This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_7m'.

2007-02-23 12:49:10 +00:00
40 changed files with 174 additions and 1485 deletions
--- a/17
+++ b/17
@@ -2,23 +2,6 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7m and 0.9.7n  [xx XXX xxxx]
-
-  *) In the SSL/TLS server implementation, be strict about session ID
-     context matching (which matters if an application uses a single
-     external cache for different purposes).  Previously,
-     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
-     set.  This did ensure strict client verification, but meant that,
-     with applications using a single external cache for quite
-     different requirements, clients could circumvent ciphersuite
-     restrictions for a given session ID context by starting a session
-     in a different context.
-     [Bodo Moeller]
-
-  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
-     not complete and could lead to a possible single byte overflow
-     (CVE-2007-5135) [Ben Laurie]
-
 Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]

  *) Cleanse PEM buffers before freeing them since they may contain 
--- a/25
+++ b/25
@@ -186,17 +186,17 @@ my %table=(
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+# -m32 should be safe to add as long as driver recognizes -march=ultrasparc
+"solaris-sparcv9-gcc","gcc:-m32 -march=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-march=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# gcc pre-2.8 doesn't understand -march=ultrasparc, so fall down to -mv8
 # but keep the assembler modules.
 "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -march=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 ####
 "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -march=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
 # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
@@ -217,11 +217,11 @@ my %table=(
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
 "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# it's a real mess with -march=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-march=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux64-sparcv9","gcc:-m64 -march=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
@@ -373,7 +373,7 @@ my %table=(
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
 #   ought to run './Configure linux-alpha+bwx-gcc' manually, do
-#   complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
+#   complement the command line with -march=ev56, -march=ev6 or whatever
 #   which is appropriate.
 # - If you use ccc keep in mind that -fast implies -arch host and the
 #   compiler is free to issue instructions which gonna make elder CPU
@@ -404,7 +404,8 @@ my %table=(
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc32.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",  "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc64.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -bpowerpc64-linux is transient option, -m64 should be the one to use...
+"linux-ppc64",  "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc64.o:::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -414,7 +415,7 @@ my %table=(
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
--- a/4
+++ b/4
@@ -140,7 +140,7 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     via http://www.openssl.org/support/rt.html and will be forwarded to a
+     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
@@ -162,7 +162,7 @@
     in Makefile and run "make clean; make". Please send a bug
     report to <openssl-bugs@openssl.org>, including the output of
     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/support/rt.html.
+     http://www.openssl.org/support/rt2.html.

  4. If everything tests ok, install OpenSSL with

--- a/17
+++ b/17
@@ -1,5 +1,5 @@

- OpenSSL 0.9.7n-dev xx XXX xxxx
+ OpenSSL 0.9.7m 23 Feb 2007

 Copyright (c) 1998-2007 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -36,13 +36,12 @@
     actually logically part of it. It includes routines for the following:

     Ciphers
-        libdes - EAY's libdes DES encryption package which was floating
-                 around the net for a few years, and was then relicensed by
-                 him as part of SSLeay.  It includes 15 'modes/variations'
-                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
-                 pcbc and a more general form of cfb and ofb) including desx
-                 in cbc mode, a fast crypt(3), and routines to read
-                 passwords from the keyboard.
+        libdes - EAY's libdes DES encryption package which has been floating
+                 around the net for a few years.  It includes 15
+                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
+                 ofb) including desx in cbc mode, a fast crypt(3), and
+                 routines to read passwords from the keyboard.
        RC4 encryption,
        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
@@ -157,7 +156,7 @@
    - Stack Traceback (if the application dumps core)

 Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt.html) by mail to:
+ (http://www.openssl.org/support/rt2.html) by mail to:

    openssl-bugs@openssl.org

--- a/4
+++ b/4
@@ -1,6 +1,6 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2008/04/07 06:34:10 $
+  ______________                           $Date: 2007/02/23 12:07:19 $

  DEVELOPMENT STATE

@@ -47,7 +47,7 @@
    o  OpenSSL 0.9.2b: Released on March     22th, 1999
    o  OpenSSL 0.9.1c: Released on December  23th, 1998

-  [See also http://www.openssl.org/support/rt.html]
+  [See also http://www.openssl.org/support/rt2.html]

  RELEASE SHOWSTOPPERS

--- a/16
+++ b/16
@@ -1952,7 +1952,7 @@ $arflags      =

 *** debug-solaris-sparcv9-gcc
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -march=ultrasparc -Wall -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -3302,7 +3302,7 @@ $arflags      =

 *** linux-ppc64
 $cc           = gcc
-$cflags       = -m64 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -3320,7 +3320,7 @@ $rc5_obj      =
 $dso_scheme   = dlfcn
 $shared_target= linux-shared
 $shared_cflag = -fPIC
-$shared_ldflag = -m64
+$shared_ldflag = -bpowerpc64-linux
 $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
@@ -3452,7 +3452,7 @@ $arflags      =

 *** linux-sparcv9
 $cc           = gcc
-$cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
+$cflags       = -march=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@@ -3502,7 +3502,7 @@ $arflags      =

 *** linux64-sparcv9
 $cc           = gcc
-$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -m64 -march=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@@ -3977,7 +3977,7 @@ $arflags      =

 *** solaris-sparcv9-gcc
 $cc           = gcc
-$cflags       = -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$cflags       = -m32 -march=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@@ -4102,7 +4102,7 @@ $arflags      =

 *** solaris64-sparcv9-gcc
 $cc           = gcc
-$cflags       = -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN
+$cflags       = -m64 -march=ultrasparc -O3 -Wall -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@@ -4127,7 +4127,7 @@ $arflags      =

 *** solaris64-sparcv9-gcc31
 $cc           = gcc
-$cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$cflags       = -march=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -103,7 +103,7 @@ install:
 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
 	 mv -f  $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new \
 	 	$(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-	); done
+	) done;
 	@for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -8,9 +8,6 @@
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd

-# Uncomment out to enable OpenSSL configuration see config(3)
-# openssl_conf = openssl_init
-
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids
@@ -22,11 +19,6 @@ oid_section		= new_oids
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)

-[openssl_init]
-# Extra OBJECT IDENTIFIER info:
-oid_section = new_oids
-alg_section = algs
-
 [ new_oids ]

 # We can add new OIDs in here for use by 'ca' and 'req'.
@@ -34,9 +26,6 @@ alg_section = algs
 # testoid1=1.2.3.4
 # Or use config file substitution like this:
 # testoid2=${testoid1}.5.6
-[ algs ]
-# Algorithm configuration options. Currently just fips_mode
-fips_mode = no

 ####################################################################
 [ ca ]
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -187,7 +187,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);

-	BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
+	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified but cert file is.\n");
--- a/6
+++ b/6
@@ -547,9 +547,9 @@ case "$GUESSOS" in
 	esac
 	if [ "$CC" = "gcc" ]; then
 	    case ${ISA:-generic} in
-	    EV5|EV45)		options="$options -mcpu=ev5";;
-	    EV56|PCA56)		options="$options -mcpu=ev56";;
-	    EV6|EV67|PCA57)	options="$options -mcpu=ev6";;
+	    EV5|EV45)		options="$options -march=ev5";;
+	    EV56|PCA56)		options="$options -march=ev56";;
+	    EV6|EV67|PCA57)	options="$options -march=ev6";;
 	    esac
 	fi
 	;;
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -230,7 +230,7 @@ get_next:
 				}
 			}
 		}
-	if(!(cflag & X509_FLAG_NO_EXTENSIONS))
+	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
 		{
 		exts = X509_REQ_get_extensions(x);
 		if(exts)
@@ -248,7 +248,7 @@ get_next:
 				j=X509_EXTENSION_get_critical(ex);
 				if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 					goto err;
-				if(!X509V3_EXT_print(bp, ex, cflag, 16))
+				if(!X509V3_EXT_print(bp, ex, 0, 16))
 					{
 					BIO_printf(bp, "%16s", "");
 					M_ASN1_OCTET_STRING_print(bp,ex->value);
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -106,6 +106,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
 			if(i == 2) return;
 		}
 		i = asn1_get_choice_selector(pval, it);
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
 		if((i >= 0) && (i < it->tcount)) {
 			ASN1_VALUE **pchval;
 			tt = it->templates + i;
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -160,40 +160,40 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, cons
 					int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
 	unsigned char *p = *in, *q;
-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
-	union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
+	STACK *intname = NULL, **intname_pp = &intname;
 	int i, j, ret;
+	X509_NAME *nm = NULL, **nm_pp = &nm;
 	STACK_OF(X509_NAME_ENTRY) *entries;
 	X509_NAME_ENTRY *entry;
 	q = p;

 	/* Get internal representation of Name */
-	ret = ASN1_item_ex_d2i(&intname.a,
+	ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
 			       &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
 			       tag, aclass, opt, ctx);
 	
 	if(ret <= 0) return ret;

 	if(*val) x509_name_ex_free(val, NULL);
-	if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+	if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;
 	/* We've decoded it: now cache encoding */
-	if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
-	memcpy(nm.x->bytes->data, q, p - q);
+	if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
+	memcpy(nm->bytes->data, q, p - q);

