_NO_IDEA
 const EVP_CIPHER *EVP_idea_ecb(void);
-const EVP_CIPHER *EVP_idea_cfb64(void);
-# define EVP_idea_cfb EVP_idea_cfb64
+const EVP_CIPHER *EVP_idea_cfb(void);
 const EVP_CIPHER *EVP_idea_ofb(void);
 const EVP_CIPHER *EVP_idea_cbc(void);
 #endif
@@ -685,58 +673,45 @@ const EVP_CIPHER *EVP_rc2_ecb(void);
 const EVP_CIPHER *EVP_rc2_cbc(void);
 const EVP_CIPHER *EVP_rc2_40_cbc(void);
 const EVP_CIPHER *EVP_rc2_64_cbc(void);
-const EVP_CIPHER *EVP_rc2_cfb64(void);
-# define EVP_rc2_cfb EVP_rc2_cfb64
+const EVP_CIPHER *EVP_rc2_cfb(void);
 const EVP_CIPHER *EVP_rc2_ofb(void);
 #endif
 #ifndef OPENSSL_NO_BF
 const EVP_CIPHER *EVP_bf_ecb(void);
 const EVP_CIPHER *EVP_bf_cbc(void);
-const EVP_CIPHER *EVP_bf_cfb64(void);
-# define EVP_bf_cfb EVP_bf_cfb64
+const EVP_CIPHER *EVP_bf_cfb(void);
 const EVP_CIPHER *EVP_bf_ofb(void);
 #endif
 #ifndef OPENSSL_NO_CAST
 const EVP_CIPHER *EVP_cast5_ecb(void);
 const EVP_CIPHER *EVP_cast5_cbc(void);
-const EVP_CIPHER *EVP_cast5_cfb64(void);
-# define EVP_cast5_cfb EVP_cast5_cfb64
+const EVP_CIPHER *EVP_cast5_cfb(void);
 const EVP_CIPHER *EVP_cast5_ofb(void);
 #endif
 #ifndef OPENSSL_NO_RC5
 const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
 const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
 const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
 #endif
 #ifndef OPENSSL_NO_AES
 const EVP_CIPHER *EVP_aes_128_ecb(void);
 const EVP_CIPHER *EVP_aes_128_cbc(void);
-const EVP_CIPHER *EVP_aes_128_cfb1(void);
-const EVP_CIPHER *EVP_aes_128_cfb8(void);
-const EVP_CIPHER *EVP_aes_128_cfb128(void);
-# define EVP_aes_128_cfb EVP_aes_128_cfb128
+const EVP_CIPHER *EVP_aes_128_cfb(void);
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 #if 0
 const EVP_CIPHER *EVP_aes_128_ctr(void);
 #endif
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
-const EVP_CIPHER *EVP_aes_192_cfb1(void);
-const EVP_CIPHER *EVP_aes_192_cfb8(void);
-const EVP_CIPHER *EVP_aes_192_cfb128(void);
-# define EVP_aes_192_cfb EVP_aes_192_cfb128
+const EVP_CIPHER *EVP_aes_192_cfb(void);
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 #if 0
 const EVP_CIPHER *EVP_aes_192_ctr(void);
 #endif
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
-const EVP_CIPHER *EVP_aes_256_cfb1(void);
-const EVP_CIPHER *EVP_aes_256_cfb8(void);
-const EVP_CIPHER *EVP_aes_256_cfb128(void);
-# define EVP_aes_256_cfb EVP_aes_256_cfb128
+const EVP_CIPHER *EVP_aes_256_cfb(void);
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 #if 0
 const EVP_CIPHER *EVP_aes_256_ctr(void);
@@ -848,7 +823,6 @@ void ERR_load_EVP_strings(void);
 /* Error codes for the EVP functions. */

 /* Function codes. */
-#define EVP_F_AES_INIT_KEY				 129
 #define EVP_F_D2I_PKEY					 100
 #define EVP_F_EVP_CIPHERINIT				 123
 #define EVP_F_EVP_CIPHER_CTX_CTRL			 124
@@ -879,7 +853,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_RC5_CTRL					 125

 /* Reason codes. */
-#define EVP_R_AES_KEY_SETUP_FAILED			 140
 #define EVP_R_BAD_BLOCK_LENGTH				 136
 #define EVP_R_BAD_DECRYPT				 100
 #define EVP_R_BAD_KEY_LENGTH				 137
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -66,7 +66,6 @@
 #ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA EVP_str_functs[]=
 	{
-{ERR_PACK(0,EVP_F_AES_INIT_KEY,0),	"AES_INIT_KEY"},
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
 {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0),	"EVP_CipherInit"},
 {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0),	"EVP_CIPHER_CTX_ctrl"},
@@ -100,7 +99,6 @@ static ERR_STRING_DATA EVP_str_functs[]=

 static ERR_STRING_DATA EVP_str_reasons[]=
 	{
-{EVP_R_AES_KEY_SETUP_FAILED              ,"aes key setup failed"},
 {EVP_R_BAD_BLOCK_LENGTH                  ,"bad block length"},
 {EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
 {EVP_R_BAD_KEY_LENGTH                    ,"bad key length"},
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -133,30 +133,6 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)

 		return NID_rc4;

-		case NID_aes_128_cfb128:
-		case NID_aes_128_cfb8:
-		case NID_aes_128_cfb1:
-
-		return NID_aes_128_cfb128;
-
-		case NID_aes_192_cfb128:
-		case NID_aes_192_cfb8:
-		case NID_aes_192_cfb1:
-
-		return NID_aes_192_cfb128;
-
-		case NID_aes_256_cfb128:
-		case NID_aes_256_cfb8:
-		case NID_aes_256_cfb1:
-
-		return NID_aes_256_cfb128;
-
-		case NID_des_cfb64:
-		case NID_des_cfb8:
-		case NID_des_cfb1:
-
-		return NID_des_cfb64;
-
 		default:
 		/* Check it has an OID and it is valid */
 		otmp = OBJ_nid2obj(nid);
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -90,7 +90,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 }

 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
 	cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
 	return 1;\
@@ -127,7 +127,7 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
 #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
 			     iv_len, cbits, flags, init_key, cleanup, \
 			     set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \
 		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
 		  get_asn1, ctrl)

@@ -225,12 +225,3 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
 			  get_asn1, ctrl)

 #define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)
-
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
-	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
-	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
-			     NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-			     0, cipher##_init_key, NULL, \
-			     EVP_CIPHER_set_asn1_iv, \
-			     EVP_CIPHER_get_asn1_iv, \
-			     NULL)
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -136,7 +136,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 		  const unsigned char *iv,int in,
 		  const unsigned char *plaintext,int pn,
 		  const unsigned char *ciphertext,int cn,
-		  int encdec,int multiplier)
+		  int encdec)
    {
    EVP_CIPHER_CTX ctx;
    unsigned char out[4096];
@@ -166,7 +166,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	    }
 	EVP_CIPHER_CTX_set_padding(&ctx,0);

-	if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier))
+	if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
 	    {
 	    fprintf(stderr,"Encrypt failed\n");
 	    test1_exit(6);
@@ -177,7 +177,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	    test1_exit(7);
 	    }

-	if(outl+outl2 != cn*multiplier)
+	if(outl+outl2 != cn)
 	    {
 	    fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
 		    outl+outl2,cn);
@@ -202,7 +202,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	    }
 	EVP_CIPHER_CTX_set_padding(&ctx,0);

-	if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier))
+	if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
 	    {
 	    fprintf(stderr,"Decrypt failed\n");
 	    test1_exit(6);
@@ -213,7 +213,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	    test1_exit(7);
 	    }

-	if(outl+outl2 != cn*multiplier)
+	if(outl+outl2 != cn)
 	    {
 	    fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
 		    outl+outl2,cn);
@@ -238,7 +238,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
 		       const unsigned char *iv,int in,
 		       const unsigned char *plaintext,int pn,
 		       const unsigned char *ciphertext,int cn,
-		       int encdec,int multiplier)
+		       int encdec)
    {
    const EVP_CIPHER *c;

@@ -246,7 +246,7 @@ static int test_cipher(const char *cipher,const unsigned char *key,int kn,
    if(!c)
 	return 0;

-    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,multiplier);
+    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);

    return 1;
    }
@@ -359,7 +359,6 @@ int main(int argc,char **argv)
 	unsigned char *iv,*key,*plaintext,*ciphertext;
 	int encdec;
 	int kn,in,pn,cn;
-	int multiplier=1;

 	if(!fgets((char *)line,sizeof line,f))
 	    break;
@@ -384,15 +383,7 @@ int main(int argc,char **argv)
 	pn=convert(plaintext);
 	cn=convert(ciphertext);

-	if(strchr(cipher,'*'))
-	    {
-	    p=cipher;
-	    sstrsep(&p,"*");
-	    multiplier=atoi(sstrsep(&p,"*"));
-	    }
-
-	if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,
-			multiplier)
+	if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
 	   && !test_digest(cipher,plaintext,pn,ciphertext,cn))
 	    {
 	    fprintf(stderr,"Can't find %s\n",cipher);
--- a/crypto/evp/evptests.txt
+++ b/crypto/evp/evptests.txt
@@ -92,102 +92,7 @@ AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000
 AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
 AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
 AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
-
-# CFB1-AES128.Encrypt
-
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:1
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:1
-# all of the above packed into one...
-# in: 0110 1011 1100 0001 = 6bc1
-# out: 0110 1000 1011 0011 = 68b3
-AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:1
-
-# CFB1-AES128.Decrypt
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:0
-AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:0
-# all of the above packed into one...
-# in: 0110 1000 1011 0011 = 68b3
-# out: 0110 1011 1100 0001 = 6bc1
-AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:0
-
-# TODO: CFB1-AES192 and 256
-
-# CFB8-AES128.Encrypt
-
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:1
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:1
-# all of the above packed into one
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:1
-
-# CFB8-AES128.Decrypt
-
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:0
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:0
-# all of the above packed into one
-AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:0
-
-# TODO: 192 and 256 bit keys
-
+# We don't support CFB{1,8}-AESxxx.{En,De}crypt
 # For all CFB128 encrypts and decrypts, the transformed sequence is
 #   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
 # CFB128-AES128.Encrypt 
@@ -269,16 +174,6 @@ DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363
 # DES EDE3 CBC tests (from destest)
 DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675

-# DES CFB1 from FIPS 81
-# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77
-# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9
-
-DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9
-
-# DES CFB8 from FIPS 81
-
-DES-CFB8:0123456789abcdef:1234567890abcdef:4e6f7720697320746865:f31fda07011462ee187f
-
 # RC4 tests (from rc4test)
 RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
 RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -128,10 +128,6 @@
 *					<appro@fy.chalmers.se>
 */

-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include "../fips/fips_locl.h"
-
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #error "DATA_ORDER must be defined!"
 #endif
@@ -559,14 +555,6 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	static const unsigned char end[4]={0x80,0x00,0x00,0x00};
 	const unsigned char *cp=end;

-#ifdef OPENSSL_FIPS
-	if(FIPS_mode && !FIPS_md5_allowed)
-	    {
-	    FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
-	    return 0;
-	    }
-#endif
-
 	/* c->num should definitly have room for at least one more byte. */
 	p=c->data;
 	i=c->num>>2;
--- a/crypto/md4/Makefile.ssl
+++ b/crypto/md4/Makefile.ssl
@@ -80,14 +80,10 @@ clean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-md4_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
-md4_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-md4_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-md4_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
 md4_dgst.o: ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-md4_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-md4_dgst.o: ../md32_common.h md4_dgst.c md4_locl.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
 md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
 md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
--- a/crypto/md5/Makefile.ssl
+++ b/crypto/md5/Makefile.ssl
@@ -116,14 +116,10 @@ clean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-md5_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
-md5_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-md5_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-md5_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
 md5_dgst.o: ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-md5_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-md5_dgst.o: ../md32_common.h md5_dgst.c md5_locl.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
 md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
 md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -1,96 +0,0 @@
-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <o_str.h>
-#include <openssl/e_os2.h>
-
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
-	{
-#if defined(OPENSSL_SYS_VMS)
-	while (*str1 && *str2 && n)
-		{
-		int res = toupper(*str1) - toupper(*str2);
-		if (res) return res < 0 ? -1 : 1;
-		str1++;
-		str2++;
-		n--;
-		}
-	if (n == 0)
-		return 0;
-	if (*str1)
-		return 1;
-	if (*str2)
-		return -1;
-	return 0;
-#elif defined(OPENSSL_SYS_WINDOWS)
-	return _strnicmp(str1, str2, n);
-#else
-	return strncasecmp(str1, str2, n);
-#endif
-	}
-int OPENSSL_strcasecmp(const char *str1, const char *str2)
-	{
-#if defined(OPENSSL_SYS_VMS)
-	return OSSL_strncasecmp(str1, str2, (size_t)-1);
-#elif defined(OPENSSL_SYS_WINDOWS)
-	return _stricmp(str1, str2);
-#else
-	return strcasecmp(str1, str2);
-#endif
-	}
-
--- a/crypto/o_str.h
+++ b/crypto/o_str.h
@@ -1,67 +0,0 @@
-/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_STR_H
-#define HEADER_O_STR_H
-
-#include <string.h>
-
-int OPENSSL_strcasecmp(const char *str1, const char *str2);
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
-
-#endif
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,9 +62,9 @@
 * [including the GNU Public Licence.]
 */

-#define NUM_NID 660
-#define NUM_SN 653
-#define NUM_LN 653
+#define NUM_NID 650
+#define NUM_SN 643
+#define NUM_LN 643
 #define NUM_OBJ 617

 static unsigned char lvalues[4455]={
@@ -1728,36 +1728,20 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	10,&(lvalues[4434]),0},
 {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
 	&(lvalues[4444]),0},
-{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL},
-{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL},
-{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL},
-{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL},
-{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL},
-{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL},
-{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL},
-{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL},
-{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL},
-{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL},
 };

 static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[364]),/* "AD_DVCS" */
 &(nid_objs[419]),/* "AES-128-CBC" */
 &(nid_objs[421]),/* "AES-128-CFB" */
-&(nid_objs[650]),/* "AES-128-CFB1" */
-&(nid_objs[653]),/* "AES-128-CFB8" */
 &(nid_objs[418]),/* "AES-128-ECB" */
 &(nid_objs[420]),/* "AES-128-OFB" */
 &(nid_objs[423]),/* "AES-192-CBC" */
 &(nid_objs[425]),/* "AES-192-CFB" */
-&(nid_objs[651]),/* "AES-192-CFB1" */
-&(nid_objs[654]),/* "AES-192-CFB8" */
 &(nid_objs[422]),/* "AES-192-ECB" */
 &(nid_objs[424]),/* "AES-192-OFB" */
 &(nid_objs[427]),/* "AES-256-CBC" */
 &(nid_objs[429]),/* "AES-256-CFB" */
-&(nid_objs[652]),/* "AES-256-CFB1" */
-&(nid_objs[655]),/* "AES-256-CFB8" */
 &(nid_objs[426]),/* "AES-256-ECB" */
 &(nid_objs[428]),/* "AES-256-OFB" */
 &(nid_objs[91]),/* "BF-CBC" */
@@ -1778,8 +1762,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[31]),/* "DES-CBC" */
 &(nid_objs[643]),/* "DES-CDMF" */
 &(nid_objs[30]),/* "DES-CFB" */
-&(nid_objs[656]),/* "DES-CFB1" */
-&(nid_objs[657]),/* "DES-CFB8" */
 &(nid_objs[29]),/* "DES-ECB" */
 &(nid_objs[32]),/* "DES-EDE" */
 &(nid_objs[43]),/* "DES-EDE-CBC" */
@@ -1788,8 +1770,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[33]),/* "DES-EDE3" */
 &(nid_objs[44]),/* "DES-EDE3-CBC" */
 &(nid_objs[61]),/* "DES-EDE3-CFB" */
-&(nid_objs[658]),/* "DES-EDE3-CFB1" */
-&(nid_objs[659]),/* "DES-EDE3-CFB8" */
 &(nid_objs[63]),/* "DES-EDE3-OFB" */
 &(nid_objs[45]),/* "DES-OFB" */
 &(nid_objs[80]),/* "DESX-CBC" */
@@ -2505,20 +2485,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[606]),/* "additional verification" */
 &(nid_objs[419]),/* "aes-128-cbc" */
 &(nid_objs[421]),/* "aes-128-cfb" */
-&(nid_objs[650]),/* "aes-128-cfb1" */
-&(nid_objs[653]),/* "aes-128-cfb8" */
 &(nid_objs[418]),/* "aes-128-ecb" */
 &(nid_objs[420]),/* "aes-128-ofb" */
 &(nid_objs[423]),/* "aes-192-cbc" */
 &(nid_objs[425]),/* "aes-192-cfb" */
-&(nid_objs[651]),/* "aes-192-cfb1" */
-&(nid_objs[654]),/* "aes-192-cfb8" */
 &(nid_objs[422]),/* "aes-192-ecb" */
 &(nid_objs[424]),/* "aes-192-ofb" */
 &(nid_objs[427]),/* "aes-256-cbc" */
 &(nid_objs[429]),/* "aes-256-cfb" */
-&(nid_objs[652]),/* "aes-256-cfb1" */
-&(nid_objs[655]),/* "aes-256-cfb8" */
 &(nid_objs[426]),/* "aes-256-ecb" */
 &(nid_objs[428]),/* "aes-256-ofb" */
 &(nid_objs[376]),/* "algorithm" */
@@ -2557,8 +2531,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[31]),/* "des-cbc" */
 &(nid_objs[643]),/* "des-cdmf" */
 &(nid_objs[30]),/* "des-cfb" */
-&(nid_objs[656]),/* "des-cfb1" */
-&(nid_objs[657]),/* "des-cfb8" */
 &(nid_objs[29]),/* "des-ecb" */
 &(nid_objs[32]),/* "des-ede" */
 &(nid_objs[43]),/* "des-ede-cbc" */
@@ -2567,8 +2539,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[33]),/* "des-ede3" */
 &(nid_objs[44]),/* "des-ede3-cbc" */
 &(nid_objs[61]),/* "des-ede3-cfb" */
-&(nid_objs[658]),/* "des-ede3-cfb1" */
-&(nid_objs[659]),/* "des-ede3-cfb8" */
 &(nid_objs[63]),/* "des-ede3-ofb" */
 &(nid_objs[45]),/* "des-ofb" */
 &(nid_objs[107]),/* "description" */
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -2009,46 +2009,6 @@
 #define NID_aes_256_cfb128		429
 #define OBJ_aes_256_cfb128		OBJ_aes,44L

