revert fipslink.pl unlink retry change

give a hand old assemblers assembling loop instruction. (original by Andy)
typo
2012-01-18 15:07:11 +00:00 · 2012-01-18 14:54:20 +00:00 · 2012-01-03 19:43:06 +00:00 · 2012-01-03 14:23:54 +00:00 · 2012-01-03 14:22:45 +00:00 · 2011-12-12 14:02:57 +00:00
62 changed files with 1332 additions and 358 deletions
--- a/17
+++ b/17
@@ -4,6 +4,23 @@
 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
  *) Add flag to EC_KEY to use cofactor ECDH if set.
     [Steve Henson]
  *) Update fips_test_suite to support multiple command line options. New
     test to induce all self test errors in sequence and check expected
     failures.
     [Steve Henson]
  *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
     sign or verify all in one operation.
     [Steve Henson]
  *) Add fips_algvs: a multicall fips utility incorporaing all the algorithm
     test programs and fips_test_suite. Includes functionality to parse
     the minimal script output of fipsalgest.pl directly.
     [Steve Henson]
  *) Add authorisation parameter to FIPS_module_mode_set().
     [Steve Henson]
--- a/3
+++ b/3
@@ -578,6 +578,8 @@ my %table=(
 "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 # iPhoneOS/iOS
 "iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 ##### A/UX
 "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -906,6 +908,7 @@ EOF
 				}
 			elsif (/^-[^-]/ or /^\+/)
 				{
 				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
 				$flags.=$_." ";
 				}
 			elsif (/^--prefix=(.*)$/)
--- a/Makefile.fips
+++ b/Makefile.fips
@@ -387,6 +387,8 @@ build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
 build_tests:
 	@dir=test; target=fipsexe; $(BUILD_ONE_CMD)
 build_algvs:
 	@dir=test; target=fipsalgvs; $(BUILD_ONE_CMD)
 build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)
@@ -522,8 +524,8 @@ files:
 links:
 	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
 	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
-	@set -e; dir=fips target=links; $(RECURSIVE_BUILD_CMD)
+	@set -e; dir=fips target=links; $(BUILD_ONE_CMD)
-	@(cd crypto ; SDIRS='$(LINKDIRS)' $(MAKE) -e links)
+	@(cd crypto ; TEST='' SDIRS='$(LINKDIRS)' $(MAKE) -e links)
 gentests:
 	@(cd test && echo "generating dummy tests (if needed)..." && \
@@ -536,9 +538,7 @@ dclean:
 test:   tests
 tests:
-	@(cd test && echo "testing..." && \
+	@echo "Not implemented in FIPS build" ; false
 	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
 	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
 report:
 	@$(PERL) util/selftest.pl
--- a/33
+++ b/33
@@ -3465,6 +3465,39 @@ $ranlib       =
 $arflags      = 
 $multilib     = 
 *** iphoneos-cross
 $cc           = llvm-gcc
 $cflags       = -O3 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fomit-frame-pointer -fno-common
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = iOS
 $lflags       = -Wl,-search_paths_first%
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
 $cpuid_obj    = 
 $bn_obj       = 
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
 $md5_obj      = 
 $sha1_obj     = 
 $cast_obj     = 
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
 $wp_obj       = 
 $cmll_obj     = 
 $modes_obj    = 
 $engines_obj  = 
 $perlasm_scheme = void
 $dso_scheme   = dlfcn
 $shared_target= darwin-shared
 $shared_cflag = -fPIC -fno-common
 $shared_ldflag = -dynamiclib
 $shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
 $arflags      = 
 $multilib     = 
 *** irix-cc
 $cc           = cc
 $cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
--- a/29
+++ b/29
@@ -538,7 +538,7 @@ case "$GUESSOS" in
  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
  ppc-apple-darwin*)
 	ISA64=`(sysctl -n hw.optional.64bitops) 2>/dev/null`
-	if [ "$ISA64" = "1" ]; then
+	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
 	    echo "WARNING! If you wish to build 64-bit library, then you have to"
 	    echo "         invoke './Configure darwin64-ppc-cc' *manually*."
 	    if [ "$TEST" = "false" -a -t 1 ]; then
@@ -546,10 +546,14 @@ case "$GUESSOS" in
 	      (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	    fi
 	fi
-	OUT="darwin-ppc-cc" ;;
+	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
 	    OUT="darwin64-ppc-cc"
 	else
 	    OUT="darwin-ppc-cc"
 	fi ;;
  i?86-apple-darwin*)
 	ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
-	if [ "$ISA64" = "1" ]; then
+	if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
 	    echo "WARNING! If you wish to build 64-bit library, then you have to"
 	    echo "         invoke './Configure darwin64-x86_64-cc' *manually*."
 	    if [ "$TEST" = "false" -a -t 1 ]; then
@@ -557,7 +561,17 @@ case "$GUESSOS" in
 	      (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	    fi
 	fi
-	OUT="darwin-i386-cc" ;;
+	if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
 	    OUT="darwin64-x86_64-cc"
 	else
 	    OUT="darwin-i386-cc"
 	fi ;;
  armv6+7-*-iphoneos)
 	options="$options -arch%20armv6 -arch%20armv7"
 	OUT="iphoneos-cross" ;;
  *-*-iphoneos)
 	options="$options -arch%20${MACHINE}"
 	OUT="iphoneos-cross" ;;
  alpha-*-linux2)
        ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
 	case ${ISA:-generic} in
@@ -664,7 +678,7 @@ case "$GUESSOS" in
  sun4[uv]*-*-solaris2)
 	OUT="solaris-sparcv9-$CC"
 	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
-	if [ "$ISA64" != "" ]; then
+	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "" ]; then
 	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
@@ -694,13 +708,16 @@ case "$GUESSOS" in
 		fi
 	    fi
 	fi
 	if [ "$ISA64" != "" -a "$KERNEL_BITS" = "64" ]; then
 	    OUT="solaris64-sparcv9-$CC"
 	fi
 	;;
  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
  sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
  *86*-*-solaris2)
 	ISA64=`(isalist) 2>/dev/null | grep amd64`
-	if [ "$ISA64" != "" ]; then
+	if [ "$ISA64" != "" -a ${KERNEL_BITS:-64} -eq 64 ]; then
 	    OUT="solaris64-x86_64-$CC"
 	else
 	    OUT="solaris-x86-$CC"
--- a/crypto/armv4cpuid.S
+++ b/crypto/armv4cpuid.S
@@ -44,7 +44,7 @@ OPENSSL_atomic_add:
 	bne	.Lspin
 	ldr	r2,[r4]
-	add	r2,r5
+	add	r2,r2,r5
 	str	r2,[r4]
 	str	r0,[r6]		@ release spinlock
 	ldmia	sp!,{r4-r6,lr}
@@ -59,26 +59,26 @@ OPENSSL_atomic_add:
 OPENSSL_cleanse:
 	eor	ip,ip,ip
 	cmp	r1,#7
-	subhs	r1,#4
+	subhs	r1,r1,#4
 	bhs	.Lot
 	cmp	r1,#0
 	beq	.Lcleanse_done
 .Little:
 	strb	ip,[r0],#1
-	subs	r1,#1
+	subs	r1,r1,#1
 	bhi	.Little
 	b	.Lcleanse_done
 .Lot:	tst	r0,#3
 	beq	.Laligned
 	strb	ip,[r0],#1
-	sub	r1,#1
+	sub	r1,r1,#1
 	b	.Lot
 .Laligned:
 	str	ip,[r0],#4
-	subs	r1,#4
+	subs	r1,r1,#4
 	bhs	.Laligned
-	adds	r1,#4
+	adds	r1,r1,#4
 	bne	.Little
 .Lcleanse_done:
 	tst	lr,#1
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@@ -218,38 +218,38 @@ $code.=<<___;
 	mov	$b,r3			@ $b=b1
 	ldr	r3,[sp,#32]		@ load b0
 	mov	$mask,#7<<2
-	sub	sp,#32			@ allocate tab[8]
+	sub	sp,sp,#32		@ allocate tab[8]
 	bl	mul_1x1_ialu		@ a1<61>b1
 	str	$lo,[$ret,#8]
 	str	$hi,[$ret,#12]
-	eor	$b,r3			@ flip b0 and b1
+	eor	$b,$b,r3		@ flip b0 and b1
-	 eor	$a,r2			@ flip a0 and a1
+	 eor	$a,$a,r2		@ flip a0 and a1
-	eor	r3,$b
+	eor	r3,r3,$b
-	 eor	r2,$a
+	 eor	r2,r2,$a
-	eor	$b,r3
+	eor	$b,$b,r3
-	 eor	$a,r2
+	 eor	$a,$a,r2
 	bl	mul_1x1_ialu		@ a0<61>b0
 	str	$lo,[$ret]
 	str	$hi,[$ret,#4]
-	eor	$a,r2
+	eor	$a,$a,r2
-	eor	$b,r3
+	eor	$b,$b,r3
 	bl	mul_1x1_ialu		@ (a1+a0)<29>(b1+b0)
 ___
@r=map("r$_",(6..9));
 $code.=<<___;
 	ldmia	$ret,{@r[0]-@r[3]}
-	eor	$lo,$hi
+	eor	$lo,$lo,$hi
-	eor	$hi,@r[1]
+	eor	$hi,$hi,@r[1]
-	eor	$lo,@r[0]
+	eor	$lo,$lo,@r[0]
-	eor	$hi,@r[2]
+	eor	$hi,$hi,@r[2]
-	eor	$lo,@r[3]
+	eor	$lo,$lo,@r[3]
-	eor	$hi,@r[3]
+	eor	$hi,$hi,@r[3]
 	str	$hi,[$ret,#8]
-	eor	$lo,$hi
+	eor	$lo,$lo,$hi
-	add	sp,#32			@ destroy tab[8]
+	add	sp,sp,#32		@ destroy tab[8]
 	str	$lo,[$ret,#4]
 #if __ARM_ARCH__>=5
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@@ -267,7 +267,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	move	$a0,$v0
-.end	bn_mul_add_words
+.end	bn_mul_add_words_internal
 .align	5
 .globl	bn_mul_words
@@ -778,7 +778,7 @@ ___
 $code.=<<___;
 	jr	$ra
 	move	$a0,$v0
-.end	bn_sub_words
+.end	bn_sub_words_internal
 .align 5
 .globl	bn_div_3_words
--- a/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
@@ -952,7 +952,7 @@ $data=<<EOF;
 	addze	r11,r0
 					#mul_add_c(a[3],b[2],c3,c1,c2);
 	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r4)
+	$LD	r7,`2*$BNSZ`(r5)
 	$UMULL	r8,r6,r7
 	$UMULH	r9,r6,r7
 	addc	r12,r8,r12
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -359,7 +359,15 @@ void OPENSSL_showfatal (const char *fmta,...)
 { va_list ap;
    va_start (ap,fmta);
 #if defined(OPENSSL_SYS_VXWORKS)
    {
 	char buf[256];
 	vsnprintf(buf,sizeof(buf),fmta,ap);
 	printf("%s",buf);
    }
 #else 
    vfprintf (stderr,fmta,ap);
 #endif
    va_end (ap);
 }
 int OPENSSL_isservice (void) { return 0; }
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -215,6 +215,11 @@ DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx);
 int FIPS_dsa_verify_digest(DSA *dsa,
 				const unsigned char *dig, int dlen, DSA_SIG *s);
 int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s);
 int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash, DSA_SIG *s);
 DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash);
 #endif
 DSA *	DSA_new(void);
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -666,7 +666,13 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 			/* "offset = offset + n + 1" */
 			/* step 14 */
-			if (counter >= 4096) break;
+			if (counter >= (int)(4 * L)) break;
 			}
 		if (seed_in)
 			{
 			ok = 0;
 			DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
 			goto err;
 			}
 		}
 end:
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -511,10 +511,12 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y)
 								tx, ty, ctx))
 			goto err;
 		}
-	/* Check if retrieved coordinates match originals: if not values
+	/* Check if retrieved coordinates match originals and are less than
-	 * are out of range.
+	 * field order: if not values are out of range.
