Change scary wording.

Include extra libraries/flags.
Another stupid diff.
2003-10-22 11:28:25 +00:00 · 2003-10-22 11:05:19 +00:00 · 2003-10-08 13:12:50 +00:00 · 2003-10-08 10:18:02 +00:00 · 2003-10-07 10:55:36 +00:00 · 2003-10-05 22:22:15 +00:00
840 changed files with 262082 additions and 2919 deletions
--- a/.cvsignore
+++ b/.cvsignore
@@ -14,3 +14,4 @@ cctest.c
 cctest.a
 libcrypto.so.*
 libssl.so.*
+libcrypto.sha1
--- a/45
+++ b/45
@@ -2,50 +2,9 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
+ Changes between 0.9.7c and 0.9.7d  [xx XXX XXXX]

-  *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
-     [Joe Orton, Steve Henson]   
-
-  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
-     (CAN-2004-0112)
-     [Joe Orton, Steve Henson]   
-
-  *) Make it possible to have multiple active certificates with the same
-     subject in the CA index file.  This is done only if the keyword
-     'unique_subject' is set to 'no' in the main CA section (default
-     if 'CA_default') of the configuration file.  The value is saved
-     with the database itself in a separate index attribute file,
-     named like the index file with '.attr' appended to the name.
-     [Richard Levitte]
-
-  *) X509 verify fixes. Disable broken certificate workarounds when 
-     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
-     keyUsage extension present. Don't accept CRLs with unhandled critical
-     extensions: since verify currently doesn't process CRL extensions this
-     rejects a CRL with *any* critical extensions. Add new verify error codes
-     for these cases.
-     [Steve Henson]
-
-  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
-     A clarification of RFC2560 will require the use of OCTET STRINGs and 
-     some implementations cannot handle the current raw format. Since OpenSSL
-     copies and compares OCSP nonces as opaque blobs without any attempt at
-     parsing them this should not create any compatibility issues.
-     [Steve Henson]
-
-  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
-     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
-     this HMAC (and other) operations are several times slower than OpenSSL
-     < 0.9.7.
-     [Steve Henson]
-
-  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
-     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
-  *) Use the correct content when signing type "other".
-     [Steve Henson]
+  *)

 Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]

--- a/49
+++ b/49
@@ -10,7 +10,7 @@ use strict;

 # see INSTALL for instructions.

-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [fips] [debug] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";

 # Options:
 #
@@ -135,20 +135,21 @@ my %table=(
 # Our development configs
 "purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",

 # Basic configs that should work on any (32 and less bit) box
@@ -216,13 +217,13 @@ my %table=(
 "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-cc -o32' manually.
+# './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -260,7 +261,6 @@ my %table=(
 # 64bit PARISC for GCC without optimization, which seems to make problems.
 # Submitted by <ross.alexander@uk.neceur.com>
 "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # IA-64 targets
 "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -631,6 +631,8 @@ my $rmd160_obj="";
 my $processor="";
 my $default_ranlib;
 my $perl;
+my $fips=0;
+my $debug=0;

 my $no_ssl2=0;
 my $no_ssl3=0;
@@ -804,6 +806,15 @@ PROCESS_ARGS:
 			}
 		elsif (/^386$/)
 			{ $processor=386; }
+		elsif (/^fips$/)
+			{
+			$fips=1;
+			$openssl_other_defines.="#define OPENSSL_FIPS\n";
+		        }
+		elsif (/^debug$/)
+			{
+			$debug=1;
+			}
 		elsif (/^rsaref$/)
 			{
 			# No RSAref support any more since it's not needed.
@@ -1139,7 +1150,11 @@ if ($ranlib eq "")

 $bn_obj = $bn_asm unless $bn_obj ne "";

-$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
+if ($fips)
+	{
+	$des_obj=$sha1_obj="";
+	}
+$des_obj=$des_enc	unless (!$fips && $des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
 $cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
 $rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
@@ -1160,6 +1175,12 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}

+if ($debug)
+	{
+	$cflags.=" -g";
+	$cflags=~s/-fomit-frame-pointer//;
+	}
+
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
 $cflags =~ s/([\\\"])/\\\1/g;
--- a/7
+++ b/7
@@ -68,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7d was released on March 17, 2004.
+OpenSSL 0.9.7c was released on September 30, 2003.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -116,14 +116,11 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from

 * Where can I get a compiled version of OpenSSL?

-You can finder pointers to binary distributions in
-http://www.openssl.org/related/binaries.html .
-
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
 yourself; the application will include the required parts (e.g. DLLs).

-If you want to build OpenSSL on a Windows system and you don't have
+If you want to install OpenSSL on a Windows system and you don't have
 a C compiler, read the "Mingw32" section of INSTALL.W32 for information
 on how to obtain and install the free GNU C compiler.

--- a/2
+++ b/2
@@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/MacOS/GetHTTPS.src/CPStringUtils.cpp
+++ b/MacOS/GetHTTPS.src/CPStringUtils.cpp
@@ -2750,4 +2750,4 @@ void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL)
 			}
 		}
 	}
-}
+}
--- a/MacOS/GetHTTPS.src/ErrorHandling.cpp
+++ b/MacOS/GetHTTPS.src/ErrorHandling.cpp
@@ -167,4 +167,4 @@ void ThrowErrorMessageException(void)
 	ThrowDescriptiveException(gErrorMessage);
 }

-#endif
+#endif
--- a/Makefile.org
+++ b/Makefile.org
@@ -173,17 +173,19 @@ LIBKRB5=
 # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
 SHLIB_MARK=

-DIRS=   crypto ssl $(SHLIB_MARK) apps test tools
-SHLIBDIRS= crypto ssl
+DIRS=   crypto fips ssl $(SHLIB_MARK) sigs apps test tools
+SHLIBDIRS= fips crypto ssl

 # dirs in crypto to build
-SDIRS=  \
+SDIRS=  objects \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn ec rsa dsa dh dso engine aes \
-	buffer bio stack lhash rand err objects \
+	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

+FDIRS=	sha1 rand des aes dsa rsa
+
 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
 TESTS = alltests
@@ -202,6 +204,7 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
+SIGS=	libcrypto.sha1
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
@@ -221,12 +224,29 @@ HEADER=         e_os.h

 all: Makefile.ssl sub_all openssl.pc

+sigs:	$(SIGS)
+libcrypto.sha1: libcrypto.a
+	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.sha1; \
+	fi
+
 sub_all:
 	@for i in $(DIRS); \
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+	else \
+		$(MAKE) $$i; \
+	fi; \
+	done;
+
+sub_target:
+	@for i in $(DIRS); \
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making $(TARGET) in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -456,12 +476,10 @@ do_irix-shared:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( WHOLELIB="-all lib$$i.a -notall"; \
-		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
+		( set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			$${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \
+			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
 		libs="-l$$i $$libs"; \
 		done; \
 	fi
@@ -483,7 +501,7 @@ do_hpux-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- 		+vnocompatwarnings \
+		+vnocompatwarnings \
 		-b -z +s \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -506,7 +524,7 @@ do_hpux64-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- 		-b -z \
+		-b -z \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a -ldl -lc ) || exit 1; \
@@ -833,6 +851,14 @@ install: all install_docs
 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
 		fi; \
 	fi
+	@for i in $(SIGS) ;\
+	do \
+		if [ -f "$$i" ]; then \
+		(       echo installing $$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+		fi; \
+	done;
 	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc

--- a/8
+++ b/8
@@ -5,14 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
-
-      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
-      o Security: Fix null-pointer assignment in do_change_cipher_spec()
-      o Allow multiple active certificates with same subject in CA index
-      o Multiple X590 verification fixes
-      o Speed up HMAC and other operations
-
  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:

      o Security: fix various ASN1 parsing bugs.
--- a/4
+++ b/4
@@ -1,7 +1,7 @@

- OpenSSL 0.9.7d 17 Mar 2004
+ OpenSSL 0.9.7c 30 Sep 2003

- Copyright (c) 1998-2004 The OpenSSL Project
+ Copyright (c) 1998-2003 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

