Build fips_premain_dso.exe in static build too.

Build standalone exe after copying headers.
Use and build fips_premain_dso.exe and fips_standalone_sha1.exe from VC++
2006-02-07 17:14:04 +00:00 · 2006-02-07 15:09:00 +00:00 · 2006-02-06 14:16:38 +00:00 · 2006-02-06 00:48:37 +00:00 · 2006-02-05 23:49:07 +00:00 · 2006-02-05 21:36:41 +00:00
214 changed files with 2900 additions and 1176 deletions
--- a/60
+++ b/60
@@ -2,7 +2,34 @@
 OpenSSL CHANGES
 _______________
- Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
+ Changes between 0.9.7i and 0.9.7j  [XX xxx XXXX]
  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make 
     from a Windows bash shell such as MSYS. It is autodetected from the
     "config" script when run from a VC++ environment. Modify standard VC++
     build to use fipscanister.o from the GNU make build. 
     [Steve Henson]
 Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
     The value now differs depending on if you build for FIPS or not.
     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
     safely run with a non-FIPSed libcrypto, as it may crash because of
     the difference induced by this change.
     [Andy Polyakov]
 Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
     (part of SSL_OP_ALL).  This option used to disable the
     countermeasure against man-in-the-middle protocol-version
     rollback in the SSL 2.0 server implementation, which is a bad
     idea.  (CVE-2005-2969)
     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
     for Information Security, National Institute of Advanced Industrial
     Science and Technology [AIST], Japan)]
  *) Minimal support for X9.31 signatures and PSS padding modes. This is
     mainly for FIPS compliance and not fully integrated at this stage.
@@ -53,6 +80,9 @@
 Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
  OpenSSL 0.9.8.]
  *) Fixes for newer kerberos headers. NB: the casts are needed because
     the 'length' field is signed on one version and unsigned on another
     with no (?) obvious way to tell the difference, without these VC++
@@ -160,11 +190,11 @@
 Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)                    
     [Joe Orton, Steve Henson]   
  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
-     (CAN-2004-0112)
+     (CVE-2004-0112)
     [Joe Orton, Steve Henson]   
  *) Make it possible to have multiple active certificates with the same
@@ -207,9 +237,9 @@
  *) Fix various bugs revealed by running the NISCC test suite:
     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
-     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
     If verify callback ignores invalid public key errors don't try to check
     certificate signature with the NULL public key.
@@ -294,7 +324,7 @@
     via timing by performing a MAC computation even if incorrrect
     block cipher padding has been found.  This is a countermeasure
     against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
+     between bad padding and a MAC verification error. (CVE-2003-0078)
     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -511,7 +541,7 @@
     Remote buffer overflow in SSL3 protocol - an attacker could
     supply an oversized master key in Kerberos-enabled versions.
-     (CAN-2002-0657)
+     (CVE-2002-0657)
     [Ben Laurie (CHATS)]
  *) Change the SSL kerb5 codes to match RFC 2712.
@@ -2195,7 +2225,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
     [Joe Orton, Steve Henson]
 Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
@@ -2203,7 +2233,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Fix additional bug revealed by the NISCC test suite:
     Stop bug triggering large recursion when presented with
-     certain ASN.1 tags (CAN-2003-0851)
+     certain ASN.1 tags (CVE-2003-0851)
     [Steve Henson]
 Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
@@ -2211,7 +2241,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Fix various bugs revealed by running the NISCC test suite:
     Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
     If verify callback ignores invalid public key errors don't try to check
     certificate signature with the NULL public key.
@@ -2263,7 +2293,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     via timing by performing a MAC computation even if incorrrect
     block cipher padding has been found.  This is a countermeasure
     against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
+     between bad padding and a MAC verification error. (CVE-2003-0078)
     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -2396,7 +2426,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Add various sanity checks to asn1_get_length() to reject
     the ASN1 length bytes if they exceed sizeof(long), will appear
     negative or the content length exceeds the length of the
-     supplied buffer. (CAN-2002-0659)
+     supplied buffer. (CVE-2002-0659)
     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
  *) Assertions for various potential buffer overflows, not known to
@@ -2404,15 +2434,15 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
     [Ben Laurie (CHATS)]
  *) Various temporary buffers to hold ASCII versions of integers were
-     too small for 64 bit platforms. (CAN-2002-0655)
+     too small for 64 bit platforms. (CVE-2002-0655)
     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
  *) Remote buffer overflow in SSL3 protocol - an attacker could
-     supply an oversized session ID to a client. (CAN-2002-0656)
+     supply an oversized session ID to a client. (CVE-2002-0656)
     [Ben Laurie (CHATS)]
  *) Remote buffer overflow in SSL2 protocol - an attacker could
-     supply an oversized client master key. (CAN-2002-0656)
+     supply an oversized client master key. (CVE-2002-0656)
     [Ben Laurie (CHATS)]
 Changes between 0.9.6c and 0.9.6d  [9 May 2002]
--- a/25
+++ b/25
@@ -205,7 +205,7 @@ my %table=(
 # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
 # SC5.0 note: Compiler common patch 107357-01 or later is required!
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
@@ -280,10 +280,10 @@ my %table=(
 "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:-b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:-b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -409,8 +409,8 @@ my %table=(
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -539,7 +539,7 @@ my %table=(
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll.a",
 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -865,6 +865,14 @@ PROCESS_ARGS:
 				{
 				$withargs{"krb5-".$1}=$2;
 				}
 			elsif (/^--with-zlib-lib=(.*)$/)
 				{
 				$withargs{"zlib-lib"}=$1;
 				}
 			elsif (/^--with-zlib-include=(.*)$/)
 				{
 				$withargs{"zlib-include"}="-I$1";
 				}
 			else
 				{
 				print STDERR $usage;
@@ -878,7 +886,7 @@ PROCESS_ARGS:
 			}
 		else
 			{
-			die "target already defined - $target\n" if ($target ne "");
+			die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
 			$target=$_;
 			}
 		unless ($_ eq $target) {
@@ -1152,6 +1160,7 @@ if (!$no_shared)
 	if ($shared_cflag ne "")
 		{
 		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
 		$shared_ldflag = "$shared_ldflag $shared_cflag" if($fips);
 		}
 	}
@@ -1308,6 +1317,8 @@ while (<IN>)
 	s/^PERL=.*/PERL= $perl/;
 	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
 	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
 	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
 	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
--- a/6
+++ b/6
@@ -70,7 +70,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7g was released on April 11, 2005.
+OpenSSL 0.9.7i was released on October 14, 2005.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -141,8 +141,8 @@ less Unix-centric, it might have been used much earlier.
 With version 0.9.6 OpenSSL was extended to interface to external crypto
 hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 (not yet released) the changes were merged into the main
+version 0.9.7 the changes were merged into the main development line,
-development line, so that the special release is no longer necessary.
+so that the special release is no longer necessary.
 * How do I check the authenticity of the OpenSSL distribution?
--- a/Makefile.org
+++ b/Makefile.org
@@ -172,11 +172,15 @@ RMD160_ASM_OBJ= asm/rm86-out.o
 KRB5_INCLUDES=
 LIBKRB5=
 # Zlib stuff
 ZLIB_INCLUDE=
 LIBZLIB=
 # When we're prepared to use shared libraries in the programs we link here
 # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
 SHLIB_MARK=
-DIRS=   crypto fips ssl $(SHLIB_MARK) sigs apps test tools
+DIRS=   crypto fips-1.0 ssl $(SHLIB_MARK) apps test tools
 SHLIBDIRS= crypto ssl
 # dirs in crypto to build
@@ -206,7 +210,6 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
 SIGS=	libcrypto.a.sha1
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
@@ -226,13 +229,6 @@ HEADER=         e_os.h
 all: Makefile sub_all openssl.pc
 sigs:	$(SIGS)
 libcrypto.a.sha1: libcrypto.a
 	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		$(RANLIB) libcrypto.a; \
 		fips/sha/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
 	fi
 sub_all:
 	@for i in $(DIRS); \
 	do \
@@ -258,9 +254,6 @@ sub_target:
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
 		$(MAKE) SHLIBDIRS=crypto build-shared; \
        	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
                    fips/sha/fips_standalone_sha1 -binary $@ > $@.$${HMAC_EXT:-sha1}; \
 		fi; \
 	else \
 		echo "There's no support for shared libraries on this platform" >&2; \
 	fi
@@ -308,7 +301,7 @@ do_gnu-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	( set -x; ${CC} ${SHARED_LDFLAGS} \
+	( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Wl,-Bsymbolic \
@@ -325,7 +318,7 @@ do_darwin-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	( set -x; ${CC} ${SHARED_LDFLAGS}
+	( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 		--verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
 		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
@@ -343,14 +336,15 @@ do_cygwin-shared:
 	[ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
 	[ -f apps/$$shlib ] && rm apps/$$shlib; \
 	[ -f test/$$shlib ] && rm test/$$shlib; \
-	base=;  [ $$i = "crypto" ] && base=-Wl,--image-base,0x61200000; \
+	base=;  [ $$i = "crypto" ] && base=-Wl,--image-base,0x63000000; \
-	( set -x; ${CC} ${SHARED_LDFLAGS} \
+	( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 		-shared $$base -o $$shlib \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
 		-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
 	cp -p $$shlib apps/; cp -p $$shlib test/; \
 	touch -c lib$$i.dll.a; \
 	libs="-l$$i $$libs"; \
 	done
@@ -363,7 +357,7 @@ do_alpha-osf1-shared:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
+		( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
@@ -382,7 +376,7 @@ do_tru64-shared:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
+		( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 			-shared -msym -o lib$$i.so \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
 			-all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
@@ -401,7 +395,7 @@ do_tru64-shared-rpath:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( set -x; ${CC} ${SHARED_LDFLAGS} \
+		( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 			-shared -msym -o lib$$i.so \
 			-rpath  ${INSTALLTOP}/lib \
 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
@@ -423,7 +417,7 @@ do_solaris-shared:
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
 		  MINUSZ='-z '; \
 		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
+		  set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-Bsymbolic \
@@ -448,7 +442,7 @@ do_svr3-shared:
 		  for obj in `ar t lib$$i.a` ; do \
 		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
+		  set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -474,7 +468,7 @@ do_svr5-shared:
 		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
 		  set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
-			${CC} ${SHARED_LDFLAGS} \
+			$${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 			$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -493,7 +487,7 @@ do_irix-shared:
 		fi; \
 		( WHOLELIB="-all lib$$i.a -none"; \
 		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
+		  set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${WHOLELIB} $$libs ${EX_LIBS}) || exit 1; \
@@ -516,9 +510,9 @@ do_hpux-shared:
 	[ -f $$shlib ] && rm -f $$shlib; \
 	ALLSYMSFLAGS='-Wl,-Fl'; \
 	expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
-	( set -x; ${CC} ${SHARED_LDFLAGS} \
+	( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
 		-Wl,-B,symbolic,+vnocompatwarnings,-z,+h,$$shlib \
-		-o $$shlib $$ALLSYMSFLAGS lib$$i.a -ldld ) || exit 1; \
+		-o $$shlib $$ALLSYMSFLAGS,lib$$i.a -ldld ) || exit 1; \
 	chmod a=rx $$shlib; \
 	done
@@ -564,7 +558,7 @@ do_aix-shared:
 	  OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
 	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
-	    $(SHAREDCMD) $(SHAREDFLAGS) \
+	    $${FIPSLD:-${CC}} $(SHAREDFLAGS) \
 		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
 		$$libs ${EX_LIBS} ) ) \
 	|| exit 1; \
@@ -580,7 +574,7 @@ do_reliantunix-shared:
 	( set -x; \
 	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
 	    cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
-	    ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+	    $${FIPSLD:-${CC}} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
 	  ) || exit 1; \
 	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
 	) || exit 1; \
@@ -726,11 +720,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
 apps/openssl-vms.cnf: apps/openssl.cnf
 	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
 crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
 	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE
-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -835,15 +833,6 @@ install_sw:
 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
 		fi; \
 	fi
 	@for i in $(SIGS) ;\
 	do \
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
 		fi; \
 	done;
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
@@ -869,8 +858,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
-			grep -v "[	]" | \
+			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -886,8 +875,8 @@ install_docs:
 			--release=$(VERSION) `basename $$i`") \
 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
 		$(PERL) util/extract-names.pl < $$i | \
-			grep -v $$filecase "^$$fn\$$" | \
+			(grep -v $$filecase "^$$fn\$$"; true) | \
-			grep -v "[	]" | \
+			(grep -v "[	]"; true) | \
 			(cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
 			 while read n; do \
 				$$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
--- a/14
+++ b/14
@@ -5,6 +5,20 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
      o Update Windows build system for FIPS.