 	 */
-	if (BN_cmp(x, tx) || BN_cmp(y, ty))
+	if (BN_cmp(x, tx) || BN_cmp(y, ty)
 		|| (BN_cmp(x, &key->group->field) >= 0)
 		|| (BN_cmp(y, &key->group->field) >= 0))
 		{
 		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
 			EC_R_COORDINATES_OUT_OF_RANGE);
--- a/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
@@ -85,6 +85,8 @@
 extern "C" {
 #endif
 #define EC_FLAG_COFACTOR_ECDH	0x1000
 const ECDH_METHOD *ECDH_OpenSSL(void);
 void	  ECDH_set_default_method(const ECDH_METHOD *);
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -146,6 +146,18 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
 		}
 	group = EC_KEY_get0_group(ecdh);
 	if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH)
 		{
 		if (!EC_GROUP_get_cofactor(group, x, ctx) ||
 			!BN_mul(x, x, priv_key, ctx))
 			{
 			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 		priv_key = x;
 		}
 	if ((tmp=EC_POINT_new(group)) == NULL)
 		{
 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
--- a/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
@@ -236,6 +236,11 @@ ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx);
 int FIPS_ecdsa_verify_digest(EC_KEY *key,
 			const unsigned char *dig, int dlen, ECDSA_SIG *s);
 int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s);
 int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash, ECDSA_SIG *s);
 ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
 			const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash);
 #endif
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -89,6 +89,10 @@ typedef struct
 	{
 	AES_KEY ks1, ks2;	/* AES key schedules to use */
 	XTS128_CONTEXT xts;
 	void     (*stream)(const unsigned char *in,
 			unsigned char *out, size_t length,
 			const AES_KEY *key1, const AES_KEY *key2,
 			const unsigned char iv[16]);
 	} EVP_AES_XTS_CTX;
 typedef struct
@@ -123,6 +127,9 @@ void vpaes_cbc_encrypt(const unsigned char *in,
 			unsigned char *ivec, int enc);
 #endif
 #ifdef BSAES_ASM
 void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			size_t length, const AES_KEY *key,
 			unsigned char ivec[16], int enc);
 void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
 			size_t len, const AES_KEY *key,
 			const unsigned char ivec[16]);
@@ -337,11 +344,13 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 			{
 			aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
 			xctx->xts.block1 = (block128_f)aesni_encrypt;
 			xctx->stream = aesni_xts_encrypt;
 			}
 		else
 			{
 			aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
 			xctx->xts.block1 = (block128_f)aesni_decrypt;
 			xctx->stream = aesni_xts_decrypt;
 			}
 		aesni_set_encrypt_key(key + ctx->key_len/2,
@@ -360,32 +369,9 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	return 1;
 	}
 #define aesni_xts_cipher aes_xts_cipher
 static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len)
+		const unsigned char *in, size_t len);
 	{
 	EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
 	if (!xctx->xts.key1 || !xctx->xts.key2)
 		return -1;
 	if (!out || !in)
 		return -1;
 #ifdef OPENSSL_FIPS
 	/* Requirement of SP800-38E */
 	if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
 			(len > (1L<<20)*16))
 		{
 		EVPerr(EVP_F_AESNI_XTS_CIPHER, EVP_R_TOO_LARGE);
 		return -1;
 		}
 #endif
 	if (ctx->encrypt)
 		aesni_xts_encrypt(in, out, len,
 			xctx->xts.key1, xctx->xts.key2, ctx->iv);
 	else
 		aesni_xts_decrypt(in, out, len,
 			xctx->xts.key1, xctx->xts.key2, ctx->iv);
 	return len;
 	}
 static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc)
@@ -503,6 +489,15 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	mode = ctx->cipher->flags & EVP_CIPH_MODE;
 	if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
 	    && !enc)
 #ifdef BSAES_CAPABLE
 	    if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE)
 		{
 		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
 		dat->block	= (block128_f)AES_decrypt;
 		dat->stream.cbc	= (cbc128_f)bsaes_cbc_encrypt;
 		}
 	    else
 #endif
 #ifdef VPAES_CAPABLE
 	    if (VPAES_CAPABLE)
 		{
@@ -1050,6 +1045,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	if (key) do
 		{
 		xctx->stream = NULL;
 		/* key_len is two AES keys */
 #ifdef VPAES_CAPABLE
 		if (VPAES_CAPABLE)
@@ -1105,22 +1101,25 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 	{
 	EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
 	if (!xctx->xts.key1 || !xctx->xts.key2)
-		return -1;
+		return 0;
 	if (!out || !in)
-		return -1;
+		return 0;
 #ifdef OPENSSL_FIPS
 	/* Requirement of SP800-38E */
 	if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
-			(len > (1L<<20)*16))
+			(len > (1UL<<20)*16))
 		{
 		EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
-		return -1;
+		return 0;
 		}
 #endif
-	if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
+	if (xctx->stream)
 		(*xctx->stream)(in, out, len,
 				xctx->xts.key1, xctx->xts.key2, ctx->iv);
 	else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
 								ctx->encrypt))
-		return -1;
+		return 0;
-	return len;
+	return 1;
 	}
 #define aes_xts_cleanup NULL
--- a/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
@@ -75,7 +75,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 	return 1;\
 }
-#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(int)*8-2))
 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
 static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
--- a/crypto/perlasm/x86gas.pl
+++ b/crypto/perlasm/x86gas.pl
@@ -45,10 +45,8 @@ sub ::generic
    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
    if ($#_==0)				{ &::emit($opcode);		}
-    elsif ($opcode =~ m/^j/o && $#_==1)	{ &::emit($opcode,@arg);	}
+    elsif ($#_==1 && $opcode =~ m/^(call|clflush|j|loop|set)/o)
-    elsif ($opcode eq "call" && $#_==1)	{ &::emit($opcode,@arg);	}
+					{ &::emit($opcode,@arg);	}
    elsif ($opcode eq "clflush" && $#_==1){ &::emit($opcode,@arg);	}
    elsif ($opcode =~ m/^set/&& $#_==1)	{ &::emit($opcode,@arg);	}
    else				{ &::emit($opcode.$suffix,@arg);}
  1;
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -119,10 +119,8 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 	&mov	("esi","edx");
 	&or	("ebp","ecx");		# merge AMD XOP flag
 	&bt	("ecx",26);		# check XSAVE bit
 	&jnc	(&label("done"));
 	&bt	("ecx",27);		# check OSXSAVE bit
-	&jnc	(&label("clear_xmm"));
+	&jnc	(&label("clear_avx"));
 	&xor	("ecx","ecx");
 	&data_byte(0x0f,0x01,0xd0);	# xgetbv
 	&and	("eax",6);
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@@ -535,7 +535,7 @@ static int do_mct(char *amode,
 		}
 	    }
 	}
-    
+    FIPS_cipher_ctx_cleanup(&ctx);
    return ret;
    }
@@ -554,7 +554,7 @@ static int proc_file(char *rqfile, char *rspfile)
    FILE *afp = NULL, *rfp = NULL;
    char ibuf[2048];
    char tbuf[2048];
-    int ilen, len, ret = 0;
+    int len;
    char algo[8] = "";
    char amode[8] = "";
    char atest[8] = "";
@@ -605,7 +605,6 @@ static int proc_file(char *rqfile, char *rspfile)
    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
 	{
 	tidy_line(tbuf, ibuf);
 	ilen = strlen(ibuf);
 	/*      printf("step=%d ibuf=%s",step,ibuf); */
 	switch (step)
 	    {
@@ -780,11 +779,11 @@ static int proc_file(char *rqfile, char *rspfile)
 		    if(do_mct(amode, akeysz, aKey, iVec, 
 			      dir, (unsigned char*)plaintext, len, 
 			      rfp) < 0)
-			EXIT(1);
+			err = 1;
 		    }
 		else
 		    {
-		    ret = AESTest(&ctx, amode, akeysz, aKey, iVec, 
+		    AESTest(&ctx, amode, akeysz, aKey, iVec, 
 				  dir,  /* 0 = decrypt, 1 = encrypt */
 				  plaintext, ciphertext, len);
 		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
@@ -822,7 +821,7 @@ static int proc_file(char *rqfile, char *rspfile)
 		    }
 		else
 		    {
-		    ret = AESTest(&ctx, amode, akeysz, aKey, iVec, 
+		    AESTest(&ctx, amode, akeysz, aKey, iVec, 
 				  dir,  /* 0 = decrypt, 1 = encrypt */
 				  plaintext, ciphertext, len);
 		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
@@ -850,6 +849,7 @@ static int proc_file(char *rqfile, char *rspfile)
 	fclose(rfp);
    if (afp)
 	fclose(afp);
    FIPS_cipher_ctx_cleanup(&ctx);
    return err;
    }
@@ -862,12 +862,16 @@ static int proc_file(char *rqfile, char *rspfile)
    aes_test -d xxxxx.xxx
  The default is: -d req.txt
 --------------------------------------------------*/
 #ifdef FIPS_ALGVS
 int fips_aesavs_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
    {
    char *rqlist = "req.txt", *rspfile = NULL;
    FILE *fp = NULL;
    char fn[250] = "", rfn[256] = "";
-    int f_opt = 0, d_opt = 1;
+    int d_opt = 1;
    fips_algtest_init();
    if (argc > 1)
@@ -878,7 +882,6 @@ int main(int argc, char **argv)
 	    }
 	else if (strcasecmp(argv[1], "-f") == 0)
 	    {
 	    f_opt = 1;
 	    d_opt = 0;
 	    }
 	else
@@ -915,7 +918,7 @@ int main(int argc, char **argv)
 	    if (proc_file(rfn, rspfile))
 		{
 		printf(">>> Processing failed for: %s <<<\n", rfn);
-		EXIT(1);
+		return 1;
 		}
 	    }
 	fclose(fp);
@@ -929,7 +932,6 @@ int main(int argc, char **argv)
 	    printf(">>> Processing failed for: %s <<<\n", fn);
 	    }
 	}
    EXIT(0);
    return 0;
    }
--- a/fips/aes/fips_gcmtest.c
+++ b/fips/aes/fips_gcmtest.c
@@ -261,6 +261,7 @@ static void gcmtest(FILE *in, FILE *out, int encrypt)
 			iv = aad = ct = pt = key = tag = NULL;
 			}
 		}
 	FIPS_cipher_ctx_cleanup(&ctx);	
 	}
 static void xtstest(FILE *in, FILE *out)
@@ -270,7 +271,6 @@ static void xtstest(FILE *in, FILE *out)
 	char *keyword, *value;
 	int inlen = 0;
 	int encrypt = 0;
 	int rv;
 	long l;
 	unsigned char *key = NULL, *iv = NULL;
 	unsigned char *inbuf = NULL, *outbuf = NULL;
@@ -326,7 +326,7 @@ static void xtstest(FILE *in, FILE *out)
 			{
 			FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
 			outbuf = OPENSSL_malloc(inlen);
-			rv = FIPS_cipher(&ctx, outbuf, inbuf, inlen);
+			FIPS_cipher(&ctx, outbuf, inbuf, inlen);
 			OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
 			OPENSSL_free(inbuf);
 			OPENSSL_free(outbuf);
@@ -335,6 +335,7 @@ static void xtstest(FILE *in, FILE *out)
 			iv = key = inbuf = outbuf = NULL;
 			}	
 		}
 	FIPS_cipher_ctx_cleanup(&ctx);	
 	}
 static void ccmtest(FILE *in, FILE *out)
@@ -428,6 +429,8 @@ static void ccmtest(FILE *in, FILE *out)
 			}
 		else if (!strcmp(keyword,"Adata"))
 			{
 			if (Adata)
 				OPENSSL_free(Adata);
 			Adata = hex2bin_m(value, &l);
 			if (Alen && l != Alen)
 				{
@@ -493,10 +496,16 @@ static void ccmtest(FILE *in, FILE *out)
 		OPENSSL_free(Key);
 	if (Nonce)
 		OPENSSL_free(Nonce);
 	if (Adata)
 		OPENSSL_free(Adata);
 	FIPS_cipher_ctx_cleanup(&ctx);
 	}
-int main(int argc,char **argv)
+#ifdef FIPS_ALGVS
 int fips_gcmtest_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	int encrypt;
 	int xts = 0, ccm = 0;
--- a/fips/cmac/fips_cmactest.c
+++ b/fips/cmac/fips_cmactest.c
@@ -92,7 +92,11 @@ static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
 		unsigned char *Mac, int Maclen,
 		int Tlen);
 #ifdef FIPS_ALGVS
 int fips_cmactest_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	FILE *in = NULL, *out = NULL;
 	int mode = 0;		/* 0 => Generate, 1 => Verify */
--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@@ -102,7 +102,7 @@ static int DESTest(EVP_CIPHER_CTX *ctx,
    if (akeysz != 192)
 	{
 	printf("Invalid key size: %d\n", akeysz);
-	EXIT(1);
+	return 0;
 	}
    if (fips_strcasecmp(amode, "CBC") == 0)
@@ -120,7 +120,7 @@ static int DESTest(EVP_CIPHER_CTX *ctx,
    else
 	{
 	printf("Unknown mode: %s\n", amode);
-	EXIT(1);
+	return 0;
 	}
    if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
@@ -155,12 +155,12 @@ static void shiftin(unsigned char *dst,unsigned char *src,int nbits)
    }	
 /*-----------------------------------------------*/
-char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
+char *tdes_t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
+char *tdes_t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
-enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
+enum tdes_Mode {TCBC, TECB, TOFB, TCFB1, TCFB8, TCFB64};
 int Sizes[6]={64,64,64,1,8,64};
-static void do_mct(char *amode, 
+static int do_tmct(char *amode, 
 	    int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
 	    int dir, unsigned char *text, int len,
 	    FILE *rfp)
@@ -170,12 +170,12 @@ static void do_mct(char *amode,
    unsigned char text0[8];
    for (imode=0 ; imode < 6 ; ++imode)
-	if(!strcmp(amode,t_mode[imode]))
+	if(!strcmp(amode,tdes_t_mode[imode]))
 	    break;
    if (imode == 6)
 	{ 
 	printf("Unrecognized mode: %s\n", amode);
-	EXIT(1);
+	return 0;
 	}
    for(i=0 ; i < 400 ; ++i)
 	{
@@ -196,12 +196,12 @@ static void do_mct(char *amode,
 		OutputValue("",akey+n*8,8,rfp,0);
 		}
-	if(imode != ECB)
+	if(imode != TECB)
 	    OutputValue("IV",ivec,8,rfp,0);
-	OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
+	OutputValue(tdes_t_tag[dir^1],text,len,rfp,imode == TCFB1);
 #if 0
 	/* compensate for endianness */
-	if(imode == CFB1)
+	if(imode == TCFB1)
 	    text[0]<<=7;
 #endif
 	memcpy(text0,text,8);
@@ -223,18 +223,18 @@ static void do_mct(char *amode,
 		}
 	    if(j == 9999)
 		{
-		OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
+		OutputValue(tdes_t_tag[dir],text,len,rfp,imode == TCFB1);