--- a/5
+++ b/5
@@ -1,17 +1,14 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2004/03/17 12:01:16 $
+  ______________                           $Date: 2003/10/02 10:55:20 $

  DEVELOPMENT STATE

    o  OpenSSL 0.9.8:  Under development...
-    o  OpenSSL 0.9.7d: Released on March     17th, 2004
    o  OpenSSL 0.9.7c: Released on September 30th, 2003
    o  OpenSSL 0.9.7b: Released on April     10th, 2003
    o  OpenSSL 0.9.7a: Released on February  19th, 2003
    o  OpenSSL 0.9.7:  Released on December  31st, 2002
-    o  OpenSSL 0.9.6m: Released on March     17th, 2004
-    o  OpenSSL 0.9.6l: Released on November   4th, 2003
    o  OpenSSL 0.9.6k: Released on September 30th, 2003
    o  OpenSSL 0.9.6j: Released on April     10th, 2003
    o  OpenSSL 0.9.6i: Released on February  19th, 2003
--- a/87
+++ b/87
@@ -1502,7 +1502,7 @@ $arflags      =

 *** debug-ben
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1527,7 +1527,7 @@ $arflags      =

 *** debug-ben-debug
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -Wall -Wshadow -Werror -pipe
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@@ -1550,6 +1550,31 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

+*** debug-ben-fips-debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** debug-ben-openbsd
 $cc           = gcc
 $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe
@@ -1652,7 +1677,7 @@ $arflags      =

 *** debug-levitte-linux-elf
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1677,7 +1702,7 @@ $arflags      =

 *** debug-levitte-linux-elf-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1702,7 +1727,7 @@ $arflags      =

 *** debug-levitte-linux-noasm
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1727,7 +1752,7 @@ $arflags      =

 *** debug-levitte-linux-noasm-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -2650,31 +2675,6 @@ $shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

-*** hpux64-parisc2-gcc
-$cc           = gcc
-$cflags       = -O3 -DB_ENDIAN -DMD32_XARRAY
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
-$bn_obj       = asm/pa-risc2W.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= hpux64-shared
-$shared_cflag = -fpic
-$shared_ldflag = 
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** hurd-x86
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
@@ -4375,6 +4375,31 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

+*** vxworks-ppc860
+$cc           = ccppc
+$cflags       = -g -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
+$unistd       = 
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** vxworks-ppc860
 $cc           = ccppc
 $cflags       = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -121,7 +121,7 @@ tags:
 tests:

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile

 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -126,16 +126,6 @@
 #include <openssl/engine.h>
 #endif

-#ifdef OPENSSL_SYS_WINDOWS
-#define strcasecmp _stricmp
-#else
-#  ifdef NO_STRINGS_H
-    int	strcasecmp();
-#  else
-#    include <strings.h>
-#  endif /* NO_STRINGS_H */
-#endif
-
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
@@ -378,22 +368,6 @@ int WIN32_rename(char *from, char *to)
 	}
 #endif

-#ifdef OPENSSL_SYS_VMS
-int VMS_strcasecmp(const char *str1, const char *str2)
-	{
-	while (*str1 && *str2)
-		{
-		int res = toupper(*str1) - toupper(*str2);
-		if (res) return res < 0 ? -1 : 1;
-		}
-	if (*str1)
-		return 1;
-	if (*str2)
-		return -1;
-	return 0;
-	}
-#endif
-
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -501,7 +475,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
+			if (password[0] != '\0')
 				{
 				UI_set_result(ui, uis, password);
 				return 1;
@@ -525,7 +499,7 @@ static int ui_write(UI *ui, UI_STRING *uis)
 			{
 			const char *password =
 				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
+			if (password[0] != '\0')
 				return 1;
 			}
 		default:
@@ -1411,565 +1385,14 @@ int load_config(BIO *err, CONF *cnf)
 char *make_config_name()
 	{
 	const char *t=X509_get_default_cert_area();
-	size_t len;
 	char *p;

-	len=strlen(t)+strlen(OPENSSL_CONF)+2;
-	p=OPENSSL_malloc(len);
-	BUF_strlcpy(p,t,len);
+	p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+	strcpy(p,t);
 #ifndef OPENSSL_SYS_VMS
-	BUF_strlcat(p,"/",len);
+	strcat(p,"/");
 #endif
-	BUF_strlcat(p,OPENSSL_CONF,len);
+	strcat(p,OPENSSL_CONF);