  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
      o Fix SSL 2.0 Rollback, CAN-2005-2969
      o Allow use of fixed-length exponent on DSA signing
      o Default fixed-window RSA, DSA, DH private-key operations
  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
      o More compilation issues fixed.
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
- OpenSSL 0.9.7h-dev XX xxx XXXX
+ OpenSSL 0.9.7j-dev XX xxx XXXX
 Copyright (c) 1998-2005 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/8
+++ b/8
@@ -1,10 +1,14 @@
  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2005/04/11 15:10:06 $
+  ______________                           $Date: 2005/10/14 22:15:44 $
  DEVELOPMENT STATE
-    o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.9:  Under development...
    o  OpenSSL 0.9.8a: Released on October   11th, 2005
    o  OpenSSL 0.9.8:  Released on July       5th, 2005
    o  OpenSSL 0.9.7i: Released on October   14th, 2005
    o  OpenSSL 0.9.7h: Released on October   11th, 2005
    o  OpenSSL 0.9.7g: Released on April     11th, 2005
    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
    o  OpenSSL 0.9.7e: Released on October   25th, 2004
--- a/12
+++ b/12
@@ -127,7 +127,7 @@ $arflags      =
 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM="/dev/urandom\x24"
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@@ -2332,7 +2332,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -Wl,+s,+b,$(INSTALLTOP)/lib -ldl
-$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = asm/ia64-cpp.o
 $des_obj      = 
 $bf_obj       = 
@@ -2607,7 +2607,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -Wl,+s,+b,$(INSTALLTOP)/lib -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
 $bn_obj       = asm/ia64-cpp.o
 $des_obj      = 
 $bf_obj       = 
@@ -3082,7 +3082,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
 $bn_obj       = asm/ia64.o
 $des_obj      = 
 $bf_obj       = 
@@ -3107,7 +3107,7 @@ $unistd       =
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
 $bn_obj       = asm/ia64.o
 $des_obj      = 
 $bf_obj       = 
@@ -3920,7 +3920,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= solaris-shared
 $shared_cflag = -KPIC
-$shared_ldflag = 
+$shared_ldflag = -G -dy -z text
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -66,19 +66,19 @@ foreach (@ARGV) {
 	    exit 0;
 	} elsif (/^-newcert$/) {
 	    # create a certificate
-	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
 	    $RET=$?;
-	    print "Certificate (and private key) is in newreq.pem\n"
+	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"
 	} elsif (/^-newreq$/) {
 	    # create a certificate request
-	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Request (and private key) is in newreq.pem\n";
+	    print "Request is in newreq.pem, private key is in newkey.pem\n";
 	} elsif (/^-newreq-nodes$/) {
 	    # create a certificate request
-	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
 	    $RET=$?;
-	    print "Request (and private key) is in newreq.pem\n";
+	    print "Request is in newreq.pem, private key is in newkey.pem\n";
 	} elsif (/^-newca$/) {
 		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
@@ -118,10 +118,11 @@ foreach (@ARGV) {
 	} elsif (/^-pkcs12$/) {
 	    my $cname = $ARGV[1];
 	    $cname = "My Certificate" unless defined $cname;
-	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
 			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
 			"-export -name \"$cname\"");
 	    $RET=$?;
 	    print "PKCS #12 file is in newcert.p12\n";
 	    exit $RET;
 	} elsif (/^-xsign$/) {
 	    system ("$CA -policy policy_anything -infiles newreq.pem");
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -51,15 +51,15 @@ case $i in
    ;;
 -newcert) 
    # create a certificate
-    $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS
+    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
    RET=$?
-    echo "Certificate (and private key) is in newreq.pem"
+    echo "Certificate is in newcert.pem, private key is in newkey.pem"
    ;;
 -newreq) 
    # create a certificate request
-    $REQ -new -keyout newreq.pem -out newreq.pem $DAYS
+    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
    RET=$?
-    echo "Request (and private key) is in newreq.pem"
+    echo "Request is in newreq.pem, private key is in newkey.pem"
    ;;
 -newca)     
    # if explicitly asked for or it doesn't exist then setup the directory
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -101,8 +101,9 @@ install:
 	(echo installing $$i; \
 	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 mv -f  $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new \
-	 done;
+	 	$(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
 	) done;
 	@for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
@@ -143,17 +144,19 @@ $(DLIBCRYPTO):
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
 	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 	  FIPSLD_CC=$(CC); CC=$(TOP)/fips-1.0/fipsld; export CC FIPSLD_CC; \
 	fi; \
 	SHARED_LIBS="$(SHARED_LIBS)"; \
 	if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
 	  SHARED_LIBS=""; \
 	fi; \
 	if [ -z "$$SHARED_LIBS" ]; then \
 	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
 	elif [ -z "$(SHARED_LIBS)" ]; then \
 	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	else \
 	  set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
 	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
 	fi
 	-(cd ..; \
 	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
 	  $(PERL) tools/c_rehash certs)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -361,10 +361,17 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 		/* The start of something good :-) */
 		if (num >= arg->count)
 			{
-			arg->count+=20;
+			char **tmp_p;
-			arg->data=(char **)OPENSSL_realloc(arg->data,
+			int tlen = arg->count + 20;
-				sizeof(char *)*arg->count);
+			tmp_p = (char **)OPENSSL_realloc(arg->data,
-			if (argc == 0) return(0);
+				sizeof(char *)*tlen);
 			if (tmp_p == NULL)
 				return 0;
 			arg->data  = tmp_p;
 			arg->count = tlen;
 			/* initialize newly allocated data */
 			for (i = num; i < arg->count; i++)
 				arg->data[i] = NULL;
 			}
 		arg->data[num++]=p;
@@ -1591,8 +1598,9 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR)
+			&& errno != ENOTDIR
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1893,8 +1901,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR)
+			&& errno != ENOTDIR
 #endif
 		   )
 			goto err;
 		}
 	else
@@ -1929,8 +1938,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
 		{
 		if (errno != ENOENT 
 #ifdef ENOTDIR
-			&& errno != ENOTDIR)
+			&& errno != ENOTDIR
 #endif
 		   )
 			goto err;
 		}
 	else
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -182,7 +182,7 @@ int MAIN(int argc, char **argv)
 bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -943,7 +943,6 @@ bad:
 			if (verbose) BIO_printf(bio_err,
 				"Done. %d entries marked as expired\n",i); 
 	      		}
 			goto err;
 	  	}
 	/*****************************************************************/
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -237,14 +237,7 @@ int main(int Argc, char *Argv[])
 #ifdef OPENSSL_FIPS
 	if(getenv("OPENSSL_FIPS")) {
-#if defined(_WIN32)
+		if (!FIPS_mode_set(1)) {
 		char filename[MAX_PATH] = "";
 		GetModuleFileNameA( NULL, filename, MAX_PATH) ;
 		p = filename;
 #else
 		p = Argv[0];
 #endif
 		if (!FIPS_mode_set(1,p)) {
 			ERR_load_crypto_strings();
 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 			EXIT(1);
--- a/certs/argena.pem
+++ b/certs/argena.pem
@@ -0,0 +1,39 @@
 -----BEGIN CERTIFICATE-----
 MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
 EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
 RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
 MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
 QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
 Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
 MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
 IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
 IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
 LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
 IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
 tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
 e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
 4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
 W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
 2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
 AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
 HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
 EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
 EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
 aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
 VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
 LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
 CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
 CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
 KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
 aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
 LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
 b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
 d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
 Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
 BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
 Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
 HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
 3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
 msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
 J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
 -----END CERTIFICATE-----
--- a/certs/argeng.pem
+++ b/certs/argeng.pem
@@ -0,0 +1,23 @@
 -----BEGIN CERTIFICATE-----
 MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
 EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
 ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
 c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
 MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
 VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
 ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
 ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
 9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
 XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
 Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
 NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
 xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
 A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
 A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
 dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
 LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
 AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
 AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
 x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
 US0spjsDPQ==
 -----END CERTIFICATE-----
--- a/20
+++ b/20
@@ -54,6 +54,22 @@ SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
 VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
 # Check for VC++ presence first.
 #
 #if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then
 #	perl Configure VC-WIN32 $*
 #	cmd /c ms\\do_masm.bat
 #	perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp
 #	rm Makefile
 #	mv mak.tmp Makefile
 #	echo "Configured for VC++ using GNU make"
 #	exit 0
 #fi
 #
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
 # We need to work around FreeBSD 1.1.5.1 
@@ -339,6 +355,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
    MINGW*)
 	echo "${MACHINE}-whatever-mingw"; echo 0;
 	# Save fipslib path so VC++ build can find it
 	(cd /usr/local/ssl/lib ; pwd -W ) > util/fipslib_path.txt
 	# Extract _chkstk.o so VC++ can use it, to avoid __alloca link error
 	(cd ms ; ar x `gcc -print-libgcc-file-name` _chkstk.o)
 	;;
    CYGWIN*)
 	case "$RELEASE" in
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/Makefile
+# OpenSSL/crypto/Makefile
 #
 DIR=		crypto
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/asn1/Makefile
+# OpenSSL/crypto/asn1/Makefile
 #
 DIR=	asn1
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -903,7 +903,7 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
 			return 0;
 #endif
 		} else {
-			if(!collect_data(buf, &p, plen)) return 0;
+			if(plen && !collect_data(buf, &p, plen)) return 0;
 		}
 		len -= p - q;
 	}
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -445,9 +445,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_
 		case V_ASN1_BOOLEAN:
 		tbool = (ASN1_BOOLEAN *)pval;
 		if(*tbool == -1) return -1;
-		/* Default handling if value == size field then omit */
+		if (it->utype != V_ASN1_ANY)
-		if(*tbool && (it->size > 0)) return -1;
+			{
-		if(!*tbool && !it->size) return -1;
+			/* Default handling if value == size field then omit */
 			if(*tbool && (it->size > 0)) return -1;
 			if(!*tbool && !it->size) return -1;
 			}
 		c = (unsigned char)*tbool;
 		cont = &c;
 		len = 1;
--- a/crypto/bf/Makefile
+++ b/crypto/bf/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/blowfish/Makefile
+# OpenSSL/crypto/blowfish/Makefile
 #
 DIR=	bf
--- a/crypto/bio/Makefile
+++ b/crypto/bio/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/bio/Makefile
+# OpenSSL/crypto/bio/Makefile
 #
 DIR=	bio
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_C_DO_STATE_MACHINE:
 		/* use this one to start the connection */
-		if (!(data->state != BIO_CONN_S_OK))
+		if (data->state != BIO_CONN_S_OK)
 			ret=(long)conn_state(b,data);
 		else
 			ret=1;
--- a/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/bn/Makefile
+# OpenSSL/crypto/bn/Makefile
 #
 DIR=	bn
@@ -329,3 +329,5 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
 bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
 bn_x931p.o: ../../include/openssl/opensslconf.h bn_x931p.c
--- a/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
@@ -116,7 +116,7 @@ if ($opf =~ /32\.s/) {
 	$UDIV=	"divwu";	# unsigned divide
 	$UCMPI=	"cmplwi";	# unsigned compare with immediate
 	$UCMP=	"cmplw";	# unsigned compare
-	$COUNTZ="cntlzw";	# count leading zeros
+	$CNTLZ=	"cntlzw";	# count leading zeros
 	$SHL=	"slw";		# shift left
 	$SHR=	"srw";		# unsigned shift right
 	$SHRI=	"srwi";		# unsigned shift right by immediate	
@@ -124,6 +124,7 @@ if ($opf =~ /32\.s/) {
 	$CLRU=	"clrlwi";	# clear upper bits
 	$INSR=	"insrwi";	# insert right
 	$ROTL=	"rotlwi";	# rotate left by immediate
 	$TR=	"tw";		# conditional trap
 } elsif ($opf =~ /64\.s/) {
 	$BITS=	64;
 	$BNSZ=	$BITS/8;
@@ -139,7 +140,7 @@ if ($opf =~ /32\.s/) {
 	$UDIV=	"divdu";	# unsigned divide
 	$UCMPI=	"cmpldi";	# unsigned compare with immediate
 	$UCMP=	"cmpld";	# unsigned compare
-	$COUNTZ="cntlzd";	# count leading zeros
+	$CNTLZ=	"cntlzd";	# count leading zeros
 	$SHL=	"sld";		# shift left
 	$SHR=	"srd";		# unsigned shift right
 	$SHRI=	"srdi";		# unsigned shift right by immediate	
@@ -147,6 +148,7 @@ if ($opf =~ /32\.s/) {
 	$CLRU=	"clrldi";	# clear upper bits
 	$INSR=	"insrdi";	# insert right 
 	$ROTL=	"rotldi";	# rotate left by immediate
 	$TR=	"td";		# conditional trap
 } else { die "nonsense $opf"; }
 ( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";
@@ -1710,17 +1712,12 @@ Lppcasm_add_adios:
 	bclr	BO_ALWAYS,CR0_LT	
 Lppcasm_div1:
 	xor	r0,r0,r0		#r0=0
-	$COUNTZ	r7,r5			#r7 = num leading 0s in d.