 	/* Convert internal representation to X509_NAME structure */
-	for(i = 0; i < sk_num(intname.s); i++) {
-		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+	for(i = 0; i < sk_num(intname); i++) {
+		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
 		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
 			entry = sk_X509_NAME_ENTRY_value(entries, j);
 			entry->set = i;
-			if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+			if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
 				goto err;
 		}
 		sk_X509_NAME_ENTRY_free(entries);
 	}
-	sk_free(intname.s);
-	nm.x->modified = 0;
-	*val = nm.a;
+	sk_free(intname);
+	nm->modified = 0;
+	*val = (ASN1_VALUE *)nm;
 	*in = p;
 	return ret;
 	err:
@@ -219,35 +219,35 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT

 static int x509_name_encode(X509_NAME *a)
 {
-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+	STACK *intname = NULL, **intname_pp = &intname;
 	int len;
 	unsigned char *p;
 	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
 	X509_NAME_ENTRY *entry;
 	int i, set = -1;
-	intname.s = sk_new_null();
-	if(!intname.s) goto memerr;
+	intname = sk_new_null();
+	if(!intname) goto memerr;
 	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
 		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
 		if(entry->set != set) {
 			entries = sk_X509_NAME_ENTRY_new_null();
 			if(!entries) goto memerr;
-			if(!sk_push(intname.s, (char *)entries)) goto memerr;
+			if(!sk_push(intname, (char *)entries)) goto memerr;
 			set = entry->set;
 		}
 		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
-	len = ASN1_item_ex_i2d(&intname.a, NULL,
+	len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
 			       ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
 	p=(unsigned char *)a->bytes->data;
-	ASN1_item_ex_i2d(&intname.a,
+	ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
 			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-	sk_pop_free(intname.s, sk_internal_free);
+	sk_pop_free(intname, sk_internal_free);
 	a->modified = 0;
 	return len;
 	memerr:
-	sk_pop_free(intname.s, sk_internal_free);
+	sk_pop_free(intname, sk_internal_free);
 	ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
 	return -1;
 }
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -79,7 +79,7 @@
 #include <openssl/bn.h>         /* To get BN_LLONG properly defined */
 #include <openssl/bio.h>

-#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
+#ifdef BN_LLONG
 # ifndef HAVE_LONG_LONG
 #  define HAVE_LONG_LONG 1
 # endif
@@ -117,7 +117,7 @@

 #if HAVE_LONG_LONG
 # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-# define LLONG __int64
+# define LLONG _int64
 # else
 # define LLONG long long
 # endif
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -175,6 +175,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,

 	max=(nl+al+1); /* allow for overflow (no?) XXX */
 	if (bn_wexpand(r,max) == NULL) goto err;
+	if (bn_wexpand(ret,max) == NULL) goto err;

 	r->neg=a->neg^n->neg;
 	np=n->d;
@@ -226,70 +227,19 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 		}
 	bn_fix_top(r);
 	
-	/* mont->ri will be a multiple of the word size and below code
-	 * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-	if (r->top <= ri)
-		{
-		ret->top=0;
-		retn=1;
-		goto err;
-		}
-	al=r->top-ri;
-
-# define BRANCH_FREE 1
-# if BRANCH_FREE
-	if (bn_wexpand(ret,ri) == NULL) goto err;
-	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */
-	ret->neg=r->neg;
-
+	/* mont->ri will be a multiple of the word size */
+#if 0
+	BN_rshift(ret,r,mont->ri);
+#else
+	ret->neg = r->neg;
+	x=ri;
 	rp=ret->d;
-	ap=&(r->d[ri]);
-
-	{
-	size_t m1,m2;
-
-	v=bn_sub_words(rp,ap,np,ri);
-	/* this ----------------^^ works even in al<ri case
-	 * thanks to zealous zeroing of top of the vector in the
-	 * beginning. */
-
-	/* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-	/* in other words if subtraction result is real, then
-	 * trick unconditional memcpy below to perform in-place
-	 * "refresh" instead of actual copy. */
-	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/* al<ri */
-	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/* al>ri */
-	m1|=m2;			/* (al!=ri) */
-	m1|=(0-(size_t)v);	/* (al!=ri || v) */
-	m1&=~m2;		/* (al!=ri || v) && !al>ri */
-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-	}
-
-	/* 'i<ri' is chosen to eliminate dependency on input data, even
-	 * though it results in redundant copy in al<ri case. */
-	for (i=0,ri-=4; i<ri; i+=4)
-		{
-		BN_ULONG t1,t2,t3,t4;
-		
-		t1=nrp[i+0];
-		t2=nrp[i+1];
-		t3=nrp[i+2];	ap[i+0]=0;
-		t4=nrp[i+3];	ap[i+1]=0;
-		rp[i+0]=t1;	ap[i+2]=0;
-		rp[i+1]=t2;	ap[i+3]=0;
-		rp[i+2]=t3;
-		rp[i+3]=t4;
-		}
-	for (ri+=4; i<ri; i++)
-		rp[i]=nrp[i], ap[i]=0;
-# else
-	if (bn_wexpand(ret,al) == NULL) goto err;
+	ap= &(r->d[x]);
+	if (r->top < x)
+		al=0;
+	else
+		al=r->top-x;
 	ret->top=al;
-	ret->neg=r->neg;
-
-	rp=ret->d;
-	ap=&(r->d[ri]);
 	al-=4;
 	for (i=0; i<al; i+=4)
 		{
@@ -307,7 +257,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 	al+=4;
 	for (; i<al; i++)
 		rp[i]=ap[i];
-# endif
+#endif
 #else /* !MONT_WORD */ 
 	BIGNUM *t1,*t2;

@@ -327,14 +277,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
 	if (!BN_rshift(ret,t2,mont->ri)) goto err;
 #endif /* MONT_WORD */

-#if !defined(BRANCH_FREE) || BRANCH_FREE==0
 	if (BN_ucmp(ret, &(mont->N)) >= 0)
 		{
 		if (!BN_usub(ret,ret,&(mont->N))) goto err;
 		}
-#endif
 	retn=1;
-	bn_check_top(ret);
 err:
 	BN_CTX_end(ctx);
 	return(retn);
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -113,7 +113,6 @@ typedef void conf_finish_func(CONF_IMODULE *md);
 #define CONF_MFLAGS_SILENT		0x4
 #define CONF_MFLAGS_NO_DSO		0x8
 #define CONF_MFLAGS_IGNORE_MISSING_FILE	0x10
-#define CONF_MFLAGS_DEFAULT_SECTION	0x20

 int CONF_set_default_method(CONF_METHOD *meth);
 void CONF_set_nconf(CONF *conf,LHASH *hash);
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
@@ -76,6 +76,5 @@ void OPENSSL_load_builtin_modules(void)
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE_add_conf_module();
 #endif
-	EVP_add_alg_module();
 	}

--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -126,18 +126,17 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 	{
 	STACK_OF(CONF_VALUE) *values;
 	CONF_VALUE *vl;
-	char *vsection = NULL;
+	char *vsection;

 	int ret, i;

 	if (!cnf)
 		return 1;

-	if (appname)
-		vsection = NCONF_get_string(cnf, NULL, appname);
+	if (appname == NULL)
+		appname = "openssl_conf";

-	if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
-		vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
+	vsection = NCONF_get_string(cnf, NULL, appname); 

 	if (!vsection)
 		{
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -88,8 +88,8 @@ void OPENSSL_config(const char *config_name)


 	ERR_clear_error();
-	if (CONF_modules_load_file(NULL, config_name,
-	CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
+	if (CONF_modules_load_file(NULL, NULL,
+					CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
 		{
 		BIO *bio_err;
 		ERR_load_crypto_strings();
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -23,7 +23,7 @@ TESTDATA=evptests.txt
 APPS=

 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
 	e_des.c e_bf.c e_idea.c e_des3.c \
 	e_rc4.c e_aes.c names.c \
 	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
@@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
 	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
 	e_old.c

-LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
+LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
 	e_des.o e_bf.o e_idea.o e_des3.o \
 	e_rc4.o e_aes.o names.o \
 	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
@@ -527,29 +527,6 @@ evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
-evp_cnf.o: ../../e_os.h ../../include/openssl/aes.h
-evp_cnf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-evp_cnf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-evp_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_cnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-evp_cnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-evp_cnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_cnf.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
-evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-evp_cnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-evp_cnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-evp_cnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_cnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_cnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
 evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -875,8 +875,6 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 		    EVP_PBE_KEYGEN *keygen);
 void EVP_PBE_cleanup(void);

-void EVP_add_alg_module(void);
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -887,7 +885,6 @@ void ERR_load_EVP_strings(void);