-#define SN_aes_128_cfb1		"AES-128-CFB1"
-#define LN_aes_128_cfb1		"aes-128-cfb1"
-#define NID_aes_128_cfb1		650
-
-#define SN_aes_192_cfb1		"AES-192-CFB1"
-#define LN_aes_192_cfb1		"aes-192-cfb1"
-#define NID_aes_192_cfb1		651
-
-#define SN_aes_256_cfb1		"AES-256-CFB1"
-#define LN_aes_256_cfb1		"aes-256-cfb1"
-#define NID_aes_256_cfb1		652
-
-#define SN_aes_128_cfb8		"AES-128-CFB8"
-#define LN_aes_128_cfb8		"aes-128-cfb8"
-#define NID_aes_128_cfb8		653
-
-#define SN_aes_192_cfb8		"AES-192-CFB8"
-#define LN_aes_192_cfb8		"aes-192-cfb8"
-#define NID_aes_192_cfb8		654
-
-#define SN_aes_256_cfb8		"AES-256-CFB8"
-#define LN_aes_256_cfb8		"aes-256-cfb8"
-#define NID_aes_256_cfb8		655
-
-#define SN_des_cfb1		"DES-CFB1"
-#define LN_des_cfb1		"des-cfb1"
-#define NID_des_cfb1		656
-
-#define SN_des_cfb8		"DES-CFB8"
-#define LN_des_cfb8		"des-cfb8"
-#define NID_des_cfb8		657
-
-#define SN_des_ede3_cfb1		"DES-EDE3-CFB1"
-#define LN_des_ede3_cfb1		"des-ede3-cfb1"
-#define NID_des_ede3_cfb1		658
-
-#define SN_des_ede3_cfb8		"DES-EDE3-CFB8"
-#define LN_des_ede3_cfb8		"des-ede3-cfb8"
-#define NID_des_ede3_cfb8		659
-
 #define SN_hold_instruction_code		"holdInstructionCode"
 #define LN_hold_instruction_code		"Hold Instruction Code"
 #define NID_hold_instruction_code		430
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -647,13 +647,3 @@ joint_iso_itu_t		646
 international_organizations		647
 ms_smartcard_login		648
 ms_upn		649
-aes_128_cfb1		650
-aes_192_cfb1		651
-aes_256_cfb1		652
-aes_128_cfb8		653
-aes_192_cfb8		654
-aes_256_cfb8		655
-des_cfb1		656
-des_cfb8		657
-des_ede3_cfb1		658
-des_ede3_cfb8		659
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -681,19 +681,6 @@ aes 43			: AES-256-OFB		: aes-256-ofb
 !Cname aes-256-cfb128
 aes 44			: AES-256-CFB		: aes-256-cfb

-# There are no OIDs for these modes...
-
-			: AES-128-CFB1		: aes-128-cfb1
-			: AES-192-CFB1		: aes-192-cfb1
-			: AES-256-CFB1		: aes-256-cfb1
-			: AES-128-CFB8		: aes-128-cfb8
-			: AES-192-CFB8		: aes-192-cfb8
-			: AES-256-CFB8		: aes-256-cfb8
-			: DES-CFB1		: des-cfb1
-			: DES-CFB8		: des-cfb8
-			: DES-EDE3-CFB1		: des-ede3-cfb1
-			: DES-EDE3-CFB8		: des-ede3-cfb8
-
 # Hold instruction CRL entry extension
 !Cname hold-instruction-code
 id-ce 23		: holdInstructionCode	: Hold Instruction Code
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,8 +25,8 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x00907040L
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7d-dev [fips] xx XXX XXXX"
+#define OPENSSL_VERSION_NUMBER	0x0090703fL
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7c 30 Sep 2003"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT


--- a/crypto/rand/Makefile.ssl
+++ b/crypto/rand/Makefile.ssl
@@ -88,19 +88,19 @@ md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
 md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-md_rand.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-md_rand.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-md_rand.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-md_rand.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-md_rand.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-md_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-md_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-md_rand.o: ../../include/openssl/ui_compat.h md_rand.c rand_lcl.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+md_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+md_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+md_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+md_rand.o: md_rand.c rand_lcl.h
 rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 rand_egd.o: rand_egd.c
@@ -114,17 +114,15 @@ rand_err.o: rand_err.c
 rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rand_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-rand_lib.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/lhash.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 rand_lib.o: ../../include/openssl/opensslconf.h
 rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
 rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-rand_lib.o: ../../include/openssl/ui_compat.h ../cryptlib.h rand_lib.c
+rand_lib.o: ../cryptlib.h rand_lib.c
 rand_os2.o: ../../e_os.h ../../include/openssl/aes.h
 rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -126,7 +126,6 @@

 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#include <openssl/fips.h>

 #ifdef BN_DEBUG
 # define PREDICT
@@ -333,14 +332,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 #endif
 	int do_stir_pool = 0;

-#ifdef OPENSSL_FIPS
-	if(FIPS_mode)
-	    {
-	    FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
-	    return 0;
-	    }
-#endif
-
 #ifdef PREDICT
 	if (rand_predictable)
 		{
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -121,12 +121,10 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */

 /* Function codes. */
-#define RAND_F_FIPS_RAND_BYTES				 102
 #define RAND_F_RAND_GET_RAND_METHOD			 101
 #define RAND_F_SSLEAY_RAND_BYTES			 100

 /* Reason codes. */
-#define RAND_R_NON_FIPS_METHOD				 101
 #define RAND_R_PRNG_NOT_SEEDED				 100

 #ifdef  __cplusplus
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /* crypto/rand/rand_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -66,7 +66,6 @@
 #ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA RAND_str_functs[]=
 	{
-{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0),	"FIPS_RAND_BYTES"},
 {ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0),	"RAND_get_rand_method"},
 {ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0),	"SSLEAY_RAND_BYTES"},
 {0,NULL}
@@ -74,7 +73,6 @@ static ERR_STRING_DATA RAND_str_functs[]=

 static ERR_STRING_DATA RAND_str_reasons[]=
 	{
-{RAND_R_NON_FIPS_METHOD                  ,"non fips method"},
 {RAND_R_PRNG_NOT_SEEDED                  ,"PRNG not seeded"},
 {0,NULL}
 	};
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -63,8 +63,6 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>

 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -87,15 +85,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth)

 const RAND_METHOD *RAND_get_rand_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	if(FIPS_mode && default_RAND_meth != FIPS_rand_check)
-	    {
-	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-	    return 0;
-	    }
-#endif
-
-
 	if (!default_RAND_meth)
 		{
 #ifndef OPENSSL_NO_ENGINE
--- a/crypto/ripemd/Makefile.ssl
+++ b/crypto/ripemd/Makefile.ssl
@@ -97,14 +97,9 @@ clean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-rmd_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
-rmd_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rmd_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-rmd_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
-rmd_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rmd_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h rmd_dgst.c
-rmd_dgst.o: rmd_locl.h rmdconst.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
 rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -62,7 +62,7 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>

-#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
+#ifndef RSA_NULL

 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -62,8 +62,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>

-#ifndef OPENSSL_FIPS
-
 RSA *RSA_generate_key(int bits, unsigned long e_value,
 	     void (*callback)(int,int,void *), void *cb_arg)
 	{
@@ -197,4 +195,3 @@ err:
 		return(rsa);
 	}

-#endif
--- a/crypto/sha/Makefile.ssl
+++ b/crypto/sha/Makefile.ssl
@@ -102,22 +102,12 @@ sha1_one.o: ../../include/openssl/opensslconf.h
 sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
-sha1dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
-sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha1dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-sha1dgst.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-sha1dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha1dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha1dgst.c
-sha1dgst.o: sha_locl.h
-sha_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
-sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-sha_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-sha_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha_dgst.c
-sha_dgst.o: sha_locl.h
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
 sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -62,20 +62,12 @@
 #define SHA_1

 #include <openssl/opensslv.h>
-#include <openssl/opensslconf.h>

-#ifndef OPENSSL_FIPS
 const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;

 /* The implementation is in ../md32_common.h */

 #include "sha_locl.h"

-#else /* ndef OPENSSL_FIPS */
-
-static void *dummy=&dummy;
-
-#endif /* ndef OPENSSL_FIPS */
-
 #endif

--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -2,7 +2,7 @@

 =head1 NAME

-EVP_BytesToKey - password based encryption routine
+ EVP_BytesToKey - password based encryption routine

 =head1 SYNOPSIS

--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -4,7 +4,7 @@

 EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
 EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
--- a/doc/crypto/des.pod
+++ b/doc/crypto/des.pod
@@ -283,7 +283,7 @@ DES_cbc_encrypt is used.
 =head1 NOTES

 Single-key DES is insecure due to its short key size.  ECB mode is
-not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
+not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.

 The L<evp(3)|evp(3)> library provides higher-level encryption functions.

--- a/doc/crypto/ui.pod
+++ b/doc/crypto/ui.pod
@@ -5,7 +5,7 @@
 UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
 UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
 UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt
 UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
 UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
 UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
--- a/e_os.h
+++ b/e_os.h
@@ -510,30 +510,11 @@ extern char *sys_errlist[]; extern int sys_nerr;
 #define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
 #endif

-#if defined(OPENSSL_SYS_WINDOWS)
-#  define strcasecmp _stricmp
-#  define strncasecmp _strnicmp
-#elif defined(OPENSSL_SYS_VMS)
-/* VMS below version 7.0 doesn't have strcasecmp() */
-#  include <openssl/o_str.h>
-#  define strcasecmp OPENSSL_strcasecmp
-#  define strncasecmp OPENSSL_strncasecmp
-#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-#  define strcasecmp stricmp
-#  define strncasecmp strnicmp
-#else
-#  ifdef NO_STRINGS_H
-    int	strcasecmp();
-    int	strncasecmp();
-#  else
-#    include <strings.h>
-#  endif /* NO_STRINGS_H */
-#endif
-
 #if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
 # include <io.h>
 # include <fcntl.h>
 # define NO_SYSLOG
+# define strcasecmp stricmp
 #endif