+	li	r8,$BITS
-	subfic	r8,r7,$BITS		#r8 = BN_num_bits_word(d)
+	$CNTLZ.	r7,r5			#r7 = num leading 0s in d.
-	cmpi	0,0,r8,$BITS		#
+	bc	BO_IF,CR0_EQ,Lppcasm_div2	#proceed if no leading zeros
-	bc	BO_IF,CR0_EQ,Lppcasm_div2	#proceed if (r8==$BITS)	
+	subf	r8,r7,r8		#r8 = BN_num_bits_word(d)
-	li	r9,1			# r9=1
+	$SHR.	r9,r3,r8		#are there any bits above r8'th?
-	$SHL	r10,r9,r8		# r9<<=r8
+	$TR	16,r9,r0		#if there're, signal to dump core...
 	$UCMP	0,r3,r10		#	
 	bc	BO_IF,CR0_GT,Lppcasm_div2	#or if (h > (1<<r8))
 	$UDIV	r3,r3,r0		#if not assert(0) divide by 0!
 					#that's how we signal overflow
 	bclr	BO_ALWAYS,CR0_LT	#return. NEVER REACHED.
 Lppcasm_div2:
 	$UCMP	0,r3,r5			#h>=d?
 	bc	BO_IF,CR0_LT,Lppcasm_div3	#goto Lppcasm_div3 if not
--- a/crypto/bn/asm/sparcv8plus.S
+++ b/crypto/bn/asm/sparcv8plus.S
@@ -162,10 +162,14 @@
 * BN_ULONG w;
 */
 bn_mul_add_words:
 	sra	%o2,%g0,%o2	! signx %o2
 	brgz,a	%o2,.L_bn_mul_add_words_proceed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
 	nop
 	nop
 	nop
 .L_bn_mul_add_words_proceed:
 	srl	%o3,%g0,%o3	! clruw	%o3
@@ -260,10 +264,14 @@ bn_mul_add_words:
 * BN_ULONG w;
 */
 bn_mul_words:
 	sra	%o2,%g0,%o2	! signx %o2
 	brgz,a	%o2,.L_bn_mul_words_proceeed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
 	nop
 	nop
 	nop
 .L_bn_mul_words_proceeed:
 	srl	%o3,%g0,%o3	! clruw	%o3
@@ -344,10 +352,14 @@ bn_mul_words:
 * int n;
 */
 bn_sqr_words:
 	sra	%o2,%g0,%o2	! signx %o2
 	brgz,a	%o2,.L_bn_sqr_words_proceeed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
 	nop
 	nop
 	nop
 .L_bn_sqr_words_proceeed:
 	andcc	%o2,-4,%g0
@@ -445,6 +457,7 @@ bn_div_words:
 * int n;
 */
 bn_add_words:
 	sra	%o3,%g0,%o3	! signx %o3
 	brgz,a	%o3,.L_bn_add_words_proceed
 	lduw	[%o1],%o4
 	retl
@@ -454,7 +467,6 @@ bn_add_words:
 	andcc	%o3,-4,%g0
 	bz,pn	%icc,.L_bn_add_words_tail
 	addcc	%g0,0,%g0	! clear carry flag
 	nop
 .L_bn_add_words_loop:		! wow! 32 aligned!
 	dec	4,%o3
@@ -523,6 +535,7 @@ bn_add_words:
 * int n;
 */
 bn_sub_words:
 	sra	%o3,%g0,%o3	! signx %o3
 	brgz,a	%o3,.L_bn_sub_words_proceed
 	lduw	[%o1],%o4
 	retl
@@ -532,7 +545,6 @@ bn_sub_words:
 	andcc	%o3,-4,%g0
 	bz,pn	%icc,.L_bn_sub_words_tail
 	addcc	%g0,0,%g0	! clear carry flag
 	nop
 .L_bn_sub_words_loop:		! wow! 32 aligned!
 	dec	4,%o3
--- a/crypto/buffer/Makefile
+++ b/crypto/buffer/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/buffer/Makefile
+# OpenSSL/crypto/buffer/Makefile
 #
 DIR=	buffer
--- a/crypto/cast/Makefile
+++ b/crypto/cast/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/cast/Makefile
+# OpenSSL/crypto/cast/Makefile
 #
 DIR=	cast
--- a/crypto/comp/Makefile
+++ b/crypto/comp/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/comp/Makefile
+# OpenSSL/crypto/comp/Makefile
 #
 DIR=	comp
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -51,30 +51,17 @@ static COMP_METHOD zlib_method={
 */
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # include <windows.h>
 # define Z_CALLCONV _stdcall
 # define ZLIB_SHARED
 #else
 # define Z_CALLCONV
 #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
 #ifdef ZLIB_SHARED
 #include <openssl/dso.h>
 /* Prototypes for built in stubs */
 static int stub_compress(Bytef *dest,uLongf *destLen,
 	const Bytef *source, uLong sourceLen);
 static int stub_inflateEnd(z_streamp strm);
 static int stub_inflate(z_streamp strm, int flush);
 static int stub_inflateInit_(z_streamp strm, const char * version,
 	int stream_size);
 /* Function pointers */
-typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
 	const Bytef *source, uLong sourceLen);
-typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
+typedef int (*inflateEnd_ft)(z_streamp strm);
-typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
+typedef int (*inflate_ft)(z_streamp strm, int flush);
-typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+typedef int (*inflateInit__ft)(z_streamp strm,
 	const char * version, int stream_size);
 static compress_ft	p_compress=NULL;
 static inflateEnd_ft	p_inflateEnd=NULL;
@@ -84,10 +71,10 @@ static inflateInit__ft	p_inflateInit_=NULL;
 static int zlib_loaded = 0;     /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
-#define compress                stub_compress
+#define compress                p_compress
-#define inflateEnd              stub_inflateEnd
+#define inflateEnd              p_inflateEnd
-#define inflate                 stub_inflate
+#define inflate                 p_inflate
-#define inflateInit_            stub_inflateInit_
+#define inflateInit_            p_inflateInit_
 #endif /* ZLIB_SHARED */
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
@@ -191,16 +178,6 @@ COMP_METHOD *COMP_zlib(void)
 		{
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 		zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
 		if (!zlib_dso)
 			{
 			zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
 			if (zlib_dso)
 				{
 				/* Clear the errors from the first failed
 				   DSO_load() */
 				ERR_clear_error();
 				}
 			}
 #else
 		zlib_dso = DSO_load(NULL, "z", NULL, 0);
 #endif
@@ -218,54 +195,21 @@ COMP_METHOD *COMP_zlib(void)
 			p_inflateInit_
 				= (inflateInit__ft) DSO_bind_func(zlib_dso,
 					"inflateInit_");
-			zlib_loaded++;
+
 			if (p_compress && p_inflateEnd && p_inflate
 				&& p_inflateInit_)
 				zlib_loaded++;
 			}
 		}
 #endif
 #ifdef ZLIB_SHARED
 	if (zlib_loaded)
 #endif
 #if defined(ZLIB) || defined(ZLIB_SHARED)
-	meth = &zlib_method;
+		meth = &zlib_method;
 #endif
 	return(meth);
 	}
 #ifdef ZLIB_SHARED
 /* Stubs for each function to be dynamicly loaded */
 static int 
 stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
 	{
 	if (p_compress)
 		return(p_compress(dest,destLen,source,sourceLen));
 	else
 		return(Z_MEM_ERROR);
 	}
 static int
 stub_inflateEnd(z_streamp strm)
 	{
 	if ( p_inflateEnd )
 		return(p_inflateEnd(strm));
 	else
 		return(Z_MEM_ERROR);
 	}
 static int
 stub_inflate(z_streamp strm, int flush)
 	{
 	if ( p_inflate )
 		return(p_inflate(strm,flush));
 	else
 		return(Z_MEM_ERROR);
 	}
 static int
 stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
 	{
 	if ( p_inflateInit_ )
 		return(p_inflateInit_(strm,version,stream_size));
 	else
 		return(Z_MEM_ERROR);
 	}
 #endif /* ZLIB_SHARED */
--- a/crypto/conf/Makefile
+++ b/crypto/conf/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/conf/Makefile
+# OpenSSL/crypto/conf/Makefile
 #
 DIR=	conf
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
 				e++;
 				}
 			/* So at this point we have
-			 * ns which is the start of the name string which is
+			 * np which is the start of the name string which is
 			 *   '\0' terminated. 
-			 * cs which is the start of the section string which is
+			 * cp which is the start of the section string which is
 			 *   '\0' terminated.
 			 * e is the 'next point after'.
-			 * r and s are the chars replaced by the '\0'
+			 * r and rr are the chars replaced by the '\0'
-			 * rp and sp is where 'r' and 's' came from.
+			 * rp and rrp is where 'r' and 'rr' came from.
 			 */
 			p=_CONF_get_string(conf,cp,np);
 			if (rrp != NULL) *rrp=rr;
@@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
 			   points at.  /RL */
 			len -= e-from;
 			from=e;
 			/* In case there were no braces or parenthesis around
 			   the variable reference, we have to put back the
 			   character that was replaced with a '\0'.  /RL */
 			*rp = r;
 			}
 		else
 			buf->data[to++]= *(from++);
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -734,5 +734,11 @@ int fips_clear_owning_thread(void)
 		}
 	return ret;
 	}
 unsigned char *fips_signature_witness(void)
 	{
 	extern unsigned char FIPS_signature[];
 	return FIPS_signature;
 	}
 #endif /* OPENSSL_FIPS */
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -265,10 +265,15 @@ $ LIB_KRB5 = "krb5_asn"
 $!
 $! Setup exceptional compilations
 $!
 $ ! Add definitions for no threads on OpenVMS 7.1 and higher
 $ COMPILEWITH_CC3 = ",bss_rtcp,"
 $ ! Disable the DOLLARID warning
 $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
 $ ! Disable disjoint optimization
 $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
                    "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
 $ ! Disable the MIXLINKAGE warning
 $ COMPILEWITH_CC6 = ",enc_read,set_key,"
 $!
 $! Figure Out What Other Modules We Are To Build.
 $!
@@ -497,7 +502,12 @@ $       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
 $       THEN
 $         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $       ELSE
-$         CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
 $         THEN
 $           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $         ELSE
 $           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $         ENDIF
 $       ENDIF
 $     ENDIF
 $   ENDIF
@@ -1077,14 +1087,18 @@ $   THEN
 $     IF CCDISABLEWARNINGS .EQS. ""
 $     THEN
 $       CC4DISABLEWARNINGS = "DOLLARID"
 $       CC6DISABLEWARNINGS = "MIXLINKAGE"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
 $       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
 $       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
 $     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
 $     CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
 $     CC6DISABLEWARNINGS = ""
 $   ENDIF
 $   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
 $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -1095,6 +1109,7 @@ $   ELSE
 $     CC5 = CC + "/NOOPTIMIZE"
 $   ENDIF
 $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
 $   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
 $!
 $!  Show user the result
 $!