 /* Function codes. */
 #define EVP_F_AES_INIT_KEY				 129
-#define EVP_F_ALG_MODULE_INIT				 134
 #define EVP_F_D2I_PKEY					 100
 #define EVP_F_EVP_ADD_CIPHER				 130
 #define EVP_F_EVP_ADD_DIGEST				 131
@@ -936,16 +933,12 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
 #define EVP_R_DISABLED_FOR_FIPS				 141
 #define EVP_R_ENCODE_ERROR				 115
-#define EVP_R_ERROR_LOADING_SECTION			 142
-#define EVP_R_ERROR_SETTING_FIPS_MODE			 143
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
 #define EVP_R_EXPECTING_AN_RSA_KEY			 127
 #define EVP_R_EXPECTING_A_DH_KEY			 128
 #define EVP_R_EXPECTING_A_DSA_KEY			 129
-#define EVP_R_FIPS_MODE_NOT_SUPPORTED			 144
 #define EVP_R_INITIALIZATION_ERROR			 134
 #define EVP_R_INPUT_NOT_INITIALIZED			 111
-#define EVP_R_INVALID_FIPS_MODE				 145
 #define EVP_R_INVALID_KEY_LENGTH			 130
 #define EVP_R_IV_TOO_LARGE				 102
 #define EVP_R_KEYGEN_FAILURE				 120
@@ -957,7 +950,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
-#define EVP_R_UNKNOWN_OPTION				 146
 #define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
 #define EVP_R_UNSUPPORTED_CIPHER			 107
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -1,122 +0,0 @@
-/* evp_cnf.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/fips.h>
-
-/* Algorithm configuration module. */
-
-static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
-	{
-	int i;
-	const char *oid_section;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *oval;
-	oid_section = CONF_imodule_get_value(md);
-	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
-		{
-		EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
-		return 0;
-		}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
-		{
-		oval = sk_CONF_VALUE_value(sktmp, i);
-		if (!strcmp(oval->name, "fips_mode"))
-			{
-			int m;
-			if (!X509V3_get_value_bool(oval, &m))
-				{
-				EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
-				return 0;
-				}
-			if (m > 0)
-				{
-#ifdef OPENSSL_FIPS
-				if (!FIPS_mode_set(1))
-					{
-					EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE);
-					return 0;
-					}
-#else
-				EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
-				return 0;
-#endif
-				}
-			}
-		else
-			{
-			EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
-			ERR_add_error_data(4, "name=", oval->name,
-						", value=", oval->value);
-			}
-				
-		}
-	return 1;
-	}
-
-void EVP_add_alg_module(void)
-	{
-	CONF_module_add("alg_section", alg_module_init, 0);
-	}
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,7 +71,6 @@
 static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_ALG_MODULE_INIT),	"ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
 {ERR_FUNC(EVP_F_EVP_ADD_CIPHER),	"EVP_add_cipher"},
 {ERR_FUNC(EVP_F_EVP_ADD_DIGEST),	"EVP_add_digest"},
@@ -123,16 +122,12 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
-{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
 {ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
@@ -144,7 +139,6 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
 {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x009070e0L
+#define OPENSSL_VERSION_NUMBER	0x009070dfL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7n-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7m-fips 23 Feb 2007"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7n-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7m 23 Feb 2007"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

--- a/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
@@ -62,7 +62,7 @@ asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl
 	(cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)

 asm/sha1-ia64.s:  asm/sha1-ia64.pl
-	(cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS))
+	(cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@

 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -170,7 +170,7 @@ STACK_OF(type) \
 #define SKM_sk_push(type, st,val) \
 	sk_push(st, (char *)val)
 #define SKM_sk_unshift(type, st,val) \
-	sk_unshift(st, (char *)val)
+	sk_unshift(st, val)
 #define SKM_sk_find(type, st,val) \
 	sk_find(st, (char *)val)
 #define SKM_sk_delete(type, st,i) \
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -286,6 +286,12 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
 		X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
+	pci->proxyPolicy = PROXY_POLICY_new();
+	if (!pci->proxyPolicy)
+		{
+		X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}

 	pci->proxyPolicy->policyLanguage = language; language = NULL;
 	pci->proxyPolicy->policy = policy; policy = NULL;
@@ -295,6 +301,11 @@ err:
 	if (language) { ASN1_OBJECT_free(language); language = NULL; }
 	if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
 	if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
+	if (pci && pci->proxyPolicy)
+		{
+		PROXY_POLICY_free(pci->proxyPolicy);
+		pci->proxyPolicy = NULL;
+		}
 	if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
 end:
 	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
--- a/doc/crypto/des_modes.pod
+++ b/doc/crypto/des_modes.pod
@@ -2,7 +2,7 @@

 =head1 NAME

-des_modes - the variants of DES and other crypto algorithms of OpenSSL
+Modes of DES - the variants of DES and other crypto algorithms of OpenSSL

 =head1 DESCRIPTION

--- a/fips-1.0/aes/fips_aesavs.c
+++ b/fips-1.0/aes/fips_aesavs.c
@@ -82,7 +82,7 @@ int main(int argc, char *argv[])

 #define AES_BLOCK_SIZE 16

-#define VERBOSE 0
+#define VERBOSE 1

 /*-----------------------------------------------*/

@@ -476,10 +476,8 @@ int do_mct(char *amode,
 		if(j == 0)
 		    {
 		    /* compensate for wrong endianness of input file */
-#if 0
 		    if(i == 0)
 			ptext[0][0]<<=7;
-#endif
 		    ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
 				ptext[j], ctext[j], len);
 		    }
@@ -696,7 +694,7 @@ static int tidy_line(char *linebuf, char *olinebuf)
  # Fri Aug 30 04:07:22 PM
  ----------------------------*/

-int proc_file(char *rqfile, char *rspfile)
+int proc_file(char *rqfile)
    {
    char afn[256], rfn[256];
    FILE *afp = NULL, *rfp = NULL;
@@ -727,21 +725,13 @@ int proc_file(char *rqfile, char *rspfile)
 	       afn, strerror(errno));
 	return -1;
 	}
-    if (!rspfile)
-	{
-	strcpy(rfn,afn);
-	rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
-	if (!rp)
-	    rp=strstr(rfn,"req\\");
-#endif
-	assert(rp);
-	memcpy(rp,"rsp",3);
-	rp = strstr(rfn, ".req");
-	memcpy(rp, ".rsp", 4);
-	rspfile = rfn;
-	}
-    if ((rfp = fopen(rspfile, "w")) == NULL)
+    strcpy(rfn,afn);
+    rp=strstr(rfn,"req/");
+    assert(rp);
+    memcpy(rp,"rsp",3);
+    rp = strstr(rfn, ".req");
+    memcpy(rp, ".rsp", 4);
+    if ((rfp = fopen(rfn, "w")) == NULL)
 	{
 	printf("Cannot open file: %s, %s\n", 
 	       rfn, strerror(errno));
@@ -805,14 +795,12 @@ int proc_file(char *rqfile, char *rspfile)
 			strncpy(amode, xp+1, n);
 			amode[n] = '\0';
 			/* amode[3] = '\0'; */
-			if (VERBOSE)
-			    printf("Test = %s, Mode = %s\n", atest, amode);
+			printf("Test = %s, Mode = %s\n", atest, amode);
 			}
 		    else if (strncasecmp(pp, "Key Length : ", 13) == 0)
 			{
 			akeysz = atoi(pp+13);
-			if (VERBOSE)
-			    printf("Key size = %d\n", akeysz);
+			printf("Key size = %d\n", akeysz);
 			}
 		    }
 		}
@@ -959,6 +947,7 @@ int proc_file(char *rqfile, char *rspfile)
 		    err =1;
 		    break;
 		    }
+
 		PrintValue("CIPHERTEXT", ciphertext, len);
 		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
 		    {
@@ -1009,7 +998,7 @@ int proc_file(char *rqfile, char *rspfile)
 --------------------------------------------------*/
 int main(int argc, char **argv)
    {
-    char *rqlist = "req.txt", *rspfile = NULL;
+    char *rqlist = "req.txt";
    FILE *fp = NULL;
    char fn[250] = "", rfn[256] = "";
    int f_opt = 0, d_opt = 1;
@@ -1045,10 +1034,7 @@ int main(int argc, char **argv)
 	if (d_opt)
 	    rqlist = argv[2];
 	else
-	    {
 	    strcpy(fn, argv[2]);
-	    rspfile = argv[3];
-	    }
 	}
    if (d_opt)
 	{ /* list of files (directory) */
@@ -1061,9 +1047,8 @@ int main(int argc, char **argv)
 	    {
 	    strtok(fn, "\r\n");
 	    strcpy(rfn, fn);
-	    if (VERBOSE)
-	    	printf("Processing: %s\n", rfn);
-	    if (proc_file(rfn, rspfile))
+	    printf("Processing: %s\n", rfn);
+	    if (proc_file(rfn))
 		{
 		printf(">>> Processing failed for: %s <<<\n", rfn);
 		EXIT(1);
@@ -1073,9 +1058,8 @@ int main(int argc, char **argv)
 	}
    else /* single file */
 	{
-	if (VERBOSE)
-	    printf("Processing: %s\n", fn);
-	if (proc_file(fn, rspfile))
+	printf("Processing: %s\n", fn);
+	if (proc_file(fn))
 	    {
 	    printf(">>> Processing failed for: %s <<<\n", fn);
 	    }
--- a/fips-1.0/des/fips_desmovs.c
+++ b/fips-1.0/des/fips_desmovs.c
@@ -558,7 +558,7 @@ void do_mct(char *amode,
 	}
    }
    