 /* vxworks */
--- a/fips/.cvsignore
+++ b/fips/.cvsignore
@@ -1 +0,0 @@
-Makefile.save
--- a/fips/Makefile.ssl
+++ b/fips/Makefile.ssl
@@ -1,189 +0,0 @@
-#
-# SSLeay/fips/Makefile
-#
-
-DIR=		fips
-TOP=		..
-CC=		cc
-INCLUDE=	-I. -I$(TOP) -I../include
-INCLUDES=	-I.. -I../.. -I../../include
-CFLAG=		-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=	/usr/local/ssl
-MAKE=           make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile.ssl
-RM=             rm -f
-AR=		ar r
-
-PEX_LIBS=
-EX_LIBS=
-
-CFLAGS= $(INCLUDE) $(CFLAG)
-
-
-LIBS=
-
-FDIRS=sha1 rand des aes dsa rsa
-
-GENERAL=Makefile README fips-lib.com install.com
-
-LIB= $(TOP)/libcrypto.a
-SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=fips.c fips_err_wrapper.c
-LIBOBJ=fips.o fips_err_wrapper.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=fips.h
-HEADER=$(EXHEADER) fips_err.h
-EXE=openssl_fips_fingerprint
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	@(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all: subdirs lib check shared
-
-check:
-	TOP=`pwd`/$(TOP) ./fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
-
-subdirs:
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making all in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
-	done;
-
-sub_target:
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making $(TARGET) in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' $(TARGET) ) || exit 1; \
-	done;
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making 'files' in fips/$$i..." && \
-	$(MAKE) PERL='${PERL}' files ); \
-	done;
-
-links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-	@for i in $(FDIRS); do \
-	(cd $$i && echo "making links in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
-	done;
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
-
-shared:
-	if [ -n "$(SHARED_LIBS)" ]; then \
-		(cd ..; $(MAKE) $(SHARED_LIB)); \
-	fi
-
-libs:
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making libs in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
-	done;
-
-tests:
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making tests in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
-	done;
-
-fips_test:
-	@for i in dsa sha1 aes des ; \
-	do \
-		(cd $$i && echo "making fips_test in fips/$$i..." && make fips_test) \
-	done;
-
-install:
-	@for i in $(EXHEADER) ;\
-	do \
-		(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-		chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-	@for i in $(FDIRS) ;\
-	do \
-		(cd $$i && echo "making install in fips/$$i..." && \
-		$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
-	done;
-	@for i in $(EXE) ; \
-	do \
-		echo "installing $$i"; \
-		cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-		chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-	done
-
-lint:
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making lint in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
-	done;
-
-depend:
-	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(SRC)
-	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making depend in fips/$$i..." && \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
-	done;
-
-clean:
-	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making clean in fips/$$i..." && \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
-	done;
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-	@for i in $(FDIRS) ;\
-	do \
-	(cd $$i && echo "making dclean in fips/$$i..." && \
-	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
-	done;
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
-fips.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-fips.o: ../include/openssl/bn.h ../include/openssl/cast.h
-fips.o: ../include/openssl/crypto.h ../include/openssl/des.h
-fips.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-fips.o: ../include/openssl/err.h ../include/openssl/evp.h
-fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-fips.o: ../include/openssl/md2.h ../include/openssl/md4.h
-fips.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-fips.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-fips.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-fips.o: ../include/openssl/sha.h ../include/openssl/stack.h
-fips.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
-fips.o: ../include/openssl/ui_compat.h fips.c fips_locl.h
-fips_err_wrapper.o: ../include/openssl/opensslconf.h fips_err_wrapper.c
--- a/fips/aes/.cvsignore
+++ b/fips/aes/.cvsignore
@@ -1,5 +0,0 @@
-lib
-fips_aesavs
-fips_aesavs.sha1
-testlist
-Makefile.save
--- a/fips/aes/Makefile.ssl
+++ b/fips/aes/Makefile.ssl
@@ -1,132 +0,0 @@
-#
-# SSLeay/fips/aes/Makefile
-#
-
-DIR=	aes
-TOP=	../..
-CC=	cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_aesavs.c
-TESTDATA=fips_aes_data
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_aes_core.c fips_aes_selftest.c
-LIBOBJ=fips_aes_core.o fips_aes_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=	$(EXHEADER) fips_aes_locl.h
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:	check lib
-
-check:
-	TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@sleep 2; touch lib
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TESTDATA)
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-top_fips_aesavs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_aesavs sub_target)
-
-fips_aesavs: fips_aesavs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_aesavs
-
-fips_test: top top_fips_aesavs
-	find ../testvectors/aes/req -name '*.req' > testlist
-	-rm -rf ../testvectors/aes/rsp
-	mkdir ../testvectors/aes/rsp
-	./fips_aesavs -d testlist
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
-		$(SRC) $(TEST)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-fips_aes_core.o: ../../include/openssl/opensslconf.h fips_aes_core.c
-fips_aes_core.o: fips_aes_locl.h
-fips_aes_selftest.o: ../../include/openssl/aes.h ../../include/openssl/bio.h
-fips_aes_selftest.o: ../../include/openssl/crypto.h
-fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_aes_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_aes_selftest.o: ../../include/openssl/opensslconf.h
-fips_aes_selftest.o: ../../include/openssl/opensslv.h
-fips_aes_selftest.o: ../../include/openssl/safestack.h
-fips_aes_selftest.o: ../../include/openssl/stack.h
-fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
-fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
-fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_aesavs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-fips_aesavs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-fips_aesavs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_aesavs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_aesavs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_aesavs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-fips_aesavs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-fips_aesavs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_aesavs.o: ../../include/openssl/opensslconf.h
-fips_aesavs.o: ../../include/openssl/opensslv.h
-fips_aesavs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-fips_aesavs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-fips_aesavs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-fips_aesavs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_aesavs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_aesavs.o: fips_aesavs.c
--- a/fips/aes/fingerprint.sha1
+++ b/fips/aes/fingerprint.sha1
@@ -1,3 +0,0 @@
-SHA1(fips_aes_core.c)= 638c2707398fea4181243b0d7a2d6acd33084659
-SHA1(fips_aes_selftest.c)= b41f520aa90f813de815ee77ade4e7c73ef147b0
-SHA1(fips_aes_locl.h)= a3c01d9a4f9d5211e9e785852f6f1a2febfd73b6
--- a/fips/aes/fips_aes_core.c
+++ b/fips/aes/fips_aes_core.c
--- a/fips/aes/fips_aes_data/.cvsignore
+++ b/fips/aes/fips_aes_data/.cvsignore
@@ -1 +0,0 @@
-rsp
--- a/fips/aes/fips_aes_locl.h
+++ b/fips/aes/fips_aes_locl.h
@@ -1,85 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_LOCL_H
-#define HEADER_AES_LOCL_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
-# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-#else
-# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
-#endif
-
-typedef unsigned long u32;
-typedef unsigned short u16;
-typedef unsigned char u8;
-
-#define MAXKC   (256/32)
-#define MAXKB   (256/8)
-#define MAXNR   14
-
-/* This controls loop-unrolling in aes_core.c */
-#undef FULL_UNROLL
-
-#endif /* !HEADER_AES_LOCL_H */
--- a/fips/aes/fips_aes_selftest.c
+++ b/fips/aes/fips_aes_selftest.c
@@ -1,92 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/aes.h>
-
-#ifdef OPENSSL_FIPS
-static struct
-    {
-    unsigned char key[16];
-    unsigned char plaintext[16];
-    unsigned char ciphertext[16];
-    } tests[]=
-	{
-	{
-	{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
-	  0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
-	{ 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
-	  0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
-	{ 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
-	  0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
-	},
-	};
-
-int FIPS_selftest_aes()
-    {
-    int n;
-
-    for(n=0 ; n < 1 ; ++n)
-	{
-	AES_KEY key;
-	unsigned char buf[16];
-
-	AES_set_encrypt_key(tests[n].key,128,&key);
-	AES_encrypt(tests[n].plaintext,buf,&key);
-	if(memcmp(buf,tests[n].ciphertext,sizeof buf))
-	    {
-	    FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
-	    return 0;
-	    }
-	}
-    return 1;
-    }
-#endif
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@@ -1,956 +0,0 @@
-/*---------------------------------------------
-  NIST AES Algorithm Validation Suite
-  Test Program
-
-  Copyright
-  V-ONE Corporation
-  20250 Century Blvd, Suite 300
-  Germantown, MD 20874
-  U.S.A.
-  ----------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include "e_os.h"
-
-#define AES_BLOCK_SIZE 16
-
-#define VERBOSE 0
-
-/*-----------------------------------------------*/
-
-int AESTest(EVP_CIPHER_CTX *ctx,
-	    char *amode, int akeysz, unsigned char *aKey, 
-	    unsigned char *iVec, 
-	    int dir,  /* 0 = decrypt, 1 = encrypt */
-	    unsigned char *plaintext, unsigned char *ciphertext, int len)
-    {
-    const EVP_CIPHER *cipher = NULL;
-    int ret = 1;
-    int kt = 0;
-
-    if (ctx)
-	memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
-
-    if (strcasecmp(amode, "CBC") == 0)
-	kt = 1000;
-    else if (strcasecmp(amode, "ECB") == 0)
-	kt = 2000;
-    else if (strcasecmp(amode, "CFB128") == 0)
-	kt = 3000;
-    else if (strncasecmp(amode, "OFB", 3) == 0)
-	kt = 4000;
-    else if(!strcasecmp(amode,"CFB1"))
-	kt=5000;
-    else if(!strcasecmp(amode,"CFB8"))
-	kt=6000;
-    else
-	{
-	printf("Unknown mode: %s\n", amode);
-	exit(1);
-	}
-    if (ret)
-	{
-	if ((akeysz != 128) && (akeysz != 192) && (akeysz != 256))
-	    {
-	    printf("Invalid key size: %d\n", akeysz);
-	    ret = 0;
-	    }
-	else
-	    {
-	    kt += akeysz;
-	    switch (kt)
-		{
-	    case 1128:  /* CBC 128 */
-		cipher = EVP_aes_128_cbc();
-		break;
-	    case 1192:  /* CBC 192 */
-		cipher = EVP_aes_192_cbc();
-		break;
-	    case 1256:  /* CBC 256 */
-		cipher = EVP_aes_256_cbc();
-		break;
-	    case 2128:  /* ECB 128 */
-		cipher = EVP_aes_128_ecb();
-		break;
-	    case 2192:  /* ECB 192 */
-		cipher = EVP_aes_192_ecb();
-		break;
-	    case 2256:  /* ECB 256 */
-		cipher = EVP_aes_256_ecb();
-		break;
-	    case 3128:  /* CFB 128 */
-		cipher = EVP_aes_128_cfb();
-		break;
-	    case 3192:  /* CFB 192 */
-		cipher = EVP_aes_192_cfb();
-		break;
-	    case 3256:  /* CFB 256 */
-		cipher = EVP_aes_256_cfb();
-		break;
-	    case 4128:  /* OFB 128 */
-		cipher = EVP_aes_128_ofb();
-		break;
-	    case 4192:  /* OFB 192 */
-		cipher = EVP_aes_192_ofb();
-		break;
-	    case 4256:  /* OFB 256 */
-		cipher = EVP_aes_256_ofb();
-		break;
-	    case 5128:
-		cipher=EVP_aes_128_cfb1();
-		break;
-	    case 5192:
-		cipher=EVP_aes_192_cfb1();
-		break;
-	    case 5256:
-		cipher=EVP_aes_256_cfb1();
-		break;
-	    case 6128:
-		cipher=EVP_aes_128_cfb8();
-		break;
-	    case 6192:
-		cipher=EVP_aes_192_cfb8();
-		break;
-	    case 6256:
-		cipher=EVP_aes_256_cfb8();
-		break;
-	    default:
-		printf("Didn't handle mode %d\n",kt);
-		exit(1);
-		}
-	    if (dir)
-		{ /* encrypt */
-		if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT))
-		    {
-		    ERR_print_errors_fp(stderr);
-		    exit(1);
-		    }
-		  
-		EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len);
-		}
-	    else
-		{ /* decrypt */
-		if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT))
-		    {
-		    ERR_print_errors_fp(stderr);
-		    exit(1);
-		    }
-		EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len);
-		}
-	    }
-	}
-    return ret;
-    }
-
-/*-----------------------------------------------*/
-
-int hex2bin(char *in, int len, unsigned char *out)
-{
-  int n1, n2;
-  unsigned char ch;
-
-  for (n1 = 0, n2 = 0; n1 < len; )
-    { /* first byte */
-      if ((in[n1] >= '0') && (in[n1] <= '9'))
-	ch = in[n1++] - '0';
-      else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	ch = in[n1++] - 'A' + 10;
-      else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	ch = in[n1++] - 'a' + 10;
-      else
-	return -1;
-      if(len == 1)
-	  {
-	  out[n2++]=ch;
-	  break;
-	  }
-      out[n2] = ch << 4;
-      /* second byte */
-      if ((in[n1] >= '0') && (in[n1] <= '9'))
-	ch = in[n1++] - '0';
-      else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	ch = in[n1++] - 'A' + 10;
-      else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	ch = in[n1++] - 'a' + 10;
-      else
-	return -1;
-      out[n2++] |= ch;
-    }
-  return n2;
-}
-
-/*-----------------------------------------------*/
-
-int bin2hex(unsigned char *in, int len, char *out)
-{
-  int n1, n2;
-  unsigned char ch;
-
-  for (n1 = 0, n2 = 0; n1 < len; ++n1)
-    {
-      /* first nibble */
-      ch = in[n1] >> 4;
-      if (ch <= 0x09)
-	out[n2++] = ch + '0';
-      else
-	out[n2++] = ch - 10 + 'a';
-      /* second nibble */
-      ch = in[n1] & 0x0f;
-      if (ch <= 0x09)
-	out[n2++] = ch + '0';
-      else
-	out[n2++] = ch - 10 + 'a';
-    }
-  return n2;
-}
-
-/* NB: this return the number of _bits_ read */
-int bint2bin(const char *in, int len, unsigned char *out)
-    {
-    int n;
-
-    memset(out,0,len);
-    for(n=0 ; n < len ; ++n)
-	if(in[n] == '1')
-	    out[n/8]|=(0x80 >> (n%8));
-    return len;
-    }
-
-int bin2bint(const unsigned char *in,int len,char *out)
-    {
-    int n;
-
-    for(n=0 ; n < len ; ++n)
-	out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
-    return n;
-    }
-
-/*-----------------------------------------------*/
-
-void PrintValue(char *tag, unsigned char *val, int len)
-{
-#if VERBOSE
-  char obuf[2048];
-  int olen;
-  olen = bin2hex(val, len, obuf);
-  printf("%s = %.*s\n", tag, olen, obuf);
-#endif
-}
-
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
-    {
-    char obuf[2048];
-    int olen;
-
-    if(bitmode)
-	olen=bin2bint(val,len,obuf);
-    else
-	olen=bin2hex(val,len,obuf);
-
-    fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
-#if VERBOSE
-    printf("%s = %.*s\n", tag, olen, obuf);
-#endif
-    }
-
-/*-----------------------------------------------*/
-char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
-enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
-enum XCrypt {XDECRYPT, XENCRYPT};
-
-/*=============================*/
-/*  Monte Carlo Tests          */
-/*-----------------------------*/
-
-/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
-/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
-
-#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
-#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
-
-int do_mct(char *amode, 
-	   int akeysz, unsigned char *aKey,unsigned char *iVec,
-	   int dir, unsigned char *text, int len,
-	   FILE *rfp)
-    {
-    int ret = 0;
-    unsigned char key[101][32];
-    unsigned char iv[101][AES_BLOCK_SIZE];
-    unsigned char ptext[1001][32];
-    unsigned char ctext[1001][32];
-    unsigned char ciphertext[64+4];
-    int i, j, n, n1, n2;
-    int imode = 0, nkeysz = akeysz/8;
-    EVP_CIPHER_CTX ctx;
-
-    if (len > 32)
-	{
-	printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", 
-	       amode, akeysz);
-	return -1;
-	}
-    for (imode = 0; imode < 6; ++imode)
-	if (strcmp(amode, t_mode[imode]) == 0)
-	    break;
-    if (imode == 6)
-	{ 
-	printf("Unrecognized mode: %s\n", amode);
-	return -1;
-	}
-
-    memcpy(key[0], aKey, nkeysz);
-    if (iVec)
-	memcpy(iv[0], iVec, AES_BLOCK_SIZE);