--- a/crypto/des/Makefile
+++ b/crypto/des/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/des/Makefile
+# OpenSSL/crypto/des/Makefile
 #
 DIR=	des
--- a/crypto/dh/Makefile
+++ b/crypto/dh/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/dh/Makefile
+# OpenSSL/crypto/dh/Makefile
 #
 DIR=	dh
--- a/crypto/dsa/Makefile
+++ b/crypto/dsa/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/dsa/Makefile
+# OpenSSL/crypto/dsa/Makefile
 #
 DIR=	dsa
--- a/crypto/dso/Makefile
+++ b/crypto/dso/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/dso/Makefile
+# OpenSSL/crypto/dso/Makefile
 #
 DIR=	dso
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -126,7 +126,8 @@ static int dl_load(DSO *dso)
 		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
 		goto err;
 		}
-	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+	ptr = shl_load(filename, BIND_IMMEDIATE |
 		(dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -289,7 +290,11 @@ int DSO_pathbyaddr(void *addr,char *path,int sz)
 	struct shl_descriptor inf;
 	int i,len;
-	if (addr == NULL) addr = dl_ref_point;
+	if (addr == NULL)
 		{
 		union { void(*f)(); void *p; } t = { dl_ref_point };
 		addr = t.p;
 		}
 	for (i=-1;shl_get_r(i,&inf)==0;i++)
 		{
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -232,7 +232,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 	{
 	void *ptr;
-	DSO_FUNC_TYPE sym;
+	DSO_FUNC_TYPE sym, *tsym = &sym;
 	if((dso == NULL) || (symname == NULL))
 		{
@@ -250,7 +250,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
 		return(NULL);
 		}
-	*(void**)(&sym) = dlsym(ptr, symname);
+	*(void**)(tsym) = dlsym(ptr, symname);
 	if(sym == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
@@ -302,7 +302,11 @@ int DSO_pathbyaddr(void *addr,char *path,int sz)
 	Dl_info dli;
 	int len;
-	if (addr == NULL) addr = dlfcn_ref_point;
+	if (addr == NULL)
 		{
 		union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
 		addr = t.p;
 		}
 	if (dladdr(addr,&dli))
 		{
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -68,6 +68,25 @@ DSO_METHOD *DSO_METHOD_win32(void)
 	}
 #else
 #ifdef _WIN32_WCE
 # if _WIN32_WCE < 300
 static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
 	{
 	WCHAR lpProcNameW[64];
 	int i;
 	for (i=0;lpProcName[i] && i<64;i++)
 		lpProcNameW[i] = (WCHAR)lpProcName[i];
 	if (i==64) return NULL;
 	lpProcNameW[i] = 0;
 	return GetProcAddressW(hModule,lpProcNameW);
 	}
 # endif
 # undef GetProcAddress
 # define GetProcAddress GetProcAddressA
 #endif
 /* Part of the hack in "win32_load" ... */
 #define DSO_MAX_TRANSLATED_SIZE 256
@@ -122,7 +141,7 @@ static int win32_load(DSO *dso)
 		DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
 		goto err;
 		}
-	h = LoadLibrary(filename);
+	h = LoadLibraryA(filename);
 	if(h == NULL)
 		{
 		DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
--- a/crypto/engine/hw_aep.c
+++ b/crypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)
 	if(aep_dso)
 		DSO_free(aep_dso);
 	aep_dso = NULL;
 	p_AEP_OpenConnection    = NULL;
 	p_AEP_ModExp            = NULL;
--- a/crypto/engine/hw_atalla.c
+++ b/crypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
 err:
 	if(atalla_dso)
 		DSO_free(atalla_dso);
 	atalla_dso = NULL;
 	p_Atalla_GetHardwareConfig = NULL;
 	p_Atalla_RSAPrivateKeyOpFn = NULL;
 	p_Atalla_GetPerformanceStatistics = NULL;
--- a/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
 static int cswift_init(ENGINE *e);
 static int cswift_finish(ENGINE *e);
 static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
 static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
 /* BIGNUM stuff */
 static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
 	return 1;
 err:
 	if(cswift_dso)
 	{
 		DSO_free(cswift_dso);
 		cswift_dso = NULL;
 	}
 	p_CSwift_AcquireAccContext = NULL;
 	p_CSwift_AttachKeyParam = NULL;
 	p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
 	return to_return;
 	}
 int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
 {
 	int mod;
 	int numbytes = BN_num_bytes(in);
 	mod = 0;
 	while( ((out->nbytes = (numbytes+mod)) % 32) )
 	{
 		mod++;
 	}
 	out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
 	if(!out->value)
 	{
 		return 0;
 	}
 	BN_bn2bin(in, &out->value[mod]);
 	if(mod)
 		memset(out->value, 0, mod);
 	return 1;
 }
 /* Un petit mod_exp chinois */
 static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	SW_LARGENUMBER arg, res;
 	SW_PARAM sw_param;
 	SW_CONTEXT_HANDLE hac;
 	BIGNUM *rsa_p = NULL;
 	BIGNUM *rsa_q = NULL;
 	BIGNUM *rsa_dmp1 = NULL;
 	BIGNUM *rsa_dmq1 = NULL;
 	BIGNUM *rsa_iqmp = NULL;
 	BIGNUM *argument = NULL;
 	BIGNUM *result = NULL;
 	BIGNUM *argument = NULL;
 	int to_return = 0; /* expect failure */
 	int acquired = 0;
 	sw_param.up.crt.p.value = NULL;
 	sw_param.up.crt.q.value = NULL;
 	sw_param.up.crt.dmp1.value = NULL;
 	sw_param.up.crt.dmq1.value = NULL;
 	sw_param.up.crt.iqmp.value = NULL;
 	if(!get_context(&hac))
 		{
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		goto err;
 		}
 	acquired = 1;
 	/* Prepare the params */
-	BN_CTX_start(ctx);
+	argument = BN_new();
-	rsa_p = BN_CTX_get(ctx);
+	result = BN_new();
-	rsa_q = BN_CTX_get(ctx);
+	if(!result || !argument)
 	rsa_dmp1 = BN_CTX_get(ctx);
 	rsa_dmq1 = BN_CTX_get(ctx);
 	rsa_iqmp = BN_CTX_get(ctx);
 	argument = BN_CTX_get(ctx);
 	result = BN_CTX_get(ctx);
 	if(!result)
 		{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
 		goto err;
 		}
-	if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+
-			!bn_wexpand(rsa_dmp1, dmp1->top) ||
+
-			!bn_wexpand(rsa_dmq1, dmq1->top) ||
+	sw_param.type = SW_ALG_CRT;
-			!bn_wexpand(rsa_iqmp, iqmp->top) ||
+	/************************************************************************/
-			!bn_wexpand(argument, a->top) ||
+	/* 04/02/2003                                                           */
 	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
 	/* limitation of cswift with values not a multiple of 32                */
 	/************************************************************************/
 	if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
 	{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 	}
 	if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
 	{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 	}
 	if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
 	{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 	}
 	if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
 	{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 	}
 	if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
 	{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 	}
 	if(	!bn_wexpand(argument, a->top) ||
 			!bn_wexpand(result, p->top + q->top))
 		{
 		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
 		goto err;
 		}
-	sw_param.type = SW_ALG_CRT;
+
 	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
 	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
 	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
 	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
 	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
 		(unsigned char *)rsa_dmp1->d);
 	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
 	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
 		(unsigned char *)rsa_dmq1->d);
 	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
 	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
 		(unsigned char *)rsa_iqmp->d);
 	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
 	/* Attach the key params */
 	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
 	switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
 	to_return = 1;
 err:
 	if(sw_param.up.crt.p.value)
 		OPENSSL_free(sw_param.up.crt.p.value);
 	if(sw_param.up.crt.q.value)
 		OPENSSL_free(sw_param.up.crt.q.value);
 	if(sw_param.up.crt.dmp1.value)
 		OPENSSL_free(sw_param.up.crt.dmp1.value);
 	if(sw_param.up.crt.dmq1.value)
 		OPENSSL_free(sw_param.up.crt.dmq1.value);
 	if(sw_param.up.crt.iqmp.value)
 		OPENSSL_free(sw_param.up.crt.iqmp.value);
 	if(result)
 		BN_free(result);
 	if(argument)
 		BN_free(argument);
 	if(acquired)
 		release_context(hac);
 	BN_CTX_end(ctx);
 	return to_return;
 	}
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
 	BN_CTX *ctx;
 	int to_return = 0;
 	const RSA_METHOD * def_rsa_method;
 	/* Try the limits of RSA (2048 bits) */
 	if(BN_num_bytes(rsa->p) > 128 ||
 		BN_num_bytes(rsa->q) > 128 ||
 		BN_num_bytes(rsa->dmp1) > 128 ||
 		BN_num_bytes(rsa->dmq1) > 128 ||
 		BN_num_bytes(rsa->iqmp) > 128)
 	{
 #ifdef RSA_NULL
 		def_rsa_method=RSA_null_method();
 #else
 #if 0
 		def_rsa_method=RSA_PKCS1_RSAref();
 #else
 		def_rsa_method=RSA_PKCS1_SSLeay();
 #endif
 #endif
 		if(def_rsa_method)
 			return def_rsa_method->rsa_mod_exp(r0, I, rsa);
 	}
 	if((ctx = BN_CTX_new()) == NULL)
 		goto err;
@@ -686,6 +759,26 @@ err:
 static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 	{
 	const RSA_METHOD * def_rsa_method;
 	/* Try the limits of RSA (2048 bits) */
 	if(BN_num_bytes(r) > 256 ||
 		BN_num_bytes(a) > 256 ||
 		BN_num_bytes(m) > 256)
 	{
 #ifdef RSA_NULL
 		def_rsa_method=RSA_null_method();
 #else
 #if 0
 		def_rsa_method=RSA_PKCS1_RSAref();
 #else
 		def_rsa_method=RSA_PKCS1_SSLeay();
 #endif
 #endif
 		if(def_rsa_method)
 			return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
 	}
 	return cswift_mod_exp(r, a, p, m, ctx);
 	}
@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	SW_CONTEXT_HANDLE hac;
 	SW_STATUS swrc;
 	SW_LARGENUMBER largenum;
 	size_t nbytes = 0;
 	int acquired = 0;
 	int to_return = 0; /* assume failure */
 	unsigned char buf32[1024];
 	if (!get_context(&hac))
 	{
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	}
 	acquired = 1;
-	while (nbytes < (size_t)num)
+	/************************************************************************/
 	/* 04/02/2003                                                           */
 	/* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
 	/* limitation of cswift with values not a multiple of 32                */
 	/************************************************************************/
 	while(num >= sizeof(buf32))
 	{
 		largenum.value = buf;
 		largenum.nbytes = sizeof(buf32);
 		/* tell CryptoSwift how many bytes we want and where we want it.