 		/*		memcpy(ivec,text,8); */
 		}
 	    /*	    DebugValue("iv",ctx.iv,8); */
 	    /* accumulate material for the next key */
 	    shiftin(nk,text,Sizes[imode]);
 	    /*	    DebugValue("nk",nk,24);*/
-	    if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
+	    if((dir && (imode == TCFB1 || imode == TCFB8
-			|| imode == CBC)) || imode == OFB)
+			|| imode == TCFB64 || imode == TCBC)) || imode == TOFB)
 		memcpy(text,old_iv,8);
-	    if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
+	    if(!dir && (imode == TCFB1 || imode == TCFB8 || imode == TCFB64))
 		{
 		/* the test specifies using the output of the raw DES operation
 		   which we don't have, so reconstruct it... */
@@ -260,18 +260,20 @@ static void do_mct(char *amode,
 	/* pointless exercise - the final text doesn't depend on the
 	   initial text in OFB mode, so who cares what it is? (Who
 	   designed these tests?) */
-	if(imode == OFB)
+	if(imode == TOFB)
 	    for(n=0 ; n < 8 ; ++n)
 		text[n]=text0[n]^old_iv[n];
 	FIPS_cipher_ctx_cleanup(&ctx);
 	}
    return 1;
    }
-static int proc_file(char *rqfile, char *rspfile)
+static int tproc_file(char *rqfile, char *rspfile)
    {
    char afn[256], rfn[256];
    FILE *afp = NULL, *rfp = NULL;
    char ibuf[2048], tbuf[2048];
-    int ilen, len, ret = 0;
+    int len;
    char amode[8] = "";
    char atest[100] = "";
    int akeysz=0;
@@ -322,7 +324,6 @@ static int proc_file(char *rqfile, char *rspfile)
    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
 	{
 	tidy_line(tbuf, ibuf);
 	ilen = strlen(ibuf);
 	/*	printf("step=%d ibuf=%s",step,ibuf);*/
 	if(step == 3 && !strcmp(amode,"ECB"))
 	    {
@@ -546,12 +547,14 @@ static int proc_file(char *rqfile, char *rspfile)
 		PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
 		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
 		    {
-		    do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
+		    if (!do_tmct(amode,akeysz,numkeys,aKey,iVec,
 					dir,plaintext,len,rfp))
 			return -1;
 		    }
 		else
 		    {
 		    assert(dir == 1);
-		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
+		    DESTest(&ctx, amode, akeysz, aKey, iVec, 
 				  dir,  /* 0 = decrypt, 1 = encrypt */
 				  ciphertext, plaintext, len);
 		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
@@ -585,13 +588,13 @@ static int proc_file(char *rqfile, char *rspfile)
 		PrintValue("CIPHERTEXT", ciphertext, len);
 		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
 		    {
-		    do_mct(amode, akeysz, numkeys, aKey, iVec, 
+		    do_tmct(amode, akeysz, numkeys, aKey, iVec, 
 			   dir, ciphertext, len, rfp);
 		    }
 		else
 		    {
 		    assert(dir == 0);
-		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
+		    DESTest(&ctx, amode, akeysz, aKey, iVec, 
 				  dir,  /* 0 = decrypt, 1 = encrypt */
 				  plaintext, ciphertext, len);
 		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
@@ -619,6 +622,7 @@ static int proc_file(char *rqfile, char *rspfile)
 	fclose(rfp);
    if (afp)
 	fclose(afp);
    FIPS_cipher_ctx_cleanup(&ctx);
    return err;
    }
@@ -631,12 +635,16 @@ static int proc_file(char *rqfile, char *rspfile)
    aes_test -d xxxxx.xxx
  The default is: -d req.txt
 --------------------------------------------------*/
 #ifdef FIPS_ALGVS
 int fips_desmovs_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
    {
    char *rqlist = "req.txt", *rspfile = NULL;
    FILE *fp = NULL;
    char fn[250] = "", rfn[256] = "";
-    int f_opt = 0, d_opt = 1;
+    int d_opt = 1;
    fips_algtest_init();
    if (argc > 1)
@@ -647,7 +655,6 @@ int main(int argc, char **argv)
 	    }
 	else if (fips_strcasecmp(argv[1], "-f") == 0)
 	    {
 	    f_opt = 1;
 	    d_opt = 0;
 	    }
 	else
@@ -680,10 +687,10 @@ int main(int argc, char **argv)
 	    strtok(fn, "\r\n");
 	    strcpy(rfn, fn);
 	    printf("Processing: %s\n", rfn);
-	    if (proc_file(rfn, rspfile))
+	    if (tproc_file(rfn, rspfile))
 		{
 		printf(">>> Processing failed for: %s <<<\n", rfn);
-		EXIT(1);
+		return -1;
 		}
 	    }
 	fclose(fp);
@@ -692,12 +699,11 @@ int main(int argc, char **argv)
 	{
 	if (VERBOSE)
 		printf("Processing: %s\n", fn);
-	if (proc_file(fn, rspfile))
+	if (tproc_file(fn, rspfile))
 	    {
 	    printf(">>> Processing failed for: %s <<<\n", fn);
 	    }
 	}
    EXIT(0);
    return 0;
    }
--- a/fips/dh/fips_dhvs.c
+++ b/fips/dh/fips_dhvs.c
@@ -145,8 +145,12 @@ static void output_Zhash(FILE *out, int exout,
 	OPENSSL_cleanse(Z, Zlen);
 	OPENSSL_free(Z);
 	}
-		
+
-int main(int argc,char **argv)
+#ifdef FIPS_ALGVS
 int fips_dhvs_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	char **args = argv + 1;
 	int argn = argc - 1;
@@ -275,6 +279,10 @@ int main(int argc,char **argv)
 							rhash, rhashlen);
 			}
 		}
 	if (in && in != stdin)
 		fclose(in);
 	if (out && out != stdout)
 		fclose(out);
 	return 0;
 	parse_error:
 	fprintf(stderr, "Error Parsing request file\n");
--- a/fips/dsa/fips_dsa_sign.c
+++ b/fips/dsa/fips_dsa_sign.c
@@ -114,4 +114,28 @@ int FIPS_dsa_verify_digest(DSA *dsa,
 	return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
 	}
 int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash, DSA_SIG *s)
 	{
 	int ret=-1;
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int dlen;
        FIPS_digest(msg, msglen, dig, &dlen, mhash);
 	ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s);
 	OPENSSL_cleanse(dig, dlen);
 	return ret;
 	}
 DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash)
 	{
 	DSA_SIG *s;
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int dlen;
        FIPS_digest(msg, msglen, dig, &dlen, mhash);
 	s = FIPS_dsa_sign_digest(dsa, dig, dlen);
 	OPENSSL_cleanse(dig, dlen);
 	return s;
 	}
 #endif
--- a/fips/dsa/fips_dsatest.c
+++ b/fips/dsa/fips_dsatest.c
@@ -154,9 +154,7 @@ int main(int argc, char **argv)
 	unsigned char buf[256];
 	unsigned long h;
 	BN_GENCB cb;
 	EVP_MD_CTX mctx;
 	BN_GENCB_set(&cb, dsa_cb, stderr);
 	FIPS_md_ctx_init(&mctx);
    	fips_algtest_init();
@@ -210,19 +208,11 @@ int main(int argc, char **argv)
 		}
 	DSA_generate_key(dsa);
-	if (!FIPS_digestinit(&mctx, EVP_sha1()))
+	sig = FIPS_dsa_sign(dsa, str1, 20, EVP_sha1());
 		goto end;
 	if (!FIPS_digestupdate(&mctx, str1, 20))
 		goto end;
 	sig = FIPS_dsa_sign_ctx(dsa, &mctx);
 	if (!sig)
 		goto end;
-	if (!FIPS_digestinit(&mctx, EVP_sha1()))
+	if (FIPS_dsa_verify(dsa, str1, 20, EVP_sha1(), sig) != 1)
 		goto end;
 	if (!FIPS_digestupdate(&mctx, str1, 20))
 		goto end;
 	if (FIPS_dsa_verify_ctx(dsa, &mctx, sig) != 1)
 		goto end;
 	ret = 1;
@@ -231,7 +221,6 @@ end:
 	if (sig)
 		FIPS_dsa_sig_free(sig);
 	if (dsa != NULL) FIPS_dsa_free(dsa);
 	FIPS_md_ctx_cleanup(&mctx);
 #if 0
 	CRYPTO_mem_leaks(bio_err);
 #endif
--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -199,6 +199,7 @@ static void pqg(FILE *in, FILE *out)
 			{
 			fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter);
 			}
 		FIPS_dsa_free(dsa);
 		}
 	    }
 	else if(!strcmp(keyword,"P"))
@@ -519,6 +520,8 @@ static void keyver(FILE *in, FILE *out)
 	    BN_free(g);
 	if (Y2)
 	    BN_free(Y2);
 	if (ctx)
 	    BN_CTX_free(ctx);
    }
 static void keypair(FILE *in, FILE *out)
@@ -575,6 +578,8 @@ static void keypair(FILE *in, FILE *out)
 		do_bn_print_name(out, "Y",dsa->pub_key);
 	    	fputs(RESP_EOL, out);
 		}
 	    if (dsa)
 		FIPS_dsa_free(dsa);
 	    }
 	}
    }
@@ -627,9 +632,7 @@ static void siggen(FILE *in, FILE *out)
 	    {
 	    unsigned char msg[1024];
 	    int n;
 	    EVP_MD_CTX mctx;
 	    DSA_SIG *sig;
 	    FIPS_md_ctx_init(&mctx);
 	    n=hex2bin(value,msg);
@@ -637,19 +640,16 @@ static void siggen(FILE *in, FILE *out)
 		exit(1);
 	    do_bn_print_name(out, "Y",dsa->pub_key);
-	    FIPS_digestinit(&mctx, md);
+	    sig = FIPS_dsa_sign(dsa, msg, n, md);
 	    FIPS_digestupdate(&mctx, msg, n);
 	    sig = FIPS_dsa_sign_ctx(dsa, &mctx);
 	    do_bn_print_name(out, "R",sig->r);
 	    do_bn_print_name(out, "S",sig->s);
 	    fputs(RESP_EOL, out);
 	    FIPS_dsa_sig_free(sig);
 	    FIPS_md_ctx_cleanup(&mctx);
 	    }
 	}
-	if (dsa)
+    if (dsa)
-		FIPS_dsa_free(dsa);
+	FIPS_dsa_free(dsa);
    }
 static void sigver(FILE *in, FILE *out)
@@ -687,37 +687,48 @@ static void sigver(FILE *in, FILE *out)
 	    dsa = FIPS_dsa_new();
 	    }
 	else if(!strcmp(keyword,"P"))
-	    dsa->p=hex2bn(value);
+	    do_hex2bn(&dsa->p, value);
 	else if(!strcmp(keyword,"Q"))
-	    dsa->q=hex2bn(value);
+	    do_hex2bn(&dsa->q, value);
 	else if(!strcmp(keyword,"G"))
-	    dsa->g=hex2bn(value);
+	    do_hex2bn(&dsa->g, value);
 	else if(!strcmp(keyword,"Msg"))
 	    n=hex2bin(value,msg);
 	else if(!strcmp(keyword,"Y"))
-	    dsa->pub_key=hex2bn(value);
+	    do_hex2bn(&dsa->pub_key, value);
 	else if(!strcmp(keyword,"R"))
 	    sig->r=hex2bn(value);
 	else if(!strcmp(keyword,"S"))
 	    {
 	    EVP_MD_CTX mctx;
 	    int r;
 	    FIPS_md_ctx_init(&mctx);
 	    sig->s=hex2bn(value);
 	    FIPS_digestinit(&mctx, md);
 	    FIPS_digestupdate(&mctx, msg, n);
 	    no_err = 1;
-	    r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
+	    r = FIPS_dsa_verify(dsa, msg, n, md, sig);
 	    no_err = 0;
-	    FIPS_md_ctx_cleanup(&mctx);
+	    if (sig->s)
 		{
 		BN_free(sig->s);
 		sig->s = NULL;
 		}
 	    if (sig->r)
 		{
 		BN_free(sig->r);
 		sig->r = NULL;
 		}
 	    fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F');
 	    }
 	}
 	if (dsa)
 	    FIPS_dsa_free(dsa);
    }
-int main(int argc,char **argv)
+#ifdef FIPS_ALGVS
 int fips_dssvs_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
    {
    FILE *in, *out;
    if (argc == 4)
--- a/fips/ecdh/fips_ecdh_selftest.c
+++ b/fips/ecdh/fips_ecdh_selftest.c
@@ -166,6 +166,7 @@ int FIPS_selftest_ecdh(void)
 			rv = -1;
 			goto err;
 			}
 		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
 		if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
 			{
@@ -194,6 +195,7 @@ int FIPS_selftest_ecdh(void)
 			rv = -1;
 			goto err;
 			}
 		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
 		if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
 			{
--- a/fips/ecdh/fips_ecdhvs.c
+++ b/fips/ecdh/fips_ecdhvs.c
@@ -76,7 +76,7 @@ int main(int argc, char **argv)
 #include "fips_utl.h"
-static const EVP_MD *parse_md(char *line)
+static const EVP_MD *eparse_md(char *line)
 	{
 	char *p;
 	if (line[0] != '[' || line[1] != 'E')
@@ -261,6 +261,7 @@ static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
 	unsigned char chash[EVP_MAX_MD_SIZE];
 	int Zlen;
 	ec = EC_KEY_new();
 	EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
 	EC_KEY_set_group(ec, group);
 	peerkey = make_peer(group, cx, cy);
 	if (rhash == NULL)
@@ -301,7 +302,11 @@ static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
 	EC_POINT_free(peerkey);
 	}
-int main(int argc,char **argv)
+#ifdef FIPS_ALGVS
 int fips_ecdhvs_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	char **args = argv + 1;
 	int argn = argc - 1;
@@ -315,6 +320,7 @@ int main(int argc,char **argv)
 	EC_GROUP *group = NULL;
 	char *keyword = NULL, *value = NULL;
 	int do_verify = -1, exout = 0;
 	int rv = 1;
 	int curve_nids[5] = {0,0,0,0,0};
 	int param_set = -1;
@@ -408,11 +414,16 @@ int main(int argc,char **argv)
 			if (group)
 				EC_GROUP_free(group);
 			group = EC_GROUP_new_by_curve_name(nid);
 			if (!group)
 				{
 				fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
 				return 1;
 				}
 			}
 		if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
 			{
-			md = parse_md(buf);
+			md = eparse_md(buf);
 			if (md == NULL)
 				goto parse_error;
 			continue;
@@ -459,10 +470,27 @@ int main(int argc,char **argv)
 					md, rhash, rhashlen);
 			}
 		}
-	return 0;
+	rv = 0;
 	parse_error:
-	fprintf(stderr, "Error Parsing request file\n");
+	if (id)
-	exit(1);
+		BN_free(id);
 	if (ix)
 		BN_free(ix);
 	if (iy)
 		BN_free(iy);
 	if (cx)
 		BN_free(cx);
 	if (cy)
 		BN_free(cy);
 	if (group)
 		EC_GROUP_free(group);
 	if (in && in != stdin)
 		fclose(in);
 	if (out && out != stdout)
 		fclose(out);
 	if (rv)
 		fprintf(stderr, "Error Parsing request file\n");
 	return rv;
 	}
 #endif
--- a/fips/ecdsa/fips_ecdsa_sign.c
+++ b/fips/ecdsa/fips_ecdsa_sign.c
@@ -87,3 +87,28 @@ int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s)
 	return ret;
 	}
 int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash, ECDSA_SIG *s)
 	{
 	int ret=-1;
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int dlen;
        FIPS_digest(msg, msglen, dig, &dlen, mhash);
 	ret=FIPS_ecdsa_verify_digest(key, dig, dlen, s);
 	OPENSSL_cleanse(dig, dlen);
 	return ret;
 	}
 ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
 			const unsigned char *msg, size_t msglen,
 			const EVP_MD *mhash)
 	{
 	ECDSA_SIG *s;
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int dlen;
        FIPS_digest(msg, msglen, dig, &dlen, mhash);
 	s = FIPS_ecdsa_sign_digest(key, dig, dlen);
 	OPENSSL_cleanse(dig, dlen);
 	return s;
 	}
--- a/fips/ecdsa/fips_ecdsavs.c
+++ b/fips/ecdsa/fips_ecdsavs.c
@@ -75,7 +75,7 @@ int main(int argc, char **argv)
 #include <openssl/objects.h>
-static int lookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
+static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
 	{
 	char *cname, *p;