-int proc_file(char *rqfile, char *rspfile)
+int proc_file(char *rqfile)
    {
    char afn[256], rfn[256];
    FILE *afp = NULL, *rfp = NULL;
@@ -588,21 +588,13 @@ int proc_file(char *rqfile, char *rspfile)
 	       afn, strerror(errno));
 	return -1;
 	}
-    if (!rspfile)
-	{
-	strcpy(rfn,afn);
-	rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
-	if (!rp)
-	    rp=strstr(rfn,"req\\");
-#endif
-	assert(rp);
-	memcpy(rp,"rsp",3);
-	rp = strstr(rfn, ".req");
-	memcpy(rp, ".rsp", 4);
-	rspfile = rfn;
-	}
-    if ((rfp = fopen(rspfile, "w")) == NULL)
+    strcpy(rfn,afn);
+    rp=strstr(rfn,"req/");
+    assert(rp);
+    memcpy(rp,"rsp",3);
+    rp = strstr(rfn, ".req");
+    memcpy(rp, ".rsp", 4);
+    if ((rfp = fopen(rfn, "w")) == NULL)
 	{
 	printf("Cannot open file: %s, %s\n", 
 	       rfn, strerror(errno));
@@ -674,8 +666,7 @@ int proc_file(char *rqfile, char *rspfile)
 			strncpy(amode, xp+1, n);
 			amode[n] = '\0';
 			/* amode[3] = '\0'; */
-			if (VERBOSE)
-				printf("Test=%s, Mode=%s\n",atest,amode);
+			printf("Test=%s, Mode=%s\n",atest,amode);
 			}
 		    }
 		}
@@ -918,7 +909,7 @@ int proc_file(char *rqfile, char *rspfile)
 --------------------------------------------------*/
 int main(int argc, char **argv)
    {
-    char *rqlist = "req.txt", *rspfile = NULL;
+    char *rqlist = "req.txt";
    FILE *fp = NULL;
    char fn[250] = "", rfn[256] = "";
    int f_opt = 0, d_opt = 1;
@@ -954,10 +945,7 @@ int main(int argc, char **argv)
 	if (d_opt)
 	    rqlist = argv[2];
 	else
-	    {
 	    strcpy(fn, argv[2]);
-	    rspfile = argv[3];
-	    }
 	}
    if (d_opt)
 	{ /* list of files (directory) */
@@ -970,9 +958,8 @@ int main(int argc, char **argv)
 	    {
 	    strtok(fn, "\r\n");
 	    strcpy(rfn, fn);
-	    if (VERBOSE)
-	    	printf("Processing: %s\n", rfn);
-	    if (proc_file(rfn, rspfile))
+	    printf("Processing: %s\n", rfn);
+	    if (proc_file(rfn))
 		{
 		printf(">>> Processing failed for: %s <<<\n", rfn);
 		EXIT(1);
@@ -982,9 +969,8 @@ int main(int argc, char **argv)
 	}
    else /* single file */
 	{
-	if (VERBOSE)
-	    printf("Processing: %s\n", fn);
-	if (proc_file(fn, rspfile))
+	printf("Processing: %s\n", fn);
+	if (proc_file(fn))
 	    {
 	    printf(">>> Processing failed for: %s <<<\n", fn);
 	    }
--- a/fips-1.0/dsa/fips_dssvs.c
+++ b/fips-1.0/dsa/fips_dssvs.c
@@ -204,192 +204,6 @@ void pqg()
 	}
    }