 		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
 		 *       - CryptoSwift can only do multiple of 32-bits. */
 		largenum.value = (SW_BYTE *) buf + nbytes;
 		if (4096 > num - nbytes)
 			largenum.nbytes = num - nbytes;
 		else
 			largenum.nbytes = 4096;
 		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
 		if (swrc != SW_OK)
 		{
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
 			goto err;
 		}
-
+		buf += sizeof(buf32);
-		nbytes += largenum.nbytes;
+		num -= sizeof(buf32);
 	}
 	if(num)
 	{
 		largenum.nbytes = sizeof(buf32);
 		largenum.value = buf32;
 		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
 		if (swrc != SW_OK)
 		{
 			char tmpbuf[20];
 			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
 			sprintf(tmpbuf, "%ld", swrc);
 			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
 			goto err;
 		}
 		memcpy(buf, largenum.value, num);
 	}
 	to_return = 1;  /* success */
 	to_return = 1;  /* success */
 err:
 	if (acquired)
 		release_context(hac);
 	return to_return;
 }
--- a/crypto/engine/hw_ubsec.c
+++ b/crypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
 err:
 	if(ubsec_dso)
 		DSO_free(ubsec_dso);
 	ubsec_dso = NULL;
 	p_UBSEC_ubsec_bytes_to_bits = NULL;
 	p_UBSEC_ubsec_bits_to_bytes = NULL;
 	p_UBSEC_ubsec_open = NULL;
--- a/crypto/engine/tb_dsa.c
+++ b/crypto/engine/tb_dsa.c
@@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
 	{
 	if(e->dsa_meth)
 		return engine_table_register(&dsa_table,
-				engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+				engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
 	return 1;
 	}
--- a/crypto/err/Makefile
+++ b/crypto/err/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/err/Makefile
+# OpenSSL/crypto/err/Makefile
 #
 DIR=	err
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/evp/Makefile
+# OpenSSL/crypto/evp/Makefile
 #
 DIR=	evp
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 			/* There will never be more than two '=' */
 			}
-		if ((v == B64_EOF) || (n >= 64))
+		if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
 			{
 			/* This is needed to work correctly on 64 byte input
 			 * lines.  We process the line and then need to
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -132,7 +132,11 @@
 #define EVP_CAST5_KEY_SIZE		16
 #define EVP_RC5_32_12_16_KEY_SIZE	16
 */
 #ifdef OPENSSL_FIPS
 #define EVP_MAX_MD_SIZE			64	/* longest known SHA512 */
 #else
 #define EVP_MAX_MD_SIZE			(16+20)	/* The SSLv3 md5+sha1 type */
 #endif
 #define EVP_MAX_KEY_LENGTH		32
 #define EVP_MAX_IV_LENGTH		16
 #define EVP_MAX_BLOCK_LENGTH		32
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
 	{ return SHA1_Init(ctx->md_data); }
 static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
 #ifndef OPENSSL_FIPS
 	{ return SHA1_Update(ctx->md_data,data,count); }
 #else
 	{
 	OPENSSL_assert(sizeof(count)<=sizeof(size_t));
 	return SHA1_Update(ctx->md_data,data,count);
 	}
 #endif
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
 	{ return SHA1_Final(md,ctx->md_data); }
@@ -77,7 +84,7 @@ static const EVP_MD dss1_md=
 	NID_dsa,
 	NID_dsaWithSHA1,
 	SHA_DIGEST_LENGTH,
-	0,
+	EVP_MD_FLAG_FIPS,
 	init,
 	update,
 	final,
--- a/crypto/hmac/Makefile
+++ b/crypto/hmac/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/md/Makefile
+# OpenSSL/crypto/md/Makefile
 #
 DIR=	hmac
--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -64,7 +64,11 @@
 #include <openssl/evp.h>
 #ifdef OPENSSL_FIPS
 #define HMAC_MAX_MD_CBLOCK	128
 #else
 #define HMAC_MAX_MD_CBLOCK	64
 #endif
 #ifdef  __cplusplus
 extern "C" {
--- a/crypto/idea/Makefile
+++ b/crypto/idea/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/idea/Makefile
+# OpenSSL/crypto/idea/Makefile
 #
 DIR=	idea
--- a/crypto/lhash/Makefile
+++ b/crypto/lhash/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/lhash/Makefile
+# OpenSSL/crypto/lhash/Makefile
 #
 DIR=	lhash
--- a/crypto/md2/Makefile
+++ b/crypto/md2/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/md/Makefile
+# OpenSSL/crypto/md/Makefile
 #
 DIR=	md2
--- a/crypto/md4/Makefile
+++ b/crypto/md4/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/md4/Makefile
+# OpenSSL/crypto/md4/Makefile
 #
 DIR=    md4
--- a/crypto/md5/Makefile
+++ b/crypto/md5/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/md5/Makefile
+# OpenSSL/crypto/md5/Makefile
 #
 DIR=    md5
--- a/crypto/mdc2/Makefile
+++ b/crypto/mdc2/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/mdc2/Makefile
+# OpenSSL/crypto/mdc2/Makefile
 #
 DIR=	mdc2
--- a/crypto/objects/Makefile
+++ b/crypto/objects/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/objects/Makefile
+# OpenSSL/crypto/objects/Makefile
 #
 DIR=	objects
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -63,11 +63,11 @@
 */
 #define NUM_NID 676
-#define NUM_SN 668
+#define NUM_SN 669
-#define NUM_LN 668
+#define NUM_LN 669
-#define NUM_OBJ 632
+#define NUM_OBJ 633
-static unsigned char lvalues[4572]={
+static unsigned char lvalues[4575]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -330,9 +330,9 @@ static unsigned char lvalues[4572]={
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbqp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbgp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbqp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbgp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbqp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbgp_routerIdentifier */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */
@@ -691,15 +691,16 @@ static unsigned char lvalues[4572]={
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4467] OBJ_proxyCertInfo */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4475] OBJ_id_ppl_anyLanguage */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4483] OBJ_id_ppl_inheritAll */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4491] OBJ_Independent */
+0x55,0x1D,0x1E,                              /* [4491] OBJ_name_constraints */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4499] OBJ_sha256WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4494] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4508] OBJ_sha384WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4502] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4517] OBJ_sha512WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4511] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4526] OBJ_sha224WithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4520] OBJ_sha512WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4535] OBJ_sha256 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4529] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4544] OBJ_sha384 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4538] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4553] OBJ_sha512 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4547] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4562] OBJ_sha224 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4556] OBJ_sha512 */
 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4565] OBJ_sha224 */
 };
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1142,12 +1143,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[2092]),0},
 {"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
 {"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
-{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
+{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
 	&(lvalues[2116]),0},
-{"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
+{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
-	NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0},
+	NID_sbgp_autonomousSysNum,8,&(lvalues[2124]),0},
-{"sbqp-routerIdentifier","sbqp-routerIdentifier",
+{"sbgp-routerIdentifier","sbgp-routerIdentifier",
-	NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0},
+	NID_sbgp_routerIdentifier,8,&(lvalues[2132]),0},
 {"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
 {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
 	&(lvalues[2148]),0},
@@ -1762,20 +1763,21 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[4475]),0},
 {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
 	&(lvalues[4483]),0},
-{NULL,NULL,NID_undef,0,NULL},
+{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4491]),0},
+	&(lvalues[4491]),0},
 {"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4494]),0},
 {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-	&(lvalues[4499]),0},
+	&(lvalues[4502]),0},
 {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-	&(lvalues[4508]),0},
+	&(lvalues[4511]),0},
 {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-	&(lvalues[4517]),0},
+	&(lvalues[4520]),0},
 {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-	&(lvalues[4526]),0},
+	&(lvalues[4529]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4535]),0},
+{"SHA256","sha256",NID_sha256,9,&(lvalues[4538]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4544]),0},
+{"SHA384","sha384",NID_sha384,9,&(lvalues[4547]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4553]),0},
+{"SHA512","sha512",NID_sha512,9,&(lvalues[4556]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4562]),0},
+{"SHA224","sha224",NID_sha224,9,&(lvalues[4565]),0},
 };
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2210,6 +2212,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[649]),/* "msUPN" */
 &(nid_objs[481]),/* "nSRecord" */
 &(nid_objs[173]),/* "name" */
 &(nid_objs[666]),/* "nameConstraints" */
 &(nid_objs[369]),/* "noCheck" */
 &(nid_objs[403]),/* "noRevAvail" */
 &(nid_objs[72]),/* "nsBaseUrl" */
@@ -2282,9 +2285,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[ 1]),/* "rsadsi" */
 &(nid_objs[482]),/* "sOARecord" */
 &(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
 &(nid_objs[159]),/* "sdsiCertificate" */
 &(nid_objs[154]),/* "secretBag" */
 &(nid_objs[474]),/* "secretary" */
@@ -2545,6 +2548,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
 &(nid_objs[666]),/* "X509v3 Name Constraints" */
 &(nid_objs[403]),/* "X509v3 No Revocation Available" */
 &(nid_objs[401]),/* "X509v3 Policy Constraints" */
 &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
@@ -2958,9 +2962,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[124]),/* "run length compression" */
 &(nid_objs[482]),/* "sOARecord" */
 &(nid_objs[155]),/* "safeContentsBag" */
-&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
+&(nid_objs[291]),/* "sbgp-autonomousSysNum" */
-&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
+&(nid_objs[290]),/* "sbgp-ipAddrBlock" */
-&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[292]),/* "sbgp-routerIdentifier" */
 &(nid_objs[159]),/* "sdsiCertificate" */
 &(nid_objs[154]),/* "secretBag" */
 &(nid_objs[474]),/* "secretary" */
@@ -3169,6 +3173,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
 &(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
 &(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
 &(nid_objs[666]),/* OBJ_name_constraints             2 5 29 30 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
@@ -3419,9 +3424,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
 &(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
 &(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
 &(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
 &(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
 &(nid_objs[663]),/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -1068,17 +1068,17 @@
 #define NID_aaControls		289
 #define OBJ_aaControls		OBJ_id_pe,6L
-#define SN_sbqp_ipAddrBlock		"sbqp-ipAddrBlock"
+#define SN_sbgp_ipAddrBlock		"sbgp-ipAddrBlock"
-#define NID_sbqp_ipAddrBlock		290
+#define NID_sbgp_ipAddrBlock		290
-#define OBJ_sbqp_ipAddrBlock		OBJ_id_pe,7L
+#define OBJ_sbgp_ipAddrBlock		OBJ_id_pe,7L
-#define SN_sbqp_autonomousSysNum		"sbqp-autonomousSysNum"
+#define SN_sbgp_autonomousSysNum		"sbgp-autonomousSysNum"
-#define NID_sbqp_autonomousSysNum		291
+#define NID_sbgp_autonomousSysNum		291
-#define OBJ_sbqp_autonomousSysNum		OBJ_id_pe,8L
+#define OBJ_sbgp_autonomousSysNum		OBJ_id_pe,8L
-#define SN_sbqp_routerIdentifier		"sbqp-routerIdentifier"
+#define SN_sbgp_routerIdentifier		"sbgp-routerIdentifier"
-#define NID_sbqp_routerIdentifier		292
+#define NID_sbgp_routerIdentifier		292
-#define OBJ_sbqp_routerIdentifier		OBJ_id_pe,9L
+#define OBJ_sbgp_routerIdentifier		OBJ_id_pe,9L
 #define SN_ac_proxying		"ac-proxying"
 #define NID_ac_proxying		397
@@ -1799,6 +1799,11 @@
 #define NID_delta_crl		140
 #define OBJ_delta_crl		OBJ_id_ce,27L
 #define SN_name_constraints		"nameConstraints"
 #define LN_name_constraints		"X509v3 Name Constraints"
 #define NID_name_constraints		666
 #define OBJ_name_constraints		OBJ_id_ce,30L
 #define SN_crl_distribution_points		"crlDistributionPoints"
 #define LN_crl_distribution_points		"X509v3 CRL Distribution Points"
 #define NID_crl_distribution_points		103
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -287,9 +287,9 @@ qcStatements		286
 ac_auditEntity		287
 ac_targeting		288
 aaControls		289
-sbqp_ipAddrBlock		290
+sbgp_ipAddrBlock		290
-sbqp_autonomousSysNum		291
+sbgp_autonomousSysNum		291
-sbqp_routerIdentifier		292
+sbgp_routerIdentifier		292
 textNotice		293
 ipsecEndSystem		294
 ipsecTunnel		295
@@ -663,7 +663,7 @@ id_ppl		662
 proxyCertInfo		663
 id_ppl_anyLanguage		664
 id_ppl_inheritAll		665
-id_ppl_independent		666
+name_constraints		666
 Independent		667
 sha256WithRSAEncryption		668
 sha384WithRSAEncryption		669
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -346,9 +346,9 @@ id-pe 3			: qcStatements
 id-pe 4			: ac-auditEntity
 id-pe 5			: ac-targeting
 id-pe 6			: aaControls
-id-pe 7			: sbqp-ipAddrBlock
+id-pe 7			: sbgp-ipAddrBlock
-id-pe 8			: sbqp-autonomousSysNum
+id-pe 8			: sbgp-autonomousSysNum
-id-pe 9			: sbqp-routerIdentifier
+id-pe 9			: sbgp-routerIdentifier
 id-pe 10		: ac-proxying
 !Cname sinfo-access
 id-pe 11		: subjectInfoAccess	: Subject Information Access
@@ -589,6 +589,8 @@ id-ce 21		: CRLReason		: X509v3 CRL Reason Code
 id-ce 24		: invalidityDate	: Invalidity Date
 !Cname delta-crl
 id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
 !Cname name-constraints
 id-ce 30		: nameConstraints	: X509v3 Name Constraints
 !Cname crl-distribution-points
 id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
 !Cname certificate-policies
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x00907080L
+#define OPENSSL_VERSION_NUMBER	0x0090709fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7h-fips-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7j-fips-dev XX xxx XXXX"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7h-dev XX xxx XXXX"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7j-dev XX xxx XXXX"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
--- a/crypto/pem/Makefile
+++ b/crypto/pem/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/pem/Makefile
+# OpenSSL/crypto/pem/Makefile
 #
 DIR=	pem
--- a/crypto/perlasm/x86asm.pl
+++ b/crypto/perlasm/x86asm.pl
@@ -90,7 +90,7 @@ $tmp
 #ifdef OUT
 #define OK	1
 #define ALIGN	4
-#if defined(__CYGWIN__) || defined(__DJGPP__)
+#if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__)
 #undef SIZE
 #undef TYPE
 #define SIZE(a,b)
--- a/crypto/perlasm/x86nasm.pl
+++ b/crypto/perlasm/x86nasm.pl
@@ -221,7 +221,15 @@ sub using486