 	return p;
 	}
-
-static unsigned long index_serial_hash(const char **a)
-	{
-	const char *n;
-
-	n=a[DB_serial];
-	while (*n == '0') n++;
-	return(lh_strhash(n));
-	}
-
-static int index_serial_cmp(const char **a, const char **b)
-	{
-	const char *aa,*bb;
-
-	for (aa=a[DB_serial]; *aa == '0'; aa++);
-	for (bb=b[DB_serial]; *bb == '0'; bb++);
-	return(strcmp(aa,bb));
-	}
-
-static int index_name_qual(char **a)
-	{ return(a[0][0] == 'V'); }
-
-static unsigned long index_name_hash(const char **a)
-	{ return(lh_strhash(a[DB_name])); }
-
-int index_name_cmp(const char **a, const char **b)
-	{ return(strcmp(a[DB_name],
-	     b[DB_name])); }
-
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
-
-#undef BSIZE
-#define BSIZE 256
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
-	{
-	BIO *in=NULL;
-	BIGNUM *ret=NULL;
-	MS_STATIC char buf[1024];
-	ASN1_INTEGER *ai=NULL;
-
-	ai=ASN1_INTEGER_new();
-	if (ai == NULL) goto err;
-
-	if ((in=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	if (BIO_read_filename(in,serialfile) <= 0)
-		{
-		if (!create)
-			{
-			perror(serialfile);
-			goto err;
-			}
-		else
-			{
-			ASN1_INTEGER_set(ai,1);
-			ret=BN_new();
-			if (ret == NULL)
-				BIO_printf(bio_err, "Out of memory\n");
-			else
-				BN_one(ret);
-			}
-		}
-	else
-		{
-		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
-			{
-			BIO_printf(bio_err,"unable to load number from %s\n",
-				serialfile);
-			goto err;
-			}
-		ret=ASN1_INTEGER_to_BN(ai,NULL);
-		if (ret == NULL)
-			{
-			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
-			goto err;
-			}
-		}
-
-	if (ret && retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
- err:
-	if (in != NULL) BIO_free(in);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
-	{
-	char buf[1][BSIZE];
-	BIO *out = NULL;
-	int ret=0;
-	ASN1_INTEGER *ai=NULL;
-	int j;
-
-	if (suffix == NULL)
-		j = strlen(serialfile);
-	else
-		j = strlen(serialfile) + strlen(suffix) + 1;
-	if (j >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-	if (suffix == NULL)
-		BUF_strlcpy(buf[0], serialfile, BSIZE);
-	else
-		{
-#ifndef OPENSSL_SYS_VMS
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
-#else
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
-#endif
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(serialfile);
-		goto err;
-		}
-
-	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
-		goto err;
-		}
-	i2a_ASN1_INTEGER(out,ai);
-	BIO_puts(out,"\n");
-	ret=1;
-	if (retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
-err:
-	if (out != NULL) BIO_free_all(out);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-	struct stat sb;
-
-	i = strlen(serialfile) + strlen(old_suffix);
-	j = strlen(serialfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 1 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		serialfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		serialfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		serialfile, old_suffix);
-#endif
-	if (stat(serialfile,&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			serialfile, buf[1]);
-#endif
-		if (rename(serialfile,buf[1]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				serialfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],serialfile);
-#endif
-	if (rename(buf[0],serialfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],serialfile);
-		perror("reason");
-		rename(buf[1],serialfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
-	{
-	CA_DB *retdb = NULL;
-	TXT_DB *tmpdb = NULL;
-	BIO *in = BIO_new(BIO_s_file());
-	CONF *dbattr_conf = NULL;
-	char buf[1][BSIZE];
-	long errorline= -1;
-
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_read_filename(in,dbfile) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
-		goto err;
-		}
-	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
-		{
-		if (tmpdb != NULL) TXT_DB_free(tmpdb);
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
-#else
-	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
-	dbattr_conf = NCONF_new(NULL);
-	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
-		{
-		if (errorline > 0)
-			{
-			BIO_printf(bio_err,
-				"error on line %ld of db attribute file '%s'\n"
-				,errorline,buf[0]);
-			goto err;
-			}
-		else
-			{
-			NCONF_free(dbattr_conf);
-			dbattr_conf = NULL;
-			}
-		}
-
-	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
-		{
-		fprintf(stderr, "Out of memory\n");
-		goto err;
-		}
-
-	retdb->db = tmpdb;
-	tmpdb = NULL;
-	if (db_attr)
-		retdb->attributes = *db_attr;
-	else
-		{
-		retdb->attributes.unique_subject = 1;
-		}
-
-	if (dbattr_conf)
-		{
-		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
-		if (p)
-			{
-			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-			switch(*p)
-				{
-			case 'f': /* false */
-			case 'F': /* FALSE */
-			case 'n': /* no */
-			case 'N': /* NO */
-				retdb->attributes.unique_subject = 0;
-				break;
-			case 't': /* true */
-			case 'T': /* TRUE */
-			case 'y': /* yes */
-			case 'Y': /* YES */
-			default:
-				retdb->attributes.unique_subject = 1;
-				break;
-				}
-			}
-		}
-
- err:
-	if (dbattr_conf) NCONF_free(dbattr_conf);
-	if (tmpdb) TXT_DB_free(tmpdb);
-	if (in) BIO_free_all(in);
-	return retdb;
-	}
-
-int index_index(CA_DB *db)
-	{
-	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
-				LHASH_HASH_FN(index_serial_hash),
-				LHASH_COMP_FN(index_serial_cmp)))
-		{
-		BIO_printf(bio_err,
-		  "error creating serial number index:(%ld,%ld,%ld)\n",
-		  			db->db->error,db->db->arg1,db->db->arg2);
-			return 0;
-		}
-
-	if (db->attributes.unique_subject
-		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
-			LHASH_HASH_FN(index_name_hash),
-			LHASH_COMP_FN(index_name_cmp)))
-		{
-		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
-			db->db->error,db->db->arg1,db->db->arg2);
-		return 0;
-		}
-	return 1;
-	}
-
-int save_index(char *dbfile, char *suffix, CA_DB *db)
-	{
-	char buf[3][BSIZE];
-	BIO *out = BIO_new(BIO_s_file());
-	int j;
-
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	j = strlen(dbfile) + strlen(suffix);
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
-		goto err;
-		}
-	j=TXT_DB_write(out,db->db);
-	if (j <= 0) goto err;
-			
-	BIO_free(out);
-
-	out = BIO_new(BIO_s_file());
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
-	if (BIO_write_filename(out,buf[1]) <= 0)
-		{
-		perror(buf[2]);
-		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
-		goto err;
-		}
-	BIO_printf(out,"unique_subject = %s\n",
-		db->attributes.unique_subject ? "yes" : "no");
-	BIO_free(out);
-
-	return 1;
- err:
-	return 0;
-	}
-
-int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-	struct stat sb;
-
-	i = strlen(dbfile) + strlen(old_suffix);
-	j = strlen(dbfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
-		dbfile, old_suffix);
-#endif
-	if (stat(dbfile,&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			dbfile, buf[1]);
-#endif
-		if (rename(dbfile,buf[1]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				dbfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],dbfile);
-#endif
-	if (rename(buf[0],dbfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],dbfile);
-		perror("reason");
-		rename(buf[1],dbfile);
-		goto err;
-		}
-	if (stat(buf[4],&sb) < 0)
-		{
-		if (errno != ENOENT 
-#ifdef ENOTDIR
-			&& errno != ENOTDIR)
-#endif
-			goto err;
-		}
-	else
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-			buf[4],buf[3]);
-#endif
-		if (rename(buf[4],buf[3]) < 0)
-			{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				buf[4], buf[3]);
-			perror("reason");
-			rename(dbfile,buf[0]);
-			rename(buf[1],dbfile);
-			goto err;
-			}
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[2],buf[4]);
-#endif
-	if (rename(buf[2],buf[4]) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[2],buf[4]);
-		perror("reason");
-		rename(buf[3],buf[4]);
-		rename(dbfile,buf[0]);
-		rename(buf[1],dbfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-void free_index(CA_DB *db)
-	{
-	TXT_DB_free(db->db);
-	OPENSSL_free(db);
-	}
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -141,12 +141,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
 int WIN32_rename(char *oldname,char *newname);
 #endif

-/* VMS below version 7.0 doesn't have strcasecmp() */
-#ifdef OPENSSL_SYS_VMS
-#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2))
-int VMS_strcasecmp(const char *str1, const char *str2);
-#endif
-
 #ifndef MONOLITH

 #define MAIN(a,v)	main(a,v)
@@ -287,38 +281,7 @@ char *make_config_name(void);
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 			ASN1_GENERALIZEDTIME **pinvtm, char *str);
-
-#define DB_type         0
-#define DB_exp_date     1
-#define DB_rev_date     2
-#define DB_serial       3       /* index - unique */
-#define DB_file         4       
-#define DB_name         5       /* index - unique when active and not disabled */
-#define DB_NUMBER       6
-
-#define DB_TYPE_REV	'R'
-#define DB_TYPE_EXP	'E'
-#define DB_TYPE_VAL	'V'
-
-typedef struct db_attr_st
-	{
-	int unique_subject;
-	} DB_ATTR;
-typedef struct ca_db_st
-	{
-	DB_ATTR attributes;
-	TXT_DB *db;
-	} CA_DB;
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
-int index_index(CA_DB *db);
-int save_index(char *dbfile, char *suffix, CA_DB *db);
-int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
-void free_index(CA_DB *db);
-int index_name_cmp(const char **a, const char **b);
+int make_serial_index(TXT_DB *db);

 X509_NAME *do_subject(char *str, long chtype);

--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -304,15 +304,7 @@ bad:
 		num=tmplen;
 		}

-	if (offset >= num)
-		{
-		BIO_printf(bio_err, "Error: offset too large\n");
-		goto end;
-		}
-
-	num -= offset;
-
-	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
+	if (length == 0) length=(unsigned int)num;
 	if(derout) {
 		if(BIO_write(derout, str + offset, length) != (int)length) {
 			BIO_printf(bio_err, "Error writing output\n");
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -76,16 +76,6 @@
 #include <openssl/ocsp.h>
 #include <openssl/pem.h>

-#ifdef OPENSSL_SYS_WINDOWS
-#define strcasecmp _stricmp
-#else
-#  ifdef NO_STRINGS_H
-    int	strcasecmp();
-#  else
-#    include <strings.h>
-#  endif /* NO_STRINGS_H */
-#endif
-
 #ifndef W_OK
 #  ifdef OPENSSL_SYS_VMS
 #    if defined(__DECC)
@@ -122,7 +112,6 @@
 #define ENV_NEW_CERTS_DIR	"new_certs_dir"
 #define ENV_CERTIFICATE 	"certificate"
 #define ENV_SERIAL		"serial"
-#define ENV_CRLNUMBER		"crlnumber"
 #define ENV_CRL			"crl"
 #define ENV_PRIVATE_KEY		"private_key"
 #define ENV_RANDFILE		"RANDFILE"
@@ -144,6 +133,18 @@

 #define ENV_DATABASE		"database"

+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
 /* Additional revocation information types */