-void pqgver()
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL;
-    int counter, counter2;
-    unsigned long h, h2;
-    DSA *dsa=NULL;
-    int nmod=0;
-    unsigned char seed[1024];
-
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-	{
-	if (!parse_line(&keyword, &value, lbuf, buf))
-		{
-		fputs(buf,stdout);
-		continue;
-		}
-	if(!strcmp(keyword,"[mod"))
-	    nmod=atoi(value);
-	else if(!strcmp(keyword,"P"))
-	    p=hex2bn(value);
-	else if(!strcmp(keyword,"Q"))
-	    q=hex2bn(value);
-	else if(!strcmp(keyword,"G"))
-	    g=hex2bn(value);
-	else if(!strcmp(keyword,"Seed"))
-	    {
-	    int slen = hex2bin(value, seed);
-	    if (slen != 20)
-		{
-		fprintf(stderr, "Seed parse length error\n");
-		exit (1);
-		}
-	    }
-	else if(!strcmp(keyword,"c"))
-	    counter =atoi(buf+4);
-	else if(!strcmp(keyword,"H"))
-	    {
-	    h = atoi(value);
-	    if (!p || !q || !g)
-		{
-		fprintf(stderr, "Parse Error\n");
-		exit (1);
-		}
-	    pbn("P",p);
-	    pbn("Q",q);
-	    pbn("G",g);
-	    pv("Seed",seed,20);
-	    printf("c = %d\n",counter);
-	    printf("H = %lx\n",h);
-	    dsa=DSA_generate_parameters(nmod,seed,20,&counter2,&h2,NULL,NULL);
-            if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
-		|| (counter != counter2) || (h != h2))
-	    	printf("Result = F\n");
-	    else
-	    	printf("Result = T\n");
-	    BN_free(p);
-	    BN_free(q);
-	    BN_free(g);
-	    p = NULL;
-	    q = NULL;
-	    g = NULL;
-	    DSA_free(dsa);
-	    dsa = NULL;
-	    }
-	}
-    }
-
-/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
- * algorithm tests. It is an additional test to perform sanity checks on the
- * output of the KeyPair test.
- */
-
-static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
-							BN_CTX *ctx)
-    {
-    BIGNUM *rem = NULL;
-    if (BN_num_bits(p) != nmod)
-	return 0;
-    if (BN_num_bits(q) != 160)
-	return 0;
-    if (BN_is_prime(p, BN_prime_checks, NULL, NULL, NULL) != 1)
-	return 0;
-    if (BN_is_prime(q, BN_prime_checks, NULL, NULL, NULL) != 1)
-	return 0;
-    rem = BN_new();
-    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
-    	|| (BN_cmp(g, BN_value_one()) <= 0)
-	|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
-	{
-	BN_free(rem);
-	return 0;
-	}
-    BN_free(rem);
-    return 1;
-    }
-
-void keyver()
-    {
-    char buf[1024];
-    char lbuf[1024];
-    char *keyword, *value;
-    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
-    BIGNUM *Y2;
-    BN_CTX *ctx = NULL;
-    int nmod=0, paramcheck = 0;
-
-    ctx = BN_CTX_new();
-    Y2 = BN_new();
-
-    while(fgets(buf,sizeof buf,stdin) != NULL)
-	{
-	if (!parse_line(&keyword, &value, lbuf, buf))
-		{
-		fputs(buf,stdout);
-		continue;
-		}
-	if(!strcmp(keyword,"[mod"))
-	    {
-	    if (p)
-		BN_free(p);
-	    p = NULL;
-	    if (q)
-		BN_free(q);
-	    q = NULL;
-	    if (g)
-		BN_free(g);
-	    g = NULL;
-	    paramcheck = 0;
-	    nmod=atoi(value);
-	    }
-	else if(!strcmp(keyword,"P"))
-	    p=hex2bn(value);
-	else if(!strcmp(keyword,"Q"))
-	    q=hex2bn(value);
-	else if(!strcmp(keyword,"G"))
-	    g=hex2bn(value);
-	else if(!strcmp(keyword,"X"))
-	    X=hex2bn(value);
-	else if(!strcmp(keyword,"Y"))
-	    {
-	    Y=hex2bn(value);
-	    if (!p || !q || !g || !X || !Y)
-		{
-		fprintf(stderr, "Parse Error\n");
-		exit (1);
-		}
-	    pbn("P",p);
-	    pbn("Q",q);
-	    pbn("G",g);
-	    pbn("X",X);
-	    pbn("Y",Y);
-	    if (!paramcheck)
-		{
-		if (dss_paramcheck(nmod, p, q, g, ctx))
-			paramcheck = 1;
-		else
-			paramcheck = -1;
-		}
-	    if (paramcheck != 1)
-	   	printf("Result = F\n");
-	    else
-		{
-		if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
-	    		printf("Result = F\n");
-	        else
-	    		printf("Result = T\n");
-		}
-	    BN_free(X);
-	    BN_free(Y);
-	    X = NULL;
-	    Y = NULL;
-	    }
-	}
-	if (p)
-	    BN_free(p);
-	if (q)
-	    BN_free(q);
-	if (g)
-	    BN_free(g);
-	if (Y2)
-	    BN_free(Y2);
-    }
-
 void keypair()
    {
    char buf[1024];
@@ -563,12 +377,8 @@ int main(int argc,char **argv)
 	primes();
    else if(!strcmp(argv[1],"pqg"))
 	pqg();
-    else if(!strcmp(argv[1],"pqgver"))
-	pqgver();
    else if(!strcmp(argv[1],"keypair"))
 	keypair();
-    else if(!strcmp(argv[1],"keyver"))
-	keyver();
    else if(!strcmp(argv[1],"siggen"))
 	siggen();
    else if(!strcmp(argv[1],"sigver"))
--- a/fips-1.0/fipsalgtest.pl
+++ b/fips-1.0/fipsalgtest.pl
@@ -1,848 +0,0 @@
-#!/usr/bin/perl -w
-# Perl utility to run or verify FIPS 140-2 CMVP algorithm tests based on the
-# pathnames of input algorithm test files actually present (the unqualified
-# file names are consistent but the pathnames are not).
-#
-
-# FIPS test definitions
-# List of all the unqualified file names we expect and command lines to run
-
-# DSA tests
-my @fips_dsa_test_list = (
-
-    "DSA",
-
-    [ "PQGGen",  "fips_dssvs pqg" ],
-    [ "KeyPair", "fips_dssvs keypair" ],
-    [ "SigGen",  "fips_dssvs siggen" ],
-    [ "SigVer",  "fips_dssvs sigver" ]
-
-);
-
-# RSA tests
-
-my @fips_rsa_test_list = (
-
-    "RSA",
-
-    [ "SigGen15",  "fips_rsastest" ],
-    [ "SigVer15",  "fips_rsavtest" ],
-    [ "SigVerRSA", "fips_rsavtest -x931" ],
-    [ "KeyGenRSA", "fips_rsagtest" ],
-    [ "SigGenRSA", "fips_rsastest -x931" ]
-
-);
-
-# Special cases for PSS. The filename itself is
-# not sufficient to determine the test. Addditionally we
-# need to examine the file contents to determine the salt length
-# In these cases the test filename has (saltlen) appended.
-
-# RSA PSS salt length 0 tests
-
-my @fips_rsa_pss0_test_list = (
-
-    [ "SigGenPSS(0)", "fips_rsastest -saltlen 0" ],
-    [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0" ]
-
-);
-
-# RSA PSS salt length 62 tests
-
-my @fips_rsa_pss62_test_list = (
-    [ "SigGenPSS(62)", "fips_rsastest -saltlen 62" ],
-    [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62" ]
-
-);
-
-# SHA tests
-
-my @fips_sha_test_list = (
-
-    "SHA",
-
-    [ "SHA1LongMsg",    "fips_shatest" ],
-    [ "SHA1Monte",      "fips_shatest" ],
-    [ "SHA1ShortMsg",   "fips_shatest" ],
-    [ "SHA224LongMsg",  "fips_shatest" ],
-    [ "SHA224Monte",    "fips_shatest" ],
-    [ "SHA224ShortMsg", "fips_shatest" ],
-    [ "SHA256LongMsg",  "fips_shatest" ],
-    [ "SHA256Monte",    "fips_shatest" ],
-    [ "SHA256ShortMsg", "fips_shatest" ],
-    [ "SHA384LongMsg",  "fips_shatest" ],
-    [ "SHA384Monte",    "fips_shatest" ],
-    [ "SHA384ShortMsg", "fips_shatest" ],
-    [ "SHA512LongMsg",  "fips_shatest" ],
-    [ "SHA512Monte",    "fips_shatest" ],
-    [ "SHA512ShortMsg", "fips_shatest" ]
-
-);
-
-# HMAC
-
-my @fips_hmac_test_list = (
-
-    "HMAC",
-
-    [ "HMAC", "fips_hmactest" ]
-
-);
-
-# RAND tests, AES version
-
-my @fips_rand_aes_test_list = (
-
-    "RAND (AES)",
-
-    [ "ANSI931_AES128MCT", "fips_rngvs mct" ],
-    [ "ANSI931_AES192MCT", "fips_rngvs mct" ],
-    [ "ANSI931_AES256MCT", "fips_rngvs mct" ],
-    [ "ANSI931_AES128VST", "fips_rngvs vst" ],
-    [ "ANSI931_AES192VST", "fips_rngvs vst" ],
-    [ "ANSI931_AES256VST", "fips_rngvs vst" ]
-
-);
-
-# RAND tests, DES2 version
-
-my @fips_rand_des2_test_list = (
-
-    "RAND (DES2)",
-
-    [ "ANSI931_TDES2MCT", "fips_rngvs mct" ],
-    [ "ANSI931_TDES2VST", "fips_rngvs vst" ]
-
-);
-
-# AES tests
-
-my @fips_aes_test_list = (
-
-    "AES",
-
-    [ "CBCGFSbox128",     "fips_aesavs -f" ],
-    [ "CBCGFSbox192",     "fips_aesavs -f" ],
-    [ "CBCGFSbox256",     "fips_aesavs -f" ],
-    [ "CBCKeySbox128",    "fips_aesavs -f" ],
-    [ "CBCKeySbox192",    "fips_aesavs -f" ],
-    [ "CBCKeySbox256",    "fips_aesavs -f" ],
-    [ "CBCMCT128",        "fips_aesavs -f" ],
-    [ "CBCMCT192",        "fips_aesavs -f" ],
-    [ "CBCMCT256",        "fips_aesavs -f" ],
-    [ "CBCMMT128",        "fips_aesavs -f" ],
-    [ "CBCMMT192",        "fips_aesavs -f" ],
-    [ "CBCMMT256",        "fips_aesavs -f" ],
-    [ "CBCVarKey128",     "fips_aesavs -f" ],
-    [ "CBCVarKey192",     "fips_aesavs -f" ],
-    [ "CBCVarKey256",     "fips_aesavs -f" ],
-    [ "CBCVarTxt128",     "fips_aesavs -f" ],
-    [ "CBCVarTxt192",     "fips_aesavs -f" ],
-    [ "CBCVarTxt256",     "fips_aesavs -f" ],
-    [ "CFB128GFSbox128",  "fips_aesavs -f" ],
-    [ "CFB128GFSbox192",  "fips_aesavs -f" ],
-    [ "CFB128GFSbox256",  "fips_aesavs -f" ],
-    [ "CFB128KeySbox128", "fips_aesavs -f" ],
-    [ "CFB128KeySbox192", "fips_aesavs -f" ],
-    [ "CFB128KeySbox256", "fips_aesavs -f" ],
-    [ "CFB128MCT128",     "fips_aesavs -f" ],
-    [ "CFB128MCT192",     "fips_aesavs -f" ],
-    [ "CFB128MCT256",     "fips_aesavs -f" ],
-    [ "CFB128MMT128",     "fips_aesavs -f" ],
-    [ "CFB128MMT192",     "fips_aesavs -f" ],
-    [ "CFB128MMT256",     "fips_aesavs -f" ],
-    [ "CFB128VarKey128",  "fips_aesavs -f" ],
-    [ "CFB128VarKey192",  "fips_aesavs -f" ],
-    [ "CFB128VarKey256",  "fips_aesavs -f" ],
-    [ "CFB128VarTxt128",  "fips_aesavs -f" ],
-    [ "CFB128VarTxt192",  "fips_aesavs -f" ],
-    [ "CFB128VarTxt256",  "fips_aesavs -f" ],
-    [ "CFB8GFSbox128",    "fips_aesavs -f" ],
-    [ "CFB8GFSbox192",    "fips_aesavs -f" ],
-    [ "CFB8GFSbox256",    "fips_aesavs -f" ],
-    [ "CFB8KeySbox128",   "fips_aesavs -f" ],
-    [ "CFB8KeySbox192",   "fips_aesavs -f" ],
-    [ "CFB8KeySbox256",   "fips_aesavs -f" ],
-    [ "CFB8MCT128",       "fips_aesavs -f" ],
-    [ "CFB8MCT192",       "fips_aesavs -f" ],
-    [ "CFB8MCT256",       "fips_aesavs -f" ],
-    [ "CFB8MMT128",       "fips_aesavs -f" ],
-    [ "CFB8MMT192",       "fips_aesavs -f" ],
-    [ "CFB8MMT256",       "fips_aesavs -f" ],
-    [ "CFB8VarKey128",    "fips_aesavs -f" ],
-    [ "CFB8VarKey192",    "fips_aesavs -f" ],
-    [ "CFB8VarKey256",    "fips_aesavs -f" ],
-    [ "CFB8VarTxt128",    "fips_aesavs -f" ],
-    [ "CFB8VarTxt192",    "fips_aesavs -f" ],
-    [ "CFB8VarTxt256",    "fips_aesavs -f" ],
-
-    [ "ECBGFSbox128",  "fips_aesavs -f" ],
-    [ "ECBGFSbox192",  "fips_aesavs -f" ],
-    [ "ECBGFSbox256",  "fips_aesavs -f" ],
-    [ "ECBKeySbox128", "fips_aesavs -f" ],
-    [ "ECBKeySbox192", "fips_aesavs -f" ],
-    [ "ECBKeySbox256", "fips_aesavs -f" ],
-    [ "ECBMCT128",     "fips_aesavs -f" ],
-    [ "ECBMCT192",     "fips_aesavs -f" ],
-    [ "ECBMCT256",     "fips_aesavs -f" ],
-    [ "ECBMMT128",     "fips_aesavs -f" ],
-    [ "ECBMMT192",     "fips_aesavs -f" ],
-    [ "ECBMMT256",     "fips_aesavs -f" ],
-    [ "ECBVarKey128",  "fips_aesavs -f" ],
-    [ "ECBVarKey192",  "fips_aesavs -f" ],
-    [ "ECBVarKey256",  "fips_aesavs -f" ],