 sub main'file
 	{
-	push(@out, "segment .text use32\n");
+	local $tmp;
 	$tmp=<<___;
 %ifdef __omf__
 section	code	use32 class=code
 %else
 section	.text
 %endif
 ___
 	push(@out,$tmp);
 	}
 sub main'function_begin
--- a/crypto/pkcs12/Makefile
+++ b/crypto/pkcs12/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/pkcs12/Makefile
+# OpenSSL/crypto/pkcs12/Makefile
 #
 DIR=	pkcs12
--- a/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
 {
-	if(!PKCS7_type_is_data(p7)) return NULL;
+	if(!PKCS7_type_is_data(p7))
 		{
 		PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
 		return NULL;
 		}
 	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
 }
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
 {
 	if (!PKCS7_type_is_data(p12->authsafes))
 		{
 		PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
 		return NULL;
 		}
 	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
 }
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -72,6 +72,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
 	unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
 	int saltlen, iter;
 	if (!PKCS7_type_is_data(p12->authsafes))
 		{
 		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
 		return 0;
 		}
 	salt = p12->mac->salt->data;
 	saltlen = p12->mac->salt->length;
 	if (!p12->mac->iter) iter = 1;
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -93,6 +93,8 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
 {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),	"PKCS12_PBE_keyivgen"},
 {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),	"PKCS12_setup_mac"},
 {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),	"PKCS12_set_mac"},
 {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),	"PKCS12_unpack_authsafes"},
 {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),	"PKCS12_unpack_p7data"},
 {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),	"PKCS8_add_keyusage"},
 {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),	"PKCS8_encrypt"},
 {ERR_FUNC(PKCS12_F_VERIFY_MAC),	"VERIFY_MAC"},
@@ -102,6 +104,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
 static ERR_STRING_DATA PKCS12_str_reasons[]=
 	{
 {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
 {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
 {ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},
 {ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},
 {ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -287,12 +287,15 @@ void ERR_load_PKCS12_strings(void);
 #define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120
 #define PKCS12_F_PKCS12_SETUP_MAC			 122
 #define PKCS12_F_PKCS12_SET_MAC				 123
 #define PKCS12_F_PKCS12_UNPACK_AUTHSAFES		 129
 #define PKCS12_F_PKCS12_UNPACK_P7DATA			 130
 #define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124
 #define PKCS12_F_PKCS8_ENCRYPT				 125
 #define PKCS12_F_VERIFY_MAC				 126
 /* Reason codes. */
 #define PKCS12_R_CANT_PACK_STRUCTURE			 100
 #define PKCS12_R_CONTENT_TYPE_NOT_DATA			 121
 #define PKCS12_R_DECODE_ERROR				 101
 #define PKCS12_R_ENCODE_ERROR				 102
 #define PKCS12_R_ENCRYPT_ERROR				 103
--- a/crypto/pkcs7/Makefile
+++ b/crypto/pkcs7/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/pkcs7/Makefile
+# OpenSSL/crypto/pkcs7/Makefile
 #
 DIR=	pkcs7
--- a/crypto/rand/Makefile
+++ b/crypto/rand/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/rand/Makefile
+# OpenSSL/crypto/rand/Makefile
 #
 DIR=	rand
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -87,16 +87,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
 const RAND_METHOD *RAND_get_rand_method(void)
 	{
 #ifdef OPENSSL_FIPS
 	if(FIPS_mode()
 		&& default_RAND_meth != FIPS_rand_check())
 	    {
 	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
 	    return 0;
 	    }
 #endif
 	if (!default_RAND_meth)
 		{
 #ifndef OPENSSL_NO_ENGINE
@@ -114,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
 			funct_ref = e;
 		else
 #endif
-			default_RAND_meth = RAND_SSLeay();
+#ifdef OPENSSL_FIPS
 			if(FIPS_mode())
 				default_RAND_meth=FIPS_rand_method();
 			else
 #endif
 				default_RAND_meth = RAND_SSLeay();
 		}
 #ifdef OPENSSL_FIPS
 	if(FIPS_mode()
 		&& default_RAND_meth != FIPS_rand_check())
 	    {
 	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
 	    return 0;
 	    }
 #endif
 	return default_RAND_meth;
 	}
--- a/crypto/rc2/Makefile
+++ b/crypto/rc2/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/rc2/Makefile
+# OpenSSL/crypto/rc2/Makefile
 #
 DIR=	rc2
--- a/crypto/rc4/Makefile
+++ b/crypto/rc4/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/rc4/Makefile
+# OpenSSL/crypto/rc4/Makefile
 #
 DIR=	rc4
@@ -69,7 +69,11 @@ asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
 asm/rc4-x86_64.s: asm/rc4-x86_64.pl;	$(PERL) asm/rc4-x86_64.pl $@
 asm/rc4-ia64.s: asm/rc4-ia64.S
-	$(CC) $(CFLAGS) -E asm/rc4-ia64.S > $@
+	@case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
 	int)	set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \
 	char)	set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \
 	*)	exit 1 ;; \
 	esac
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--- a/crypto/rc4/asm/rc4-ia64.S
+++ b/crypto/rc4/asm/rc4-ia64.S
@@ -7,7 +7,7 @@
 // disclaimed.
 // ====================================================================
-.ident  "rc4-ia64.S, Version 1.1"
+.ident  "rc4-ia64.S, Version 2.0"
 .ident  "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
 // What's wrong with compiler generated code? Because of the nature of
@@ -27,17 +27,10 @@
 // Legitimate "collisions" do occur within every 256^2 bytes window.
 // Fortunately there're enough free instruction slots to keep prior
 // reference to key[x+1], detect "collision" and compensate for it.
-// All this without sacrificing a single clock cycle:-)
+// All this without sacrificing a single clock cycle:-) Throughput is
-// Furthermore. In order to compress loop body to the minimum, I chose
+// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated
-// to deploy deposit instruction, which substitutes for the whole
+// code and +30% - if compared to HP-UX C. Unrolling loop below should
-// key->data+((x&255)<<log2(sizeof(key->data[0]))). This unfortunately
+// give >30% on top of that...
 // requires key->data to be aligned at sizeof(key->data) boundary.
 // This is why you'll find "RC4_INT pad[512-256-2];" addenum to RC4_KEY
 // and "d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));" in
 // rc4_skey.c [and rc4_enc.c, where it's retained for debugging
 // purposes]. Throughput is ~210MBps on 900MHz CPU, which is is >3x
 // faster than gcc generated code and +30% - if compared to HP-UX C.
 // Unrolling loop below should give >30% on top of that...
 .text
 .explicit
@@ -48,7 +41,9 @@
 # define ADDP	add
 #endif
 #ifndef SZ
 #define SZ	4	// this is set to sizeof(RC4_INT)
 #endif
 // SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for
 // assembler implementation, while SZ==1 code is ~30% slower.
 #if SZ==1	// RC4_INT is unsigned char
@@ -101,45 +96,53 @@ RC4:
 	ADDP	out=0,in3
 	brp.loop.imp	.Ltop,.Lexit-16	};;
 { .mmi;	LDKEY	yy=[key]			// load key->y
-	add	ksch=(255+1)*SZ,key		// as ksch will be used with
+	add	ksch=SZ,key
 						// deposit instruction only,
 						// I don't have to &~255...
 	mov	ar.lc=in1		}
 { .mmi;	mov	key_y[1]=r0			// guarantee inequality
 						// in first iteration
 	add	xx=1,xx
 	mov	pr.rot=1<<16		};;
 { .mii;	nop.m	0
-	dep	key_x[1]=xx,ksch,OFF,8
+	dep	key_x[1]=xx,r0,OFF,8
 	mov	ar.ec=3			};;	// note that epilogue counter
 						// is off by 1. I compensate
 						// for this at exit...
 .Ltop:
-// The loop is scheduled for 3*(n+2) spin-rate on Itanium 2, which
+// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which
 // theoretically gives asymptotic performance of clock frequency
-// divided by 3 bytes per seconds, or 500MBps on 1.5GHz CPU. Measured
+// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is
-// performance however is distinctly lower than 1/4:-( The culplrit
+// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently
-// seems to be *(out++)=dat, which inadvertently splits the bundle,
+// splits the last bundle and you end up with 5*n spin-rate:-(
-// even though there is M-port available... Unrolling is due...
+// Originally the loop was scheduled for 3*n and relied on key
-// Unrolled loop should collect output with variable shift instruction
+// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But
-// in order to avoid starvation for integer shifter... It should be
+// *(out++)=dat, which maps to st1, had same effect [inadvertent
-// possible to get pretty close to theoretical peak...
+// bundle split] and holded the loop back. Rescheduling for 4*n
-{ .mmi;	(p16)	LDKEY	tx[0]=[key_x[1]]		// tx=key[xx]
+// made it possible to eliminate dependence on specific alignment
-	(p17)	LDKEY	ty[0]=[key_y[1]]		// ty=key[yy]	
+// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would
-	(p18)	dep	rnd[1]=rnd[1],ksch,OFF,8}	// &key[(tx+ty)&255]
+// require unrolling, sticking to variable shift instruction for
 // collecting output [to avoid starvation for integer shifter] and
 // copying of key schedule to controlled place in stack [so that
 // deposit instruction can serve as substitute for whole
 // key->data+((x&255)<<log2(sizeof(key->data[0])))]...
 { .mmi;	(p19)	st1	[out]=dat[3],1			// *(out++)=dat
 	(p16)	add	xx=1,xx				// x++
-	(p16)	cmp.ne.unc p20,p21=key_x[1],key_y[1]	};;
+	(p18)	dep	rnd[1]=rnd[1],r0,OFF,8	}	// ((tx+ty)&255)<<OFF
 { .mmi;	(p16)	add	key_x[1]=ksch,key_x[1]		// &key[xx&255]
 	(p17)	add	key_y[1]=ksch,key_y[1]	};;	// &key[yy&255]	
 { .mmi;	(p16)	LDKEY	tx[0]=[key_x[1]]		// tx=key[xx]
 	(p17)	LDKEY	ty[0]=[key_y[1]]		// ty=key[yy]	
 	(p16)	dep	key_x[0]=xx,r0,OFF,8	}	// (xx&255)<<OFF
 { .mmi;	(p18)	add	rnd[1]=ksch,rnd[1]		// &key[(tx+ty)&255]
 	(p16)	cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
 { .mmi;	(p18)	LDKEY	rnd[1]=[rnd[1]]			// rnd=key[(tx+ty)&255]
-	(p16)	ld1	dat[0]=[inp],1			// dat=*(inp++)
+	(p16)	ld1	dat[0]=[inp],1		}	// dat=*(inp++)
 	(p16)	dep	key_x[0]=xx,ksch,OFF,8	}	// &key[xx&255]
 .pred.rel	"mutex",p20,p21
 { .mmi;	(p21)	add	yy=yy,tx[1]			// (p16)
 	(p20)	add	yy=yy,tx[0]			// (p16) y+=tx
 	(p21)	mov	tx[0]=tx[1]		};;	// (p16)
 { .mmi;	(p17)	STKEY	[key_y[1]]=tx[1]		// key[yy]=tx
 	(p17)	STKEY	[key_x[2]]=ty[0]		// key[xx]=ty
-	(p16)	dep	key_y[0]=yy,ksch,OFF,8	}	// &key[yy&255]
+	(p16)	dep	key_y[0]=yy,r0,OFF,8	}	// &key[yy&255]
 { .mmb;	(p17)	add	rnd[0]=tx[1],ty[0]		// tx+=ty
 	(p18)	xor	dat[2]=dat[2],rnd[1]		// dat^=rnd
 	br.ctop.sptk	.Ltop			};;
--- a/crypto/rc4/rc4.h
+++ b/crypto/rc4/rc4.h
@@ -73,10 +73,6 @@ typedef struct rc4_key_st
 	{
 	RC4_INT x,y;
 	RC4_INT data[256];
 #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
 	/* see crypto/rc4/asm/rc4-ia64.S for further details... */
 	RC4_INT pad[512-256-2];
 #endif
 	} RC4_KEY;
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
@@ -77,10 +77,6 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
        x=key->x;     
        y=key->y;     
        d=key->data; 
 #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
 	/* see crypto/rc4/asm/rc4-ia64.S for further details... */
 	d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
 #endif
 #if defined(RC4_CHUNK)
 	/*
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -95,10 +95,6 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
        unsigned int i;
        d= &(key->data[0]);
 #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
 	/* see crypto/rc4/asm/rc4-ia64.S for further details... */
 	d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
 #endif
 	for (i=0; i<256; i++)
 		d[i]=i;
--- a/crypto/rc5/Makefile
+++ b/crypto/rc5/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/rc5/Makefile
+# OpenSSL/crypto/rc5/Makefile
 #
 DIR=	rc5
--- a/crypto/ripemd/Makefile
+++ b/crypto/ripemd/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/ripemd/Makefile
+# OpenSSL/crypto/ripemd/Makefile
 #
 DIR=    ripemd
--- a/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/rsa/Makefile
+# OpenSSL/crypto/rsa/Makefile
 #
 DIR=	rsa
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -389,17 +389,17 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
 #define RSA_R_OAEP_DECODING_ERROR			 121
 #define RSA_R_SLEN_RECOVERY_FAILED			 135
 #define RSA_R_PADDING_CHECK_FAILED			 114
 #define RSA_R_P_NOT_PRIME				 128
 #define RSA_R_Q_NOT_PRIME				 129
 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
 #define RSA_R_SLEN_CHECK_FAILED				 136
 #define RSA_R_SLEN_RECOVERY_FAILED			 135
 #define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
 #define RSA_R_UNKNOWN_PADDING_TYPE			 118
 #define RSA_R_WRONG_SIGNATURE_LENGTH			 119
 #define RSA_R_SLEN_CHECK_FAILED				 136
 #ifdef  __cplusplus
 }
--- a/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/sha/Makefile
+# OpenSSL/crypto/sha/Makefile
 #
 DIR=    sha
--- a/crypto/stack/Makefile
+++ b/crypto/stack/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/stack/Makefile
+# OpenSSL/crypto/stack/Makefile
 #
 DIR=	stack
--- a/crypto/txt_db/Makefile
+++ b/crypto/txt_db/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/txt_db/Makefile
+# OpenSSL/crypto/txt_db/Makefile
 #
 DIR=	txt_db
--- a/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/x509/Makefile
+# OpenSSL/crypto/x509/Makefile
 #
 DIR=	x509
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -114,7 +114,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 	{
 	int ret=0;
 	BY_DIR *ld;
-	char *dir;
+	char *dir = NULL;
 	ld=(BY_DIR *)ctx->method_data;
@@ -123,17 +123,16 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 	case X509_L_ADD_DIR:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			ret=add_cert_dir(ld,X509_get_default_cert_dir(),
+			dir=(char *)Getenv(X509_get_default_cert_dir_env());
-				X509_FILETYPE_PEM);
+			if (dir)
 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
 			else
 				ret=add_cert_dir(ld,X509_get_default_cert_dir(),
 					X509_FILETYPE_PEM);
 			if (!ret)
 				{
 				X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
 				}
 			else
 				{
 				dir=(char *)Getenv(X509_get_default_cert_dir_env());
 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
 				}
 			}
 		else
 			ret=add_cert_dir(ld,argp,(int)argl);
--- a/crypto/x509v3/Makefile
+++ b/crypto/x509v3/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/x509v3/Makefile
+# OpenSSL/crypto/x509v3/Makefile
 #
 DIR=	x509v3
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -137,7 +137,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
 	CONF_VALUE *cnf;
 	int i, ia5org;
 	pols = sk_POLICYINFO_new_null();
 	if (pols == NULL) {
 		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
 	vals =  X509V3_parse_list(value);
 	if (vals == NULL) {
 		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
 		goto err;
 	}
 	ia5org = 0;
 	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
 		cnf = sk_CONF_VALUE_value(vals, i);
@@ -176,6 +184,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
 	return pols;
 	err:
 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
 	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
 	return NULL;
 }
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -191,12 +191,12 @@ Blowfish and RC5 algorithms use a 128 bit key.