 #define REV_NONE		0	/* No addditional information */
@@ -200,36 +201,43 @@ extern int EF_ALIGNMENT;
 #endif

 static void lookup_fail(char *name,char *tag);
+static unsigned long index_serial_hash(const char **a);
+static int index_serial_cmp(const char **a, const char **b);
+static unsigned long index_name_hash(const char **a);
+static int index_name_qual(char **a);
+static int index_name_cmp(const char **a,const char **b);
+static BIGNUM *load_serial(char *serialfile);
+static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
+		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
 		   BIGNUM *serial, char *subj, int email_dn, char *startdate,
 		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
 		   int verbose, unsigned long certopt, unsigned long nameopt,
 		   int default_op, int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
+			TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
 			char *startdate, char *enddate, long days, int batch,
 			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
 			unsigned long nameopt, int default_op, int ext_copy,
 			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
 			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
-			 CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
+			 TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
 			 char *startdate, char *enddate, long days, char *ext_sect,
 			 CONF *conf, int verbose, unsigned long certopt, 
 			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
 	int email_dn, char *startdate, char *enddate, long days, int batch,
       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
 	unsigned long certopt, unsigned long nameopt, int default_op,
 	int ext_copy);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
+static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, TXT_DB *db);
+static int do_updatedb(TXT_DB *db);
 static int check_time_format(char *str);
 char *make_revocation_str(int rev_type, char *rev_arg);
 int make_revoked(X509_REVOKED *rev, char *str);
@@ -241,6 +249,11 @@ static char *section=NULL;
 static int preserve=0;
 static int msie_hack=0;

+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+

 int MAIN(int, char **);

@@ -277,7 +290,6 @@ int MAIN(int argc, char **argv)
 	char *outfile=NULL;
 	char *outdir=NULL;
 	char *serialfile=NULL;
-	char *crlnumberfile=NULL;
 	char *extensions=NULL;
 	char *extfile=NULL;
 	char *subj=NULL;
@@ -286,7 +298,6 @@ int MAIN(int argc, char **argv)
 	int rev_type = REV_NONE;
 	char *rev_arg = NULL;
 	BIGNUM *serial=NULL;
-	BIGNUM *crlnumber=NULL;
 	char *startdate=NULL;
 	char *enddate=NULL;
 	long days=0;
@@ -299,13 +310,14 @@ int MAIN(int argc, char **argv)
 	X509 *x=NULL;
 	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
 	char *dbfile=NULL;
-	CA_DB *db=NULL;
+	TXT_DB *db=NULL;
 	X509_CRL *crl=NULL;
 	X509_REVOKED *r=NULL;
 	ASN1_TIME *tmptm;
 	ASN1_INTEGER *tmpser;
 	char **pp,*p,*f;
 	int i,j;
+	long l;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
 	STACK_OF(X509) *cert_sk=NULL;
@@ -317,7 +329,6 @@ int MAIN(int argc, char **argv)
 	char *engine = NULL;
 #endif
 	char *tofree=NULL;
-	DB_ATTR db_attr;

 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -558,19 +569,16 @@ bad:
 	if (configfile == NULL)
 		{
 		const char *s=X509_get_default_cert_area();
-		size_t len;

 #ifdef OPENSSL_SYS_VMS
-		len = strlen(s)+sizeof(CONFIG_FILE);
-		tofree=OPENSSL_malloc(len);
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
 		strcpy(tofree,s);
 #else
-		len = strlen(s)+sizeof(CONFIG_FILE)+1;
-		tofree=OPENSSL_malloc(len);
-		BUF_strlcpy(tofree,s,len);
-		BUF_strlcat(tofree,"/",len);
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+		strcpy(tofree,s);
+		strcat(tofree,"/");
 #endif
-		BUF_strlcat(tofree,CONFIG_FILE,len);
+		strcat(tofree,CONFIG_FILE);
 		configfile=tofree;
 		}

@@ -641,39 +649,6 @@ bad:
 	if (randfile == NULL)
 		ERR_clear_error();
 	app_RAND_load_file(randfile, bio_err, 0);
-
-	db_attr.unique_subject = 1;
-	p = NCONF_get_string(conf, section, "unique_subject");
-	if (p)
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
-#endif
-		switch(*p)
-			{
-		case 'f': /* false */
-		case 'F': /* FALSE */
-		case 'n': /* no */
-		case 'N': /* NO */
-			db_attr.unique_subject = 0;
-			break;
-		case 't': /* true */
-		case 'T': /* TRUE */
-		case 'y': /* yes */
-		case 'Y': /* YES */
-		default:
-			db_attr.unique_subject = 1;
-			break;
-			}
-		}
-#ifdef RL_DEBUG
-	else
-		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
-		db_attr.unique_subject);
-#endif
 	
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
@@ -694,10 +669,17 @@ bad:
 			lookup_fail(section,ENV_DATABASE);
 			goto err;
 			}
-		db = load_index(dbfile,&db_attr);
+		if (BIO_read_filename(in,dbfile) <= 0)
+			{
+			perror(dbfile);
+			BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+			goto err;
+			}
+		db=TXT_DB_read(in,DB_NUMBER);
 		if (db == NULL) goto err;

-		if (!index_index(db)) goto err;
+		if (!make_serial_index(db))
+			goto err;

 		if (get_certificate_status(ser_status,db) != 1)
 			BIO_printf(bio_err,"Error verifying serial %s!\n",
@@ -857,13 +839,19 @@ bad:
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
 		}
-	db = load_index(dbfile, &db_attr);
+	if (BIO_read_filename(in,dbfile) <= 0)
+		{
+		perror(dbfile);
+		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+		goto err;
+		}
+	db=TXT_DB_read(in,DB_NUMBER);
 	if (db == NULL) goto err;

 	/* Lets check some fields */
-	for (i=0; i<sk_num(db->db->data); i++)
+	for (i=0; i<sk_num(db->data); i++)
 		{
-		pp=(char **)sk_value(db->db->data,i);
+		pp=(char **)sk_value(db->data,i);
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
@@ -914,13 +902,23 @@ bad:
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-		TXT_DB_write(out,db->db);
+		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
-			db->db->data->num);
+			db->data->num);
 		BIO_printf(bio_err,"generating index\n");
 		}
 	
-	if (!index_index(db)) goto err;
+	if (!make_serial_index(db))
+		goto err;
+
+	if (!TXT_DB_create_index(db, DB_name, index_name_qual,
+			LHASH_HASH_FN(index_name_hash),
+			LHASH_COMP_FN(index_name_cmp)))
+		{
+		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
+			db->error,db->arg1,db->arg2);
+		goto err;
+		}

 	/*****************************************************************/
 	/* Update the db file for expired certificates */
@@ -943,9 +941,62 @@ bad:
 			}
 	    	else
 			{
-			if (!save_index(dbfile,"new",db)) goto err;
-				
-			if (!rotate_index(dbfile,"new","old")) goto err;
+			out = BIO_new(BIO_s_file());
+			if (out == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
+#else
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[0])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (BIO_write_filename(out,buf[0]) <= 0)
+		  		{
+		    		perror(dbfile);
+		    		BIO_printf(bio_err,"unable to open '%s'\n",
+									dbfile);
+		    		goto err;
+		  		}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			
+			BIO_free(out);
+			out = NULL;
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
+#else
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[1])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (rename(dbfile,buf[1]) < 0)
+		  		{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						dbfile, buf[1]);
+		    		perror("reason");
+		    		goto err;
+		  		}
+			if (rename(buf[0],dbfile) < 0)
+				{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						buf[0],dbfile);
+		    		perror("reason");
+		    		rename(buf[1],dbfile);
+		    		goto err;
+		  		}
 				
 			if (verbose) BIO_printf(bio_err,
 				"Done. %d entries marked as expired\n",i); 
@@ -1106,7 +1157,7 @@ bad:
 			goto err;
 			}

-		if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
+		if ((serial=load_serial(serialfile)) == NULL)
 			{
 			BIO_printf(bio_err,"error while loading serial number\n");
 			goto err;
@@ -1240,9 +1291,38 @@ bad:

 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));

-			if (!save_serial(serialfile,"new",serial,NULL)) goto err;
+			if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"file name too long\n");
+				goto err;
+				}

-			if (!save_index(dbfile, "new", db)) goto err;
+			strcpy(buf[0],serialfile);
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[0],"-new");
+#else
+			strcat(buf[0],".new");
+#endif
+
+			if (!save_serial(buf[0],serial)) goto err;
+
+			strcpy(buf[1],dbfile);
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[1],"-new");
+#else
+			strcat(buf[1],".new");
+#endif
+
+			if (BIO_write_filename(out,buf[1]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			l=TXT_DB_write(out,db);
+			if (l <= 0) goto err;
 			}
 	
 		if (verbose)
@@ -1250,7 +1330,7 @@ bad:
 		for (i=0; i<sk_X509_num(cert_sk); i++)
 			{
 			int k;
-			char *n;
+			unsigned char *n;

 			x=sk_X509_value(cert_sk,i);

@@ -1266,19 +1346,15 @@ bad:
 			strcpy(buf[2],outdir);

 #ifndef OPENSSL_SYS_VMS
-			BUF_strlcat(buf[2],"/",sizeof(buf[2]));
+			strcat(buf[2],"/");
 #endif

-			n=(char *)&(buf[2][strlen(buf[2])]);
+			n=(unsigned char *)&(buf[2][strlen(buf[2])]);
 			if (j > 0)
 				{
 				for (k=0; k<j; k++)
 					{
-					if (n >= &(buf[2][sizeof(buf[2])]))
-						break;
-					BIO_snprintf(n,
-						     &buf[2][0] + sizeof(buf[2]) - n,
-						     "%02X",(unsigned char)*(p++));
+					sprintf((char *)n,"%02X",(unsigned char)*(p++));
 					n+=2;
 					}
 				}
@@ -1304,10 +1380,59 @@ bad:
 		if (sk_X509_num(cert_sk))
 			{
 			/* Rename the database and the serial file */
-			if (!rotate_serial(serialfile,"new","old")) goto err;
+			strncpy(buf[2],serialfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';

-			if (!rotate_index(dbfile,"new","old")) goto err;
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
+			strcat(buf[2],".old");
+#endif

+			BIO_free(in);
+			BIO_free_all(out);
+			in=NULL;
+			out=NULL;
+			if (rename(serialfile,buf[2]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					serialfile,buf[2]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],serialfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					buf[0],serialfile);
+				perror("reason");
+				rename(buf[2],serialfile);
+				goto err;
+				}
+
+			strncpy(buf[2],dbfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
+			strcat(buf[2],".old");
+#endif
+
+			if (rename(dbfile,buf[2]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					dbfile,buf[2]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[1],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
+					buf[1],dbfile);
+				perror("reason");
+				rename(buf[2],dbfile);
+				goto err;
+				}
 			BIO_printf(bio_err,"Data Base Updated\n");
 			}
 		}
@@ -1338,14 +1463,6 @@ bad:
 				}
 			}

-		if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
-			!= NULL)
-			if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
-				{
-				BIO_printf(bio_err,"error while loading CRL number\n");
-				goto err;
-				}
-
 		if (!crldays && !crlhours)
 			{
 			if (!NCONF_get_number(conf,section,
@@ -1374,9 +1491,9 @@ bad:

 		ASN1_TIME_free(tmptm);

-		for (i=0; i<sk_num(db->db->data); i++)
+		for (i=0; i<sk_num(db->data); i++)
 			{
-			pp=(char **)sk_value(db->db->data,i);
+			pp=(char **)sk_value(db->data,i);
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -1422,24 +1539,14 @@ bad:

 		/* Add any extensions asked for */

-		if (crl_ext || crlnumberfile != NULL)
+		if (crl_ext)
 			{
 			X509V3_CTX crlctx;
 			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
 			X509V3_set_nconf(&crlctx, conf);

-			if (crl_ext)
-				if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
-					crl_ext, crl)) goto err;
-			if (crlnumberfile != NULL)
-				{
-				tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
-				if (!tmpser) goto err;
-				X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
-				ASN1_INTEGER_free(tmpser);
-				crl_v2 = 1;
-				if (!BN_add_word(crlnumber,1)) goto err;
-				}
+			if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+				crl_ext, crl)) goto err;
 			}
 		if (crl_ext || crl_v2)
 			{
@@ -1447,17 +1554,9 @@ bad:
 				goto err; /* version 2 CRL */
 			}

-		
-		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */
-			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
-
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;

 		PEM_write_bio_X509_CRL(Sout,crl);
-
-		if (crlnumberfile != NULL)	/* Rename the crlnumber file */
-			if (!rotate_serial(crlnumberfile,"new","old")) goto err;
-
 		}
 	/*****************************************************************/
 	if (dorevoke)
@@ -1478,10 +1577,50 @@ bad:
 			if (j <= 0) goto err;
 			X509_free(revcert);

-			if (!save_index(dbfile, "new", db)) goto err;
-
-			if (!rotate_index(dbfile, "new", "old")) goto err;
+			if(strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"filename too long\n");
+				goto err;
+				}

+			strcpy(buf[0],dbfile);
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[0],".new");
+#else
+			strcat(buf[0],"-new");
+#endif
+			if (BIO_write_filename(out,buf[0]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
+			strncpy(buf[1],dbfile,BSIZE-4);
+			buf[1][BSIZE-4]='\0';
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[1],".old");
+#else
+			strcat(buf[1],"-old");
+#endif
+			if (rename(dbfile,buf[1]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+				perror("reason");
+				rename(buf[1],dbfile);
+				goto err;
+				}
 			BIO_printf(bio_err,"Data Base Updated\n"); 
 			}
 		}
@@ -1503,7 +1642,7 @@ err:
 	if (free_key && key)
 		OPENSSL_free(key);
 	BN_free(serial);
-	free_index(db);
+	TXT_DB_free(db);
 	EVP_PKEY_free(pkey);
 	X509_free(x509);
 	X509_CRL_free(crl);
@@ -1518,8 +1657,106 @@ static void lookup_fail(char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}

+static unsigned long index_serial_hash(const char **a)
+	{
+	const char *n;
+
+	n=a[DB_serial];
+	while (*n == '0') n++;
+	return(lh_strhash(n));
+	}
+
+static int index_serial_cmp(const char **a, const char **b)
+	{
+	const char *aa,*bb;
+
+	for (aa=a[DB_serial]; *aa == '0'; aa++);
+	for (bb=b[DB_serial]; *bb == '0'; bb++);
+	return(strcmp(aa,bb));
+	}
+
+static unsigned long index_name_hash(const char **a)
+	{ return(lh_strhash(a[DB_name])); }
+
+static int index_name_qual(char **a)
+	{ return(a[0][0] == 'V'); }
+
+static int index_name_cmp(const char **a, const char **b)
+	{ return(strcmp(a[DB_name],
+	     b[DB_name])); }
+
+static BIGNUM *load_serial(char *serialfile)
+	{
+	BIO *in=NULL;
+	BIGNUM *ret=NULL;
+	MS_STATIC char buf[1024];
+	ASN1_INTEGER *ai=NULL;
+
+	if ((in=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+
+	if (BIO_read_filename(in,serialfile) <= 0)
+		{
+		perror(serialfile);
+		goto err;
+		}
+	ai=ASN1_INTEGER_new();
+	if (ai == NULL) goto err;
+	if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
+		{
+		BIO_printf(bio_err,"unable to load number from %s\n",
+			serialfile);
+		goto err;
+		}
+	ret=ASN1_INTEGER_to_BN(ai,NULL);
+	if (ret == NULL)
+		{
+		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+		goto err;
+		}
+err:
+	if (in != NULL) BIO_free(in);
+	if (ai != NULL) ASN1_INTEGER_free(ai);
+	return(ret);
+	}
+
+static int save_serial(char *serialfile, BIGNUM *serial)
+	{
+	BIO *out;
+	int ret=0;
+	ASN1_INTEGER *ai=NULL;
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+	if (BIO_write_filename(out,serialfile) <= 0)
+		{
+		perror(serialfile);
+		goto err;
+		}
+
+	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
+		{
+		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
+		goto err;
+		}
+	i2a_ASN1_INTEGER(out,ai);
+	BIO_puts(out,"\n");
+	ret=1;
+err:
+	if (out != NULL) BIO_free_all(out);
+	if (ai != NULL) ASN1_INTEGER_free(ai);
+	return(ret);
+	}
+
 static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1581,7 +1818,7 @@ err:
 	}

 static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1635,7 +1872,7 @@ err:
 	}