 	/* Copy buffer as we will change it */
@@ -200,7 +200,7 @@ static int KeyPair(FILE *in, FILE *out)
 		if (*buf == '[' && buf[2] == '-')
 			{
 			if (buf[2] == '-')
-			curve_nid = lookup_curve(buf, lbuf, NULL);
+			curve_nid = elookup_curve(buf, lbuf, NULL);
 			fputs(buf, out);
 			continue;
 			}
@@ -260,7 +260,7 @@ static int PKV(FILE *in, FILE *out)
 		fputs(buf, out);
 		if (*buf == '[' && buf[2] == '-')
 			{
-			curve_nid = lookup_curve(buf, lbuf, NULL);
+			curve_nid = elookup_curve(buf, lbuf, NULL);
 			if (curve_nid == NID_undef)
 				return 0;
@@ -287,10 +287,13 @@ static int PKV(FILE *in, FILE *out)
 			no_err = 1;
 			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
 			no_err = 0;
 			EC_KEY_free(key);
 			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
 			}
 		}
 	BN_free(Qx);
 	BN_free(Qy);
 	return 1;
 	}
@@ -305,8 +308,6 @@ static int SigGen(FILE *in, FILE *out)
 	EC_KEY *key = NULL;
 	ECDSA_SIG *sig = NULL;
 	const EVP_MD *digest = NULL;
 	EVP_MD_CTX mctx;
 	EVP_MD_CTX_init(&mctx);
 	Qx = BN_new();
 	Qy = BN_new();
 	while(fgets(buf, sizeof buf, in) != NULL)
@@ -314,7 +315,7 @@ static int SigGen(FILE *in, FILE *out)
 		fputs(buf, out);
 		if (*buf == '[')
 			{
-			curve_nid = lookup_curve(buf, lbuf, &digest);
+			curve_nid = elookup_curve(buf, lbuf, &digest);
 			if (curve_nid == NID_undef)
 				return 0;
 			}
@@ -342,9 +343,7 @@ static int SigGen(FILE *in, FILE *out)
 				return 0;
 				}
-			FIPS_digestinit(&mctx, digest);
+	    		sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
 			FIPS_digestupdate(&mctx, msg, mlen);
 	    		sig = FIPS_ecdsa_sign_ctx(key, &mctx);
 			if (!sig)
 				{
@@ -358,7 +357,7 @@ static int SigGen(FILE *in, FILE *out)
 			do_bn_print_name(out, "S", sig->s);
 			EC_KEY_free(key);
-
+			OPENSSL_free(msg);
 			FIPS_ecdsa_sig_free(sig);
 			}
@@ -366,7 +365,6 @@ static int SigGen(FILE *in, FILE *out)
 		}
 	BN_free(Qx);
 	BN_free(Qy);
 	FIPS_md_ctx_cleanup(&mctx);
 	return 1;
 	}
@@ -381,8 +379,6 @@ static int SigVer(FILE *in, FILE *out)
 	EC_KEY *key = NULL;
 	ECDSA_SIG sg, *sig = &sg;
 	const EVP_MD *digest = NULL;
 	EVP_MD_CTX mctx;
 	EVP_MD_CTX_init(&mctx);
 	sig->r = NULL;
 	sig->s = NULL;
 	while(fgets(buf, sizeof buf, in) != NULL)
@@ -390,7 +386,7 @@ static int SigVer(FILE *in, FILE *out)
 		fputs(buf, out);
 		if (*buf == '[')
 			{
-			curve_nid = lookup_curve(buf, lbuf, &digest);
+			curve_nid = elookup_curve(buf, lbuf, &digest);
 			if (curve_nid == NID_undef)
 				return 0;
 			}
@@ -447,20 +443,32 @@ static int SigVer(FILE *in, FILE *out)
 				return 0;
 				}
 			FIPS_digestinit(&mctx, digest);
 			FIPS_digestupdate(&mctx, msg, mlen);
 			no_err = 1;
-	    		rv = FIPS_ecdsa_verify_ctx(key, &mctx, sig);
+	    		rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
 			EC_KEY_free(key);
 			if (msg)
 				OPENSSL_free(msg);
 			no_err = 0;
 			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
 			}
 		}
 	if (sig->r)
 		BN_free(sig->r);
 	if (sig->s)
 		BN_free(sig->s);
 	if (Qx)
 		BN_free(Qx);
 	if (Qy)
 		BN_free(Qy);
 	return 1;
 	}
-
+#ifdef FIPS_ALGVS
 int fips_ecdsavs_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	FILE *in = NULL, *out = NULL;
 	const char *cmd = argv[1];
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -97,9 +97,8 @@ int FIPS_selftest_rsa(void);
 int FIPS_selftest_dsa(void);
 int FIPS_selftest_ecdsa(void);
 int FIPS_selftest_ecdh(void);
-void FIPS_corrupt_drbg(void);
+void FIPS_x931_stick(int onoff);
-void FIPS_x931_stick(void);
+void FIPS_drbg_stick(int onoff);
 void FIPS_drbg_stick(void);
 int FIPS_selftest_x931(void);
 int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
@@ -224,6 +223,16 @@ int FIPS_rsa_verify_digest(struct rsa_st *rsa,
 			const struct env_md_st *mgf1Hash,
 			const unsigned char *sigbuf, unsigned int siglen);
 int FIPS_rsa_sign(struct rsa_st *rsa, const unsigned char *msg, int msglen,
 			const struct env_md_st *mhash, int rsa_pad_mode,
 			int saltlen, const struct env_md_st *mgf1Hash,
 			unsigned char *sigret, unsigned int *siglen);
 int FIPS_rsa_verify(struct rsa_st *rsa, const unsigned char *msg, int msglen,
 			const struct env_md_st *mhash, int rsa_pad_mode,
 			int saltlen, const struct env_md_st *mgf1Hash,
 			const unsigned char *sigbuf, unsigned int siglen);
 #ifdef OPENSSL_FIPSCAPABLE
 int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type);
--- a/fips/fips_canister.c
+++ b/fips/fips_canister.c
@@ -34,6 +34,7 @@ const void         *FIPS_text_end(void);
 				  defined(__mips__)|| defined(__mips)))	|| \
 	(defined(__linux)     && ((defined(__PPC__) && !defined(__PPC64__)) || \
 				  defined(__arm__) || defined(__arm)))	|| \
 	(defined(__APPLE__) /* verified on all MacOS X & iOS flavors */)|| \
 	(defined(_WIN32)      && defined(_MSC_VER))
 #  define FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
 # endif
--- a/fips/fips_locl.h
+++ b/fips/fips_locl.h
@@ -67,8 +67,8 @@ int fips_post_failed(int id, int subid, void *ex);
 int fips_post_corrupt(int id, int subid, void *ex);
 int fips_post_status(void);
-#define FIPS_MODULE_VERSION_NUMBER	0x20000002L
+#define FIPS_MODULE_VERSION_NUMBER	0x20000009L
-#define FIPS_MODULE_VERSION_TEXT	"FIPS 2.0-rc2-dev unvalidated test module xx XXX xxxx"
+#define FIPS_MODULE_VERSION_TEXT	"FIPS 2.0-rc9 unvalidated test module xx XXX xxxx"
 #ifdef  __cplusplus
 }
--- a/fips/fips_post.c
+++ b/fips/fips_post.c
@@ -207,7 +207,6 @@ int fips_pkey_signature_test(int id, EVP_PKEY *pkey,
 			const char *fail_str)
 	{	
 	int subid;
 	void *ex = NULL;
 	int ret = 0;
 	unsigned char *sig = NULL;
 	unsigned int siglen;
@@ -335,7 +334,7 @@ int fips_pkey_signature_test(int id, EVP_PKEY *pkey,
 		FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
 		if (fail_str)
 			FIPS_add_error_data(2, "Type=", fail_str);
-		fips_post_failed(id, subid, ex);
+		fips_post_failed(id, subid, pkey);
 		return 0;
 		}
 	return fips_post_success(id, subid, pkey);
--- a/fips/fips_premain.c
+++ b/fips/fips_premain.c
@@ -7,7 +7,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#if defined(__unix) || defined(__unix__) || defined(__vxworks) || defined(__ANDROID__)
+#if defined(__unix) || defined(__unix__) || defined(__vxworks) || defined(__ANDROID__) || defined(__APPLE__)
 #include <unistd.h>
 #endif
--- a/fips/fips_premain.c.sha1
+++ b/fips/fips_premain.c.sha1
@@ -1 +1 @@
-HMAC-SHA1(fips_premain.c)= a401afd9c2b57f0f11d2b34b6d0c9815b1fe6a66
+HMAC-SHA1(fips_premain.c)= 1eaf66f76187877ff403708a2948d240f92736a0
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -144,11 +144,9 @@ static int FIPS_dsa_test(int bad)
    DSA *dsa = NULL;
    unsigned char dgst[] = "etaonrishdlc";
    int r = 0;
    EVP_MD_CTX mctx;
    DSA_SIG *sig = NULL;
    ERR_clear_error();
    FIPS_md_ctx_init(&mctx);
    dsa = FIPS_dsa_new();
    if (!dsa)
 	goto end;
@@ -159,23 +157,14 @@ static int FIPS_dsa_test(int bad)
    if (bad)
 	    BN_add_word(dsa->pub_key, 1);
-    if (!FIPS_digestinit(&mctx, EVP_sha256()))
+    sig = FIPS_dsa_sign(dsa, dgst, sizeof(dgst) -1, EVP_sha256());
 	goto end;
    if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
 	goto end;
    sig = FIPS_dsa_sign_ctx(dsa, &mctx);
    if (!sig)
 	goto end;
-    if (!FIPS_digestinit(&mctx, EVP_sha256()))
+    r = FIPS_dsa_verify(dsa, dgst, sizeof(dgst) -1, EVP_sha256(), sig);
 	goto end;
    if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
 	goto end;
    r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
    end:
    if (sig)
 	FIPS_dsa_sig_free(sig);
    FIPS_md_ctx_cleanup(&mctx);
    if (dsa)
  	  FIPS_dsa_free(dsa);
    if (r != 1)
@@ -193,11 +182,9 @@ static int FIPS_rsa_test(int bad)
    unsigned char buf[256];
    unsigned int slen;
    BIGNUM *bn;
    EVP_MD_CTX mctx;
    int r = 0;
    ERR_clear_error();
    FIPS_md_ctx_init(&mctx);
    key = FIPS_rsa_new();
    bn = BN_new();
    if (!key || !bn)
@@ -209,20 +196,13 @@ static int FIPS_rsa_test(int bad)
    if (bad)
 	    BN_add_word(key->n, 1);
-    if (!FIPS_digestinit(&mctx, EVP_sha256()))
+    if (!FIPS_rsa_sign(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
-	goto end;
+			RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
    if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
 	goto end;
    if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
 	goto end;
-    if (!FIPS_digestinit(&mctx, EVP_sha256()))
+    r = FIPS_rsa_verify(key, input_ptext, sizeof(input_ptext) - 1, EVP_sha256(),
-	goto end;
+			RSA_PKCS1_PADDING, 0, NULL, buf, slen);
    if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
 	goto end;
    r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
    end:
    FIPS_md_ctx_cleanup(&mctx);
    if (key)
  	  FIPS_rsa_free(key);
    if (r != 1)
@@ -651,6 +631,8 @@ static int Zeroize()
    for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
        printf("\n");
    FIPS_rsa_free(key);
    return 1;
    }
@@ -668,6 +650,13 @@ static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
 	return (min_len + 0xf) & ~0xf;
 	}
 /* Callback which returns 0 to indicate entropy source failure */
 static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len)
 	{
 	return 0;
 	}
 /* DRBG test: just generate lots of data and trigger health checks */
 static int do_drbg_test(int type, int flags)
@@ -696,7 +685,7 @@ static int do_drbg_test(int type, int flags)
 	}
    rv = 1;
    err:
-    FIPS_drbg_uninstantiate(dctx);
+    FIPS_drbg_free(dctx);
    return rv;
    }
@@ -822,11 +811,14 @@ static int fail_id = -1;
 static int fail_sub = -1;
 static int fail_key = -1;
 static int st_err, post_quiet = 0;
 static int post_cb(int op, int id, int subid, void *ex)
 	{
 	const char *idstr, *exstr = "";
 	char asctmp[20];
 	int keytype = -1;
 	int exp_fail = 0;
 #ifdef FIPS_POST_TIME
 	static struct timespec start, end, tstart, tend;
 #endif
@@ -938,6 +930,11 @@ static int post_cb(int op, int id, int subid, void *ex)
 		}
 	if (fail_id == id
 		&& (fail_key == -1 || fail_key == keytype)
 		&& (fail_sub == -1 || fail_sub == subid))
 			exp_fail = 1;
 	switch(op)
 		{
 		case FIPS_POST_BEGIN:
@@ -961,14 +958,22 @@ static int post_cb(int op, int id, int subid, void *ex)
 		break;
 		case FIPS_POST_STARTED:
-		printf("\t\t%s %s test started\n", idstr, exstr);
+		if (!post_quiet && !exp_fail)
 			printf("\t\t%s %s test started\n", idstr, exstr);
 #ifdef FIPS_POST_TIME
 		clock_gettime(CLOCK_REALTIME, &start);
 #endif
 		break;
 		case FIPS_POST_SUCCESS:
-		printf("\t\t%s %s test OK\n", idstr, exstr);
+		if (exp_fail)
 			{
 			printf("\t\t%s %s test OK but should've failed\n",
 								idstr, exstr);
 			st_err++;
 			}
 		else if (!post_quiet)
 			printf("\t\t%s %s test OK\n", idstr, exstr);
 #ifdef FIPS_POST_TIME
 		clock_gettime(CLOCK_REALTIME, &end);
 		printf("\t\t\tTook %f seconds\n",
@@ -978,13 +983,21 @@ static int post_cb(int op, int id, int subid, void *ex)
 		break;
 		case FIPS_POST_FAIL:
-		printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
+		if (exp_fail)
 			{
 			printf("\t\t%s %s test failed as expected\n",
 							idstr, exstr);
 			}
 		else
 			{
 			printf("\t\t%s %s test Failed Incorrectly!!\n",
 							idstr, exstr);
 			st_err++;
 			}
 		break;
 		case FIPS_POST_CORRUPT:
-		if (fail_id == id
+		if (exp_fail)
 			&& (fail_key == -1 || fail_key == keytype)
 			&& (fail_sub == -1 || fail_sub == subid))
 			{
 			printf("\t\t%s %s test failure induced\n", idstr, exstr);
 			return 0;
@@ -995,14 +1008,332 @@ static int post_cb(int op, int id, int subid, void *ex)
 	return 1;
 	}
-int main(int argc,char **argv)
+/* Test POST induced failures */
 typedef struct 
 	{
 	const char *name;
 	int id, subid, keyid;
 	} fail_list;
 static fail_list flist[] =
 	{
 	{"Integrity", FIPS_TEST_INTEGRITY, -1, -1},
 	{"AES", FIPS_TEST_CIPHER, NID_aes_128_ecb, -1},
 	{"DES3", FIPS_TEST_CIPHER, NID_des_ede3_ecb, -1},
 	{"AES-GCM", FIPS_TEST_GCM, -1, -1},
 	{"AES-CCM", FIPS_TEST_CCM, -1, -1},
 	{"AES-XTS", FIPS_TEST_XTS, -1, -1},
 	{"Digest", FIPS_TEST_DIGEST, -1, -1},
 	{"HMAC", FIPS_TEST_HMAC, -1, -1},
 	{"CMAC", FIPS_TEST_CMAC, -1, -1},
 	{"DRBG", FIPS_TEST_DRBG, -1, -1},
 	{"X9.31 PRNG", FIPS_TEST_X931, -1, -1},
 	{"RSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_RSA},
 	{"DSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_DSA},
 	{"ECDSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_EC},
 	{"ECDH", FIPS_TEST_ECDH, -1, -1},
 	{NULL, -1, -1, -1}
 	};
 static int do_fail_all(int fullpost, int fullerr)
 	{
 	fail_list *ftmp;
 	int rv;
 	size_t i;
 	RSA *rsa = NULL;
 	DSA *dsa = NULL;
 	DRBG_CTX *dctx = NULL, *defctx = NULL;
 	EC_KEY *ec = NULL;
 	BIGNUM *bn = NULL;
 	unsigned char out[10];
 	if (!fullpost)
 		post_quiet = 1;
 	if (!fullerr)
 		no_err = 1;
 	FIPS_module_mode_set(0, NULL);
 	for (ftmp = flist; ftmp->name; ftmp++)
 		{
 		printf("    Testing induced failure of %s test\n", ftmp->name);
 		fail_id = ftmp->id;
 		fail_sub = ftmp->subid;
 		fail_key = ftmp->keyid;
 		rv = FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS);
 		if (rv)
 			{
 			printf("\tFIPS mode incorrectly successful!!\n");
 			st_err++;
 			}
 		}
 	printf("    Testing induced failure of RSA keygen test\n");
 	/* NB POST will succeed with a pairwise test failures as
 	 * it is not used during POST.