 des-ecb            DES in ECB mode
 des-ede-cbc        Two key triple DES EDE in CBC mode
- des-ede            Alias for des-ede
+ des-ede            Two key triple DES EDE in ECB mode
 des-ede-cfb        Two key triple DES EDE in CFB mode
 des-ede-ofb        Two key triple DES EDE in OFB mode
 des-ede3-cbc       Three key triple DES EDE in CBC mode
- des-ede3           Alias for des-ede3-cbc
+ des-ede3           Three key triple DES EDE in ECB mode
 des3               Alias for des-ede3-cbc
 des-ede3-cfb       Three key triple DES EDE CFB mode
 des-ede3-ofb       Three key triple DES EDE in OFB mode
@@ -211,9 +211,9 @@ Blowfish and RC5 algorithms use a 128 bit key.
 rc2-cbc            128 bit RC2 in CBC mode
 rc2                Alias for rc2-cbc
- rc2-cfb            128 bit RC2 in CBC mode
+ rc2-cfb            128 bit RC2 in CFB mode
- rc2-ecb            128 bit RC2 in CBC mode
+ rc2-ecb            128 bit RC2 in ECB mode
- rc2-ofb            128 bit RC2 in CBC mode
+ rc2-ofb            128 bit RC2 in OFB mode
 rc2-64-cbc         64 bit RC2 in CBC mode
 rc2-40-cbc         40 bit RC2 in CBC mode
@@ -223,9 +223,9 @@ Blowfish and RC5 algorithms use a 128 bit key.
 rc5-cbc            RC5 cipher in CBC mode
 rc5                Alias for rc5-cbc
- rc5-cfb            RC5 cipher in CBC mode
+ rc5-cfb            RC5 cipher in CFB mode
- rc5-ecb            RC5 cipher in CBC mode
+ rc5-ecb            RC5 cipher in ECB mode
- rc5-ofb            RC5 cipher in CBC mode
+ rc5-ofb            RC5 cipher in OFB mode
 =head1 EXAMPLES
--- a/doc/crypto/PKCS7_verify.pod
+++ b/doc/crypto/PKCS7_verify.pod
@@ -8,7 +8,7 @@ PKCS7_verify - verify a PKCS#7 signedData structure
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
-int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
 =head1 DESCRIPTION
--- a/doc/crypto/hmac.pod
+++ b/doc/crypto/hmac.pod
@@ -18,7 +18,7 @@ authentication code
 void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
               const EVP_MD *md);
 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
-               	   const EVP_MD *md);
+               	   const EVP_MD *md, ENGINE *impl);
 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
--- a/doc/crypto/threads.pod
+++ b/doc/crypto/threads.pod
@@ -65,9 +65,10 @@ B<CRYPTO_LOCK>, and releases it otherwise.
 B<file> and B<line> are the file number of the function setting the
 lock. They can be useful for debugging.
-id_function(void) is a function that returns a thread ID. It is not
+id_function(void) is a function that returns a thread ID, for example
 pthread_self() if it returns an integer (see NOTES below).  It isn't
 needed on Windows nor on platforms where getpid() returns a different
-ID for each thread (most notably Linux).
+ID for each thread (see NOTES below).
 Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
 of OpenSSL need it for better performance.  To enable this, the following
@@ -124,7 +125,7 @@ CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
 The other functions return no values.
-=head1 NOTE
+=head1 NOTES
 You can find out if OpenSSL was configured with thread support:
@@ -139,6 +140,22 @@ You can find out if OpenSSL was configured with thread support:
 Also, dynamic locks are currently not used internally by OpenSSL, but
 may do so in the future.
 Defining id_function(void) has it's own issues.  Generally speaking,
 pthread_self() should be used, even on platforms where getpid() gives
 different answers in each thread, since that may depend on the machine
 the program is run on, not the machine where the program is being
 compiled.  For instance, Red Hat 8 Linux and earlier used
 LinuxThreads, whose getpid() returns a different value for each
 thread.  Red Hat 9 Linux and later use NPTL, which is
 Posix-conformant, and has a getpid() that returns the same value for
 all threads in a process.  A program compiled on Red Hat 8 and run on
 Red Hat 9 will therefore see getpid() returning the same value for
 all threads.
 There is still the issue of platforms where pthread_self() returns
 something other than an integer.  This is a bit unusual, and this
 manual has no cookbook solution for that case.
 =head1 EXAMPLES
 B<crypto/threads/mttest.c> shows examples of the callback functions on
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -86,7 +86,7 @@ doing a re-connect, always takes the first cipher in the cipher list.
 =item SSL_OP_MSIE_SSLV2_RSA_PADDING
-...
+As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
 =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dr. Stephen Henson	bf059c2efc	Build fips_premain_dso.exe in static build too.	2006-02-07 17:14:04 +00:00
Dr. Stephen Henson	417d5af7c7	Build standalone exe after copying headers.	2006-02-07 15:09:00 +00:00
Dr. Stephen Henson	33d3b6043a	Use and build fips_premain_dso.exe and fips_standalone_sha1.exe from VC++ instead of those from mingw build. Visual Studio Express 2005 doesn't like fips_premain_dso.exe from mingw used against its DLLs.	2006-02-06 14:16:38 +00:00
Dr. Stephen Henson	c7e1e48908	Add Makefile to fipshashes.c	2006-02-06 00:48:37 +00:00
Dr. Stephen Henson	7f3a22803c	Update VC++ build for new FIPS paths.	2006-02-05 23:49:07 +00:00
Dr. Stephen Henson	386ec8fc15	Use correct fips_premain_dso.exe path.	2006-02-05 21:36:41 +00:00
Dr. Stephen Henson	8aecae520c	Sanity check for FIPS module directory.	2006-02-05 21:18:42 +00:00
Dr. Stephen Henson	571d90db24	Update VC++ build for FIPS mode.	2006-02-05 20:52:56 +00:00
Andy Polyakov	4a54d594e1	install: target tune up.	2006-02-05 13:35:24 +00:00
Andy Polyakov	bd6ae6579e	Adjust DIR variable in fips-1.0/Makefile accordingly.	2006-02-05 12:38:58 +00:00
Dr. Stephen Henson	85ca1d2c86	Update/hack mkdef.pl to recognize and add SHA2 algorithms when OPENSSL_FIPS is defined.	2006-02-04 23:05:40 +00:00
Dr. Stephen Henson	3c1ee6c147	Fix from HEAD.	2006-02-04 01:50:41 +00:00
Dr. Stephen Henson	a13e6553ad	Fix from HEAD.	2006-02-04 01:27:52 +00:00
Dr. Stephen Henson	b1971b067a	Use getcwd() because it works under MSYS but `pwd` doesn't.	2006-02-03 23:55:26 +00:00
Dr. Stephen Henson	a5319427a2	Update CHANGES/NEWS.	2006-02-03 18:42:24 +00:00
Dr. Stephen Henson	e0a4dc3b66	Updated fips_test_suite.	2006-02-03 18:27:13 +00:00
Nils Larsch	0b51beff26	fix if statement: call conn_state() if the BIO is not in the BIO_CONN_S_OK state	2006-02-02 22:29:55 +00:00
Dr. Stephen Henson	6a9f9aed30	Add fips_test_suite.c to TEST	2006-02-02 15:10:50 +00:00
Andy Polyakov	3ae83be021	Spotted divergence between CVS and submitted tar-ball.	2006-02-01 22:22:40 +00:00
Andy Polyakov	d2ab6fa4ae	Remove files erroneously added in catalog rename.	2006-02-01 22:21:13 +00:00
Dr. Stephen Henson	0a2466a08d	Fix from head.	2006-01-31 18:38:06 +00:00
Dr. Stephen Henson	172bb3734a	Update some scripts to use fips-1.0	2006-01-30 18:51:36 +00:00
Dr. Stephen Henson	b7508d8396	Change fips directory to fips-1.0	2006-01-30 18:15:29 +00:00
Lutz Jänicke	fd27364317	Typo Submitted by: Girish Venkatachalam <girish1729@gmail.com>	2006-01-30 17:07:54 +00:00
Dr. Stephen Henson	d37ca24da9	Backport of other fixes to keep VC++ happy.	2006-01-30 13:49:59 +00:00
Dr. Stephen Henson	1ce2fb42de	Backport of changes to support later versions of VC++.	2006-01-30 13:14:20 +00:00
Dr. Stephen Henson	4ca47e6db9	Sample FIPS object file integrity checking script.	2006-01-28 13:34:27 +00:00
Dr. Stephen Henson	fbe6969a0d	Update to VC++ static build.	2006-01-28 13:33:31 +00:00
Dr. Stephen Henson	7dfd94a088	Move certs to right place.	2006-01-26 17:48:13 +00:00
Dr. Stephen Henson	f6bbb5b67d	FIPS related updates for Windows build. Only build fipscanister.o from the GMAKE target. Use precompiled fipscanister.o from other targets. Update fipslink.pl script to check fipscanister.o and fips_premain.c hashes.	2006-01-26 17:34:57 +00:00
Dr. Stephen Henson	c9f4204ae8	Make sure stanadlong SHA1 checker is built.	2006-01-25 13:40:55 +00:00
Dr. Stephen Henson	29c18b0112	Add VC++ using GNU (or other U*ix like make) target for mk1mf.pl Autodetect VC++ in config script and generate Makefile Add source hash checking to mk1mf.pl for VC++.	2006-01-25 13:26:11 +00:00
Dr. Stephen Henson	e2e28a6bb6	Fix static VC++ build for FIPS.	2006-01-22 00:04:39 +00:00
Dr. Stephen Henson	5a175fe228	Update to VC++ in-core fingerprinting support.	2006-01-21 22:14:07 +00:00
Dr. Stephen Henson	15a6cf7d14	Support for VC++ build with in-core hashing.	2006-01-21 21:28:26 +00:00
Andy Polyakov	ed457c6e1c	Replace detached signature with in-core fingerprinting.	2006-01-21 14:01:30 +00:00
Dr. Stephen Henson	c1e67d9856	Correctly encode FALSE for BOOL in ASN1_TYPE.	2006-01-19 17:19:43 +00:00
Dr. Stephen Henson	0c91b0eaff	Typo.	2006-01-15 13:54:42 +00:00
Richard Levitte	e886317f9b	Forgot to initialize CC6DISABLEWARNINGS properly...	2006-01-11 18:55:19 +00:00
Richard Levitte	015d162d41	Typo...	2006-01-11 13:31:12 +00:00
Richard Levitte	211ce24020	Disable the Mixed Linkage warning for some selected modules. This is because the Compaq C compiler will not accept that a variable be declared extern then defined static without a warning.	2006-01-09 19:22:51 +00:00