 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	     STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
 	     int email_dn, char *startdate, char *enddate, long days, int batch,
 	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
 	     unsigned long certopt, unsigned long nameopt, int default_op,
@@ -1653,7 +1890,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	int ok= -1,i,j,last,nid;
 	char *p;
 	CONF_VALUE *cv;
-	char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
+	char *row[DB_NUMBER],**rrow,**irow=NULL;
 	char buf[25];

 	tmptm=ASN1_UTCTIME_new();
@@ -1890,19 +2127,15 @@ again2:
 		goto err;
 		}

-	if (db->attributes.unique_subject)
+	rrow=TXT_DB_get_by_index(db,DB_name,row);
+	if (rrow != NULL)
 		{
-		rrow=TXT_DB_get_by_index(db->db,DB_name,row);
-		if (rrow != NULL)
-			{
-			BIO_printf(bio_err,
-				"ERROR:There is already a certificate for %s\n",
-				row[DB_name]);
-			}
+		BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
+			row[DB_name]);
 		}
-	if (rrow == NULL)
+	else
 		{
-		rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+		rrow=TXT_DB_get_by_index(db,DB_serial,row);
 		if (rrow != NULL)
 			{
 			BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
@@ -2109,7 +2342,7 @@ again2:
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
-	BUF_strlcpy(row[DB_file],"unknown",8);
+	strcpy(row[DB_file],"unknown");
 	row[DB_type][0]='V';
 	row[DB_type][1]='\0';

@@ -2126,10 +2359,10 @@ again2:
 		}
 	irow[DB_NUMBER]=NULL;

-	if (!TXT_DB_insert(db->db,irow))
+	if (!TXT_DB_insert(db,irow))
 		{
 		BIO_printf(bio_err,"failed to update database\n");
-		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
 		goto err;
 		}
 	ok=1;
@@ -2180,7 +2413,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 	}

 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
 	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
 	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
 	     unsigned long nameopt, int default_op, int ext_copy)
@@ -2359,7 +2592,7 @@ static int check_time_format(char *str)
 	return(ASN1_UTCTIME_check(&tm));
 	}

-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
 	{
 	ASN1_UTCTIME *tm=NULL;
 	char *row[DB_NUMBER],**rrow,**irow;
@@ -2384,10 +2617,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 	/* We have to lookup by serial number because name lookup
 	 * skips revoked certs
 	 */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	if (rrow == NULL)
 		{
-		BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
+		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);

 		/* We now just add it to the database */
 		row[DB_type]=(char *)OPENSSL_malloc(2);
@@ -2410,7 +2643,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto err;
 			}
-		BUF_strlcpy(row[DB_file],"unknown",8);
+		strcpy(row[DB_file],"unknown");
 		row[DB_type][0]='V';
 		row[DB_type][1]='\0';

@@ -2427,10 +2660,10 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
 			}
 		irow[DB_NUMBER]=NULL;

-		if (!TXT_DB_insert(db->db,irow))
+		if (!TXT_DB_insert(db,irow))
 			{
 			BIO_printf(bio_err,"failed to update database\n");
-			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
+			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
 			goto err;
 			}

@@ -2475,7 +2708,7 @@ err:
 	return(ok);
 	}

-static int get_certificate_status(const char *serial, CA_DB *db)
+static int get_certificate_status(const char *serial, TXT_DB *db)
 	{
 	char *row[DB_NUMBER],**rrow;
 	int ok=-1,i;
@@ -2516,7 +2749,7 @@ static int get_certificate_status(const char *serial, CA_DB *db)
 	ok=1;

 	/* Search for the certificate */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	if (rrow == NULL)
 		{
 		BIO_printf(bio_err,"Serial %s not present in db.\n",
@@ -2563,7 +2796,7 @@ err:
 	return(ok);
 	}

-static int do_updatedb (CA_DB *db)
+static int do_updatedb (TXT_DB *db)
 	{
 	ASN1_UTCTIME	*a_tm = NULL;
 	int i, cnt = 0;
@@ -2589,9 +2822,9 @@ static int do_updatedb (CA_DB *db)
 	else
 		a_y2k = 0;

-	for (i = 0; i < sk_num(db->db->data); i++)
+	for (i = 0; i < sk_num(db->data); i++)
 		{
-		rrow = (char **) sk_value(db->db->data, i);
+		rrow = (char **) sk_value(db->data, i);

 		if (rrow[DB_type][0] == 'V')
 		 	{
@@ -2734,16 +2967,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)

 	if (!str) return NULL;

-	BUF_strlcpy(str, (char *)revtm->data, i);
+	strcpy(str, (char *)revtm->data);
 	if (reason)
 		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, reason, i);
+		strcat(str, ",");
+		strcat(str, reason);
 		}
 	if (other)
 		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, other, i);
+		strcat(str, ",");
+		strcat(str, other);
 		}
 	ASN1_UTCTIME_free(revtm);
 	return str;
@@ -3078,3 +3311,17 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G

 	return ret;
 	}
+
+int make_serial_index(TXT_DB *db)
+	{
+	if (!TXT_DB_create_index(db, DB_serial, NULL,
+				LHASH_HASH_FN(index_serial_hash),
+				LHASH_COMP_FN(index_serial_cmp)))
+		{
+		BIO_printf(bio_err,
+		  "error creating serial number index:(%ld,%ld,%ld)\n",
+		  			db->error,db->arg1,db->arg2);
+			return 0;
+		}
+	return 1;
+	}
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -347,9 +347,8 @@ int MAIN(int argc, char **argv)
 				}
 			if(!out_bin)
 				{
-				size_t len = strlen(name)+strlen(argv[i])+5;
-				tmp=tofree=OPENSSL_malloc(len);
-				BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
+				tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+				sprintf(tmp,"%s(%s)= ",name,argv[i]);
 				}
 			else
 				tmp="";
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -373,9 +373,9 @@ bad:
 			{
 			char buf[200];

-			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
-				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
-				     (enc)?"encryption":"decryption");
+			sprintf(buf,"enter %s %s password:",
+				OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+				(enc)?"encryption":"decryption");
 			strbuf[0]='\0';
 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
 			if (i == 0)
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -122,8 +122,8 @@ static int append_buf(char **buf, const char *s, int *size, int step)
 		return 0;

 	if (**buf != '\0')
-		BUF_strlcat(*buf, ", ", *size);
-	BUF_strlcat(*buf, s, *size);
+		strcat(*buf, ", ");
+	strcat(*buf, s);

 	return 1;
 	}
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -68,6 +68,19 @@
 /* Maximum leeway in validity period: default 5 minutes */
 #define MAX_VALIDITY_PERIOD	(5 * 60)

+/* CA index.txt definitions */
+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids);
 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
@@ -76,12 +89,12 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 				STACK *names, STACK_OF(OCSP_CERTID) *ids,
 				long nsec, long maxage);

-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
 			int nmin, int ndays);

-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
 static BIO *init_responder(char *port);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
 static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
@@ -130,7 +143,7 @@ int MAIN(int argc, char **argv)
 	X509 *rca_cert = NULL;
 	char *ridx_filename = NULL;
 	char *rca_filename = NULL;
-	CA_DB *rdb = NULL;
+	TXT_DB *rdb = NULL;
 	int nmin = 0, ndays = -1;