-    if (dir == XENCRYPT)
-	memcpy(ptext[0], text, len);
-    else
-	memcpy(ctext[0], text, len);
-    for (i = 0; i < 100; ++i)
-	{
-	/* printf("Iteration %d\n", i); */
-	if (i > 0)
-	    {
-	    fprintf(rfp,"COUNT = %d\n",i);
-	    OutputValue("KEY",key[i],nkeysz,rfp,0);
-	    if (imode != ECB)  /* ECB */
-		OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
-	    /* Output Ciphertext | Plaintext */
-	    OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
-			imode == CFB1);
-	    }
-	for (j = 0; j < 1000; ++j)
-	    {
-	    switch (imode)
-		{
-	    case ECB:
-		if (j == 0)
-		    { /* set up encryption */
-		    ret = AESTest(&ctx, amode, akeysz, key[i], NULL, 
-				  dir,  /* 0 = decrypt, 1 = encrypt */
-				  ptext[j], ctext[j], len);
-		    if (dir == XENCRYPT)
-			memcpy(ptext[j+1], ctext[j], len);
-		    else
-			memcpy(ctext[j+1], ptext[j], len);
-		    }
-		else
-		    {
-		    if (dir == XENCRYPT)
-			{
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
-			memcpy(ptext[j+1], ctext[j], len);
-			}
-		    else
-			{
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
-			memcpy(ctext[j+1], ptext[j], len);
-			}
-		    }
-		break;
-
-	    case CBC:
-	    case OFB:  
-	    case CFB128:
-		if (j == 0)
-		    {
-		    ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
-				  dir,  /* 0 = decrypt, 1 = encrypt */
-				  ptext[j], ctext[j], len);
-		    if (dir == XENCRYPT)
-			memcpy(ptext[j+1], iv[i], len);
-		    else
-			memcpy(ctext[j+1], iv[i], len);
-		    }
-		else
-		    {
-		    if (dir == XENCRYPT)
-			{
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
-			memcpy(ptext[j+1], ctext[j-1], len);
-			}
-		    else
-			{
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
-			memcpy(ctext[j+1], ptext[j-1], len);
-			}
-		    }
-		break;
-
-	    case CFB8:
-		if (j == 0)
-		    {
-		    ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
-				  dir,  /* 0 = decrypt, 1 = encrypt */
-				  ptext[j], ctext[j], len);
-		    }
-		else
-		    {
-		    if (dir == XENCRYPT)
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
-		    else
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
-		    }
-		if (dir == XENCRYPT)
-		    {
-		    if (j < 16)
-			memcpy(ptext[j+1], &iv[i][j], len);
-		    else
-			memcpy(ptext[j+1], ctext[j-16], len);
-		    }
-		else
-		    {
-		    if (j < 16)
-			memcpy(ctext[j+1], &iv[i][j], len);
-		    else
-			memcpy(ctext[j+1], ptext[j-16], len);
-		    }
-		break;
-
-	    case CFB1:
-		if(j == 0)
-		    {
-		    /* compensate for wrong endianness of input file */
-		    if(i == 0)
-			ptext[0][0]<<=7;
-		    ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
-				ptext[j], ctext[j], len);
-		    }
-		else
-		    {
-		    if (dir == XENCRYPT)
-			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
-		    else
-			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
-
-		    }
-		if(dir == XENCRYPT)
-		    {
-		    if(j < 128)
-			sb(ptext[j+1],0,gb(iv[i],j));
-		    else
-			sb(ptext[j+1],0,gb(ctext[j-128],0));
-		    }
-		else
-		    {
-		    if(j < 128)
-			sb(ctext[j+1],0,gb(iv[i],j));
-		    else
-			sb(ctext[j+1],0,gb(ptext[j-128],0));
-		    }
-		break;
-		}
-	    }
-	--j; /* reset to last of range */
-	/* Output Ciphertext | Plaintext */
-	OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
-		    imode == CFB1);
-	fprintf(rfp, "\n");  /* add separator */
-
-	/* Compute next KEY */
-	if (dir == XENCRYPT)
-	    {
-	    if (imode == CFB8)
-		{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
-		for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
-		    ciphertext[n1] = ctext[j-n2][0];
-		}
-	    else if(imode == CFB1)
-		{
-		for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
-		    sb(ciphertext,n1,gb(ctext[j-n2],0));
-		}
-	    else
-		switch (akeysz)
-		    {
-		case 128:
-		    memcpy(ciphertext, ctext[j], 16);
-		    break;
-		case 192:
-		    memcpy(ciphertext, ctext[j-1]+8, 8);
-		    memcpy(ciphertext+8, ctext[j], 16);
-		    break;
-		case 256:
-		    memcpy(ciphertext, ctext[j-1], 16);
-		    memcpy(ciphertext+16, ctext[j], 16);
-		    break;
-		    }
-	    }
-	else
-	    {
-	    if (imode == CFB8)
-		{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
-		for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
-		    ciphertext[n1] = ptext[j-n2][0];
-		}
-	    else if(imode == CFB1)
-		{
-		for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
-		    sb(ciphertext,n1,gb(ptext[j-n2],0));
-		}
-	    else
-		switch (akeysz)
-		    {
-		case 128:
-		    memcpy(ciphertext, ptext[j], 16);
-		    break;
-		case 192:
-		    memcpy(ciphertext, ptext[j-1]+8, 8);
-		    memcpy(ciphertext+8, ptext[j], 16);
-		    break;
-		case 256:
-		    memcpy(ciphertext, ptext[j-1], 16);
-		    memcpy(ciphertext+16, ptext[j], 16);
-		    break;
-		    }
-	    }
-	/* Compute next key: Key[i+1] = Key[i] xor ct */
-	for (n = 0; n < nkeysz; ++n)
-	    key[i+1][n] = key[i][n] ^ ciphertext[n];
-	
-	/* Compute next IV and text */
-	if (dir == XENCRYPT)
-	    {
-	    switch (imode)
-		{
-	    case ECB:
-		memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
-		break;
-	    case CBC:
-	    case OFB:
-	    case CFB128:
-		memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
-		memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
-		break;
-	    case CFB8:
-		/* IV[i+1] = ct */
-		for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
-		    iv[i+1][n1] = ctext[j-n2][0];
-		ptext[0][0] = ctext[j-16][0];
-		break;
-	    case CFB1:
-		for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
-		    sb(iv[i+1],n1,gb(ctext[j-n2],0));
-		ptext[0][0]=ctext[j-128][0]&0x80;
-		break;
-		}
-	    }
-	else
-	    {
-	    switch (imode)
-		{
-	    case ECB:
-		memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
-		break;
-	    case CBC:
-	    case OFB:
-	    case CFB128:
-		memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
-		memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
-		break;
-	    case CFB8:
-		for (n1 = 0, n2 = 15; n < 16; ++n1, --n2)
-		    iv[i+1][n1] = ptext[j-n2][0];
-		ctext[0][0] = ptext[j-16][0];
-		break;
-	    case CFB1:
-		for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
-		    sb(iv[i+1],n1,gb(ptext[j-n2],0));
-		ctext[0][0]=ptext[j-128][0]&0x80;
-		break;
-		}
-	    }
-	}
-    
-    return ret;
-    }
-
-/*================================================*/
-/*----------------------------
-  # Config info for v-one
-  # AESVS MMT test data for ECB
-  # State : Encrypt and Decrypt
-  # Key Length : 256
-  # Fri Aug 30 04:07:22 PM
-  ----------------------------*/
-
-int proc_file(char *rqfile)
-    {
-    char afn[256], rfn[256];
-    FILE *afp = NULL, *rfp = NULL;
-    char ibuf[2048];
-    int ilen, len, ret = 0;
-    char algo[8] = "";
-    char amode[8] = "";
-    char atest[8] = "";
-    int akeysz = 0;
-    unsigned char iVec[20], aKey[40];
-    int dir = -1, err = 0, step = 0;
-    unsigned char plaintext[2048];
-    unsigned char ciphertext[2048];
-    char *rp;
-    EVP_CIPHER_CTX ctx;
-
-    if (!rqfile || !(*rqfile))
-	{
-	printf("No req file\n");
-	return -1;
-	}
-    strcpy(afn, rqfile);
-
-    if ((afp = fopen(afn, "r")) == NULL)
-	{
-	printf("Cannot open file: %s, %s\n", 
-	       afn, strerror(errno));
-	return -1;
-	}
-    strcpy(rfn,afn);
-    rp=strstr(rfn,"req/");
-    assert(rp);
-    memcpy(rp,"rsp",3);
-    rp = strstr(rfn, ".req");
-    memcpy(rp, ".rsp", 4);
-    if ((rfp = fopen(rfn, "w")) == NULL)
-	{
-	printf("Cannot open file: %s, %s\n", 
-	       rfn, strerror(errno));
-	fclose(afp);
-	afp = NULL;
-	return -1;
-	}
-    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
-	{
-	ilen = strlen(ibuf);
-	/*      printf("step=%d ibuf=%s",step,ibuf); */
-	switch (step)
-	    {
-	case 0:  /* read preamble */
-	    if (ibuf[0] == '\n')
-		{ /* end of preamble */
-		if ((*algo == '\0') ||
-		    (*amode == '\0') ||
-		    (akeysz == 0))
-		    {
-		    printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
-			   algo,amode,akeysz);
-		    err = 1;
-		    }
-		else
-		    {
-		    fputs(ibuf, rfp);
-		    ++ step;
-		    }
-		}
-	    else if (ibuf[0] != '#')
-		{
-		printf("Invalid preamble item: %s\n", ibuf);
-		err = 1;
-		}
-	    else
-		{ /* process preamble */
-		char *xp, *pp = ibuf+2;
-		int n;
-		if (akeysz)
-		    { /* insert current time & date */
-		    time_t rtim = time(0);
-		    fprintf(rfp, "# %s", ctime(&rtim));
-		    }
-		else
-		    {
-		    fputs(ibuf, rfp);
-		    if (strncmp(pp, "AESVS ", 6) == 0)
-			{
-			strcpy(algo, "AES");
-			/* get test type */
-			pp += 6;
-			xp = strchr(pp, ' ');
-			n = xp-pp;
-			strncpy(atest, pp, n);
-			atest[n] = '\0';
-			/* get mode */
-			xp = strrchr(pp, ' '); /* get mode" */
-			n = strlen(xp+1)-1;
-			strncpy(amode, xp+1, n);
-			amode[n] = '\0';
-			/* amode[3] = '\0'; */
-			printf("Test = %s, Mode = %s\n", atest, amode);
-			}
-		    else if (strncasecmp(pp, "Key Length : ", 13) == 0)
-			{
-			akeysz = atoi(pp+13);
-			printf("Key size = %d\n", akeysz);
-			}
-		    }
-		}
-	    break;
-
-	case 1:  /* [ENCRYPT] | [DECRYPT] */
-	    if (ibuf[0] == '[')
-		{
-		fputs(ibuf, rfp);
-		++step;
-		if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
-		    dir = 1;
-		else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
-		    dir = 0;
-		else
-		    {
-		    printf("Invalid keyword: %s\n", ibuf);
-		    err = 1;
-		    }
-		break;
-		}
-	    else if (dir == -1)
-		{
-		err = 1;
-		printf("Missing ENCRYPT/DECRYPT keyword\n");
-		break;
-		}
-	    else 
-		step = 2;
-
-	case 2: /* KEY = xxxx */
-	    fputs(ibuf, rfp);
-	    if(*ibuf == '\n')
-		break;
-	    if(!strncasecmp(ibuf,"COUNT = ",8))
-		break;
-
-	    if (strncasecmp(ibuf, "KEY = ", 6) != 0)
-		{
-		printf("Missing KEY\n");
-		err = 1;
-		}
-	    else
-		{
-		len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
-		if (len < 0)
-		    {
-		    printf("Invalid KEY\n");
-		    err =1;
-		    break;
-		    }
-		PrintValue("KEY", aKey, len);
-		if (strcmp(amode, "ECB") == 0)
-		    {
-		    memset(iVec, 0, sizeof(iVec));
-		    step = (dir)? 4: 5;  /* no ivec for ECB */
-		    }
-		else
-		    ++step;
-		}
-	    break;
-
-	case 3: /* IV = xxxx */
-	    fputs(ibuf, rfp);
-	    if (strncasecmp(ibuf, "IV = ", 5) != 0)
-		{
-		printf("Missing IV\n");
-		err = 1;
-		}
-	    else
-		{
-		len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
-		if (len < 0)
-		    {
-		    printf("Invalid IV\n");
-		    err =1;
-		    break;
-		    }
-		PrintValue("IV", iVec, len);
-		step = (dir)? 4: 5;
-		}
-	    break;
-
-	case 4: /* PLAINTEXT = xxxx */
-	    fputs(ibuf, rfp);
-	    if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
-		{
-		printf("Missing PLAINTEXT\n");
-		err = 1;
-		}
-	    else
-		{
-		int nn = strlen(ibuf+12);
-		if(!strcmp(amode,"CFB1"))
-		    len=bint2bin(ibuf+12,nn-1,plaintext);
-		else
-		    len=hex2bin(ibuf+12, nn-1,plaintext);
-		if (len < 0)
-		    {
-		    printf("Invalid PLAINTEXT: %s", ibuf+12);
-		    err =1;
-		    break;
-		    }
-		if (len >= sizeof(plaintext))
-		    {
-		    printf("Buffer overflow\n");
-		    }
-		PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
-		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
-		    {
-		    if(do_mct(amode, akeysz, aKey, iVec, 
-			      dir, (unsigned char*)plaintext, len, 
-			      rfp) < 0)
-			exit(1);
-		    }
-		else
-		    {
-		    ret = AESTest(&ctx, amode, akeysz, aKey, iVec, 
-				  dir,  /* 0 = decrypt, 1 = encrypt */
-				  plaintext, ciphertext, len);
-		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
-				!strcmp(amode,"CFB1"));
-		    }
-		step = 6;
-		}
-	    break;
-
-	case 5: /* CIPHERTEXT = xxxx */
-	    fputs(ibuf, rfp);
-	    if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
-		{
-		printf("Missing KEY\n");
-		err = 1;
-		}
-	    else
-		{
-		if(!strcmp(amode,"CFB1"))
-		    len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
-		else
-		    len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
-		if (len < 0)
-		    {
-		    printf("Invalid CIPHERTEXT\n");
-		    err =1;
-		    break;
-		    }
-
-		PrintValue("CIPHERTEXT", ciphertext, len);
-		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
-		    {
-		    do_mct(amode, akeysz, aKey, iVec, 
-			   dir, ciphertext, len, rfp);
-		    }
-		else
-		    {
-		    ret = AESTest(&ctx, amode, akeysz, aKey, iVec, 
-				  dir,  /* 0 = decrypt, 1 = encrypt */
-				  plaintext, ciphertext, len);
-		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
-				!strcmp(amode,"CFB1"));
-		    }
-		step = 6;
-		}
-	    break;
-
-	case 6:
-	    if (ibuf[0] != '\n')
-		{
-		err = 1;
-		printf("Missing terminator\n");
-		}
-	    else if (strcmp(atest, "MCT") != 0)
-		{ /* MCT already added terminating nl */
-		fputs(ibuf, rfp);
-		}
-	    step = 1;
-	    break;
-	    }
-	}
-    if (rfp)
-	fclose(rfp);
-    if (afp)
-	fclose(afp);
-    return err;
-    }
-
-/*--------------------------------------------------
-  Processes either a single file or 
-  a set of files whose names are passed in a file.
-  A single file is specified as:
-    aes_test -f xxx.req
-  A set of files is specified as:
-    aes_test -d xxxxx.xxx
-  The default is: -d req.txt
--------------------------------------------------*/
-int main(int argc, char **argv)
-    {
-    char *rqlist = "req.txt";
-    FILE *fp = NULL;
-    char fn[250] = "", rfn[256] = "";
-    int f_opt = 0, d_opt = 1;
-
-#ifdef OPENSSL_FIPS
-    if(!FIPS_mode_set(1,argv[0]))
-	{
-	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-	exit(1);
-	}
-#endif
-    ERR_load_crypto_strings();
-    if (argc > 1)
-	{
-	if (strcasecmp(argv[1], "-d") == 0)
-	    {
-	    d_opt = 1;
-	    }
-	else if (strcasecmp(argv[1], "-f") == 0)
-	    {
-	    f_opt = 1;
-	    d_opt = 0;
-	    }
-	else
-	    {
-	    printf("Invalid parameter: %s\n", argv[1]);
-	    return 0;
-	    }
-	if (argc < 3)
-	    {
-	    printf("Missing parameter\n");
-	    return 0;
-	    }
-	if (d_opt)
-	    rqlist = argv[2];
-	else
-	    strcpy(fn, argv[2]);
-	}
-    if (d_opt)
-	{ /* list of files (directory) */
-	if (!(fp = fopen(rqlist, "r")))
-	    {
-	    printf("Cannot open req list file\n");
-	    return -1;
-	    }
-	while (fgets(fn, sizeof(fn), fp))
-	    {
-	    strtok(fn, "\r\n");
-	    strcpy(rfn, fn);
-	    printf("Processing: %s\n", rfn);
-	    if (proc_file(rfn))
-		{
-		printf(">>> Processing failed for: %s <<<\n", rfn);
-		exit(1);
-		}
-	    }
-	fclose(fp);
-	}
-    else /* single file */
-	{
-	printf("Processing: %s\n", fn);
-	if (proc_file(fn))
-	    {
-	    printf(">>> Processing failed for: %s <<<\n", fn);
-	    }
-	}
-    return 0;
-    }
--- a/fips/des/.cvsignore
+++ b/fips/des/.cvsignore
@@ -1,5 +0,0 @@
-lib
-fips_desmovs
-fips_desmovs.sha1
-testlist
-Makefile.save
--- a/fips/des/Makefile.ssl
+++ b/fips/des/Makefile.ssl
@@ -1,146 +0,0 @@
-#
-# SSLeay/fips/des/Makefile
-#
-
-DIR=	des
-TOP=	../..
-CC=	cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG) -g
-
-GENERAL=Makefile
-TEST= fips_desmovs.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_des_enc.c fips_des_selftest.c
-LIBOBJ=fips_des_enc.o fips_des_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=	$(EXHEADER) fips_des_locl.h
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:	check lib
-
-check:
-	TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@sleep 2; touch lib
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-top_fips_desmovs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_desmovs sub_target)
-
-fips_desmovs: fips_desmovs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_desmovs fips_desmovs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_desmovs
-
-fips_test: top_fips_desmovs
-	find ../testvectors/des/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des/rsp
-	mkdir ../testvectors/des/rsp
-	./fips_desmovs -d testlist
-	find ../testvectors/des2/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des2/rsp
-	mkdir ../testvectors/des2/rsp
-	./fips_desmovs -d testlist
-	find ../testvectors/des3/req -name '*.req' > testlist
-	-rm -rf ../testvectors/des3/rsp
-	mkdir ../testvectors/des3/rsp
-	./fips_desmovs -d testlist
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) \
-		$(SRC) $(TEST)
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_des_enc.o: ../../e_os.h ../../include/openssl/crypto.h
-fips_des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_des_enc.o: ../../include/openssl/e_os2.h
-fips_des_enc.o: ../../include/openssl/opensslconf.h
-fips_des_enc.o: ../../include/openssl/opensslv.h
-fips_des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-fips_des_enc.o: ../../include/openssl/ui_compat.h fips_des_enc.c