Bodo Möller	8750e911f1	Some error code cleanups (SSL lib. used SSL_R_... codes reserved for alerts)	2006-01-08 19:33:31 +00:00
Bodo Möller	d9ba7079b8	Rewrite timeout computation in a way that is less prone to overflow. (Problem reported by Peter Sylvester.)	2005-12-30 23:52:20 +00:00
Dr. Stephen Henson	21a0819274	Update Makefile.org for zlib fix backport.	2005-12-11 19:12:57 +00:00
Dr. Stephen Henson	2d96867e30	Backport of zlib fixes to 0.9.7.	2005-12-10 13:36:13 +00:00
Andy Polyakov	4c80a153cb	bn/asm/sparcv8plus.S update from HEAD.	2005-11-15 08:04:42 +00:00
Andy Polyakov	3dd5699238	Fix erroneous omission in solaris-sparcv8-cc target. PR: 1225 Submitted by: Sergio Gelato	2005-10-19 19:09:50 +00:00
Andy Polyakov	bffe708e47	util/pl/OS2-EMX.pl sync [from HEAD]. Submitted by: Stefan Neis, Brian Havard	2005-10-19 18:38:50 +00:00
Mark J. Cox	7606bb65ea	One time CAN->CVE- renumbering	2005-10-19 10:49:39 +00:00
Richard Levitte	2f4d5c6542	After release.	2005-10-14 22:43:18 +00:00
Richard Levitte	deab8d9392	Time for release of 0.9.7i. The tag will be OpenSSL_0_9_7i	2005-10-14 22:15:53 +00:00
Andy Polyakov	c12ba74f1d	Fix typo in evp.h.	2005-10-12 20:39:22 +00:00
Andy Polyakov	9c6413521d	Typo in darwin-shared rule.	2005-10-11 20:20:55 +00:00
Andy Polyakov	c892524146	Retain binary compatibility between 0.9.7h and 0.9.7g.	2005-10-11 19:12:24 +00:00
Mark J. Cox	473a1324fc	Don't forget to bump README too	2005-10-11 10:15:04 +00:00
Mark J. Cox	49a305e7ef	Bump after tagging for 0.9.7h release	2005-10-11 10:14:27 +00:00
Mark J. Cox	a40916cbba	Add fixes for CAN-2005-2969 Bump release ready for OpenSSL_0_9_7h tag	2005-10-11 10:10:05 +00:00
Nils Larsch	62ecdf077f	successfully updating the db shouldn't result in an error message	2005-09-30 16:46:29 +00:00
Richard Levitte	5905787c6d	Change a comment so it corresponds to reality. Put back a character that was previously replaced with a NUL for parsing purposes. This seems to fix a very weird parsing bug involving two variable references in the same value.	2005-09-28 18:02:52 +00:00
Dr. Stephen Henson	9f03d028e7	Update from HEAD.	2005-09-21 00:58:48 +00:00
Andy Polyakov	10f8acdf4c	BC-32.pl updates [from HEAD]. Submitted by: Old Wolf, Jon Bright	2005-09-20 07:14:38 +00:00
Andy Polyakov	cd029eb6f0	Proper solution to nasm compilation problems in Borland context.	2005-09-20 06:21:39 +00:00
Andy Polyakov	f6fefec921	Visual Studio 2005 workaround from HEAD. PR: 1183	2005-09-19 14:45:20 +00:00
Nils Larsch	ec5a7681fe	fix typos PR: 1201	2005-09-15 19:11:41 +00:00
Nils Larsch	a21ce67a63	bugfix: register engine as default engine in ENGINE_set_default_DSA Submitted by: Jonathon Green	2005-09-09 07:53:39 +00:00
Nils Larsch	e2f0d879b1	fix typo in sbgp names PR: 1194	2005-09-02 21:22:08 +00:00
Nils Larsch	017f35edba	fix potential memory leak + improved error checking PR: 1182	2005-08-05 14:39:11 +00:00
Dr. Stephen Henson	a0434788ce	Enable dss1 for FIPS mode.	2005-07-06 18:29:00 +00:00
Richard Levitte	b269af6829	The private key should never have ended up in newreq.pem. Now, it ends up in newkey.pem instead.	2005-07-04 21:44:19 +00:00
Andy Polyakov	9273be0795	Fix bugs in bug-fix to x509/by_dir.c [from HEAD]. PR: 1131	2005-07-03 13:18:47 +00:00
Andy Polyakov	6c8a3344b6	Bugfix for bn_div_words PPC assembler implementation [from HEAD].	2005-07-03 09:24:35 +00:00
Nils Larsch	e80f233749	initialize newly allocated data PR: 1145	2005-07-01 16:13:06 +00:00
Dr. Stephen Henson	6835cdf3b4	Check PKCS7 structures in PKCS#12 files are of type data.	2005-06-30 11:37:36 +00:00
Richard Levitte	c0c943e82b	asn1parse doesn't support any TXT format, so let's stop pretending it does.	2005-06-28 15:44:15 +00:00
Andy Polyakov	bb67f28a1e	Move fips_test_suite rules from fips/Makefile to test/Makefile.	2005-06-27 22:08:58 +00:00
Andy Polyakov	08f7417a98	Eliminate dependency on UNICODE macro.	2005-06-27 21:14:15 +00:00
Andy Polyakov	84c881d0b5	Fix typos in apps/apps.c.	2005-06-27 16:00:57 +00:00
Andy Polyakov	f25209267f	Update fips_test_suite make rule.	2005-06-26 21:48:19 +00:00
Andy Polyakov	07cc19fcac	Revert RC4 parameters on IA64 from back-ported ones to original to preserve binary compatibility. PR: 1114	2005-06-26 17:24:48 +00:00
Andy Polyakov	34aca2b6b6	IA64 RC4 update from HEAD [see commentary in HEAD for details]. PR: 1114	2005-06-26 16:25:25 +00:00
Dr. Stephen Henson	67dbe90856	Add Argen root CAs.	2005-06-24 10:52:18 +00:00
Richard Levitte	4a29c4e39f	Someone did some cutting and pasting and didn't quite finish the job :-). Notified by Steffen Pankratz <kratz00@gmx.de>	2005-06-24 05:13:13 +00:00
Richard Levitte	0902926150	Change dir_ctrl to check for the environment variable before using the default directory instead of the other way around. PR: 1131	2005-06-23 21:15:06 +00:00
Dr. Stephen Henson	15d95d5f92	OID database had a NULL entry for NID 666. Add a real OID in its place.	2005-06-22 17:24:32 +00:00
Richard Levitte	0116eae43e	Do no try to pretend we're at the end of anything unless we're at the end of a 4-character block.	2005-06-20 22:11:21 +00:00
Richard Levitte	d01f1d89e3	Check for 'usage' and 'Usage'. Submitted by Tim Rice <tim@multitalents.net>. His comment is: I noticed "make report" didn't show the cc version on most of my System V platforms. This patch corrects this.	2005-06-20 20:45:44 +00:00
Richard Levitte	722a5c5ade	Add crypto/bn/bn_prime.h to the collection of generated files. In the update target, place the dependency on depend last, so all necessary files are generated before the dependencies are figured out. PR: 1121	2005-06-20 04:29:54 +00:00
Richard Levitte	2788e3983e	With DJGPP, it seems like the return code from grep, even when in the middle of a pipe, is noted. Counter that by forcing a true return code when the return code has no importance. PR: 1085	2005-06-19 20:31:22 +00:00
Richard Levitte	5ba3ebb593	Undefine DECRANDOM before redefining it. PR: 1110	2005-06-19 20:20:29 +00:00
Richard Levitte	2b19ce86dc	Don't put C++ comments in a C file.	2005-06-19 20:00:47 +00:00
Richard Levitte	140e5c3f3b	Add better documentation on how id_function() should be defined and what issues there are. PR: 1096	2005-06-18 05:52:20 +00:00
Richard Levitte	77bc62c3a7	Move the definition of DEVRANDOM for DJGPP from Configure to e_os.h. That should solve the issues with propagating it through the Makefiles. PR: 1110	2005-06-18 04:42:29 +00:00
Richard Levitte	42f335ca0e	Only define ZLIB_SHARED if it hasn't already been defined (on the command line, for example). PR: 1112	2005-06-18 04:32:18 +00:00
Richard Levitte	43b30bf2c8	Have pod2man.pl accept '=for comment ...' before the '=head1 NAME' line. PR: 1113	2005-06-18 04:27:11 +00:00
Nils Larsch	06e12403e0	clear dso pointer in case of an error PR: 816	2005-06-17 21:14:35 +00:00
Nils Larsch	03b3a0d022	update for the cswift engine: - fix the problem described in bug report 825 - fix a segfault when the engine fails to initialize - let the engine switch to software when keysize > 2048 PR: 825, 826 Submitted by: Frédéric Giudicelli	2005-06-17 20:26:07 +00:00
Richard Levitte	f840728f43	Do not undefine _XOPEN_SOURCE. This is currently experimental, and will be firmed up as soon as it's been verified not to break anything.	2005-06-16 22:21:39 +00:00
Andy Polyakov	30fc34625c	Make sure detached fingerprints are installed [as well as minor cygwin and hpux updates].	2005-06-14 12:29:34 +00:00
Andy Polyakov	18f3210a35	Make human-readable error messages more human-friendly.	2005-06-14 12:18:47 +00:00
Nils Larsch	82da9623bf	update FAQ	2005-06-13 08:38:29 +00:00
Richard Levitte	7c0341dbc4	Show what the offending target was. PR: 1108	2005-06-13 02:38:07 +00:00
Ben Laurie	7450139b8b	Default sensibly when in FIPS mode.	2005-06-10 20:49:10 +00:00
Nils Larsch	e85e5ca5ec	- let SSL_CTX_set_cipher_list and SSL_set_cipher_list return an error if the cipher list is empty - fix last commit in ssl_create_cipher_list - clean up ssl_create_cipher_list	2005-06-10 20:00:39 +00:00
Dr. Stephen Henson	67cdaca99d	Remove CRs from files.	2005-06-10 00:41:25 +00:00
Andy Polyakov	b00f715c96	Eliminate gcc -pedantic warnings.	2005-06-09 21:37:30 +00:00
Andy Polyakov	098927c384	Allow for dso load by explicit path on HP-UX.	2005-06-09 20:47:41 +00:00
Nils Larsch	0eb8e0058c	use "=" instead of "\|=", fix typo	2005-06-08 22:24:27 +00:00
Richard Levitte	56c55b0655	Avoid endless loops. Really, we were using the same variable for two different conditions...	2005-06-08 21:59:51 +00:00
Andy Polyakov	e17d60d5fb	Fix couple gcc 4 warnings, reformat comment.	2005-06-08 21:27:34 +00:00
Nils Larsch	e32b08abc3	ssl_create_cipher_list should return an error if no cipher could be collected (see SSL_CTX_set_cipher_list manpage). Fix handling of "cipher1+cipher2" expressions in ssl_cipher_process_rulestr. PR: 836 + 1005	2005-06-08 21:16:32 +00:00
Andy Polyakov	2776beb91a	Mask new fips_*vs test programs in non-fips builds.	2005-06-07 19:56:52 +00:00
Andy Polyakov	dca20343e0	Simplify ssltest compile rule.	2005-06-07 16:36:52 +00:00
Andy Polyakov	e99f6700e1	Simplified shortcut from FIPS_mode_set.	2005-06-07 16:36:21 +00:00