 	 */
 	fail_id = FIPS_TEST_PAIRWISE;
 	fail_key = EVP_PKEY_RSA;
 	/* Now enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	rsa = FIPS_rsa_new();
 	bn = BN_new();
 	if (!rsa || !bn)
 		return 0;
 	BN_set_word(bn, 65537);
 	if (RSA_generate_key_ex(rsa, 2048,bn,NULL))
 		{
 		printf("\tRSA key generated OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tRSA key generation failed as expected.\n");
 	/* Leave FIPS mode to clear error */
 	FIPS_module_mode_set(0, NULL);
 	printf("    Testing induced failure of DSA keygen test\n");
 	fail_key = EVP_PKEY_DSA;
 	/* Enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	dsa = FIPS_dsa_new();
    	if (!dsa)
 		return 0;
 	if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
 		return 0;
    	if (DSA_generate_key(dsa))
 		{
 		printf("\tDSA key generated OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tDSA key generation failed as expected.\n");
 	/* Leave FIPS mode to clear error */
 	FIPS_module_mode_set(0, NULL);
 	/* Enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	printf("    Testing induced failure of ECDSA keygen test\n");
 	fail_key = EVP_PKEY_EC;
 	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 	if (!ec)
 		return 0;
    	if (EC_KEY_generate_key(ec))
 		{
 		printf("\tECDSA key generated OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tECDSA key generation failed as expected.\n");
 	FIPS_ec_key_free(ec);
 	ec = NULL;
 	fail_id = -1;
 	fail_sub = -1;
 	fail_key = -1;
 	/* Leave FIPS mode to clear error */
 	FIPS_module_mode_set(0, NULL);
 	/* Enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	/* Induce continuous PRNG failure for DRBG */
 	printf("    Testing induced failure of DRBG CPRNG test\n");
 	FIPS_drbg_stick(1);
 	/* Initialise a DRBG context */
 	dctx = FIPS_drbg_new(NID_sha1, 0);
 	if (!dctx)
 		return 0;
 	for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
 		{
 		dummy_drbg_entropy[i] = i & 0xff;
 		}
 	FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
 	if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
 		{
 		printf("\tDRBG instantiate error!!\n");
 		st_err++;
 		}
 	if (FIPS_drbg_generate(dctx, out, sizeof(out), 0, NULL, 0))
 		{
 		printf("\tDRBG continuous PRNG OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tDRBG continuous PRNG failed as expected\n");
 	FIPS_drbg_stick(0);
 	/* Leave FIPS mode to clear error */
 	FIPS_module_mode_set(0, NULL);
 	/* Enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	FIPS_drbg_free(dctx);
 	/* Induce continuous PRNG failure for DRBG entropy source*/
 	printf("    Testing induced failure of DRBG entropy CPRNG test\n");
 	/* Initialise a DRBG context */
 	dctx = FIPS_drbg_new(NID_sha1, 0);
 	if (!dctx)
 		return 0;
 	for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
 		{
 		dummy_drbg_entropy[i] = i & 0xf;
 		}
 	FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
 	if (FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
 		{
 		printf("\tDRBG continuous PRNG entropy OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tDRBG continuous PRNG entropy failed as expected\n");
 	/* Leave FIPS mode to clear error */
 	FIPS_module_mode_set(0, NULL);
 	/* Enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	FIPS_drbg_free(dctx);
 	/* Leave FIPS mode to clear error */
 	FIPS_module_mode_set(0, NULL);
 	/* Enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	printf("    Testing induced failure of X9.31 CPRNG test\n");
 	FIPS_x931_stick(1);
 	if (!FIPS_x931_set_key(dummy_drbg_entropy, 32))
 		{
 		printf("\tError initialiasing X9.31 PRNG\n");
 		st_err++;
 		}
 	if (!FIPS_x931_seed(dummy_drbg_entropy + 32, 16))
 		{
 		printf("\tError seeding X9.31 PRNG\n");
 		st_err++;
 		}
 	if (FIPS_x931_bytes(out, 10) > 0)
 		{
 		printf("\tX9.31 continuous PRNG failure OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tX9.31 continuous PRNG failed as expected\n");
 	FIPS_x931_stick(0);
 	/* Leave FIPS mode to clear error */
 	FIPS_module_mode_set(0, NULL);
 	/* Enter FIPS mode successfully */
 	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
 		{
 		printf("\tError entering FIPS mode\n");
 		st_err++;
 		}
 	printf("    Testing operation failure with DRBG entropy failure\n");
 	/* Generate DSA key for later use */
    	if (DSA_generate_key(dsa))
 		printf("\tDSA key generated OK as expected.\n");
 	else
 		{
 		printf("\tDSA key generation FAILED!!\n");
 		st_err++;
 		}
 	/* Initialise default DRBG context */
 	defctx = FIPS_get_default_drbg();
 	if (!defctx)
 		return 0;
 	if (!FIPS_drbg_init(defctx, NID_sha512, 0))
 		return 0;
 	/* Set entropy failure callback */
 	FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0);
 	if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10))
 		{
 		printf("\tDRBG entropy fail OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tDRBG entropy fail failed as expected\n");
 	if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256()))
 		{
 		printf("\tDSA signing OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tDSA signing failed as expected\n");
 	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 	if (!ec)
 		return 0;
    	if (EC_KEY_generate_key(ec))
 		{
 		printf("\tECDSA key generated OK incorrectly!!\n");
 		st_err++;
 		}
 	else
 		printf("\tECDSA key generation failed as expected.\n");
 	printf("  Induced failure test completed with %d errors\n", st_err);
 	post_quiet = 0; 
 	no_err = 0;
 	BN_free(bn);
 	FIPS_rsa_free(rsa);
 	FIPS_dsa_free(dsa);
 	FIPS_ec_key_free(ec);
 	if (st_err)
 		return 0;
 	return 1;
 	}
 #ifdef FIPS_ALGVS
 int fips_test_suite_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
    {
    char **args = argv + 1;
    int bad_rsa = 0, bad_dsa = 0;
    int do_rng_stick = 0;
    int do_drbg_stick = 0;
    int no_exit = 0;
-    int no_dh = 0;
+    int no_dh = 0, no_drbg = 0;
    char *pass = FIPS_AUTH_USER_PASS;
    int fullpost = 0, fullerr = 0;
    FIPS_post_set_callback(post_cb);
@@ -1010,95 +1341,106 @@ int main(int argc,char **argv)
    printf("\t%s\n\n", FIPS_module_version_text());
-    if (argv[1]) {
+    while(*args) {
        /* Corrupted KAT tests */
-        if (!strcmp(argv[1], "integrity")) {
+        if (!strcmp(*args, "integrity")) {
 	    fail_id = FIPS_TEST_INTEGRITY;
-        } else if (!strcmp(argv[1], "aes")) {
+        } else if (!strcmp(*args, "aes")) {
 	    fail_id = FIPS_TEST_CIPHER;
 	    fail_sub = NID_aes_128_ecb;	
-        } else if (!strcmp(argv[1], "aes-ccm")) {
+        } else if (!strcmp(*args, "aes-ccm")) {
 	    fail_id = FIPS_TEST_CCM;
-        } else if (!strcmp(argv[1], "aes-gcm")) {
+        } else if (!strcmp(*args, "aes-gcm")) {
 	    fail_id = FIPS_TEST_GCM;
-        } else if (!strcmp(argv[1], "aes-xts")) {
+        } else if (!strcmp(*args, "aes-xts")) {
 	    fail_id = FIPS_TEST_XTS;
-        } else if (!strcmp(argv[1], "des")) {
+        } else if (!strcmp(*args, "des")) {
 	    fail_id = FIPS_TEST_CIPHER;
 	    fail_sub = NID_des_ede3_ecb;	
-        } else if (!strcmp(argv[1], "dsa")) {
+        } else if (!strcmp(*args, "dsa")) {
 	    fail_id = FIPS_TEST_SIGNATURE;
 	    fail_key = EVP_PKEY_DSA;	
        } else if (!strcmp(argv[1], "ecdh")) {
 	    fail_id = FIPS_TEST_ECDH;
-        } else if (!strcmp(argv[1], "ecdsa")) {
+        } else if (!strcmp(*args, "ecdsa")) {
 	    fail_id = FIPS_TEST_SIGNATURE;
 	    fail_key = EVP_PKEY_EC;	
-        } else if (!strcmp(argv[1], "rsa")) {
+        } else if (!strcmp(*args, "rsa")) {
 	    fail_id = FIPS_TEST_SIGNATURE;
 	    fail_key = EVP_PKEY_RSA;	
-        } else if (!strcmp(argv[1], "rsakey")) {
+        } else if (!strcmp(*args, "rsakey")) {
            printf("RSA key generation and signature validation with corrupted key...\n");
 	    bad_rsa = 1;
 	    no_exit = 1;
-        } else if (!strcmp(argv[1], "rsakeygen")) {
+        } else if (!strcmp(*args, "rsakeygen")) {
 	    fail_id = FIPS_TEST_PAIRWISE;
 	    fail_key = EVP_PKEY_RSA;
 	    no_exit = 1;
-        } else if (!strcmp(argv[1], "dsakey")) {
+        } else if (!strcmp(*args, "dsakey")) {
            printf("DSA key generation and signature validation with corrupted key...\n");
 	    bad_dsa = 1;
 	    no_exit = 1;
-        } else if (!strcmp(argv[1], "dsakeygen")) {
+        } else if (!strcmp(*args, "dsakeygen")) {
 	    fail_id = FIPS_TEST_PAIRWISE;
 	    fail_key = EVP_PKEY_DSA;
 	    no_exit = 1;
-        } else if (!strcmp(argv[1], "sha1")) {
+        } else if (!strcmp(*args, "sha1")) {
 	    fail_id = FIPS_TEST_DIGEST;
-        } else if (!strcmp(argv[1], "hmac")) {
+        } else if (!strcmp(*args, "hmac")) {
 	    fail_id = FIPS_TEST_HMAC;
-        } else if (!strcmp(argv[1], "cmac")) {
+        } else if (!strcmp(*args, "cmac")) {
 	    fail_id = FIPS_TEST_CMAC;
-	} else if (!strcmp(argv[1], "drbg")) {
+	} else if (!strcmp(*args, "drbg")) {
 	    fail_id = FIPS_TEST_DRBG;
 	} else if (!strcmp(argv[1], "rng")) {
 	    fail_id = FIPS_TEST_X931;
-	} else if (!strcmp(argv[1], "nodh")) {
+	} else if (!strcmp(*args, "nodrbg")) {
 	    no_drbg = 1;
 	    no_exit = 1;
 	} else if (!strcmp(*args, "nodh")) {
 	    no_dh = 1;
 	    no_exit = 1;
-	} else if (!strcmp(argv[1], "post")) {
+	} else if (!strcmp(*args, "post")) {
 	    fail_id = -1;
-	} else if (!strcmp(argv[1], "rngstick")) {
+	} else if (!strcmp(*args, "rngstick")) {
 	    do_rng_stick = 1;
 	    no_exit = 1;
 	    printf("RNG test with stuck continuous test...\n");
-	} else if (!strcmp(argv[1], "drbgentstick")) {
+	} else if (!strcmp(*args, "drbgentstick")) {
 		do_entropy_stick();
-	} else if (!strcmp(argv[1], "drbgstick")) {
+	} else if (!strcmp(*args, "drbgstick")) {
 	    do_drbg_stick = 1;
 	    no_exit = 1;
 	    printf("DRBG test with stuck continuous test...\n");
-	} else if (!strcmp(argv[1], "user")) {
+	} else if (!strcmp(*args, "user")) {
 		pass = FIPS_AUTH_USER_PASS;
-	} else if (!strcmp(argv[1], "officer")) {
+	} else if (!strcmp(*args, "officer")) {
 		pass = FIPS_AUTH_OFFICER_PASS;
-	} else if (!strcmp(argv[1], "badpass")) {
+	} else if (!strcmp(*args, "badpass")) {
 		pass = "bad invalid password";
-	} else if (!strcmp(argv[1], "nopass")) {
+	} else if (!strcmp(*args, "nopass")) {
 		pass = "";
 	} else if (!strcmp(*args, "fullpost")) {
 		fullpost = 1;
 	    	no_exit = 1;
 	} else if (!strcmp(*args, "fullerr")) {
 		fullerr = 1;
 	    	no_exit = 1;
        } else {
-            printf("Bad argument \"%s\"\n", argv[1]);
+            printf("Bad argument \"%s\"\n", *args);
-            exit(1);
+            return 1;
        }
-	if (!no_exit) {
+    args++;
    }
    if ((argc != 1) && !no_exit) {
    		fips_algtest_init_nofips();
        	if (!FIPS_module_mode_set(1, pass)) {
        	    printf("Power-up self test failed\n");
-		    exit(1);
+		    return 1;
 		}
        	printf("Power-up self test successful\n");
-        	exit(0);
+        	return 0;
 	}
    }
    fips_algtest_init_nofips();
@@ -1116,11 +1458,11 @@ int main(int argc,char **argv)
    ERR_clear_error();
    test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass));