-    [ "ECBVarTxt128",  "fips_aesavs -f" ],
-    [ "ECBVarTxt192",  "fips_aesavs -f" ],
-    [ "ECBVarTxt256",  "fips_aesavs -f" ],
-    [ "OFBGFSbox128",  "fips_aesavs -f" ],
-    [ "OFBGFSbox192",  "fips_aesavs -f" ],
-    [ "OFBGFSbox256",  "fips_aesavs -f" ],
-    [ "OFBKeySbox128", "fips_aesavs -f" ],
-    [ "OFBKeySbox192", "fips_aesavs -f" ],
-    [ "OFBKeySbox256", "fips_aesavs -f" ],
-    [ "OFBMCT128",     "fips_aesavs -f" ],
-    [ "OFBMCT192",     "fips_aesavs -f" ],
-    [ "OFBMCT256",     "fips_aesavs -f" ],
-    [ "OFBMMT128",     "fips_aesavs -f" ],
-    [ "OFBMMT192",     "fips_aesavs -f" ],
-    [ "OFBMMT256",     "fips_aesavs -f" ],
-    [ "OFBVarKey128",  "fips_aesavs -f" ],
-    [ "OFBVarKey192",  "fips_aesavs -f" ],
-    [ "OFBVarKey256",  "fips_aesavs -f" ],
-    [ "OFBVarTxt128",  "fips_aesavs -f" ],
-    [ "OFBVarTxt192",  "fips_aesavs -f" ],
-    [ "OFBVarTxt256",  "fips_aesavs -f" ]
-
-);
-
-my @fips_aes_cfb1_test_list = (
-
-    # AES CFB1 tests
-
-    [ "CFB1GFSbox128",  "fips_aesavs -f" ],
-    [ "CFB1GFSbox192",  "fips_aesavs -f" ],
-    [ "CFB1GFSbox256",  "fips_aesavs -f" ],
-    [ "CFB1KeySbox128", "fips_aesavs -f" ],
-    [ "CFB1KeySbox192", "fips_aesavs -f" ],
-    [ "CFB1KeySbox256", "fips_aesavs -f" ],
-    [ "CFB1MCT128",     "fips_aesavs -f" ],
-    [ "CFB1MCT192",     "fips_aesavs -f" ],
-    [ "CFB1MCT256",     "fips_aesavs -f" ],
-    [ "CFB1MMT128",     "fips_aesavs -f" ],
-    [ "CFB1MMT192",     "fips_aesavs -f" ],
-    [ "CFB1MMT256",     "fips_aesavs -f" ],
-    [ "CFB1VarKey128",  "fips_aesavs -f" ],
-    [ "CFB1VarKey192",  "fips_aesavs -f" ],
-    [ "CFB1VarKey256",  "fips_aesavs -f" ],
-    [ "CFB1VarTxt128",  "fips_aesavs -f" ],
-    [ "CFB1VarTxt192",  "fips_aesavs -f" ],
-    [ "CFB1VarTxt256",  "fips_aesavs -f" ]
-
-);
-
-# Triple DES tests
-
-my @fips_des3_test_list = (
-
-    "Triple DES",
-
-    [ "TCBCinvperm",   "fips_desmovs -f" ],
-    [ "TCBCMMT1",      "fips_desmovs -f" ],
-    [ "TCBCMMT2",      "fips_desmovs -f" ],
-    [ "TCBCMMT3",      "fips_desmovs -f" ],
-    [ "TCBCMonte1",    "fips_desmovs -f" ],
-    [ "TCBCMonte2",    "fips_desmovs -f" ],
-    [ "TCBCMonte3",    "fips_desmovs -f" ],
-    [ "TCBCpermop",    "fips_desmovs -f" ],
-    [ "TCBCsubtab",    "fips_desmovs -f" ],
-    [ "TCBCvarkey",    "fips_desmovs -f" ],
-    [ "TCBCvartext",   "fips_desmovs -f" ],
-    [ "TCFB64invperm", "fips_desmovs -f" ],
-    [ "TCFB64MMT1",    "fips_desmovs -f" ],
-    [ "TCFB64MMT2",    "fips_desmovs -f" ],
-    [ "TCFB64MMT3",    "fips_desmovs -f" ],
-    [ "TCFB64Monte1",  "fips_desmovs -f" ],
-    [ "TCFB64Monte2",  "fips_desmovs -f" ],
-    [ "TCFB64Monte3",  "fips_desmovs -f" ],
-    [ "TCFB64permop",  "fips_desmovs -f" ],
-    [ "TCFB64subtab",  "fips_desmovs -f" ],
-    [ "TCFB64varkey",  "fips_desmovs -f" ],
-    [ "TCFB64vartext", "fips_desmovs -f" ],
-    [ "TCFB8invperm",  "fips_desmovs -f" ],
-    [ "TCFB8MMT1",     "fips_desmovs -f" ],
-    [ "TCFB8MMT2",     "fips_desmovs -f" ],
-    [ "TCFB8MMT3",     "fips_desmovs -f" ],
-    [ "TCFB8Monte1",   "fips_desmovs -f" ],
-    [ "TCFB8Monte2",   "fips_desmovs -f" ],
-    [ "TCFB8Monte3",   "fips_desmovs -f" ],
-    [ "TCFB8permop",   "fips_desmovs -f" ],
-    [ "TCFB8subtab",   "fips_desmovs -f" ],
-    [ "TCFB8varkey",   "fips_desmovs -f" ],
-    [ "TCFB8vartext",  "fips_desmovs -f" ],
-    [ "TECBinvperm",   "fips_desmovs -f" ],
-    [ "TECBMMT1",      "fips_desmovs -f" ],
-    [ "TECBMMT2",      "fips_desmovs -f" ],
-    [ "TECBMMT3",      "fips_desmovs -f" ],
-    [ "TECBMonte1",    "fips_desmovs -f" ],
-    [ "TECBMonte2",    "fips_desmovs -f" ],
-    [ "TECBMonte3",    "fips_desmovs -f" ],
-    [ "TECBpermop",    "fips_desmovs -f" ],
-    [ "TECBsubtab",    "fips_desmovs -f" ],
-    [ "TECBvarkey",    "fips_desmovs -f" ],
-    [ "TECBvartext",   "fips_desmovs -f" ],
-    [ "TOFBinvperm",   "fips_desmovs -f" ],
-    [ "TOFBMMT1",      "fips_desmovs -f" ],
-    [ "TOFBMMT2",      "fips_desmovs -f" ],
-    [ "TOFBMMT3",      "fips_desmovs -f" ],
-    [ "TOFBMonte1",    "fips_desmovs -f" ],
-    [ "TOFBMonte2",    "fips_desmovs -f" ],
-    [ "TOFBMonte3",    "fips_desmovs -f" ],
-    [ "TOFBpermop",    "fips_desmovs -f" ],
-    [ "TOFBsubtab",    "fips_desmovs -f" ],
-    [ "TOFBvarkey",    "fips_desmovs -f" ],
-    [ "TOFBvartext",   "fips_desmovs -f" ]
-
-);
-
-# Verification special cases.
-# In most cases the output of a test is deterministic and
-# it can be compared to a known good result. A few involve
-# the genration and use of random keys and the output will
-# be different each time. In thoses cases we perform special tests
-# to simply check their consistency. For example signature generation
-# output will be run through signature verification to see if all outputs
-# show as valid.
-#
-
-my %verify_special = (
-    "PQGGen"        => "fips_dssvs pqgver",
-    "KeyPair"       => "fips_dssvs keyver",
-    "SigGen"        => "fips_dssvs sigver",
-    "SigGen15"      => "fips_rsavtest",
-    "SigGenRSA"     => "fips_rsavtest -x931",
-    "SigGenPSS(0)"  => "fips_rsavtest -saltlen 0",
-    "SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
-);
-
-my $win32  = $^O =~ m/mswin/i;
-my $onedir = 0;
-my $filter = "";
-my $tvdir;
-my $tprefix;
-my $shwrap_prefix;
-my $debug          = 0;
-my $quiet          = 0;
-my $notest         = 0;
-my $verify         = 1;
-my $rspdir         = "rsp";
-my $ignore_missing = 0;
-my $ignore_bogus   = 0;
-my $bufout         = '';
-my $list_tests     = 0;
-
-my %fips_enabled = (
-    dsa         => 1,
-    rsa         => 1,
-    "rsa-pss0"  => 1,
-    "rsa-pss62" => 1,
-    sha         => 1,
-    hmac        => 1,
-    "rand-aes"  => 0,
-    "rand-des2" => 1,
-    aes         => 1,
-    "aes-cfb1"  => 0,
-    des3        => 1
-);
-
-foreach (@ARGV) {
-    if ( $_ eq "--win32" ) {
-        $win32 = 1;
-    }
-    elsif ( $_ eq "--onedir" ) {
-        $onedir = 1;
-    }
-    elsif ( $_ eq "--debug" ) {
-        $debug = 1;
-    }
-    elsif ( $_ eq "--ignore-missing" ) {
-        $ignore_missing = 1;
-    }
-    elsif ( $_ eq "--ignore-bogus" ) {
-        $ignore_bogus = 1;
-    }
-    elsif ( $_ eq "--generate" ) {
-        $verify = 0;
-    }
-    elsif ( $_ eq "--notest" ) {
-        $notest = 1;
-    }
-    elsif ( $_ eq "--quiet" ) {
-        $quiet = 1;
-    }
-    elsif (/--dir=(.*)$/) {
-        $tvdir = $1;
-    }
-    elsif (/--rspdir=(.*)$/) {
-        $rspdir = $1;
-    }
-    elsif (/--tprefix=(.*)$/) {
-        $tprefix = $1;
-    }
-    elsif (/--shwrap_prefix=(.*)$/) {
-        $shwrap_prefix = $1;
-    }
-    elsif (/^--(enable|disable)-(.*)$/) {
-        if ( !exists $fips_enabled{$2} ) {
-            print STDERR "Unknown test $2\n";
-        }
-        if ( $1 eq "enable" ) {
-            $fips_enabled{$2} = 1;
-        }
-        else {
-            $fips_enabled{$2} = 0;
-        }
-    }
-    elsif (/--filter=(.*)$/) {
-        $filter = $1;
-    }
-    elsif (/^--list-tests$/) {
-        $list_tests = 1;
-    }
-    else {
-        Help();
-        exit(1);
-    }
-}
-
-my @fips_test_list;
-
-push @fips_test_list, @fips_dsa_test_list       if $fips_enabled{"dsa"};
-push @fips_test_list, @fips_rsa_test_list       if $fips_enabled{"rsa"};
-push @fips_test_list, @fips_rsa_pss0_test_list  if $fips_enabled{"rsa-pss0"};
-push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"};
-push @fips_test_list, @fips_sha_test_list       if $fips_enabled{"sha"};
-push @fips_test_list, @fips_hmac_test_list      if $fips_enabled{"hmac"};
-push @fips_test_list, @fips_rand_aes_test_list  if $fips_enabled{"rand-aes"};
-push @fips_test_list, @fips_rand_des2_test_list if $fips_enabled{"rand-des2"};
-push @fips_test_list, @fips_aes_test_list       if $fips_enabled{"aes"};
-push @fips_test_list, @fips_aes_cfb1_test_list  if $fips_enabled{"aes-cfb1"};
-push @fips_test_list, @fips_des3_test_list      if $fips_enabled{"des3"};
-
-if ($list_tests) {
-    my ( $test, $en );
-    print "=====TEST LIST=====\n";
-    foreach $test ( sort keys %fips_enabled ) {
-        $en = $fips_enabled{$test};
-        $test =~ tr/[a-z]/[A-Z]/;
-        printf "%-10s %s\n", $test, $en ? "enabled" : "disabled";
-    }
-    exit(0);
-}
-
-foreach (@fips_test_list) {
-    next unless ref($_);
-    my $nm = $_->[0];
-    $_->[2] = "";
-    $_->[3] = "";
-    print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
-    $fips_tests{$nm} = $_;
-}
-
-$tvdir = "." unless defined $tvdir;
-
-if ($win32) {
-    if ( !defined $tprefix ) {
-        if ($onedir) {
-            $tprefix = ".\\";
-        }
-        else {
-            $tprefix = "..\\out32dll\\";
-        }
-    }
-}
-else {
-    if ($onedir) {
-        $tprefix       = "./" unless defined $tprefix;
-        $shwrap_prefix = "./" unless defined $shwrap_prefix;
-    }
-    else {
-        $tprefix       = "../test/" unless defined $tprefix;
-        $shwrap_prefix = "../util/" unless defined $shwrap_prefix;
-    }
-}
-
-sanity_check_exe( $win32, $tprefix, $shwrap_prefix );
-
-my $cmd_prefix = $win32 ? "" : "${shwrap_prefix}shlib_wrap.sh ";
-
-find_files( $filter, $tvdir );
-
-sanity_check_files();
-
-my ( $runerr, $cmperr, $cmpok, $scheckrunerr, $scheckerr, $scheckok, $skipcnt )
-  = ( 0, 0, 0, 0, 0, 0, 0 );
-
-exit(0) if $notest;
-
-run_tests( $verify, $win32, $tprefix, $filter, $tvdir );
-
-if ($verify) {
-    print "ALGORITHM TEST VERIFY SUMMARY REPORT:\n";
-    print "Tests skipped due to missing files:        $skipcnt\n";
-    print "Algorithm test program execution failures: $runerr\n";
-    print "Test comparisons successful:               $cmpok\n";
-    print "Test comparisons failed:                   $cmperr\n";
-    print "Test sanity checks successful:             $scheckok\n";
-    print "Test sanity checks failed:                 $scheckerr\n";
-    print "Sanity check program execution failures:   $scheckrunerr\n";
-
-    if ( $runerr || $cmperr || $scheckrunerr || $scheckerr ) {
-        print "***TEST FAILURE***\n";
-    }
-    else {
-        print "***ALL TESTS SUCCESSFUL***\n";
-    }
-}
-else {
-    print "ALGORITHM TEST SUMMARY REPORT:\n";
-    print "Tests skipped due to missing files:        $skipcnt\n";
-    print "Algorithm test program execution failures: $runerr\n";
-
-    if ($runerr) {
-        print "***TEST FAILURE***\n";
-    }
-    else {
-        print "***ALL TESTS SUCCESSFUL***\n";
-    }
-}
-
-#--------------------------------
-sub Help {
-    ( my $cmd ) = ( $0 =~ m#([^/]+)$# );
-    print <<EOF;
-$cmd: generate run CMVP algorithm tests