-fips_des_enc.o: fips_des_locl.h
-fips_des_selftest.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_des_selftest.o: ../../include/openssl/des.h
-fips_des_selftest.o: ../../include/openssl/des_old.h
-fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_des_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-fips_des_selftest.o: ../../include/openssl/opensslconf.h
-fips_des_selftest.o: ../../include/openssl/opensslv.h
-fips_des_selftest.o: ../../include/openssl/safestack.h
-fips_des_selftest.o: ../../include/openssl/stack.h
-fips_des_selftest.o: ../../include/openssl/symhacks.h
-fips_des_selftest.o: ../../include/openssl/ui.h
-fips_des_selftest.o: ../../include/openssl/ui_compat.h fips_des_selftest.c
-fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
-fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_desmovs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-fips_desmovs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_desmovs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_desmovs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_desmovs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-fips_desmovs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-fips_desmovs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_desmovs.o: ../../include/openssl/opensslconf.h
-fips_desmovs.o: ../../include/openssl/opensslv.h
-fips_desmovs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-fips_desmovs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-fips_desmovs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-fips_desmovs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_desmovs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_desmovs.o: fips_desmovs.c
--- a/fips/des/fingerprint.sha1
+++ b/fips/des/fingerprint.sha1
@@ -1,3 +0,0 @@
-SHA1(fips_des_enc.c)= 75389f527cc456178e6a2e35f82bf49f98fe3e90
-SHA1(fips_des_selftest.c)= d81ee4db762d89cca749138a99100d342f195665
-SHA1(fips_des_locl.h)= a4cf60ca32476a2483b3e4460ec9a19c0444fd20
--- a/fips/des/fips_des_enc.c
+++ b/fips/des/fips_des_enc.c
@@ -1,297 +0,0 @@
-/* crypto/des/des_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "fips_des_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-	register int i;
-#endif
-	register DES_LONG *s;
-
-	r=data[0];
-	l=data[1];
-
-	IP(r,l);
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	/* clear the top bits on machines with 8byte longs */
-	/* shift left by 2 */
-	r=ROTATE(r,29)&0xffffffffL;
-	l=ROTATE(l,29)&0xffffffffL;
-
-	s=ks->ks->deslong;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (enc)
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
-#else
-		for (i=0; i<32; i+=8)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			D_ENCRYPT(l,r,i+4); /*  3 */
-			D_ENCRYPT(r,l,i+6); /*  4 */
-			}
-#endif
-		}
-	else
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r,30); /* 16 */
-		D_ENCRYPT(r,l,28); /* 15 */
-		D_ENCRYPT(l,r,26); /* 14 */
-		D_ENCRYPT(r,l,24); /* 13 */
-		D_ENCRYPT(l,r,22); /* 12 */
-		D_ENCRYPT(r,l,20); /* 11 */
-		D_ENCRYPT(l,r,18); /* 10 */
-		D_ENCRYPT(r,l,16); /*  9 */
-		D_ENCRYPT(l,r,14); /*  8 */
-		D_ENCRYPT(r,l,12); /*  7 */
-		D_ENCRYPT(l,r,10); /*  6 */
-		D_ENCRYPT(r,l, 8); /*  5 */
-		D_ENCRYPT(l,r, 6); /*  4 */
-		D_ENCRYPT(r,l, 4); /*  3 */
-		D_ENCRYPT(l,r, 2); /*  2 */
-		D_ENCRYPT(r,l, 0); /*  1 */
-#else
-		for (i=30; i>0; i-=8)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			D_ENCRYPT(l,r,i-4); /* 14 */
-			D_ENCRYPT(r,l,i-6); /* 13 */
-			}
-#endif
-		}
-
-	/* rotate and clear the top bits on machines with 8byte longs */
-	l=ROTATE(l,3)&0xffffffffL;
-	r=ROTATE(r,3)&0xffffffffL;
-
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	l=r=t=u=0;
-	}
-
-void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-	register int i;
-#endif
-	register DES_LONG *s;
-
-	r=data[0];
-	l=data[1];
-
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	/* clear the top bits on machines with 8byte longs */
-	r=ROTATE(r,29)&0xffffffffL;
-	l=ROTATE(l,29)&0xffffffffL;
-
-	s=ks->ks->deslong;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (enc)
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
-#else
-		for (i=0; i<32; i+=8)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			D_ENCRYPT(l,r,i+4); /*  3 */
-			D_ENCRYPT(r,l,i+6); /*  4 */
-			}
-#endif
-		}
-	else
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r,30); /* 16 */
-		D_ENCRYPT(r,l,28); /* 15 */
-		D_ENCRYPT(l,r,26); /* 14 */
-		D_ENCRYPT(r,l,24); /* 13 */
-		D_ENCRYPT(l,r,22); /* 12 */
-		D_ENCRYPT(r,l,20); /* 11 */
-		D_ENCRYPT(l,r,18); /* 10 */
-		D_ENCRYPT(r,l,16); /*  9 */
-		D_ENCRYPT(l,r,14); /*  8 */
-		D_ENCRYPT(r,l,12); /*  7 */
-		D_ENCRYPT(l,r,10); /*  6 */
-		D_ENCRYPT(r,l, 8); /*  5 */
-		D_ENCRYPT(l,r, 6); /*  4 */
-		D_ENCRYPT(r,l, 4); /*  3 */
-		D_ENCRYPT(l,r, 2); /*  2 */
-		D_ENCRYPT(r,l, 0); /*  1 */
-#else
-		for (i=30; i>0; i-=8)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			D_ENCRYPT(l,r,i-4); /* 14 */
-			D_ENCRYPT(r,l,i-6); /* 13 */
-			}
-#endif
-		}
-	/* rotate and clear the top bits on machines with 8byte longs */
-	data[0]=ROTATE(l,3)&0xffffffffL;
-	data[1]=ROTATE(r,3)&0xffffffffL;
-	l=r=t=u=0;
-	}
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3)
-	{
-	register DES_LONG l,r;
-
-	l=data[0];
-	r=data[1];
-	IP(l,r);
-	data[0]=l;
-	data[1]=r;
-	DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
-	DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
-	DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
-	l=data[0];
-	r=data[1];
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	}
-
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3)
-	{
-	register DES_LONG l,r;
-
-	l=data[0];
-	r=data[1];
-	IP(l,r);
-	data[0]=l;
-	data[1]=r;
-	DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
-	DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
-	DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
-	l=data[0];
-	r=data[1];
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	}
-
-#else /* ndef OPENSSL_FIPS */
-
-static void *dummy=&dummy;
-
-#endif /* ndef OPENSSL_FIPS */
-
--- a/fips/des/fips_des_locl.h
+++ b/fips/des/fips_des_locl.h
@@ -1,428 +0,0 @@
-/* crypto/des/des_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-
-#include "e_os.h"
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-#ifndef OPENSSL_SYS_MSDOS
-#define OPENSSL_SYS_MSDOS
-#endif
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#ifndef OPENSSL_SYS_MSDOS
-#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
-#ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-#else
-# include <unistd.h>
-#endif
-#include <math.h>
-#endif
-#endif
-#include <openssl/des.h>
-
-#ifdef OPENSSL_SYS_MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <errno.h>
-#include <time.h>
-#include <io.h>
-#endif
-
-#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
-#include <string.h>
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE	(1024*16)
-#define BSIZE		(MAXWRITE+4)
-
-#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
-			 l|=((DES_LONG)(*((c)++)))<< 8L, \
-			 l|=((DES_LONG)(*((c)++)))<<16L, \
-			 l|=((DES_LONG)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
-			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
-			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
-			case 5: l2|=((DES_LONG)(*(--(c))));     \
-			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
-			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
-			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
-			case 1: l1|=((DES_LONG)(*(--(c))));     \
-				} \
-			}
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
-			 l|=((DES_LONG)(*((c)++)))<<16L, \
-			 l|=((DES_LONG)(*((c)++)))<< 8L, \
-			 l|=((DES_LONG)(*((c)++))))
-
-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
-#define	ROTATE(a,n)	(_lrotr(a,n))
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#  define ROTATE(a,n)	({ register unsigned int ret;	\
-				asm ("rorl %1,%0"	\
-					: "=r"(ret)	\
-					: "I"(n),"0"(a)	\
-					: "cc");	\
-			   ret;				\
-			})
-# endif
-#endif
-#ifndef ROTATE
-#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
-#endif
-
-/* Don't worry about the LOAD_DATA() stuff, that is used by
- * fcrypt() to add it's little bit to the front */
-
-#ifdef DES_FCRYPT
-
-#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
-	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
-
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-	t=R^(R>>16L); \
-	u=t&E0; t&=E1; \
-	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
-	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
-#else
-#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-	u=R^s[S  ]; \
-	t=R^s[S+1]
-#endif
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the architecture.  gcc2 always seems to do well :-).
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs.
- * It does not seem to work on the Alpha, even when DES_LONG is 4
- * bytes, probably an issue of accessing non-word aligned objects :-( */
-#ifdef DES_PTR
-
-/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
- * is no reason to not xor all the sub items together.  This potentially
- * saves a register since things can be xored directly into L */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) { \
-	unsigned int u1,u2,u3; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0xfc; \
-	u2&=0xfc; \
-	t=ROTATE(t,4); \
-	u>>=16L; \
-	LL^= *(const DES_LONG *)(des_SP      +u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-	u3=(int)(u>>8L); \
-	u1=(int)u&0xfc; \
-	u3&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
-	u2=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u2&=0xfc; \
-	t>>=16L; \
-	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-	u3=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u3&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) { \
-	unsigned int u1,u2,s1,s2; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0xfc; \
-	u2&=0xfc; \
-	t=ROTATE(t,4); \
-	LL^= *(const DES_LONG *)(des_SP      +u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-	s1=(int)(u>>16L); \
-	s2=(int)(u>>24L); \
-	s1&=0xfc; \
-	s2&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
-	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
-	u2=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u2&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-	s1=(int)(t>>16L); \
-	s2=(int)(t>>24L); \
-	s1&=0xfc; \
-	s2&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
-	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
-#endif
-#else
-#define D_ENCRYPT(LL,R,S) { \
-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-	t=ROTATE(t,4); \
-	LL^= \
-	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
-#endif
-
-#else /* original version */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) {\
-	unsigned int u1,u2,u3; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u>>=2L; \
-	t=ROTATE(t,6); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u2&=0x3f; \
-	u>>=16L; \
-	LL^=DES_SPtrans[0][u1]; \
-	LL^=DES_SPtrans[2][u2]; \
-	u3=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u3&=0x3f; \
-	LL^=DES_SPtrans[4][u1]; \
-	LL^=DES_SPtrans[6][u3]; \
-	u2=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u2&=0x3f; \
-	t>>=16L; \
-	LL^=DES_SPtrans[1][u1]; \
-	LL^=DES_SPtrans[3][u2]; \
-	u3=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u3&=0x3f; \
-	LL^=DES_SPtrans[5][u1]; \
-	LL^=DES_SPtrans[7][u3]; }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) {\
-	unsigned int u1,u2,s1,s2; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u>>=2L; \
-	t=ROTATE(t,6); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u2&=0x3f; \
-	LL^=DES_SPtrans[0][u1]; \
-	LL^=DES_SPtrans[2][u2]; \
-	s1=(int)u>>16L; \
-	s2=(int)u>>24L; \
-	s1&=0x3f; \
-	s2&=0x3f; \
-	LL^=DES_SPtrans[4][s1]; \
-	LL^=DES_SPtrans[6][s2]; \
-	u2=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u2&=0x3f; \
-	LL^=DES_SPtrans[1][u1]; \
-	LL^=DES_SPtrans[3][u2]; \
-	s1=(int)t>>16; \
-	s2=(int)t>>24L; \
-	s1&=0x3f; \
-	s2&=0x3f; \
-	LL^=DES_SPtrans[5][s1]; \
-	LL^=DES_SPtrans[7][s2]; }
-#endif
-
-#else
-
-#define D_ENCRYPT(LL,R,S) {\
-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-	t=ROTATE(t,4); \
-	LL^=\
-		DES_SPtrans[0][(u>> 2L)&0x3f]^ \
-		DES_SPtrans[2][(u>>10L)&0x3f]^ \
-		DES_SPtrans[4][(u>>18L)&0x3f]^ \
-		DES_SPtrans[6][(u>>26L)&0x3f]^ \
-		DES_SPtrans[1][(t>> 2L)&0x3f]^ \
-		DES_SPtrans[3][(t>>10L)&0x3f]^ \
-		DES_SPtrans[5][(t>>18L)&0x3f]^ \
-		DES_SPtrans[7][(t>>26L)&0x3f]; }
-#endif
-#endif
-
-	/* IP and FP
-	 * The problem is more of a geometric problem that random bit fiddling.
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-
-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-
-	The output has been subject to swaps of the form
-	0 1 -> 3 1 but the odd and even bits have been put into
-	2 3    2 0
-	different words.  The main trick is to remember that
-	t=((l>>size)^r)&(mask);
-	r^=t;
-	l^=(t<<size);
-	can be used to swap and move bits between words.
-
-	So l =  0  1  2  3  r = 16 17 18 19
-	        4  5  6  7      20 21 22 23
-	        8  9 10 11      24 25 26 27
-	       12 13 14 15      28 29 30 31
-	becomes (for size == 2 and mask == 0x3333)
-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-		10^24 11^25 -- --        8  9 24 25      10 11 24 25
-		14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-	Thanks for hints from Richard Outerbridge - he told me IP&FP
-	could be done in 15 xor, 10 shifts and 5 ands.
-	When I finally started to think of the problem in 2D
-	I first got ~42 operations without xors.  When I remembered
-	how to use xors :-) I got it to its final state.
-	*/
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define IP(l,r) \
-	{ \
-	register DES_LONG tt; \
-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-	PERM_OP(l,r,tt,16,0x0000ffffL); \
-	PERM_OP(r,l,tt, 2,0x33333333L); \
-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-	PERM_OP(r,l,tt, 1,0x55555555L); \
-	}
-
-#define FP(l,r) \
-	{ \
-	register DES_LONG tt; \
-	PERM_OP(l,r,tt, 1,0x55555555L); \
-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-	PERM_OP(l,r,tt, 2,0x33333333L); \
-	PERM_OP(r,l,tt,16,0x0000ffffL); \
-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-	}
-
-OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64];
-
-void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
-		 DES_LONG Eswap0, DES_LONG Eswap1);
-#endif
--- a/fips/des/fips_des_selftest.c
+++ b/fips/des/fips_des_selftest.c
@@ -1,95 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/des.h>
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-static struct
-    {
-    DES_cblock key;
-    DES_cblock plaintext;
-    unsigned char ciphertext[8];
-    } tests[]=
-	{
-	{
-	{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
-	{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
-	{ 0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7 }
-	},
-	{
-	{ 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
-	{ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
-	{ 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
-	},
-	};
-
-int FIPS_selftest_des()
-    {
-    int n;
-
-    for(n=0 ; n < 2 ; ++n)
-	{
-	DES_key_schedule key;
-	DES_cblock buf;
-
-	DES_set_key(&tests[n].key,&key);
-	DES_ecb_encrypt(&tests[n].plaintext,&buf,&key,1);
-	if(memcmp(buf,tests[n].ciphertext,sizeof buf))
-	    {
-	    FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-	    return 0;
-	    }
-	}
-    return 1;
-    }
-#endif
--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@@ -1,776 +0,0 @@
-/*---------------------------------------------
-  NIST DES Modes of Operation Validation System
-  Test Program
-
-  Based on the AES Validation Suite, which was:
-  Copyright
-  V-ONE Corporation
-  20250 Century Blvd, Suite 300
-  Germantown, MD 20874
-  U.S.A.
-  ----------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-
-#include <openssl/des.h>
-#include <openssl/evp.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include "e_os.h"
-
-/*#define AES_BLOCK_SIZE 16*/
-
-#define VERBOSE 0
-
-/*-----------------------------------------------*/
-
-int DESTest(EVP_CIPHER_CTX *ctx,
-	    char *amode, int akeysz, unsigned char *aKey, 
-	    unsigned char *iVec, 
-	    int dir,  /* 0 = decrypt, 1 = encrypt */
-	    unsigned char *out, unsigned char *in, int len)
-    {
-    const EVP_CIPHER *cipher = NULL;
-    int ret = 1;
-    int kt = 0;
-
-    if (ctx)
-	memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
-
-    if (strcasecmp(amode, "CBC") == 0)
-	kt = 1000;