    if (!FIPS_module_mode())
-	exit(1);
+	return 1;
    if (do_drbg_stick)
-            FIPS_drbg_stick();
+            FIPS_drbg_stick(1);
    if (do_rng_stick)
-            FIPS_x931_stick();
+            FIPS_x931_stick(1);
    /* AES encryption/decryption
    */
@@ -1216,9 +1558,15 @@ int main(int argc,char **argv)
 					: Fail("failed INCORRECTLY!") );
    printf("12. DRBG generation check...\n");
-    printf("\t%s\n", do_drbg_all() ? "successful as expected"
+    if (no_drbg)
 	printf("\tskipped\n");
    else
    	printf("\t%s\n", do_drbg_all() ? "successful as expected"
 					: Fail("failed INCORRECTLY!") );
    printf("13. Induced test failure check...\n");
    printf("\t%s\n", do_fail_all(fullpost, fullerr) ? "successful as expected"
 					: Fail("failed INCORRECTLY!") );
    printf("\nAll tests completed with %d errors\n", Error);
    return Error ? 1 : 0;
    }
--- a/fips/fips_utl.h
+++ b/fips/fips_utl.h
@@ -47,6 +47,9 @@
 *
 */
 #ifndef FIPS_UTL_H
 #define FIPS_UTL_H
 #define OPENSSL_FIPSAPI
 #include <openssl/fips_rand.h>
@@ -487,3 +490,5 @@ int fips_strcasecmp(const char *str1, const char *str2)
 	return fips_strncasecmp(str1, str2, (size_t)-1);
 	}
 #endif
--- a/fips/fipsalgtest.pl
+++ b/fips/fipsalgtest.pl
@@ -513,29 +513,29 @@ my $mkcmd = "mkdir";
 my $cmpall = 0;
 my %fips_enabled = (
-    dsa         => 1,
+    "dsa"        => 1,
-    dsa2        => 2,
+    "dsa2"       => 2,
    "dsa-pqgver"  => 2,
-    ecdsa       => 2,
+    "ecdsa"      => 2,
-    rsa         => 1,
+    "rsa"        => 1,
    "rsa-pss0"  => 2,
    "rsa-pss62" => 1,
-    sha         => 1,
+    "sha"        => 1,
-    hmac        => 1,
+    "hmac"       => 1,
-    cmac        => 2,
+    "cmac"       => 2,
    "rand-aes"  => 1,
    "rand-des2" => 0,
-    aes         => 1,
+    "aes"        => 1,
    "aes-cfb1"  => 2,
-    des3        => 1,
+    "des3"       => 1,
    "des3-cfb1" => 2,
-    drbg	=> 2,
+    "drbg"	=> 2,
    "aes-ccm"	=> 2,
    "aes-xts"	=> 2,
    "aes-gcm"	=> 2,
-    dh		=> 0,
+    "dh"	=> 0,
-    ecdh	=> 2,
+    "ecdh"	=> 2,
-    v2		=> 1,
+    "v2"	=> 1,
 );
 foreach (@ARGV) {
--- a/fips/fipsld
+++ b/fips/fipsld
@@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# Copyright (c) 2005-2007 The OpenSSL Project.
+# Copyright (c) 2005-2011 The OpenSSL Project.
 #
 # Depending on output file name, the script either embeds fingerprint
 # into libcrypto.so or static application. "Static" refers to static
@@ -127,12 +127,15 @@ lib*|*.dll)	# must be linking a shared lib...
 		"${PREMAIN_C}" \
 		${_WL_PREMAIN} "$@"
-	# generate signature...
+	if [ "x${FIPS_SIG}" != "x" ]; then
-	if [ -z "${FIPS_SIG}" ]; then
+		# embed signature
-		SIG=`"${PREMAIN_DSO}" "${TARGET}"`
+		"${FIPS_SIG}" "${TARGET}"
-	else
+		[ $? -ne 42 ] && exit $?
 		SIG=`"${FIPS_SIG}" -dso "${TARGET}"`
 	fi
 	# generate signature...
 	SIG=`"${PREMAIN_DSO}" "${TARGET}"`
 	/bin/rm -f "${TARGET}"
 	if [ -z "${SIG}" ]; then
 	   echo "unable to collect signature"; exit 1
@@ -172,12 +175,15 @@ lib*|*.dll)	# must be linking a shared lib...
 		"${PREMAIN_C}" \
 		${_WL_PREMAIN} "$@"
-	# generate signature...
+	if [ "x${FIPS_SIG}" != "x" ]; then
-	if [ -z "${FIPS_SIG}" ]; then
+		# embed signature
-		SIG=`"${TARGET}"`
+		"${FIPS_SIG}" "${TARGET}"
-	else
+		[ $? -ne 42 ] && exit $?
 		SIG=`"${FIPS_SIG}" -exe "${TARGET}"`
 	fi
 	# generate signature...
 	SIG=`"${TARGET}"`
 	/bin/rm -f "${TARGET}"
 	if [ -z "${SIG}" ]; then
 	   echo "unable to collect signature"; exit 1
--- a/fips/hmac/fips_hmactest.c
+++ b/fips/hmac/fips_hmactest.c
@@ -85,7 +85,11 @@ static int print_hmac(const EVP_MD *md, FILE *out,
 		unsigned char *Key, int Klen,
 		unsigned char *Msg, int Msglen, int Tlen);
 #ifdef FIPS_ALGVS
 int fips_hmactest_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	FILE *in = NULL, *out = NULL;
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -154,6 +154,8 @@ static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
 	{
 	unsigned char *tout, *p;
 	size_t bl = dctx->entropy_blocklen, rv;
 	if (!dctx->get_entropy)
 		return 0;
 	if (dctx->xflags & DRBG_FLAG_TEST || !bl)
 		return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
 	rv = dctx->get_entropy(dctx, &tout, entropy + bl,
@@ -241,7 +243,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 		goto end;
 		}
-	if (dctx->max_nonce > 0)
+	if (dctx->max_nonce > 0 && dctx->get_nonce)
 		{
 		noncelen = dctx->get_nonce(dctx, &nonce,
 					dctx->strength / 2,
@@ -544,9 +546,9 @@ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
 static int drbg_stick = 0;
-void FIPS_drbg_stick(void)
+void FIPS_drbg_stick(int onoff)
 	{
-	drbg_stick = 1;
+	drbg_stick = onoff;
 	}
 /* Continuous DRBG utility function */
--- a/fips/rand/fips_drbg_selftest.c
+++ b/fips/rand/fips_drbg_selftest.c
@@ -582,7 +582,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		}
 	dctx->iflags &= ~DRBG_FLAG_NOERR;
 	if (!FIPS_drbg_uninstantiate(dctx))
 		{
 		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
@@ -617,28 +616,20 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		goto err;
 		}
-	/* Explicit reseed tests */
+	dctx->iflags &= ~DRBG_FLAG_NOERR;
-
+	if (!FIPS_drbg_uninstantiate(dctx))
 	/* Test explicit reseed with too large additional input */
 	if (!do_drbg_init(dctx, td, &t))
 		goto err;
 	dctx->iflags |= DRBG_FLAG_NOERR;
 	if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
 		{
-		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
+		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
 		goto err;
 		}
 	/* Test explicit reseed with entropy source failure */
 	/* Check prediction resistance request fails if entropy source
 	 * failure.
 	 */
 	t.entlen = 0;
 	dctx->iflags |= DRBG_FLAG_NOERR;
 	if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
 				td->adin, td->adinlen))
 		{
@@ -680,6 +671,13 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 		goto err;
 		}
 	dctx->iflags &= ~DRBG_FLAG_NOERR;
 	if (!FIPS_drbg_uninstantiate(dctx))
 		{
 		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
 		goto err;
 		}
 	/* Explicit reseed tests */
 	/* Test explicit reseed with too large additional input */
@@ -696,11 +694,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 	/* Test explicit reseed with entropy source failure */
 	if (!do_drbg_init(dctx, td, &t))
 		goto err;
 	dctx->iflags |= DRBG_FLAG_NOERR;
 	t.entlen = 0;
 	if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
--- a/fips/rand/fips_drbgvs.c
+++ b/fips/rand/fips_drbgvs.c
@@ -76,7 +76,7 @@ int main(int argc, char **argv)
 #include "fips_utl.h"
-static int parse_md(char *str)
+static int dparse_md(char *str)
 	{
 	switch(atoi(str + 5))
 		{
@@ -115,7 +115,7 @@ static int parse_ec(char *str)
 		curve_nid = NID_secp521r1;
 	else
 		return NID_undef;
-	md_nid = parse_md(md);
+	md_nid = dparse_md(md);
 	if (md_nid == NID_undef)
 		return NID_undef;
 	return (curve_nid << 16) | md_nid;
@@ -170,11 +170,13 @@ static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
 	return t->noncelen;
 	}
-
+#ifdef FIPS_ALGVS
-
+int fips_drbgvs_main(int argc,char **argv)
 #else
 int main(int argc,char **argv)
 #endif
 	{
-	FILE *in, *out;
+	FILE *in = NULL, *out = NULL;
 	DRBG_CTX *dctx = NULL;
 	TEST_ENT t;
 	int r, nid = 0;
@@ -240,7 +242,7 @@ int main(int argc,char **argv)
 			}
 		if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
 			{
-			nid = parse_md(buf);
+			nid = dparse_md(buf);
 			if (nid == NID_undef)
 				exit(1);
 			if (drbg_type == DRBG_HMAC)
@@ -404,6 +406,10 @@ int main(int argc,char **argv)
 			}
 		}
 	if (in && in != stdin)
 		fclose(in);
 	if (out && out != stdout)
 		fclose(out);
 	return 0;
 	}
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@@ -114,9 +114,9 @@ static FIPS_PRNG_CTX sctx;
 static int fips_prng_fail = 0;
-void FIPS_x931_stick(void)
+void FIPS_x931_stick(int onoff)
 	{
-	fips_prng_fail = 1;
+	fips_prng_fail = onoff;
 	}
 static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
--- a/fips/rand/fips_rand_selftest.c
+++ b/fips/rand/fips_rand_selftest.c
@@ -129,15 +129,16 @@ static AES_PRNG_TV aes_256_tv =
 static int do_x931_test(unsigned char *key, int keylen,
 			AES_PRNG_TV *tv)
 	{
-	unsigned char R[16];
+	unsigned char R[16], V[16];
 	int rv = 1;
 	memcpy(V, tv->V, sizeof(V));
 	if (!FIPS_x931_set_key(key, keylen))
 		return 0;
 	if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
 		return 1;
 	if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
-		tv->V[0]++;
+		V[0]++;
-	FIPS_x931_seed(tv->V, 16);
+	FIPS_x931_seed(V, 16);
 	FIPS_x931_set_dt(tv->DT);
 	FIPS_x931_bytes(R, 16);
 	if (memcmp(R, tv->R, 16))
--- a/fips/rand/fips_rngvs.c
+++ b/fips/rand/fips_rngvs.c
@@ -198,7 +198,11 @@ static void mct(FILE *in, FILE *out)
 	}
    }
-int main(int argc,char **argv)
+#ifdef FIPS_ALGVS
 int fips_rngvs_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
    {
    FILE *in, *out;
    if (argc == 4)
--- a/fips/rsa/fips_rsa_sign.c
+++ b/fips/rsa/fips_rsa_sign.c
@@ -442,4 +442,33 @@ err:
 	return(ret);
 	}
 int FIPS_rsa_sign(RSA *rsa, const unsigned char *msg, int msglen,
 			const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
 			const EVP_MD *mgf1Hash,
 			unsigned char *sigret, unsigned int *siglen)
 	{
 	unsigned int md_len, rv;
 	unsigned char md[EVP_MAX_MD_SIZE];
        FIPS_digest(msg, msglen, md, &md_len, mhash);
 	rv = FIPS_rsa_sign_digest(rsa, md, md_len, mhash, rsa_pad_mode,
 					saltlen, mgf1Hash, sigret, siglen);
 	OPENSSL_cleanse(md, md_len);
 	return rv;
 	}
 int FIPS_rsa_verify(RSA *rsa, const unsigned char *msg, int msglen,
 			const EVP_MD *mhash, int rsa_pad_mode, int saltlen,
 			const EVP_MD *mgf1Hash,
 			const unsigned char *sigbuf, unsigned int siglen)
 	{
 	unsigned int md_len, rv;
 	unsigned char md[EVP_MAX_MD_SIZE];
        FIPS_digest(msg, msglen, md, &md_len, mhash);
 	rv = FIPS_rsa_verify_digest(rsa, md, md_len, mhash, rsa_pad_mode,
 					saltlen, mgf1Hash, sigbuf, siglen);
 	OPENSSL_cleanse(md, md_len);
 	return rv;
 	}
 #endif
--- a/fips/rsa/fips_rsagtest.c
+++ b/fips/rsa/fips_rsagtest.c
@@ -88,7 +88,11 @@ static int rsa_printkey1(FILE *out, RSA *rsa,
 static int rsa_printkey2(FILE *out, RSA *rsa,
 		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
 #ifdef FIPS_ALGVS
 int fips_rsagtest_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	FILE *in = NULL, *out = NULL;
--- a/fips/rsa/fips_rsastest.c
+++ b/fips/rsa/fips_rsastest.c
@@ -85,7 +85,11 @@ static int rsa_stest(FILE *out, FILE *in, int Saltlen);
 static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
 		unsigned char *Msg, long Msglen, int Saltlen);
 #ifdef FIPS_ALGVS
 int fips_rsastest_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	FILE *in = NULL, *out = NULL;
@@ -321,15 +325,12 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
 	unsigned char *sigbuf = NULL;
 	int i, siglen, pad_mode;
 	/* EVP_PKEY structure */
 	EVP_MD_CTX ctx;
 	siglen = RSA_size(rsa);
 	sigbuf = OPENSSL_malloc(siglen);
 	if (!sigbuf)
 		goto error;
 	FIPS_md_ctx_init(&ctx);
 	if (Saltlen >= 0)
 		pad_mode = RSA_PKCS1_PSS_PADDING;