-	--debug                     Enable debug output
-	--dir=<dirname>             Optional root for *.req file search
-	--filter=<regexp>
-	--onedir <dirname>          Assume all components in current directory
-	--rspdir=<dirname>          Name of subdirectories containing *.rsp files, default "resp"
-	--shwrap_prefix=<prefix>
-	--tprefix=<prefix>
-	--ignore-bogus              Ignore duplicate or bogus files
-	--ignore-missing            Ignore missing test files
-	--quiet                     Shhh....
-	--generate                  Generate algorithm test output
-	--win32                     Win32 environment
-EOF
-}
-
-# Sanity check to see if all necessary executables exist
-
-sub sanity_check_exe {
-    my ( $win32, $tprefix, $shwrap_prefix ) = @_;
-    my %exe_list;
-    my $bad = 0;
-    $exe_list{ $shwrap_prefix . "shlib_wrap.sh" } = 1 unless $win32;
-    foreach (@fips_test_list) {
-        next unless ref($_);
-        my $cmd = $_->[1];
-        $cmd =~ s/ .*$//;
-        $cmd = $tprefix . $cmd;
-        $cmd .= ".exe" if $win32;
-        $exe_list{$cmd} = 1;
-    }
-
-    foreach ( sort keys %exe_list ) {
-        if ( !-f $_ ) {
-            print STDERR "ERROR: can't find executable $_\n";
-            $bad = 1;
-        }
-    }
-    if ($bad) {
-        print STDERR "FATAL ERROR: executables missing\n";
-        exit(1);
-    }
-    elsif ($debug) {
-        print STDERR "Executable sanity check passed OK\n";
-    }
-}
-
-# Search for all request and response files
-
-sub find_files {
-    my ( $filter, $dir ) = @_;
-    my ( $dirh, $testname );
-    opendir( $dirh, $dir );
-    while ( $_ = readdir($dirh) ) {
-        next if ( $_ eq "." || $_ eq ".." );
-        $_ = "$dir/$_";
-        if ( -f "$_" ) {
-            if (/\/([^\/]*)\.rsp$/) {
-                $testname = fix_pss( $1, $_ );
-                if ( exists $fips_tests{$testname} ) {
-                    if ( $fips_tests{$testname}->[3] eq "" ) {
-                        $fips_tests{$testname}->[3] = $_;
-                    }
-                    else {
-                        print STDERR
-"WARNING: duplicate response file $_ for test $testname\n";
-                        $nbogus++;
-                    }
-                }
-                else {
-                    print STDERR "WARNING: bogus file $_\n";
-                    $nbogus++;
-                }
-            }
-            next unless /$filter.*\.req$/i;
-            if (/\/([^\/]*)\.req$/) {
-                $testname = fix_pss( $1, $_ );
-                if ( exists $fips_tests{$testname} ) {
-                    if ( $fips_tests{$testname}->[2] eq "" ) {
-                        $fips_tests{$testname}->[2] = $_;
-                    }
-                    else {
-                        print STDERR
-"WARNING: duplicate request file $_ for test $testname\n";
-                        $nbogus++;
-                    }
-
-                }
-                elsif ( !/SHAmix\.req$/ ) {
-                    print STDERR "WARNING: unrecognized filename $_\n";
-                    $nbogus++;
-                }
-            }
-        }
-        elsif ( -d "$_" ) {
-            find_files( $filter, $_ );
-        }
-    }
-    closedir($dirh);
-}
-
-sub fix_pss {
-    my ( $test, $path ) = @_;
-    my $sl = "";
-    local $_;
-    if ( $test =~ /PSS/ ) {
-        open( IN, $path ) || die "Can't Open File $path";
-        while (<IN>) {
-            if (/^\s*#\s*salt\s+len:\s+(\d+)\s*$/i) {
-                $sl = $1;
-                last;
-            }
-        }
-        close IN;
-        if ( $sl eq "" ) {
-            print STDERR "WARNING: No Salt length detected for file $path\n";
-        }
-        else {
-            return $test . "($sl)";
-        }
-    }
-    return $test;
-}
-
-sub sanity_check_files {
-    my $bad = 0;
-    foreach (@fips_test_list) {
-        next unless ref($_);
-        my ( $tst, $cmd, $req, $resp ) = @$_;
-
-        #print STDERR "FILES $tst, $cmd, $req, $resp\n";
-        if ( $req eq "" ) {
-            print STDERR "WARNING: missing request file for $tst\n";
-            $bad = 1;
-            next;
-        }
-        if ( $verify && $resp eq "" ) {
-            print STDERR "WARNING: no response file for test $tst\n";
-            $bad = 1;
-        }
-        elsif ( !$verify && $resp ne "" ) {
-            print STDERR "WARNING: response file $resp will be overwritten\n";
-        }
-    }
-    if ($bad) {
-        print STDERR "ERROR: test vector file set not complete\n";
-        exit(1) unless $ignore_missing;
-    }
-    if ($nbogus) {
-        print STDERR
-          "ERROR: $nbogus bogus or duplicate request and response files\n";
-        exit(1) unless $ignore_bogus;
-    }
-    if ( $debug && !$nbogus && !$bad ) {
-        print STDERR "test vector file set complete\n";
-    }
-}
-
-sub run_tests {
-    my ( $verify, $win32, $tprefix, $filter, $tvdir ) = @_;
-    my ( $tname, $tref );
-    my $bad = 0;
-    foreach (@fips_test_list) {
-        if ( !ref($_) ) {
-            print "Running $_ tests\n" unless $quiet;
-            next;
-        }
-        my ( $tname, $tcmd, $req, $rsp ) = @$_;
-        my $out = $rsp;
-        if ($verify) {
-            $out =~ s/\.rsp$/.tst/;
-        }
-        if ( $req eq "" ) {
-            print STDERR
-              "WARNING: Request file for $tname missing: test skipped\n";
-            $skipcnt++;
-            next;
-        }
-        if ( $verify && $rsp eq "" ) {
-            print STDERR
-              "WARNING: Response file for $tname missing: test skipped\n";
-            $skipcnt++;
-            next;
-        }
-        elsif ( !$verify ) {
-            if ( $rsp ne "" ) {
-                print STDERR "WARNING: Response file for $tname deleted\n";
-                unlink $rsp;
-            }
-            $out = $req;
-            $out =~ s|/req/(\S+)\.req|/$rspdir/$1.rsp|;
-            my $outdir = $out;
-            $outdir =~ s|/[^/]*$||;
-            if ( !-d $outdir ) {
-                print STDERR "DEBUG: Creating directory $outdir\n" if $debug;
-                mkdir($outdir) || die "Can't create directory $outdir";
-            }
-        }
-        my $cmd = "$cmd_prefix$tprefix$tcmd ";
-        if ( $tcmd =~ /-f$/ ) {
-            $cmd .= "$req $out";
-        }
-        else {
-            $cmd .= "<$req >$out";
-        }
-        print STDERR "DEBUG: running test $tname\n" if ( $debug && !$verify );
-        system($cmd);
-        if ( $? != 0 ) {
-            print STDERR
-              "WARNING: error executing test $tname for command: $cmd\n";
-            $runerr++;
-            next;
-        }
-        if ($verify) {
-            if ( exists $verify_special{$tname} ) {
-                my $vout = $rsp;
-                $vout =~ s/\.rsp$/.ver/;
-                $tcmd = $verify_special{$tname};
-                $cmd  = "$cmd_prefix$tprefix$tcmd ";
-                $cmd .= "<$out >$vout";
-                system($cmd);
-                if ( $? != 0 ) {
-                    print STDERR
-                      "WARNING: error executing verify test $tname $cmd\n";
-                    $scheckrunerr++;
-                    next;
-                }
-                my ( $fcount, $pcount ) = ( 0, 0 );
-                open VER, "$vout";
-                while (<VER>) {
-                    if (/^Result\s*=\s*(\S*)\s*$/i)
-
-                    {
-                        if ( $1 eq "F" ) {
-                            $fcount++;
-                        }
-                        else {
-                            $pcount++;
-                        }
-                    }
-                }
-                close VER;
-
-                unlink $vout;
-                if ( $fcount || $debug ) {
-                    print STDERR "DEBUG: $tname, Pass=$pcount, Fail=$fcount\n";
-                }
-                if ( $fcount || !$pcount ) {
-                    $scheckerr++;
-                }
-                else {
-                    $scheckok++;
-                }
-
-            }
-            elsif ( !cmp_file( $tname, $rsp, $out ) ) {
-                $cmperr++;
-            }
-            else {
-                $cmpok++;
-            }
-            unlink $out;
-        }
-    }
-}
-
-sub cmp_file {
-    my ( $tname, $rsp, $tst ) = @_;
-    my ( $rspf,    $tstf );
-    my ( $rspline, $tstline );
-    if ( !open( $rspf, $rsp ) ) {
-        print STDERR "ERROR: can't open request file $rsp\n";
-        return 0;
-    }
-    if ( !open( $tstf, $tst ) ) {
-        print STDERR "ERROR: can't open output file $tst\n";
-        return 0;
-    }
-    for ( ; ; ) {
-        $rspline = next_line($rspf);
-        $tstline = next_line($tstf);
-        if ( !defined($rspline) && !defined($tstline) ) {
-            print STDERR "DEBUG: $tname file comparison OK\n" if $debug;
-            return 1;
-        }
-        if ( !defined($rspline) ) {
-            print STDERR "ERROR: $tname EOF on $rspf\n";
-            return 0;
-        }
-        if ( !defined($tstline) ) {
-            print STDERR "ERROR: $tname EOF on $tstf\n";
-            return 0;
-        }
-
-        # Workaround for bug in RAND des2 test output */
-        if ( $tstline =~ /^Key2 =/ && $rspline =~ /^Key1 =/ ) {
-            $rspline =~ s/^Key1/Key2/;
-        }
-
-        if ( $tstline ne $rspline ) {
-            print STDERR "ERROR: $tname mismatch:\n";
-            print STDERR "\t $tstline != $rspline\n";
-            return 0;
-        }
-    }
-    return 1;
-}
-
-sub next_line {
-    my ($in) = @_;
-
-    while (<$in>) {
-        chomp;
-
-        # Delete comments
-        s/#.*$//;
-
-        # Ignore blank lines
-        next if (/^\s*$/);
-
-        # Translate multiple space into one
-        s/\s+/ /g;
-        return $_;
-    }
-    return undef;
-}
--- a/makevms.com
+++ b/makevms.com
@@ -307,12 +307,7 @@ $   WRITE H_FILE "#define THIRTY_TWO_BIT"
 $   WRITE H_FILE "#undef SIXTEEN_BIT"
 $   WRITE H_FILE "#undef EIGHT_BIT"
 $   WRITE H_FILE "#endif"
-$!
-$   WRITE H_FILE "#if defined(HEADER_SHA_H)"
-$   WRITE H_FILE "#undef OPENSSL_NO_SHA512"
-$   WRITE H_FILE "#define OPENSSL_NO_SHA512"
-$   WRITE H_FILE "#endif"
-$!
+$
 $   WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
 $   WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION"
 $!
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,7 +1,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 7
-%define librev n
+%define librev m
 Release: 1