-    else if (strcasecmp(amode, "ECB") == 0)
-	kt = 2000;
-    else if (strcasecmp(amode, "CFB64") == 0)
-	kt = 3000;
-    else if (strncasecmp(amode, "OFB", 3) == 0)
-	kt = 4000;
-    else if(!strcasecmp(amode,"CFB1"))
-	kt=5000;
-    else if(!strcasecmp(amode,"CFB8"))
-	kt=6000;
-    else
-	{
-	printf("Unknown mode: %s\n", amode);
-	exit(1);
-	}
-    if (ret)
-	{
-	if (akeysz != 64 && akeysz != 192)
-	    {
-	    printf("Invalid key size: %d\n", akeysz);
-	    exit(1);
-	    }
-	else
-	    {
-	    kt += akeysz;
-	    switch (kt)
-		{
-	    case 1064:
-		cipher=EVP_des_cbc();
-		break;
-	    case 1192:
-		cipher=EVP_des_ede3_cbc();
-		break;
-	    case 2064:
-		cipher=EVP_des_ecb();
-		break;
-	    case 2192:
-		cipher=EVP_des_ede3_ecb();
-		break;
-	    case 3064:
-		cipher=EVP_des_cfb64();
-		break;
-	    case 3192:
-		cipher=EVP_des_ede3_cfb64();
-		break;
-	    case 4064:
-		cipher=EVP_des_ofb();
-		break;
-	    case 4192:
-		cipher=EVP_des_ede3_ofb();
-		break;
-	    case 5064:
-		cipher=EVP_des_cfb1();
-		break;
-	    case 5192:
-		cipher=EVP_des_ede3_cfb1();
-		break;
-	    case 6064:
-		cipher=EVP_des_cfb8();
-		break;
-	    case 6192:
-		cipher=EVP_des_ede3_cfb8();
-		break;
-	    default:
-		printf("Didn't handle mode %d\n",kt);
-		exit(1);
-		}
-	    if(!EVP_CipherInit(ctx, cipher, aKey, iVec, dir))
-		{
-		ERR_print_errors_fp(stderr);
-		exit(1);
-		}
-	    EVP_Cipher(ctx, out, in, len);
-	    }
-	}
-    return ret;
-    }
-
-/*-----------------------------------------------*/
-
-int hex2bin(char *in, int len, unsigned char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1 = 0, n2 = 0; n1 < len; )
-	{ /* first byte */
-	if ((in[n1] >= '0') && (in[n1] <= '9'))
-	    ch = in[n1++] - '0';
-	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	    ch = in[n1++] - 'A' + 10;
-	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	    ch = in[n1++] - 'a' + 10;
-	else
-	    return -1;
-	if(len == 1)
-	    {
-	    out[n2++]=ch;
-	    break;
-	    }
-	out[n2] = ch << 4;
-	/* second byte */
-	if ((in[n1] >= '0') && (in[n1] <= '9'))
-	    ch = in[n1++] - '0';
-	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	    ch = in[n1++] - 'A' + 10;
-	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	    ch = in[n1++] - 'a' + 10;
-	else
-	    return -1;
-	out[n2++] |= ch;
-	}
-    return n2;
-    }
-
-/*-----------------------------------------------*/
-
-int bin2hex(unsigned char *in, int len, char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1 = 0, n2 = 0; n1 < len; ++n1)
-	{
-	/* first nibble */
-	ch = in[n1] >> 4;
-	if (ch <= 0x09)
-	    out[n2++] = ch + '0';
-	else
-	    out[n2++] = ch - 10 + 'a';
-	/* second nibble */
-	ch = in[n1] & 0x0f;
-	if (ch <= 0x09)
-	    out[n2++] = ch + '0';
-	else
-	    out[n2++] = ch - 10 + 'a';
-	}
-    return n2;
-    }
-
-/* NB: this return the number of _bits_ read */
-int bint2bin(const char *in, int len, unsigned char *out)
-    {
-    int n;
-
-    memset(out,0,len);
-    for(n=0 ; n < len ; ++n)
-	if(in[n] == '1')
-	    out[n/8]|=(0x80 >> (n%8));
-    return len;
-    }
-
-int bin2bint(const unsigned char *in,int len,char *out)
-    {
-    int n;
-
-    for(n=0 ; n < len ; ++n)
-	out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
-    return n;
-    }
-
-/*-----------------------------------------------*/
-
-void PrintValue(char *tag, unsigned char *val, int len)
-    {
-#if VERBOSE
-    char obuf[2048];
-    int olen;
-    olen = bin2hex(val, len, obuf);
-    printf("%s = %.*s\n", tag, olen, obuf);
-#endif
-    }
-
-void DebugValue(char *tag, unsigned char *val, int len)
-    {
-    char obuf[2048];
-    int olen;
-    olen = bin2hex(val, len, obuf);
-    printf("%s = %.*s\n", tag, olen, obuf);
-    }
-
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
-    {
-    char obuf[2048];
-    int olen;
-
-    if(bitmode)
-	olen=bin2bint(val,len,obuf);
-    else
-	olen=bin2hex(val,len,obuf);
-
-    fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
-#if VERBOSE
-    printf("%s = %.*s\n", tag, olen, obuf);
-#endif
-    }
-
-void shiftin(unsigned char *dst,unsigned char *src,int nbits)
-    {
-    int n;
-
-    /* move the bytes... */
-    memmove(dst,dst+nbits/8,3*8-nbits/8);
-    /* append new data */
-    memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
-    /* left shift the bits */
-    if(nbits%8)
-	for(n=0 ; n < 3*8 ; ++n)
-	    dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
-    }	
-
-/*-----------------------------------------------*/
-char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
-enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
-int Sizes[6]={64,64,64,1,8,64};
-
-void do_mct(char *amode, 
-	    int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
-	    int dir, unsigned char *text, int len,
-	    FILE *rfp)
-    {
-    int i,imode;
-    unsigned char nk[4*8]; /* longest key+8 */
-    unsigned char text0[8];
-
-    for (imode=0 ; imode < 6 ; ++imode)
-	if(!strcmp(amode,t_mode[imode]))
-	    break;
-    if (imode == 6)
-	{ 
-	printf("Unrecognized mode: %s\n", amode);
-	exit(1);
-	}
-
-    memcpy(text0,text,8);
-
-    for(i=0 ; i < 400 ; ++i)
-	{
-	int j;
-	int n;
-	EVP_CIPHER_CTX ctx;
-	int kp=akeysz/64;
-	unsigned char old_iv[8];
-
-	fprintf(rfp,"\nCOUNT = %d\n",i);
-	if(kp == 1)
-	    OutputValue("KEY",akey,8,rfp,0);
-	else
-	    for(n=0 ; n < kp ; ++n)
-		{
-		fprintf(rfp,"KEY%d",n+1);
-		OutputValue("",akey+n*8,8,rfp,0);
-		}
-
-	if(imode != ECB)
-	    OutputValue("IV",ivec,8,rfp,0);
-	OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
-
-	/* compensate for endianness */
-	if(imode == CFB1)
-	    text[0]<<=7;
-
-	for(j=0 ; j < 10000 ; ++j)
-	    {
-	    unsigned char old_text[8];
-
-	    memcpy(old_text,text,8);
-	    if(j == 0)
-		{
-		memcpy(old_iv,ivec,8);
-		DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
-		}
-	    else
-		{
-		memcpy(old_iv,ctx.iv,8);
-		EVP_Cipher(&ctx,text,text,len);
-		}
-	    if(j == 9999)
-		{
-		OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
-		/*		memcpy(ivec,text,8); */
-		}
-	    /*	    DebugValue("iv",ctx.iv,8); */
-	    /* accumulate material for the next key */
-	    shiftin(nk,text,Sizes[imode]);
-	    /*	    DebugValue("nk",nk,24);*/
-	    if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
-			|| imode == CBC)) || imode == OFB)
-		memcpy(text,old_iv,8);
-
-	    if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
-		{
-		/* the test specifies using the output of the raw DES operation
-		   which we don't have, so reconstruct it... */
-		for(n=0 ; n < 8 ; ++n)
-		    text[n]^=old_text[n];
-		}
-	    }
-	for(n=0 ; n < 8 ; ++n)
-	    akey[n]^=nk[16+n];
-	for(n=0 ; n < 8 ; ++n)
-	    akey[8+n]^=nk[8+n];
-	for(n=0 ; n < 8 ; ++n)
-	    akey[16+n]^=nk[n];
-	if(numkeys < 3)
-	    memcpy(&akey[2*8],akey,8);
-	if(numkeys < 2)
-	    memcpy(&akey[8],akey,8);
-	memcpy(ivec,ctx.iv,8);
-
-	/* pointless exercise - the final text doesn't depend on the
-	   initial text in OFB mode, so who cares what it is? (Who
-	   designed these tests?) */
-	if(imode == OFB)
-	    for(n=0 ; n < 8 ; ++n)
-		text[n]=text0[n]^old_iv[n];
-	}
-    }
-    
-int proc_file(char *rqfile)
-    {
-    char afn[256], rfn[256];
-    FILE *afp = NULL, *rfp = NULL;
-    char ibuf[2048];
-    int ilen, len, ret = 0;
-    char amode[8] = "";
-    char atest[100] = "";
-    int akeysz=0;
-    unsigned char iVec[20], aKey[40];
-    int dir = -1, err = 0, step = 0;
-    unsigned char plaintext[2048];
-    unsigned char ciphertext[2048];
-    char *rp;
-    EVP_CIPHER_CTX ctx;
-    int numkeys=1;
-
-    if (!rqfile || !(*rqfile))
-	{
-	printf("No req file\n");
-	return -1;
-	}
-    strcpy(afn, rqfile);
-
-    if ((afp = fopen(afn, "r")) == NULL)
-	{
-	printf("Cannot open file: %s, %s\n", 
-	       afn, strerror(errno));
-	return -1;
-	}
-    strcpy(rfn,afn);
-    rp=strstr(rfn,"req/");
-    assert(rp);
-    memcpy(rp,"rsp",3);
-    rp = strstr(rfn, ".req");
-    memcpy(rp, ".rsp", 4);
-    if ((rfp = fopen(rfn, "w")) == NULL)
-	{
-	printf("Cannot open file: %s, %s\n", 
-	       rfn, strerror(errno));
-	fclose(afp);
-	afp = NULL;
-	return -1;
-	}
-    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
-	{
-	ilen = strlen(ibuf);
-	/*	printf("step=%d ibuf=%s",step,ibuf);*/
-	if(step == 3 && !strcmp(amode,"ECB"))
-	    {
-	    memset(iVec, 0, sizeof(iVec));
-	    step = (dir)? 4: 5;  /* no ivec for ECB */
-	    }
-	switch (step)
-	    {
-	case 0:  /* read preamble */
-	    if (ibuf[0] == '\n')
-		{ /* end of preamble */
-		if (*amode == '\0')
-		    {
-		    printf("Missing Mode\n");
-		    err = 1;
-		    }
-		else
-		    {
-		    fputs(ibuf, rfp);
-		    ++ step;
-		    }
-		}
-	    else if (ibuf[0] != '#')
-		{
-		printf("Invalid preamble item: %s\n", ibuf);
-		err = 1;
-		}
-	    else
-		{ /* process preamble */
-		char *xp, *pp = ibuf+2;
-		int n;
-		if(*amode)
-		    { /* insert current time & date */
-		    time_t rtim = time(0);
-		    fprintf(rfp, "# %s", ctime(&rtim));
-		    }
-		else
-		    {
-		    fputs(ibuf, rfp);
-		    if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
-		       || !strncmp(pp,"TDES ",5)
-		       || !strncmp(pp,"PERMUTATION ",12)
-		       || !strncmp(pp,"SUBSTITUTION ",13)
-		       || !strncmp(pp,"VARIABLE ",9))
-			{
-			/* get test type */
-			if(!strncmp(pp,"DES ",4))
-			    pp+=4;
-			else if(!strncmp(pp,"TDES ",5))
-			    pp+=5;
-			xp = strchr(pp, ' ');
-			n = xp-pp;
-			strncpy(atest, pp, n);
-			atest[n] = '\0';
-			/* get mode */
-			xp = strrchr(pp, ' '); /* get mode" */
-			n = strlen(xp+1)-1;
-			strncpy(amode, xp+1, n);
-			amode[n] = '\0';
-			/* amode[3] = '\0'; */
-			printf("Test=%s, Mode=%s\n",atest,amode);
-			}
-		    }
-		}
-	    break;
-
-	case 1:  /* [ENCRYPT] | [DECRYPT] */
-	    if(ibuf[0] == '\n')
-		break;
-	    if (ibuf[0] == '[')
-		{
-		fputs(ibuf, rfp);
-		++step;
-		if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
-		    dir = 1;
-		else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
-		    dir = 0;
-		else
-		    {
-		    printf("Invalid keyword: %s\n", ibuf);
-		    err = 1;
-		    }
-		break;
-		}
-	    else if (dir == -1)
-		{
-		err = 1;
-		printf("Missing ENCRYPT/DECRYPT keyword\n");
-		break;
-		}
-	    else 
-		step = 2;
-
-	case 2: /* KEY = xxxx */
-	    fputs(ibuf, rfp);
-	    if(*ibuf == '\n')
-		break;
-	    if(!strncasecmp(ibuf,"COUNT = ",8))
-		break;
-	    if(!strncasecmp(ibuf,"COUNT=",6))
-		break;
-	    if(!strncasecmp(ibuf,"NumKeys = ",10))
-		{
-		numkeys=atoi(ibuf+10);
-		break;
-		}
-	  
-	    if(!strncasecmp(ibuf,"KEY = ",6))
-		{
-		akeysz=64;
-		len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
-		if (len < 0)
-		    {
-		    printf("Invalid KEY\n");
-		    err=1;
-		    break;
-		    }
-		PrintValue("KEY", aKey, len);
-		++step;
-		}
-	    else if(!strncasecmp(ibuf,"KEYs = ",7))
-		{
-		akeysz=64*3;
-		len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey);
-		if(len != 8)
-		    {
-		    printf("Invalid KEY\n");
-		    err=1;
-		    break;
-		    }
-		memcpy(aKey+8,aKey,8);
-		memcpy(aKey+16,aKey,8);
-		ibuf[4]='\0';
-		PrintValue("KEYs",aKey,len);
-		++step;
-		}
-	    else if(!strncasecmp(ibuf,"KEY",3))
-		{
-		int n=ibuf[3]-'1';
-
-		akeysz=64*3;
-		len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey+n*8);
-		if(len != 8)
-		    {
-		    printf("Invalid KEY\n");
-		    err=1;
-		    break;
-		    }
-		ibuf[4]='\0';
-		PrintValue(ibuf,aKey,len);
-		if(n == 2)
-		    ++step;
-		}
-	    else
-		{
-		printf("Missing KEY\n");
-		err = 1;
-		}
-	    break;
-
-	case 3: /* IV = xxxx */
-	    fputs(ibuf, rfp);
-	    if (strncasecmp(ibuf, "IV = ", 5) != 0)
-		{
-		printf("Missing IV\n");
-		err = 1;
-		}
-	    else
-		{
-		len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
-		if (len < 0)
-		    {
-		    printf("Invalid IV\n");
-		    err =1;
-		    break;
-		    }
-		PrintValue("IV", iVec, len);
-		step = (dir)? 4: 5;
-		}
-	    break;
-
-	case 4: /* PLAINTEXT = xxxx */
-	    fputs(ibuf, rfp);
-	    if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
-		{
-		printf("Missing PLAINTEXT\n");
-		err = 1;
-		}
-	    else
-		{
-		int nn = strlen(ibuf+12);
-		if(!strcmp(amode,"CFB1"))
-		    len=bint2bin(ibuf+12,nn-1,plaintext);
-		else
-		    len=hex2bin(ibuf+12, nn-1,plaintext);
-		if (len < 0)
-		    {
-		    printf("Invalid PLAINTEXT: %s", ibuf+12);
-		    err =1;
-		    break;
-		    }
-		if (len >= sizeof(plaintext))
-		    {
-		    printf("Buffer overflow\n");
-		    }
-		PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
-		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
-		    {
-		    do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
-		    }
-		else
-		    {
-		    assert(dir == 1);
-		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
-				  dir,  /* 0 = decrypt, 1 = encrypt */
-				  ciphertext, plaintext, len);
-		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
-				!strcmp(amode,"CFB1"));
-		    }
-		step = 6;
-		}
-	    break;
-
-	case 5: /* CIPHERTEXT = xxxx */
-	    fputs(ibuf, rfp);
-	    if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
-		{
-		printf("Missing KEY\n");
-		err = 1;
-		}
-	    else
-		{
-		if(!strcmp(amode,"CFB1"))
-		    len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
-		else
-		    len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
-		if (len < 0)
-		    {
-		    printf("Invalid CIPHERTEXT\n");
-		    err =1;
-		    break;
-		    }
-		
-		PrintValue("CIPHERTEXT", ciphertext, len);
-		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
-		    {
-		    do_mct(amode, akeysz, numkeys, aKey, iVec, 
-			   dir, ciphertext, len, rfp);
-		    }
-		else
-		    {
-		    assert(dir == 0);
-		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
-				  dir,  /* 0 = decrypt, 1 = encrypt */
-				  plaintext, ciphertext, len);
-		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
-				!strcmp(amode,"CFB1"));
-		    }
-		step = 6;
-		}
-	    break;
-
-	case 6:
-	    if (ibuf[0] != '\n')
-		{
-		err = 1;
-		printf("Missing terminator\n");
-		}
-	    else if (strcmp(atest, "MCT") != 0)
-		{ /* MCT already added terminating nl */
-		fputs(ibuf, rfp);
-		}
-	    step = 1;
-	    break;
-	    }
-	}
-    if (rfp)
-	fclose(rfp);
-    if (afp)
-	fclose(afp);
-    return err;
-    }
-
-/*--------------------------------------------------
-  Processes either a single file or 
-  a set of files whose names are passed in a file.
-  A single file is specified as:
-    aes_test -f xxx.req
-  A set of files is specified as:
-    aes_test -d xxxxx.xxx
-  The default is: -d req.txt
--------------------------------------------------*/
-int main(int argc, char **argv)
-    {
-    char *rqlist = "req.txt";
-    FILE *fp = NULL;
-    char fn[250] = "", rfn[256] = "";
-    int f_opt = 0, d_opt = 1;
-
-#ifdef OPENSSL_FIPS
-    if(!FIPS_mode_set(1,argv[0]))
-	{
-	ERR_load_crypto_strings();
-	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-	exit(1);
-	}
-#endif
-    ERR_load_crypto_strings();
-    if (argc > 1)
-	{
-	if (strcasecmp(argv[1], "-d") == 0)
-	    {
-	    d_opt = 1;
-	    }
-	else if (strcasecmp(argv[1], "-f") == 0)
-	    {
-	    f_opt = 1;
-	    d_opt = 0;
-	    }
-	else
-	    {
-	    printf("Invalid parameter: %s\n", argv[1]);
-	    return 0;
-	    }
-	if (argc < 3)
-	    {
-	    printf("Missing parameter\n");
-	    return 0;
-	    }
-	if (d_opt)
-	    rqlist = argv[2];
-	else
-	    strcpy(fn, argv[2]);
-	}
-    if (d_opt)
-	{ /* list of files (directory) */
-	if (!(fp = fopen(rqlist, "r")))
-	    {
-	    printf("Cannot open req list file\n");
-	    return -1;
-	    }
-	while (fgets(fn, sizeof(fn), fp))
-	    {
-	    strtok(fn, "\r\n");
-	    strcpy(rfn, fn);
-	    printf("Processing: %s\n", rfn);
-	    if (proc_file(rfn))
-		{
-		printf(">>> Processing failed for: %s <<<\n", rfn);
-		exit(1);
-		}
-	    }
-	fclose(fp);
-	}
-    else /* single file */
-	{
-	printf("Processing: %s\n", fn);
-	if (proc_file(fn))
-	    {
-	    printf(">>> Processing failed for: %s <<<\n", fn);
-	    }
-	}
-    return 0;
-    }
--- a/fips/dsa/.cvsignore
+++ b/fips/dsa/.cvsignore
@@ -1,4 +0,0 @@
-Makefile.save
-lib
-fips_dssvs
-fips_dssvs.sha1
--- a/fips/dsa/Makefile.ssl
+++ b/fips/dsa/Makefile.ssl
@@ -1,156 +0,0 @@
-#
-# SSLeay/fips/dsa/Makefile
-#
-
-DIR=	dsa
-TOP=	../..
-CC=	cc
-INCLUDES=
-CFLAG=-g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPPROG=	makedepend
-MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=fips_dsatest.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_dsa_ossl.c fips_dsa_gen.c fips_dsa_selftest.c
-LIBOBJ=fips_dsa_ossl.o fips_dsa_gen.o fips_dsa_selftest.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=	$(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