 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
@@ -687,9 +700,22 @@ int MAIN(int argc, char **argv)

 	if (ridx_filename && !rdb)
 		{
-		rdb = load_index(ridx_filename, NULL);
-		if (!rdb) goto end;
-		if (!index_index(rdb)) goto end;
+		BIO *db_bio = NULL;
+		db_bio = BIO_new_file(ridx_filename, "r");
+		if (!db_bio)
+			{
+			BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
+			goto end;
+			}
+		rdb = TXT_DB_read(db_bio, DB_NUMBER);
+		BIO_free(db_bio);
+		if (!rdb)
+			{
+			BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
+			goto end;
+			}
+		if (!make_serial_index(rdb))
+			goto end;
 		}

 	if (rdb)
@@ -873,7 +899,7 @@ end:
 	X509_free(cert);
 	X509_free(rsigner);
 	X509_free(rca_cert);
-	free_index(rdb);
+	TXT_DB_free(rdb);
 	BIO_free_all(cbio);
 	BIO_free_all(acbio);
 	BIO_free(out);
@@ -1015,7 +1041,7 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 	}


-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
 			int nmin, int ndays)
@@ -1107,7 +1133,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db

 	}

-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
 	{
 	int i;
 	BIGNUM *bn = NULL;
@@ -1120,7 +1146,7 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 		itmp = BN_bn2hex(bn);
 	row[DB_serial] = itmp;
 	BN_free(bn);
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	OPENSSL_free(itmp);
 	return rrow;
 	}
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -38,14 +38,10 @@ dir		= ./demoCA		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
 new_certs_dir	= $dir/newcerts		# default place for new certs.

 certificate	= $dir/cacert.pem 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
-#crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
@@ -62,7 +58,6 @@ cert_opt 	= ca_default		# Certificate field options

 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext

 default_days	= 365			# how long to certify for
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -557,7 +557,7 @@ int MAIN(int argc, char **argv)
 	    BIO_printf (bio_err, "Can't read Password\n");
 	    goto export_end;
        }
-	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+	if (!twopass) strcpy(macpass, pass);
 	/* Turn certbags into encrypted authsafe */
 	authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
 								 iter, bags);
@@ -658,7 +658,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_pop_info();
 #endif

-    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
+    if (!twopass) strcpy(macpass, pass);

    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
    if(macver) {
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -102,9 +102,6 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-	if (!load_config(bio_err, NULL))
-		goto end;
-
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
--- a/apps/req.c
+++ b/apps/req.c
@@ -824,7 +824,7 @@ loop:
 			if ((x509ss=X509_new()) == NULL) goto end;

 			/* Set version to V3 */
-			if(extensions && !X509_set_version(x509ss, 2)) goto end;
+			if(!X509_set_version(x509ss, 2)) goto end;
 			if (serial)
 				{
 				if (!X509_set_serialNumber(x509ss, serial)) goto end;
@@ -1223,34 +1223,34 @@ start:		for (;;)
 				}
 			/* If OBJ not recognised ignore it */
 			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
-			if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
-				>= sizeof buf)
+
+			if(strlen(v->name) > sizeof buf-9)
 			   {
 			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 			   return 0;
 			   }

+			sprintf(buf,"%s_default",v->name);
 			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				def="";
 				}
-				
-			BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
+			sprintf(buf,"%s_value",v->name);
 			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
 				{
 				ERR_clear_error();
 				value=NULL;
 				}

-			BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
+			sprintf(buf,"%s_min",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
 				{
 				ERR_clear_error();
 				n_min = -1;
 				}

-			BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
+			sprintf(buf,"%s_max",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
 				{
 				ERR_clear_error();
@@ -1288,13 +1288,13 @@ start2:			for (;;)
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;

-				if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
-					>= sizeof buf)
+				if(strlen(v->name) > sizeof buf-9)
 				   {
 				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
 				   return 0;
 				   }

+				sprintf(buf,"%s_default",type);
 				if ((def=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
@@ -1303,7 +1303,7 @@ start2:			for (;;)
 					}
 				
 				
-				BIO_snprintf(buf,sizeof buf,"%s_value",type);
+				sprintf(buf,"%s_value",type);
 				if ((value=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
 					{
@@ -1311,11 +1311,11 @@ start2:			for (;;)
 					value=NULL;
 					}

-				BIO_snprintf(buf,sizeof buf,"%s_min",type);
+				sprintf(buf,"%s_min",type);
 				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
 					n_min = -1;

-				BIO_snprintf(buf,sizeof buf,"%s_max",type);
+				sprintf(buf,"%s_max",type);
 				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
 					n_max = -1;

@@ -1397,8 +1397,9 @@ start:
 	(void)BIO_flush(bio_err);
 	if(value != NULL)
 		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
+		strcpy(buf,value);
+		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
 		}
 	else
@@ -1420,8 +1421,8 @@ start:
 		{
 		if ((def == NULL) || (def[0] == '\0'))
 			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcpy(buf,def);
+		strcat(buf,"\n");
 		}
 	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);

@@ -1455,8 +1456,9 @@ start:
 	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
+		strcpy(buf,value);
+		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
 		}
 	else
@@ -1478,8 +1480,8 @@ start:
 		{
 		if ((def == NULL) || (def[0] == '\0'))
 			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcpy(buf,def);
+		strcat(buf,"\n");
 		}
 	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);

--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -97,7 +97,6 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY *pkey = NULL;
 	RSA *rsa = NULL;
 	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
-	char *passargin = NULL, *passin = NULL;
 	int rsa_inlen, rsa_outlen = 0;
 	int keysize;

@@ -125,9 +124,6 @@ int MAIN(int argc, char **argv)
 		} else if(!strcmp(*argv, "-inkey")) {
 			if (--argc < 1) badarg = 1;
 			keyfile = *(++argv);
-		} else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1) badarg = 1;
-			passargin= *(++argv);
 		} else if (strcmp(*argv,"-keyform") == 0) {
 			if (--argc < 1) badarg = 1;
 			keyform=str2fmt(*(++argv));
@@ -173,10 +169,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-	}

 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);
@@ -184,7 +176,7 @@ int MAIN(int argc, char **argv)
 	switch(key_type) {
 		case KEY_PRIVKEY:
 		pkey = load_key(bio_err, keyfile, keyform, 0,
-			passin, e, "Private Key");
+			NULL, e, "Private Key");
 		break;

 		case KEY_PUBKEY:
@@ -298,7 +290,6 @@ int MAIN(int argc, char **argv)
 	BIO_free_all(out);
 	if(rsa_in) OPENSSL_free(rsa_in);
 	if(rsa_out) OPENSSL_free(rsa_out);
-	if(passin) OPENSSL_free(passin);
 	return ret;
 }

@@ -322,7 +313,6 @@ static void usage()
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-	BIO_printf (bio_err, "-passin arg    pass phrase source\n");
 #endif

 }
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -389,7 +389,7 @@ redoit:
 			perror("OPENSSL_malloc");
 			return(0);
 			}
-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+		strcpy(*host,h1->h_name);

 		h2=GetHostByName(*host);
 		if (h2 == NULL)
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -502,7 +502,7 @@ int MAIN(int argc, char **argv)

 		if (s_www_path != NULL)
 			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
@@ -557,7 +557,7 @@ next:

 	if (s_www_path != NULL)
 		{
-		BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+		sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 		SSL_write(scon,buf,strlen(buf));
 		while (SSL_read(scon,buf,sizeof(buf)) > 0)
 			;
@@ -595,7 +595,7 @@ next:

 		if (s_www_path)
 			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
+			sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -773,7 +773,6 @@ int MAIN(int argc, char **argv)
 			{
 			dsa_doit[R_DSA_512]=1;
 			dsa_doit[R_DSA_1024]=1;
-			dsa_doit[R_DSA_2048]=1;
 			}
 		else
 #endif
@@ -1007,9 +1006,6 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_RC5][0]=count;
 	c[D_CBC_BF][0]=count;
 	c[D_CBC_CAST][0]=count;
-	c[D_CBC_128_AES][0]=count;
-	c[D_CBC_192_AES][0]=count;
-	c[D_CBC_256_AES][0]=count;