 %define openssldir /var/ssl
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1169,6 +1169,7 @@ int SSL_set_cipher_list(SSL *s,const char *str)
 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 	{
 	char *p;
+	const char *cp;
 	STACK_OF(SSL_CIPHER) *sk;
 	SSL_CIPHER *c;
 	int i;
@@ -1181,21 +1182,20 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 	sk=s->session->ciphers;
 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
-		int n;
-
+		/* Decrement for either the ':' or a '\0' */
+		len--;
 		c=sk_SSL_CIPHER_value(sk,i);
-		n=strlen(c->name);
-		if (n+1 > len)
+		for (cp=c->name; *cp; )
 			{
-			if (p != buf)
-				--p;
-			*p='\0';
-			return buf;
+			if (len-- <= 0)
+				{
+				*p='\0';
+				return(buf);
+				}
+			else
+				*(p++)= *(cp++);
 			}
-		strcpy(p,c->name);
-		p+=n;
 		*(p++)=':';
-		len-=n+1;
 		}
 	p[-1]='\0';
 	return(buf);
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -322,35 +322,33 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)

 	/* Now ret is non-NULL, and we own one of its reference counts. */

-	if (ret->sid_ctx_length != s->sid_ctx_length
-	    || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
-		{
+	if((s->verify_mode&SSL_VERIFY_PEER)
+	   && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
+	       || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
+	    {
 		/* We've found the session named by the client, but we don't
 		 * want to use it in this context. */
-
-#if 0 /* The client cannot always know when a session is not appropriate,
-       * so we shouldn't generate an error message. */
-
-		SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-#endif
-		goto err; /* treat like cache miss */
-		}
-	
-	if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
-		{
-		/* We can't be sure if this session is being used out of
-		 * context, which is especially important for SSL_VERIFY_PEER.
-		 * The application should have used SSL[_CTX]_set_session_id_context.
-		 *
-		 * For this error case, we generate an error instead of treating
-		 * the event like a cache miss (otherwise it would be easy for
-		 * applications to effectively disable the session cache by
-		 * accident without anyone noticing).
-		 */
 		
-		SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-		fatal = 1;
-		goto err;
+		if (s->sid_ctx_length == 0)
+			{
+			/* application should have used SSL[_CTX]_set_session_id_context
+			 * -- we could tolerate this and just pretend we never heard
+			 * of this session, but then applications could effectively
+			 * disable the session cache by accident without anyone noticing */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+			fatal = 1;
+			goto err;
+			}
+		else
+			{
+#if 0 /* The client cannot always know when a session is not appropriate,
+	   * so we shouldn't generate an error message. */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+			goto err; /* treat like cache miss */
+			}
 		}

 	if (ret->cipher == NULL)
--- a/util/clean-depend.pl
+++ b/util/clean-depend.pl
@@ -37,10 +37,6 @@ foreach $file (sort keys %files) {
    $file=~s/^\.\///;
    push @{$files{$file}},$origfile;
    my $prevdep="";
-
-    # Remove leading ./ before sorting
-    my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}};
-
    foreach $dep (sort @{$files{$file}}) {
 	$dep=~s/^\.\///;
 	next if $prevdep eq $dep; # to exterminate duplicates...
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1330,7 +1330,6 @@ i2d_PBE2PARAM                           1401	EXIST::FUNCTION:
 PBE2PARAM_new                           1402	EXIST::FUNCTION:
 d2i_PBE2PARAM                           1403	EXIST::FUNCTION:
 PBE2PARAM_free                          1404	EXIST::FUNCTION:
-EVP_add_alg_module                      1405	EXIST::FUNCTION:
 d2i_ASN1_SET_OF_GENERAL_NAME            1421	NOEXIST::FUNCTION:
 i2d_ASN1_SET_OF_GENERAL_NAME            1422	NOEXIST::FUNCTION:
 d2i_ASN1_SET_OF_SXNETID                 1439	NOEXIST::FUNCTION:
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -266,7 +266,7 @@ foreach $lib (keys %csrc)
 	} else {
 	    push @out,
 "/* ====================================================================\n",
-" * Copyright (c) 2001-2007 The OpenSSL Project.  All rights reserved.\n",
+" * Copyright (c) 2001-2005 The OpenSSL Project.  All rights reserved.\n",
 " *\n",
 " * Redistribution and use in source and binary forms, with or without\n",
 " * modification, are permitted provided that the following conditions\n",
@@ -422,7 +422,7 @@ EOF
 	print OUT <<"EOF";
 /* $cfile */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -25,6 +25,8 @@ $zlib_lib="zlib1.lib";
 # C compiler stuff
 $cc='cl';
 $cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE';		# shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';	# shut up VC8
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';

@@ -38,8 +40,6 @@ if ($debug)
 	$lflags.=" /debug";
 	$mlflags.=' /debug';
 	}
-$cflags .= ' -D_CRT_SECURE_NO_DEPRECATE';	# shut up VC8
-$cflags .= ' -D_CRT_NONSTDC_NO_DEPRECATE';	# shut up VC8
 $cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;

 $obj='.obj';