-
-all:	check lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	$(RANLIB) $(LIB) || echo Never mind.
-	@sleep 2; touch lib
-
-check:
-	TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
-
-files:
-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	@$(TOP)/util/point.sh Makefile.ssl Makefile
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
-	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
-
-install:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-top_fips_dssvs:
-	(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_dssvs sub_target)
-
-fips_dssvs: fips_dssvs.o $(TOP)/libcrypto.a
-	$(CC) $(CFLAGS) -o fips_dssvs fips_dssvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_dssvs
-
-Q=../testvectors/dsa/req
-A=../testvectors/dsa/rsp
-
-fips_test: top_fips_dssvs
-	-rm -rf $A
-	mkdir $A
-	./fips_dssvs prime < $Q/prime.req > $A/prime.rsp
-	./fips_dssvs pqg < $Q/pqg.req > $A/pqg.rsp
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
-
-dclean:
-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-fips_dsa_gen.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
-fips_dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fips_dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_gen.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-fips_dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-fips_dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-fips_dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-fips_dsa_gen.o: ../../include/openssl/opensslconf.h
-fips_dsa_gen.o: ../../include/openssl/opensslv.h
-fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-fips_dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-fips_dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-fips_dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-fips_dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-fips_dsa_gen.o: ../../include/openssl/ui_compat.h fips_dsa_gen.c
-fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-fips_dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-fips_dsa_ossl.o: ../../include/openssl/lhash.h
-fips_dsa_ossl.o: ../../include/openssl/opensslconf.h
-fips_dsa_ossl.o: ../../include/openssl/opensslv.h
-fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-fips_dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_dsa_ossl.o: ../../include/openssl/ui.h fips_dsa_ossl.c
-fips_dsa_selftest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dsa_selftest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-fips_dsa_selftest.o: ../../include/openssl/lhash.h
-fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
-fips_dsa_selftest.o: ../../include/openssl/opensslv.h
-fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
-fips_dsa_selftest.o: ../../include/openssl/safestack.h
-fips_dsa_selftest.o: ../../include/openssl/stack.h
-fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
-fips_dsatest.o: ../../e_os.h ../../include/openssl/asn1.h
-fips_dsatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dsatest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fips_dsatest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsatest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-fips_dsatest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_dsatest.o: ../../include/openssl/lhash.h
-fips_dsatest.o: ../../include/openssl/opensslconf.h
-fips_dsatest.o: ../../include/openssl/opensslv.h
-fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsatest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-fips_dsatest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_dsatest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_dsatest.o: fips_dsatest.c
--- a/fips/dsa/fingerprint.sha1
+++ b/fips/dsa/fingerprint.sha1
@@ -1,3 +0,0 @@
-SHA1(fips_dsa_ossl.c)= 7902d159932771d749ecba2ebf78995240356990
-SHA1(fips_dsa_gen.c)= 37549c7769084e9989a3a26f7732557d3b691812
-SHA1(fips_dsa_selftest.c)= d638e2d13912befe42e0ed6efa8a27719b6689d5
--- a/fips/dsa/fips_dsa_gen.c
+++ b/fips/dsa/fips_dsa_gen.c
@@ -1,306 +0,0 @@
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
-
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-/*#include "cryptlib.h"*/
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_SHA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_RAND
-#include <openssl/rand.h>
-#endif
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-
-#ifdef OPENSSL_FIPS
-
-DSA *DSA_generate_parameters(int bits,
-		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret,
-		void (*callback)(int, int, void *),
-		void *cb_arg)
-	{
-	int ok=0;
-	unsigned char seed[SHA_DIGEST_LENGTH];
-	unsigned char md[SHA_DIGEST_LENGTH];
-	unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
-	BIGNUM *r0,*W,*X,*c,*test;
-	BIGNUM *g=NULL,*q=NULL,*p=NULL;
-	BN_MONT_CTX *mont=NULL;
-	int k,n=0,i,b,m=0;
-	int counter=0;
-	int r=0;
-	BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
-	unsigned int h=2;
-	DSA *ret=NULL;
-	unsigned char *seed_out=seed_in;
-
-	if (bits < 512) bits=512;
-	bits=(bits+63)/64*64;
-
-	if (seed_len < 20)
-		seed_in = NULL; /* seed buffer too small -- ignore */
-	if (seed_len > 20) 
-		seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
-		                * but our internal buffers are restricted to 160 bits*/
-	if ((seed_in != NULL) && (seed_len == 20))
-		memcpy(seed,seed_in,seed_len);
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	if ((ctx2=BN_CTX_new()) == NULL) goto err;
-	if ((ctx3=BN_CTX_new()) == NULL) goto err;
-	if ((ret=DSA_new()) == NULL) goto err;
-
-	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
-	BN_CTX_start(ctx2);
-	r0 = BN_CTX_get(ctx2);
-	g = BN_CTX_get(ctx2);
-	W = BN_CTX_get(ctx2);
-	q = BN_CTX_get(ctx2);
-	X = BN_CTX_get(ctx2);
-	c = BN_CTX_get(ctx2);
-	p = BN_CTX_get(ctx2);
-	test = BN_CTX_get(ctx2);
-
-	BN_lshift(test,BN_value_one(),bits-1);
-
-	for (;;)
-		{
-		for (;;) /* find q */
-			{
-			int seed_is_random;
-
-			/* step 1 */
-			if (callback != NULL) callback(0,m++,cb_arg);
-
-			if (!seed_len)
-				{
-				if(RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH) < 0)
-					goto err;
-				seed_is_random = 1;
-				}
-			else
-				{
-				seed_is_random = 0;
-				seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
-				}
-			memcpy(buf,seed,SHA_DIGEST_LENGTH);
-			memcpy(buf2,seed,SHA_DIGEST_LENGTH);
-			/* precompute "SEED + 1" for step 7: */
-			for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-				{
-				buf[i]++;
-				if (buf[i] != 0) break;
-				}
-
-			/* step 2 */
-			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
-			for (i=0; i<SHA_DIGEST_LENGTH; i++)
-				md[i]^=buf2[i];
-
-			/* step 3 */
-			md[0]|=0x80;
-			md[SHA_DIGEST_LENGTH-1]|=0x01;
-			if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
-
-			/* step 4 */
-			r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
-			if (r > 0)
-				break;
-			if (r != 0)
-				goto err;
-
-			/* do a callback call */
-			/* step 5 */
-			}
-
-		if (callback != NULL) callback(2,0,cb_arg);
-		if (callback != NULL) callback(3,0,cb_arg);
-
-		/* step 6 */
-		counter=0;
-		/* "offset = 2" */
-
-		n=(bits-1)/160;
-		b=(bits-1)-n*160;
-
-		for (;;)
-			{
-			if (callback != NULL && counter != 0)
-				callback(0,counter,cb_arg);
-
-			/* step 7 */
-			BN_zero(W);
-			/* now 'buf' contains "SEED + offset - 1" */
-			for (k=0; k<=n; k++)
-				{
-				/* obtain "SEED + offset + k" by incrementing: */
-				for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-					{
-					buf[i]++;
-					if (buf[i] != 0) break;
-					}
-
-				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-
-				/* step 8 */
-				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
-					goto err;
-				BN_lshift(r0,r0,160*k);
-				BN_add(W,W,r0);
-				}
-
-			/* more of step 8 */
-			BN_mask_bits(W,bits-1);
-			BN_copy(X,W); /* this should be ok */
-			BN_add(X,X,test); /* this should be ok */
-
-			/* step 9 */
-			BN_lshift1(r0,q);
-			BN_mod(c,X,r0,ctx);
-			BN_sub(r0,c,BN_value_one());
-			BN_sub(p,X,r0);
-
-			/* step 10 */
-			if (BN_cmp(p,test) >= 0)
-				{
-				/* step 11 */
-				r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
-				if (r > 0)
-						goto end; /* found it */
-				if (r != 0)
-					goto err;
-				}
-
-			/* step 13 */
-			counter++;
-			/* "offset = offset + n + 1" */
-
-			/* step 14 */
-			if (counter >= 4096) break;
-			}
-		}
-end:
-	if (callback != NULL) callback(2,1,cb_arg);
-
-	/* We now need to generate g */
-	/* Set r0=(p-1)/q */
-	BN_sub(test,p,BN_value_one());
-	BN_div(r0,NULL,test,q,ctx);
-
-	BN_set_word(test,h);
-	BN_MONT_CTX_set(mont,p,ctx);
-
-	for (;;)
-		{
-		/* g=test^r0%p */
-		BN_mod_exp_mont(g,test,r0,p,ctx,mont);
-		if (!BN_is_one(g)) break;
-		BN_add(test,test,BN_value_one());
-		h++;
-		}
-
-	if (callback != NULL) callback(3,1,cb_arg);
-
-	ok=1;
-err:
-	if (!ok)
-		{
-		if (ret != NULL) DSA_free(ret);
-		}
-	else
-		{
-		ret->p=BN_dup(p);
-		ret->q=BN_dup(q);
-		ret->g=BN_dup(g);
-		if(seed_out != NULL) memcpy(seed_out,seed,20);
-		if (counter_ret != NULL) *counter_ret=counter;
-		if (h_ret != NULL) *h_ret=h;
-		}
-	if (ctx != NULL) BN_CTX_free(ctx);
-	if (ctx2 != NULL)
-		{
-		BN_CTX_end(ctx2);
-		BN_CTX_free(ctx2);
-		}
-	if (ctx3 != NULL) BN_CTX_free(ctx3);
-	if (mont != NULL) BN_MONT_CTX_free(mont);
-	return(ok?ret:NULL);
-	}
-#endif
-
-#endif
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@@ -1,374 +0,0 @@
-/* crypto/dsa/dsa_ossl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>
-
-#ifdef OPENSSL_FIPS
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-		  DSA *dsa);
-static int dsa_init(DSA *dsa);
-static int dsa_finish(DSA *dsa);
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-		BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-		BN_MONT_CTX *in_mont);
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-				const BIGNUM *m, BN_CTX *ctx,
-				BN_MONT_CTX *m_ctx);
-
-static DSA_METHOD openssl_dsa_meth = {
-"OpenSSL FIPS DSA method",
-dsa_do_sign,
-dsa_sign_setup,
-dsa_do_verify,
-dsa_mod_exp,
-dsa_bn_mod_exp,
-dsa_init,
-dsa_finish,
-0,
-NULL
-};
-
-int FIPS_dsa_check(struct dsa_st *dsa)
-    {
-    if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign
-       || dsa->meth->dsa_sign_setup != dsa_sign_setup
-       || dsa->meth->dsa_mod_exp != dsa_mod_exp
-       || dsa->meth->bn_mod_exp != dsa_bn_mod_exp
-       || dsa->meth->init != dsa_init
-       || dsa->meth->finish != dsa_finish)
-	{
-	FIPSerr(FIPS_F_FIPS_DSA_CHECK,FIPS_R_NON_FIPS_METHOD);
-	return 0;
-	}
-    return 1;
-    }
-
-const DSA_METHOD *DSA_OpenSSL(void)
-{
-	return &openssl_dsa_meth;
-}
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-	{
-	BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
-	BIGNUM m;
-	BIGNUM xr;
-	BN_CTX *ctx=NULL;
-	int i,reason=ERR_R_BN_LIB;
-	DSA_SIG *ret=NULL;
-
-	BN_init(&m);
-	BN_init(&xr);
-
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		reason=DSA_R_MISSING_PARAMETERS;
-		goto err;
-		}
-
-	s=BN_new();
-	if (s == NULL) goto err;
-
-	i=BN_num_bytes(dsa->q); /* should be 20 */
-	if ((dlen > i) || (dlen > 50))
-		{
-		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
-		goto err;
-		}
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	if ((dsa->kinv == NULL) || (dsa->r == NULL))
-		{
-		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-		}
-	else
-		{
-		kinv=dsa->kinv;
-		dsa->kinv=NULL;
-		r=dsa->r;
-		dsa->r=NULL;
-		}
-
-	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
-
-	/* Compute  s = inv(k) (m + xr) mod q */
-	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
-	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
-	if (BN_cmp(s,dsa->q) > 0)
-		BN_sub(s,s,dsa->q);
-	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
-	ret=DSA_SIG_new();
-	if (ret == NULL) goto err;
-	ret->r = r;
-	ret->s = s;
-	
-err:
-	if (!ret)
-		{
-		DSAerr(DSA_F_DSA_DO_SIGN,reason);
-		BN_free(r);
-		BN_free(s);
-		}
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_clear_free(&m);
-	BN_clear_free(&xr);
-	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
-	    BN_clear_free(kinv);
-	return(ret);
-	}
-
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-	{
-	BN_CTX *ctx;
-	BIGNUM k,*kinv=NULL,*r=NULL;
-	int ret=0;
-
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
-		return 0;
-		}
-
-	BN_init(&k);
-
-	if (ctx_in == NULL)
-		{
-		if ((ctx=BN_CTX_new()) == NULL) goto err;
-		}
-	else
-		ctx=ctx_in;
-
-	if ((r=BN_new()) == NULL) goto err;
-	kinv=NULL;
-
-	/* Get random k */
-	do
-		if (!BN_rand_range(&k, dsa->q)) goto err;
-	while (BN_is_zero(&k));
-
-	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
-		{
-		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-				dsa->p,ctx)) goto err;
-		}
-
-	/* Compute r = (g^k mod p) mod q */
-	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
-		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
-	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
-	/* Compute  part of 's = inv(k) (m + xr) mod q' */
-	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
-	if (*kinvp != NULL) BN_clear_free(*kinvp);
-	*kinvp=kinv;
-	kinv=NULL;
-	if (*rp != NULL) BN_clear_free(*rp);
-	*rp=r;
-	ret=1;
-err:
-	if (!ret)
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-		if (kinv != NULL) BN_clear_free(kinv);
-		if (r != NULL) BN_clear_free(r);
-		}
-	if (ctx_in == NULL) BN_CTX_free(ctx);
-	if (kinv != NULL) BN_clear_free(kinv);
-	BN_clear_free(&k);
-	return(ret);
-	}
-
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-		  DSA *dsa)
-	{
-	BN_CTX *ctx;
-	BIGNUM u1,u2,t1;
-	BN_MONT_CTX *mont=NULL;
-	int ret = -1;
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
-		return -1;
-		}
-
-	BN_init(&u1);
-	BN_init(&u2);
-	BN_init(&t1);
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-		{
-		ret = 0;
-		goto err;
-		}
-	if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-		{
-		ret = 0;
-		goto err;
-		}
-
-	/* Calculate W = inv(S) mod Q
-	 * save W in u2 */
-	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
-
-	/* save M in u1 */
-	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
-
-	/* u1 = M * w mod q */
-	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
-
-	/* u2 = r * w mod q */
-	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
-
-	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
-		{
-		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-				dsa->p,ctx)) goto err;
-		}
-	mont=(BN_MONT_CTX *)dsa->method_mont_p;
-
-#if 0
-	{
-	BIGNUM t2;
-
-	BN_init(&t2);
-	/* v = ( g^u1 * y^u2 mod p ) mod q */
-	/* let t1 = g ^ u1 mod p */
-	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
-	/* let t2 = y ^ u2 mod p */
-	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
-	/* let u1 = t1 * t2 mod p */
-	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
-	BN_free(&t2);
-	}
-	/* let u1 = u1 mod q */
-	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
-#else
-	{
-	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
-						dsa->p,ctx,mont)) goto err;
-	/* BN_copy(&u1,&t1); */
-	/* let u1 = u1 mod q */
-	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
-	}
-#endif
-	/* V is now in u1.  If the signature is correct, it will be
-	 * equal to R. */
-	ret=(BN_ucmp(&u1, sig->r) == 0);
-
-	err:
-	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_free(&u1);
-	BN_free(&u2);
-	BN_free(&t1);
-	return(ret);
-	}
-
-static int dsa_init(DSA *dsa)
-{
-	dsa->flags|=DSA_FLAG_CACHE_MONT_P;
-	return(1);
-}
-
-static int dsa_finish(DSA *dsa)
-{
-	if(dsa->method_mont_p)
-		BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
-	return(1);
-}
-
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-		BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-		BN_MONT_CTX *in_mont)
-{
-	return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
-}
-	
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-				const BIGNUM *m, BN_CTX *ctx,
-				BN_MONT_CTX *m_ctx)
-{
-	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
-}
-
-#else /* ndef OPENSSL_FIPS */
-
-static void *dummy=&dummy;
-
-#endif /* ndef OPENSSL_FIPS */
--- a/fips/dsa/fips_dsa_selftest.c
+++ b/fips/dsa/fips_dsa_selftest.c
@@ -1,162 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_FIPS
-
-/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
- * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
-static unsigned char seed[20]={
-	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
-	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
-	};
-
-static unsigned char out_p[]={
-	0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
-	0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