 	else if (Saltlen == -2)
@@ -337,16 +338,10 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
 	else
 		pad_mode = RSA_PKCS1_PADDING;
-	if (!FIPS_digestinit(&ctx, dgst))
+	if (!FIPS_rsa_sign(rsa, Msg, Msglen, dgst, pad_mode, Saltlen, NULL,
 		goto error;
 	if (!FIPS_digestupdate(&ctx, Msg, Msglen))
 		goto error;
 	if (!FIPS_rsa_sign_ctx(rsa, &ctx, pad_mode, Saltlen, NULL,
 				sigbuf, (unsigned int *)&siglen))
 		goto error;
 	FIPS_md_ctx_cleanup(&ctx);
 	fputs("S = ", out);
 	for (i = 0; i < siglen; i++)
@@ -358,6 +353,9 @@ static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
 	error:
 	if (sigbuf)
 		OPENSSL_free(sigbuf);
 	return ret;
 	}
 #endif
--- a/fips/rsa/fips_rsavtest.c
+++ b/fips/rsa/fips_rsavtest.c
@@ -82,14 +82,18 @@ int main(int argc, char *argv[])
 #include "fips_utl.h"
-int rsa_test(FILE *out, FILE *in, int saltlen);
+int rsa_vtest(FILE *out, FILE *in, int saltlen);
 static int rsa_printver(FILE *out,
 		BIGNUM *n, BIGNUM *e,
 		const EVP_MD *dgst,
 		unsigned char *Msg, long Msglen,
 		unsigned char *S, long Slen, int Saltlen);
 #ifdef FIPS_ALGVS
 int fips_rsavtest_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	FILE *in = NULL, *out = NULL;
@@ -138,7 +142,7 @@ int main(int argc, char **argv)
 		goto end;
 		}
-	if (!rsa_test(out, in, Saltlen))
+	if (!rsa_vtest(out, in, Saltlen))
 		{
 		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
 		goto end;
@@ -159,7 +163,7 @@ int main(int argc, char **argv)
 #define RSA_TEST_MAXLINELEN	10240
-int rsa_test(FILE *out, FILE *in, int Saltlen)
+int rsa_vtest(FILE *out, FILE *in, int Saltlen)
 	{
 	char *linebuf, *olinebuf, *p, *q;
 	char *keyword, *value;
@@ -319,7 +323,6 @@ static int rsa_printver(FILE *out,
 	int ret = 0, r, pad_mode;
 	/* Setup RSA and EVP_PKEY structures */
 	RSA *rsa_pubkey = NULL;
 	EVP_MD_CTX ctx;
 	unsigned char *buf = NULL;
 	rsa_pubkey = FIPS_rsa_new();
 	if (!rsa_pubkey)
@@ -329,8 +332,6 @@ static int rsa_printver(FILE *out,
 	if (!rsa_pubkey->n || !rsa_pubkey->e)
 		goto error;
 	FIPS_md_ctx_init(&ctx);
 	if (Saltlen >= 0)
 		pad_mode = RSA_PKCS1_PSS_PADDING;
 	else if (Saltlen == -2)
@@ -338,19 +339,11 @@ static int rsa_printver(FILE *out,
 	else
 		pad_mode = RSA_PKCS1_PADDING;
 	if (!FIPS_digestinit(&ctx, dgst))
 		goto error;
 	if (!FIPS_digestupdate(&ctx, Msg, Msglen))
 		goto error;
 	no_err = 1;
-	r = FIPS_rsa_verify_ctx(rsa_pubkey, &ctx,
+	r = FIPS_rsa_verify(rsa_pubkey, Msg, Msglen, dgst,
 				pad_mode, Saltlen, NULL, S, Slen);
 	no_err = 0;
 	FIPS_md_ctx_cleanup(&ctx);
 	if (r < 0)
 		goto error;
--- a/fips/sha/fips_shatest.c
+++ b/fips/sha/fips_shatest.c
@@ -86,7 +86,11 @@ static int print_dgst(const EVP_MD *md, FILE *out,
 static int print_monte(const EVP_MD *md, FILE *out,
 		unsigned char *Seed, int SeedLen);
 #ifdef FIPS_ALGVS
 int fips_shatest_main(int argc, char **argv)
 #else
 int main(int argc, char **argv)
 #endif
 	{
 	FILE *in = NULL, *out = NULL;
--- a/test/Makefile
+++ b/test/Makefile
@@ -81,6 +81,7 @@ FIPS_ECDHVS=	fips_ecdhvs
 FIPS_ECDSAVS=	fips_ecdsavs
 FIPS_TEST_SUITE=fips_test_suite
 FIPS_CMACTEST=	fips_cmactest
 FIPS_ALGVS=	fips_algvs
 TESTS=		alltests
@@ -119,7 +120,7 @@ OBJ=	$(BNTEST).o $(ECTEST).o  $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
 	$(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_GCMTEST).o \
 	$(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_DRBGVS).o \
 	$(FIPS_TEST_SUITE).o $(FIPS_DHVS).o $(FIPS_ECDSAVS).o \
-	$(FIPS_ECDHVS).o $(FIPS_CMACTEST).o \
+	$(FIPS_ECDHVS).o $(FIPS_CMACTEST).o $(FIPS_ALGVS).o \
 	$(EVPTEST).o $(IGETEST).o $(JPAKETEST).o
 SRC=	$(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
 	$(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
@@ -133,7 +134,7 @@ SRC=	$(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
 	$(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_GCMTEST).c \
 	$(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_DRBGVS).c \
 	$(FIPS_TEST_SUITE).c $(FIPS_DHVS).c $(FIPS_ECDSAVS).c \
-	$(FIPS_ECDHVS).c $(FIPS_CMACTEST).c \
+	$(FIPS_ECDHVS).c $(FIPS_CMACTEST).c $(FIPS_ALGVS).c \
 	$(EVPTEST).c $(IGETEST).c $(JPAKETEST).c
 EXHEADER= 
@@ -150,6 +151,8 @@ exe:	$(EXE) $(FIPSEXE) dummytest$(EXE_EXT)
 fipsexe:	$(FIPSEXE)
 fipsalgvs:	$(FIPS_ALGVS)
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -504,6 +507,9 @@ $(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO)
 $(FIPS_CMACTEST)$(EXE_EXT): $(FIPS_CMACTEST).o $(DLIBCRYPTO)
 	@target=$(FIPS_CMACTEST); $(FIPS_BUILD_CMD)
 $(FIPS_ALGVS)$(EXE_EXT): $(FIPS_ALGVS).o $(DLIBCRYPTO)
 	@target=$(FIPS_ALGVS); $(FIPS_BUILD_CMD)
 $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
 	@target=$(RMDTEST); $(BUILD_CMD)
--- a/test/fips_algvs.c
+++ b/test/fips_algvs.c
@@ -0,0 +1,330 @@
 /* test/fips_algvs.c */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2011
 */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_FIPS
 #include <stdio.h>
 int main(int argc, char **argv)
 {
    printf("No FIPS ALGVS support\n");
    return 0;
 }
 #else
 #define FIPS_ALGVS
 extern int fips_aesavs_main(int argc, char **argv);
 extern int fips_cmactest_main(int argc, char **argv);
 extern int fips_desmovs_main(int argc, char **argv);
 extern int fips_dhvs_main(int argc, char **argv);
 extern int fips_drbgvs_main(int argc,char **argv);
 extern int fips_dssvs_main(int argc, char **argv);
 extern int fips_ecdhvs_main(int argc, char **argv);
 extern int fips_ecdsavs_main(int argc, char **argv);
 extern int fips_gcmtest_main(int argc, char **argv);
 extern int fips_hmactest_main(int argc, char **argv);
 extern int fips_rngvs_main(int argc, char **argv);
 extern int fips_rsagtest_main(int argc, char **argv);
 extern int fips_rsastest_main(int argc, char **argv);
 extern int fips_rsavtest_main(int argc, char **argv);
 extern int fips_shatest_main(int argc, char **argv);
 extern int fips_test_suite_main(int argc, char **argv);
 #include "fips_aesavs.c"
 #include "fips_cmactest.c"
 #include "fips_desmovs.c"
 #include "fips_dhvs.c"
 #include "fips_drbgvs.c"
 #include "fips_dssvs.c"
 #include "fips_ecdhvs.c"
 #include "fips_ecdsavs.c"
 #include "fips_gcmtest.c"
 #include "fips_hmactest.c"
 #include "fips_rngvs.c"
 #include "fips_rsagtest.c"
 #include "fips_rsastest.c"
 #include "fips_rsavtest.c"
 #include "fips_shatest.c"
 #include "fips_test_suite.c"
 typedef struct
 	{
 	const char *name;
 	int (*func)(int argc, char **argv);
 	} ALGVS_FUNCTION;
 static ALGVS_FUNCTION algvs[] = {
 	{"fips_aesavs", fips_aesavs_main}, 
 	{"fips_cmactest", fips_cmactest_main}, 
 	{"fips_desmovs", fips_desmovs_main}, 
 	{"fips_dhvs", fips_dhvs_main}, 
 	{"fips_drbgvs", fips_drbgvs_main}, 
 	{"fips_dssvs", fips_dssvs_main}, 
 	{"fips_ecdhvs", fips_ecdhvs_main}, 
 	{"fips_ecdsavs", fips_ecdsavs_main}, 
 	{"fips_gcmtest", fips_gcmtest_main}, 
 	{"fips_hmactest", fips_hmactest_main}, 
 	{"fips_rngvs", fips_rngvs_main}, 
 	{"fips_rsagtest", fips_rsagtest_main}, 
 	{"fips_rsastest", fips_rsastest_main}, 
 	{"fips_rsavtest", fips_rsavtest_main}, 
 	{"fips_shatest", fips_shatest_main}, 
 	{"fips_test_suite", fips_test_suite_main}, 
 	{NULL, 0}
 	};
 /* Argument parsing taken from apps/apps.c */
 typedef struct args_st
 	{
 	char **data;
 	int count;
 	} ARGS;
 static int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,i;
 	char *p;
 	*argc=0;
 	*argv=NULL;
 	i=0;
 	if (arg->count == 0)
 		{
 		arg->count=20;
 		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
 	num=0;
 	p=buf;
 	for (;;)
 		{
 		/* first scan over white space */
 		if (!*p) break;
 		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
 			p++;
 		if (!*p) break;
 		/* The start of something good :-) */
 		if (num >= arg->count)
 			{
 			fprintf(stderr, "Too many arguments!!\n");
 			return 0;
 			}
 		arg->data[num++]=p;
 		/* now look for the end of this */
 		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
 			{
 			i= *(p++);
 			arg->data[num-1]++; /* jump over quote */
 			while (*p && (*p != i))
 				p++;
 			*p='\0';
 			}
 		else
 			{
 			while (*p && ((*p != ' ') &&
 				(*p != '\t') && (*p != '\n')))
 				p++;
 			if (*p == '\0')
 				p--;
 			else
 				*p='\0';
 			}
 		p++;
 		}
 	*argc=num;
 	*argv=arg->data;
 	return(1);
 	}
 static int run_prg(int argc, char **argv)
 	{
 	ALGVS_FUNCTION *t;
 	const char *prg_name;
 	prg_name = strrchr(argv[0], '/');
 	if (prg_name)
 		prg_name++;
 	else
 		prg_name = argv[0];
 	for (t = algvs; t->name; t++)
 		{
 		if (!strcmp(prg_name, t->name))
 			return t->func(argc, argv);
 		}
 	return -100;
 	}
 int main(int argc, char **argv)
 	{
 	char buf[1024];
 	char **args = argv + 1;
 	const char *sname = "fipstests.sh";
 	ARGS arg;
 	int xargc;
 	char **xargv;
 	int lineno = 0, badarg = 0;
 	int nerr = 0, quiet = 0, verbose = 0;
 	int rv;
 	FILE *in = NULL;
 #ifdef FIPS_ALGVS_MEMCHECK
 	CRYPTO_malloc_debug_init();
 	OPENSSL_init();
 	CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 #endif
 	if (*args && *args[0] != '-')
 		{
 		rv = run_prg(argc - 1, args);
 #ifdef FIPS_ALGVS_MEMCHECK
 		CRYPTO_mem_leaks_fp(stderr);
 #endif
 		return rv;
 		}
 	while (!badarg && *args && *args[0] == '-')
 		{
 		if (!strcmp(*args, "-script"))
 			{
 			if (args[1])
 				{
 				args++;
 				sname = *args;
 				}
 			else
 				badarg = 1;
 			}
 		else if (!strcmp(*args, "-quiet"))
 			quiet = 1;
 		else if (!strcmp(*args, "-verbose"))
 			verbose = 1;
 		else
 			badarg = 1;
 		args++;
 		}
 	if (badarg)
 		{
 		fprintf(stderr, "Error processing arguments\n");
 		return 1;
 		}
 	in = fopen(sname, "r");
 	if (!in)
 		{
 		fprintf(stderr, "Error opening script file \"%s\"\n", sname);
 		return 1;
 		}
 	arg.data = NULL;
 	arg.count = 0;
 	while (fgets(buf, sizeof(buf), in))
 		{
 		lineno++;
 		if (!chopup_args(&arg, buf, &xargc, &xargv))
 			fprintf(stderr, "Error processing line %d\n", lineno);
 		else
 			{
 			if (!quiet)
 				{
 				int i;
 				int narg = verbose ? xargc : xargc - 2;
 				printf("Running command line:");
 				for (i = 0; i < narg; i++)
 					printf(" %s", xargv[i]);
 				printf("\n");
 				}
 			rv = run_prg(xargc, xargv);
 			if (FIPS_module_mode())
 				FIPS_module_mode_set(0, NULL);
 			if (rv != 0)
 				nerr++;
 			if (rv == -100)
 				fprintf(stderr, "ERROR: Command not found\n");
 			else if (rv != 0)
 				fprintf(stderr, "ERROR: returned %d\n", rv);
 			else if (verbose)
 				printf("\tCommand run successfully\n");
 			}
 		}
 	if (!quiet)
 		printf("Completed with %d errors\n", nerr);
 	if (arg.data)
 		OPENSSL_free(arg.data);
 	fclose(in);
 #ifdef FIPS_ALGVS_MEMCHECK
 	CRYPTO_mem_leaks_fp(stderr);
 #endif
 	if (nerr == 0)
 		return 0;
 	return 1;
 	}
 #endif
--- a/util/fipsas.pl
+++ b/util/fipsas.pl
@@ -8,6 +8,9 @@ my @ARGS = @ARGV;
 my $top = shift @ARGS;
 my $target = shift @ARGS;
 my $tmptarg = $target;
 $tmptarg =~ s/\.[^\\\/\.]+$/.tmp/;
 my $runasm = 1;
@@ -48,11 +51,22 @@ while (<IN>)
 my ($from, $to);
 #delete any temp file lying around
 unlink $tmptarg;
 #rename target temporarily
-rename($target, "tmptarg.s") || die "Can't rename $target";
+my $rencnt = 0;