-	0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
-	0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
-	0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
-	0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
-	0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
-	0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
-	};
-
-static unsigned char out_q[]={
-	0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
-	0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
-	0xda,0xce,0x91,0x5f,
-	};
-
-static unsigned char out_g[]={
-	0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
-	0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
-	0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
-	0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
-	0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
-	0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
-	0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
-	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
-	};
-
-static const unsigned char str1[]="12345678901234567890";
-
-int FIPS_selftest_dsa()
-    {
-    DSA *dsa=NULL;
-    int counter,i,j;
-    unsigned char buf[256];
-    unsigned long h;
-    unsigned char sig[256];
-    unsigned int siglen;
-
-    dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
-
-    if(dsa == NULL)
-	{
-	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-	return 0;
-	}
-    if (counter != 105) 
-	{
-	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-	return 0;
-	}
-    if (h != 2)
-	{
-	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-	return 0;
-	}
-    i=BN_bn2bin(dsa->q,buf);
-    j=sizeof(out_q);
-    if (i != j || memcmp(buf,out_q,i) != 0)
-	{
-	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-	return 0;
-	}
-
-    i=BN_bn2bin(dsa->p,buf);
-    j=sizeof(out_p);
-    if (i != j || memcmp(buf,out_p,i) != 0)
-	{
-	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-	return 0;
-	}
-
-    i=BN_bn2bin(dsa->g,buf);
-    j=sizeof(out_g);
-    if (i != j || memcmp(buf,out_g,i) != 0)
-	{
-	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-	return 0;
-	}
-    DSA_generate_key(dsa);
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
-	{
-	FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-	return 0;
-	}
-    DSA_free(dsa);
-    return 1;
-    }
-#endif
--- a/fips/dsa/fips_dsatest.c
+++ b/fips/dsa/fips_dsatest.c
@@ -1,257 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-
-#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
-int main(int argc, char *argv[])
-{
-    printf("No FIPS DSA support\n");
-    return(0);
-}
-#else
-#include <openssl/dsa.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK     _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
-
-/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
- * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
-static unsigned char seed[20]={
-	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
-	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
-	};
-
-static unsigned char out_p[]={
-	0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
-	0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
-	0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
-	0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
-	0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
-	0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
-	0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
-	0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
-	};
-
-static unsigned char out_q[]={
-	0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
-	0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
-	0xda,0xce,0x91,0x5f,
-	};
-
-static unsigned char out_g[]={
-	0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
-	0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
-	0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
-	0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
-	0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
-	0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
-	0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
-	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
-	};
-
-static const unsigned char str1[]="12345678901234567890";
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static const unsigned char rnd_key1[]="12345678";
-static const unsigned char rnd_key2[]="abcdefgh";
-
-static BIO *bio_err=NULL;
-
-int main(int argc, char **argv)
-	{
-	DSA *dsa=NULL;
-	int counter,ret=0,i,j;
-	unsigned char buf[256];
-	unsigned long h;
-	unsigned char sig[256];
-	unsigned int siglen;
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-#ifdef OPENSSL_FIPS
-	if(!FIPS_mode_set(1,argv[0]))
-	    {
-	    ERR_print_errors(bio_err);
-	    exit(1);
-	    }
-#endif
-	CRYPTO_malloc_debug_init();
-	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-	FIPS_set_prng_key(rnd_key1,rnd_key2);
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
-	BIO_printf(bio_err,"test generation of DSA parameters\n");
-
-	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
-
-	BIO_printf(bio_err,"seed\n");
-	for (i=0; i<20; i+=4)
-		{
-		BIO_printf(bio_err,"%02X%02X%02X%02X ",
-			seed[i],seed[i+1],seed[i+2],seed[i+3]);
-		}
-	BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
-		
-	if (dsa == NULL) goto end;
-	DSA_print(bio_err,dsa,0);
-	if (counter != 105) 
-		{
-		BIO_printf(bio_err,"counter should be 105\n");
-		goto end;
-		}
-	if (h != 2)
-		{
-		BIO_printf(bio_err,"h should be 2\n");
-		goto end;
-		}
-
-	i=BN_bn2bin(dsa->q,buf);
-	j=sizeof(out_q);
-	if ((i != j) || (memcmp(buf,out_q,i) != 0))
-		{
-		BIO_printf(bio_err,"q value is wrong\n");
-		goto end;
-		}
-
-	i=BN_bn2bin(dsa->p,buf);
-	j=sizeof(out_p);
-	if ((i != j) || (memcmp(buf,out_p,i) != 0))
-		{
-		BIO_printf(bio_err,"p value is wrong\n");
-		goto end;
-		}
-
-	i=BN_bn2bin(dsa->g,buf);
-	j=sizeof(out_g);
-	if ((i != j) || (memcmp(buf,out_g,i) != 0))
-		{
-		BIO_printf(bio_err,"g value is wrong\n");
-		goto end;
-		}
-	DSA_generate_key(dsa);
-	DSA_sign(0, str1, 20, sig, &siglen, dsa);
-	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-		ret=1;
-end:
-	if (!ret)
-		ERR_print_errors(bio_err);
-	if (dsa != NULL) DSA_free(dsa);
-	CRYPTO_cleanup_all_ex_data();
-	ERR_remove_state(0);
-	ERR_free_strings();
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL)
-		{
-		BIO_free(bio_err);
-		bio_err = NULL;
-		}
-	EXIT(!ret);
-	return(0);
-	}
-
-static int cb_exit(int ec)
-	{
-	EXIT(ec);
-	return(0);		/* To keep some compilers quiet */
-	}
-
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
-	{
-	char c='*';
-	static int ok=0,num=0;
-
-	if (p == 0) { c='.'; num++; };
-	if (p == 1) c='+';
-	if (p == 2) { c='*'; ok++; }
-	if (p == 3) c='\n';
-	BIO_write(arg,&c,1);
-	(void)BIO_flush(arg);
-
-	if (!ok && (p == 0) && (num > 1))
-		{
-		BIO_printf((BIO *)arg,"error in dsatest\n");
-		cb_exit(1);
-		}
-	}
-#endif
--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -1,144 +0,0 @@
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <string.h>
-
-int hex2bin(const char *in, unsigned char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1=0,n2=0 ; in[n1] ; )
-	{ /* first byte */
-	if ((in[n1] >= '0') && (in[n1] <= '9'))
-	    ch = in[n1++] - '0';
-	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	    ch = in[n1++] - 'A' + 10;
-	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	    ch = in[n1++] - 'a' + 10;
-	else
-	    return -1;
-	if(!in[n1])
-	    {
-	    out[n2++]=ch;
-	    break;
-	    }
-	out[n2] = ch << 4;
-	/* second byte */
-	if ((in[n1] >= '0') && (in[n1] <= '9'))
-	    ch = in[n1++] - '0';
-	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-	    ch = in[n1++] - 'A' + 10;
-	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-	    ch = in[n1++] - 'a' + 10;
-	else
-	    return -1;
-	out[n2++] |= ch;
-	}
-    return n2;
-    }
-
-int bin2hex(const unsigned char *in,int len,char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1=0,n2=0 ; n1 < len ; ++n1)
-	{
-	ch=in[n1] >> 4;
-	if (ch <= 0x09)
-	    out[n2++]=ch+'0';
-	else
-	    out[n2++]=ch-10+'a';
-	ch=in[n1] & 0x0f;
-	if(ch <= 0x09)
-	    out[n2++]=ch+'0';
-	else
-	    out[n2++]=ch-10+'a';
-	}
-    out[n2]='\0';
-    return n2;
-    }
-
-void pv(char *tag,const unsigned char *val,int len)
-    {
-    char obuf[2048];
-    int olen;
-
-    olen=bin2hex(val,len,obuf);
-    printf("%s= %s\n", tag,obuf);
-    }
-
-void primes()
-    {
-    char buf[10240];
-
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-	{
-	fputs(buf,stdout);
-	if(!strncmp(buf,"Prime= ",7))
-	    {
-	    BIGNUM *pp;
-
-	    pp=BN_new();
-	    BN_hex2bn(&pp,buf+7);
-	    printf("result= %c\n",
-		   BN_is_prime(pp,20,NULL,NULL,NULL) ? 'P' : 'F');
-	    }	    
-	}
-    }
-
-void pqg()
-    {
-    char buf[1024];
-    int nmod=0;
-
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-	{
-	fputs(buf,stdout);
-	if(!strncmp(buf,"[mod=",5))
-	    nmod=atoi(buf+5);
-	else if(!strncmp(buf,"N= ",3))
-	    {
-	    int n=atoi(buf+3);
-
-	    while(n--)
-		{
-		unsigned char seed[20];
-		DSA *dsa;
-		int counter;
-		unsigned long h;
-
-		dsa=DSA_generate_parameters(nmod,seed,0,&counter,&h,NULL,NULL);
-		printf("P= %s\n",BN_bn2hex(dsa->p));
-		printf("Q= %s\n",BN_bn2hex(dsa->q));
-		printf("G= %s\n",BN_bn2hex(dsa->g));
-		pv("Seed",seed,20);
-		printf("H= %lx\n",h);
-		printf("C= %d\n",counter);
-		}
-	    }
-	}
-    }
-
-int main(int argc,char **argv)
-    {
-    if(argc != 2)
-	{
-	fprintf(stderr,"%s [primes|pqg]\n",argv[0]);
-	exit(1);
-	}
-    if(!FIPS_mode_set(1,argv[0]))
-	{
-	ERR_load_crypto_strings();
-	ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-	exit(1);
-	}
-    if(!strcmp(argv[1],"primes"))
-	primes();
-    else
-	pqg();
-
-    return 0;
-    }
--- a/fips/fingerprint.sha1
+++ b/fips/fingerprint.sha1
@@ -1,4 +0,0 @@
-SHA1(fips.c)= 6331570426ef9f1cd6622c3ae7f6db7326c8809c
-SHA1(fips_err_wrapper.c)= ad4a2ffa18743c83827de398c811eb6124ba0b27
-SHA1(fips.h)= cef56e132e951f416f598141e9b71f54a080b0b7
-SHA1(fips_err.h)= d56d682b246db2aa10cd51de8659bd06b1be78d9
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -1,166 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <limits.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-int FIPS_md5_allowed;
-
-int FIPS_selftest()
-    {
-    ERR_load_crypto_strings();
-
-    return FIPS_selftest_sha1()
-	&& FIPS_selftest_aes()
-	&& FIPS_selftest_des()
-	&& FIPS_selftest_rsa()
-	&& FIPS_selftest_dsa();
-    }
-
-static int FIPS_check_exe(const char *path)
-    {
-    BIO *bio, *md;
-    char buf[1024];
-    char p2[PATH_MAX];
-    int n;
-    char mdbuf[EVP_MAX_MD_SIZE];
-
-    bio=BIO_new_file(path,"rb");
-    if(!bio)
-	{
-	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
-	return 0;
-	}
-    md=BIO_new(BIO_f_md());
-    BIO_set_md(md,EVP_sha1());
-    bio=BIO_push(md,bio);
-    do
-	{
-	n=BIO_read(bio,buf,sizeof buf);
-	if(n < 0)
-	    {
-	    BIO_free_all(bio);
-	    FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
-	    return 0;
-	    }
-	} while(n > 0);
-    BIO_gets(md,mdbuf,EVP_MAX_MD_SIZE);
-    BIO_free_all(bio);
-    BIO_snprintf(p2,sizeof p2,"%s.sha1",path);
-    bio=BIO_new_file(p2,"rb");
-    if(!bio || BIO_read(bio,buf,20) != 20)
-	{
-	BIO_free(bio);
-	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
-	return 0;
-	}
-    BIO_free(bio);
-    if(memcmp(buf,mdbuf,20))
-	{
-	FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
-	return 0;
-	}
-    return 1;
-    }
-
-int FIPS_mode_set(int onoff,const char *path)
-    {
-    if(onoff)
-	{
-	unsigned char buf[24];
-
-	/* Don't go into FIPS mode twice, just so we can do automagic
-	   seeding */
-	if(FIPS_mode)
-	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
-
-	if(!FIPS_check_exe(path))
-	    return 0;
-
-	/* automagically seed PRNG if not already seeded */
-	if(!FIPS_rand_seeded())
-	    {
-	    RAND_bytes(buf,sizeof buf);
-	    FIPS_set_prng_key(buf,buf+8);
-	    FIPS_rand_seed(buf+16,8);
-	    }
-
-	/* now switch into FIPS mode */
-	FIPS_rand_check=&rand_fips_meth;
-	RAND_set_rand_method(&rand_fips_meth);
-	FIPS_mode=onoff;
-	return FIPS_selftest();
-	}
-    FIPS_mode=onoff;
-    return 1;
-    }
-
-void FIPS_allow_md5(int onoff)
-    {
-    FIPS_md5_allowed=onoff;
-    }
-
-#if 0
-/* here just to cause error codes to exist */
-static void dummy()
-    {
-    FIPSerr(FIPS_F_HASH_FINAL,FIPS_F_NON_FIPS_METHOD);
-    }
-#endif
-
-#endif
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dr. Stephen Henson	68f0bcfbc3	Changes for release	2003-09-30 12:08:23 +00:00
Dr. Stephen Henson	662ede2370	Fix for ASN1 parsing bugs.	2003-09-30 12:05:44 +00:00
Dr. Stephen Henson	d0edf6e593	make update	2003-09-29 20:17:37 +00:00
Dr. Stephen Henson	c93f908f7f	Fix to make it compile under Win32.	2003-09-29 17:10:01 +00:00
Richard Levitte	16d2a7caef	Further VxWorks changes from Bob Bradley <bob@chaoticsoftware.com>, this time involving VxWorks on MIPS	2003-09-28 14:07:01 +00:00
Richard Levitte	b7b5cd6132	make update	2003-09-28 09:25:33 +00:00
Richard Levitte	71583fb0d7	Uhmm, It seem to have forgotten one file when I committed the MSDOS change yesterday. PR: 669	2003-09-28 07:11:37 +00:00
Richard Levitte	058f86e9e0	Change the indentation from 12 to indent+4. PR: 657	2003-09-27 22:48:36 +00:00
Richard Levitte	4509102cb9	Make MD5 assembler code able to handle messages larger than 2GB on 32-bit systems and above. PR: 664	2003-09-27 22:14:47 +00:00
Richard Levitte	87c99c59bd	Selected changes for MSDOS, contributed by Gisle Vanem <giva@bgnett.no>. PR: 669	2003-09-27 21:56:12 +00:00
Richard Levitte	732d1bf43a	Add reference counting around the thread state hash table. Unfortunately, this means that the dynamic ENGINE version just went up, and isn't backward compatible. PR: 678	2003-09-27 20:29:11 +00:00
Richard Levitte	88fd7424f6	Have ssl3_ssl3_send_client_verify() change the state to SSL3_ST_SW_CERT_VRFY_B. PR: 679	2003-09-27 19:32:09 +00:00
Richard Levitte	30a452ab32	Have ssl3_send_certificate_request() change the state to SSL3_ST_SW_CERT_REQ_B. PR: 680	2003-09-27 19:27:09 +00:00
Richard Levitte	9c90f27dac	Remove extra argument to BIO_printf(). PR: 685	2003-09-27 18:31:41 +00:00
Richard Levitte	ec4e600da6	Include the instance in the Kerberos ticket information. In s_server, print the received Kerberos information. PR: 693	2003-09-27 17:55:18 +00:00
Richard Levitte	4097dce455	Correct small documentation error. PR: 698	2003-09-27 10:39:19 +00:00
Richard Levitte	c9b552534e	Free the Kerberos context upon freeing the SSL. Contributed by Andrew Mann <amann@tccgi.com>	2003-09-27 07:33:28 +00:00
Richard Levitte	f0ad5fc2ab	Add necessary changes to be able to build on VxWorks for PPC860. Contributed by Bob Bradley <bob@chaoticsoftware.com>	2003-09-27 07:24:47 +00:00
Dr. Stephen Henson	5f444c8fcd	In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.	2003-09-21 02:15:07 +00:00
Geoff Thorpe	62afa8bd58	These should be write-locks, not read-locks.	2003-09-08 16:00:46 +00:00
Bodo Möller	2689b8f326	certain changes have to be listed twice in this file because OpenSSL 0.9.6h forked into 0.9.6i and 0.9.7 ...	2003-09-04 12:52:10 +00:00
Dr. Stephen Henson	bd69ac5c93	New -ignore_err option in ocsp application to stop the server exiting on the first error in a request.	2003-09-03 23:54:00 +00:00
Dr. Stephen Henson	33ed371ec9	Only accept a client certificate if the server requests one, as required by SSL/TLS specs.	2003-09-03 23:42:17 +00:00
Dr. Stephen Henson	3b07c32fe7	outlen should be int * in out_utf8.	2003-08-21 12:31:17 +00:00
Bodo Möller	9cc513a000	fix out-of-bounds check in lock_dbg_cb (was too lose to detect all invalid cases) PR: 674	2003-08-14 10:33:26 +00:00
Richard Levitte	cac32e5acd	Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw weren't due to that, but to a change on the SCO machines I used for testing, where my $PATH was suddenly incorrect.	2003-08-14 06:54:29 +00:00
Bodo Möller	0e9edc98d4	make sure no error is left in the queue that is intentionally ignored	2003-08-11 18:56:19 +00:00
Richard Levitte	27bd937cc0	Don't fiddle with LD_LIBRARY_PATH when building non-static.	2003-08-11 11:46:01 +00:00
Richard Levitte	f56c451143	Oops, removed a little too much.	2003-08-11 09:56:17 +00:00
Richard Levitte	05a1f76093	make update	2003-08-11 09:53:24 +00:00
Richard Levitte	4ed9388e5d	A new branch for FIPS-related changes has been created with the name OpenSSL-fips-0_9_7-stable. Since the 0.9.7-stable branch is supposed to be in freeze and should only contain bug corrections, this change removes the FIPS changes from that branch.	2003-08-11 09:37:17 +00:00