 # On windows the previous file doesn't always close straight away
 # so retry the rename operation a few times if it fails.
 while (!rename($target, $tmptarg))
        {
        sleep 2;
        die "Can't rename $target" if ($rencnt++ > 10);
        }
 #edit target
-open(IN,"tmptarg.s") || die "Can't open temporary file";
+open(IN,$tmptarg) || die "Can't open temporary file";
 open(OUT, ">$target") || die "Can't open output file $target";
 while (<IN>)
@@ -75,16 +89,12 @@ if ($runasm)
 	# restore target
 	unlink $target;
-	rename "tmptarg.s", $target;
+	rename $tmptarg, $target;
 	die "Error executing assembler!" if $rv != 0;
 	}
 else
 	{
 	# Don't care about target
-	unlink "tmptarg.s";
+	unlink $tmptarg;
 	}
--- a/util/fipsdist.pl
+++ b/util/fipsdist.pl
@@ -76,7 +76,7 @@ while (<STDIN>)
 		}
 	if (/^test\//)
 		{
-		next unless /Makefile/ || /dummytest.c/;
+		next unless /Makefile/ || /dummytest.c/ || /fips_algvs.c/ ;
 		}
 	print "$_\n";
 	}
--- a/util/fipslink.pl
+++ b/util/fipslink.pl
@@ -57,7 +57,6 @@ print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fi
 system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
 die "Second stage Compile failure" if $? != 0;
 print "$fips_link @ARGV\n";
 system "$fips_link @ARGV";
 die "Second stage Link failure" if $? != 0;
--- a/util/incore
+++ b/util/incore
@@ -34,6 +34,7 @@
 	@e_ident{magic,class,data,version,osabi,abiver,pad}=
 		unpack("a4C*",$elf);
 	$!=42;		# signal fipsld to revert to two-step link
 	die "not ELF file" if ($e_ident{magic} ne chr(0177)."ELF");
 	my $elf_bits   = $e_ident{class}*32;	# 32 or 64
@@ -377,7 +378,7 @@ $FIPS_text_endX		= $exe->Lookup("FIPS_text_endX");
 if (!$legacy_mode) {
    if (!$FIPS_text_startX || !$FIPS_text_endX) {
 	print STDERR "@ARGV[$#ARGV] is not cross-compiler aware.\n";
-	exit(1);
+	exit(42);	# signal fipsld to revert to two-step link
    }
    $FINGERPRINT_ascii_value
--- a/util/mklink.pl
+++ b/util/mklink.pl
@@ -52,6 +52,7 @@ my $to = join('/', @to_path);
 my $file;
 $symlink_exists=eval {symlink("",""); 1};
 if ($^O eq "msys") { $symlink_exists=0 };
 if ($^O eq "MSWin32") { $symlink_exists=0 };
 foreach $file (@files) {
    my $err = "";
    if ($symlink_exists) {
--- a/util/point.sh
+++ b/util/point.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 rm -f "$2"
-if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then
+if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw || test "x$OS" = xWindows_NT ; then
    cp "$1" "$2"
 else
    ln -s "$1" "$2"
Author	SHA1	Message	Date
Dr. Stephen Henson	1de6a62222	revert fipslink.pl unlink retry change	2012-01-18 15:07:11 +00:00
Dr. Stephen Henson	ac381944ac	give a hand old assemblers assembling loop instruction. (original by Andy)	2012-01-18 14:54:20 +00:00
Dr. Stephen Henson	24fadf2a20	typo	2012-01-03 19:43:06 +00:00
Dr. Stephen Henson	409abd2fec	Prepare RC8	2012-01-03 14:23:54 +00:00
Dr. Stephen Henson	421de62232	unlink target and retry to avoid intermittent Win32 failures	2012-01-03 14:22:45 +00:00
Dr. Stephen Henson	c567812fa6	set version to rc8-dev	2011-12-12 14:02:57 +00:00
Dr. Stephen Henson	49dbcbaa4b	Prepare for RC7.	2011-12-12 13:44:05 +00:00
Dr. Stephen Henson	df0884ffb7	Retry rename operation with a slight delay to workaround problems on some versions of Windows.	2011-12-10 18:06:55 +00:00
Dr. Stephen Henson	0e480d5553	use different names for asm temp files to avoid problems on some platforms	2011-12-10 13:29:23 +00:00
Dr. Stephen Henson	7c0d30038f	Close file streams in FIPS algorithm test utilities.	2011-12-08 15:14:38 +00:00
Dr. Stephen Henson	81fc8cd029	prepare for RC6	2011-12-04 21:29:08 +00:00
Dr. Stephen Henson	1d235039d6	For FIPS builds we don't use the normal test files (and in the restricted tarball some don't exist) so set TEST='' to avoid linking to them. This also avoids problems on platforms that copy instead of symlink.	2011-12-04 15:26:26 +00:00
Dr. Stephen Henson	58886fdefc	use BUILD_ONE_CMD for fips specific links otherwise we effectively do 'make links' twice	2011-12-04 15:14:13 +00:00
Dr. Stephen Henson	61c3085d47	Workaround for VxWorks	2011-12-04 15:11:44 +00:00
Dr. Stephen Henson	32b56fe4d2	avoid use of symlinks on Windows: it causes problems on some build environments	2011-12-04 15:04:20 +00:00
Dr. Stephen Henson	efd031abca	Fix x86cpuid so it doesn't fail for some (currently theoretical) virtual machines.	2011-12-03 21:47:48 +00:00
Dr. Stephen Henson	dd4eefdb7b	Change EVP_MAXCHUNK so it doesn't wraparound to 0 on some platforms (IP32L64).	2011-12-03 21:44:01 +00:00
Dr. Stephen Henson	fcd3e8e97b	Prepare for RC6.	2011-12-03 19:51:52 +00:00
Dr. Stephen Henson	476e7e4972	Add tests to ensure ECDSA key gen and DSA signing fails if DRBG entropy source fails.	2011-12-03 19:41:28 +00:00
Dr. Stephen Henson	5e900f3cef	functions aren't unused: revert	2011-12-03 19:19:34 +00:00
Dr. Stephen Henson	75b250a4ed	remove unused functions from module	2011-12-03 18:27:31 +00:00
Dr. Stephen Henson	44cb365eaf	bn/asm/mips.pl: fix typos [from HEAD], original by Andy	2011-12-03 18:26:26 +00:00
Dr. Stephen Henson	9bd2dde42f	prepare for rc5	2011-11-25 16:27:19 +00:00
Dr. Stephen Henson	31bf5f13e0	return error if counter exceeds limit and seed value supplied	2011-11-25 16:03:27 +00:00
Dr. Stephen Henson	7dcdc0d94d	check counter value against 4 * L, not 4096	2011-11-25 15:00:20 +00:00
Dr. Stephen Henson	6ecd287acc	bump version for rc5-dev: hopefully will never be needed...	2011-11-21 00:05:15 +00:00
Dr. Stephen Henson	0e508c12e0	prepare for rc4	2011-11-19 17:04:28 +00:00
Dr. Stephen Henson	f6385248f6	Add flag to support cofactor ECDH	2011-11-19 17:03:44 +00:00
Dr. Stephen Henson	52876c3100	bump version to rc4-dev	2011-11-18 21:59:36 +00:00
Dr. Stephen Henson	c08128acc2	prepare for RC3	2011-11-18 18:50:57 +00:00
Dr. Stephen Henson	901b9b5c36	In EC_KEY_set_public_key_affine_coordinates include explicit check to see passed components do not exceed field order	2011-11-16 13:28:11 +00:00
Dr. Stephen Henson	9eca2399f1	portability fix for some perl versions	2011-11-11 19:01:11 +00:00
Dr. Stephen Henson	3b4fb53221	fclose streams in fips_drbvs.c Produced error message for unsupported curves in fips_ecdhvs.c	2011-11-09 14:23:17 +00:00
Dr. Stephen Henson	7437036cdf	Prepare for RC3 (which may never happen).	2011-11-08 19:08:40 +00:00
Andy Polyakov	ffa76736fa	Platform update from HEAD.	2011-11-08 14:44:55 +00:00
Dr. Stephen Henson	cbed6cfcaa	add fips_algvs.c to restricted tarball	2011-11-07 13:54:30 +00:00
Dr. Stephen Henson	be6dc7e56b	Prepare for RC2	2011-11-07 13:18:12 +00:00
Dr. Stephen Henson	bb25a72881	MacOS and iOS support	2011-11-07 13:16:55 +00:00
Andy Polyakov	1562ce17cb	fipsld, incore: switch to new cross-compile support [from HEAD].	2011-11-07 00:22:59 +00:00
Andy Polyakov	68b2f55b90	e_aes.c: fold aesni_xts_cipher and [most importantly] fix aes_xts_cipher's return value after custom flag was rightly reverted [from HEAD].	2011-11-06 19:49:58 +00:00
Dr. Stephen Henson	79f2c9d1cd	check for unset entropy and nonce callbacks	2011-11-06 13:08:54 +00:00
Dr. Stephen Henson	8a794abd9d	Update fips_test_suite to take multiple command line options and an induced error checking function.	2011-11-06 12:52:27 +00:00
Dr. Stephen Henson	03eae35352	typo	2011-11-05 18:25:16 +00:00
Dr. Stephen Henson	df64f34e84	make post failure simulation reversible in all cases	2011-11-05 18:15:01 +00:00
Dr. Stephen Henson	21a5cb2696	typo: use key for POST callback	2011-11-05 18:11:16 +00:00
Dr. Stephen Henson	01fc2c1598	fix set but unused warnings	2011-11-05 18:04:50 +00:00
Andy Polyakov	04c8062636	armv4cpuid.S, armv4-gf2m.pl: make newest code compilable by older assembler [from HEAD].	2011-11-05 13:57:02 +00:00
Andy Polyakov	6fcc2bbce8	x86cpuid.pl: don't punish "last-year" OSes on "this-year" CPUs [from HEAD]. PR: 2633	2011-11-05 13:56:10 +00:00
Andy Polyakov	f2b0cf9178	ppc.pl: fix bug in bn_mul_comba4 [from HEAD]. PR: 2636 Submitted by: Charles Bryant	2011-11-05 13:55:20 +00:00
Dr. Stephen Henson	485ef852ac	Add single call public key sign and verify functions.	2011-11-05 01:32:52 +00:00
Dr. Stephen Henson	b7de76b74d	Add support for memory leak checking in fips_algvs. Fix many memory leaks in algorithm test utilities.	2011-11-02 19:16:43 +00:00
Dr. Stephen Henson	8ab0d50c43	Remove duplicate test from health check. Fix memory leaks by uninstantiating DRBG before reinitialising it.	2011-11-02 16:35:24 +00:00
Dr. Stephen Henson	cb47a7107f	Print out an error for "make test" in FIPS builds.	2011-11-02 00:43:45 +00:00
Dr. Stephen Henson	d5939062d7	Replace exit calls with return in fips_test_suite	2011-11-02 00:07:15 +00:00
Dr. Stephen Henson	8b8096d082	Add support for multicall fips_algvs utility combining functionality of all fips test utilities in a single binary and some minimal script parsing for platforms lacking a suitable shell. In order to keep changes to the build system to a minimum it #includes all the utilities C source files (yuck).	2011-11-01 13:45:30 +00:00
`@@ -1 +1 @@`
	`HMAC-SHA1(fips_premain.c)= a401afd9c2b57f0f11d2b34b6d0c9815b1fe6a66`	`HMAC-SHA1(fips_premain.c)= 1eaf66f76187877ff403708a2948d240f92736a0`