 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1035,9 +1031,6 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
-		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
-		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
-		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
 		}
 #ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1022,31 +1022,31 @@ end:
 	OPENSSL_EXIT(ret);
 	}

-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
+static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 	{
 	char *buf = NULL, *p;
-	ASN1_INTEGER *bs = NULL;
+	MS_STATIC char buf2[1024];
+	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+	BIO *io = NULL;
 	BIGNUM *serial = NULL;
-	size_t len;

-	len = ((serialfile == NULL)
-		?(strlen(CAfile)+strlen(POSTFIX)+1)
-		:(strlen(serialfile)))+1;
-	buf=OPENSSL_malloc(len);
+	buf=OPENSSL_malloc( ((serialfile == NULL)
+			?(strlen(CAfile)+strlen(POSTFIX)+1)
+			:(strlen(serialfile)))+1);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
 	if (serialfile == NULL)
 		{
-		BUF_strlcpy(buf,CAfile,len);
+		strcpy(buf,CAfile);
 		for (p=buf; *p; p++)
 			if (*p == '.')
 				{
 				*p='\0';
 				break;
 				}
-		BUF_strlcat(buf,POSTFIX,len);
+		strcat(buf,POSTFIX);
 		}
 	else
-		BUF_strlcpy(buf,serialfile,len);
+		strcpy(buf,serialfile);
 	serial=BN_new();
 	bs=ASN1_INTEGER_new();
 	if ((serial == NULL) || (bs == NULL))
@@ -1055,18 +1055,72 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create
 		goto end;
 		}

-	serial = load_serial(buf, create, NULL);
-	if (serial == NULL) goto end;
+	io=BIO_new(BIO_s_file());
+	if (io == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	
+	if (BIO_read_filename(io,buf) <= 0)
+		{
+		if (!create)
+			{
+			perror(buf);
+			goto end;
+			}
+		else
+			{
+			ASN1_INTEGER_set(bs,1);
+			BN_one(serial);
+			}
+		}
+	else 
+		{
+		if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
+			{
+			BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		else
+			{
+			serial=BN_bin2bn(bs->data,bs->length,serial);
+			if (serial == NULL)
+				{
+				BIO_printf(bio_err,"error converting bin 2 bn");
+				goto end;
+				}
+			}
+		}

 	if (!BN_add_word(serial,1))
 		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
+	if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
+		{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
+	if (BIO_write_filename(io,buf) <= 0)
+		{
+		BIO_printf(bio_err,"error attempting to write serial number file\n");
+		perror(buf);
+		goto end;
+		}
+	i2a_ASN1_INTEGER(io,bs2);
+	BIO_puts(io,"\n");

-	if (!save_serial(buf, NULL, serial, &bs)) goto end;
-
- end:
+	BIO_free(io);
 	if (buf) OPENSSL_free(buf);
+	ASN1_INTEGER_free(bs2);
 	BN_free(serial);
+	io=NULL;
 	return bs;
+
+	end:
+	if (buf) OPENSSL_free(buf);
+	BIO_free(io);
+	ASN1_INTEGER_free(bs);
+	BN_free(serial);
+	return NULL;
+
 	}

 static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
@@ -1088,7 +1142,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 		goto end;
 		}
 	if (sno) bs = sno;
-	else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+	else if (!(bs = load_serial(CAfile, serialfile, create)))
 		goto end;

 /*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
--- a/certs/expired/vsign3.pem
+++ b/certs/expired/vsign3.pem
@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan  7 23:59:59 2004 GMT
-----BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
-----END CERTIFICATE-----
--- a/certs/vsign3.pem
+++ b/certs/vsign3.pem
@@ -1,17 +1,18 @@
 subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
 notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Aug  1 23:59:59 2028 GMT
+notAfter=Jan  7 23:59:59 2004 GMT
 -----BEGIN CERTIFICATE-----
-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
+RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
+rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
+STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
+ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
+pA==
 -----END CERTIFICATE-----
--- a/13
+++ b/13
@@ -134,7 +134,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "$HPUXVER" in
 	    1[0-9].*)	# HPUX 10 and 11 targets are unified
-		echo "${MACHINE}-hp-hpux1x"; exit 0
+		echo "${MACHINE}-hp-hpux10"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-hp-hpux"; exit 0
@@ -410,10 +410,9 @@ if [ "$SYSTEM" = "HP-UX" ];then
  GCC_BITS="32"
  if [ $GCCVER -ge 30 ]; then
    # PA64 support only came in with gcc 3.0.x.
-    # We check if the preprocessor symbol __LP64__ is defined...
-    if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
-      : # __LP64__ has slipped through, it therefore is not defined
-    else
+    # We look for the preprocessor symbol __LP64__ indicating
+    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
+    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
      GCC_BITS="64"
    fi
  fi
@@ -686,7 +685,7 @@ EOF
 	if [ $CC = "gcc" ];
 	then
 	  if [ $GCC_BITS = "64" ]; then
-	    OUT="hpux64-parisc2-gcc"
+	    OUT="hpux64-parisc-gcc"
 	  else
 	    OUT="hpux-parisc-gcc"
 	  fi
@@ -701,7 +700,7 @@ EOF
 	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
 	     echo "         If you wish to build 32-bit library, the you have to"
-	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
+	     echo "         invoke './Configure hpux-ia32-cc' *manually*."
 	     if [ "$TEST" = "false" ]; then
 		echo "         You have about 5 seconds to press Ctrl-C to abort."
 		(stty -icanon min 0 time 50; read waste) < /dev/tty
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -36,21 +36,21 @@ GENERAL=Makefile README crypto-lib.com install.com

 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
-LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o

 SRC= $(LIBSRC)

 EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
 	ossl_typ.h
-HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)
+HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h o_str.h $(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)

 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)

-all: shared
+all: buildinf.h lib subdirs shared

 buildinf.h: ../Makefile.ssl
 	( echo "#ifndef MK1MF_BUILD"; \
@@ -81,11 +81,11 @@ files:
 	done;

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@for i in $(SDIRS); do \
 	(cd $$i && echo "making links in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
@@ -96,7 +96,7 @@ lib:	$(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib

-shared: buildinf.h lib subdirs
+shared:
 	if [ -n "$(SHARED_LIBS)" ]; then \
 		(cd ..; $(MAKE) $(SHARED_LIB)); \
 	fi
@@ -203,6 +203,8 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
+o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c
+o_str.o: o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
 tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
--- a/crypto/aes/Makefile.ssl
+++ b/crypto/aes/Makefile.ssl
@@ -52,7 +52,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -91,7 +91,8 @@ aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
 aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: aes_core.c aes_locl.h
 aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -95,6 +95,15 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
 	unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+			    const int nbits,const AES_KEY *key,
+			    unsigned char *ivec,const int enc);
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
 	const unsigned long length, const AES_KEY *key,
 	unsigned char *ivec, int *num);
--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@@ -104,7 +104,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 			memcpy(tmp, in, AES_BLOCK_SIZE);
 			AES_decrypt(tmp, tmp, key);
 			for(n=0; n < len; ++n)
-				out[n] = tmp[n] ^ ivec[n];
+				out[n] ^= ivec[n];
 			memcpy(ivec, tmp, AES_BLOCK_SIZE);
 		}			
 	}
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -155,3 +155,96 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	*num=n;
 }

+/* This expects a single block of size nbits for both in and out. Note that
+   it corrupts any extra bits in the last byte of out */
+/* Untested, once it is working, it will be optimised */
+void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+			    const int nbits,const AES_KEY *key,
+			    unsigned char *ivec,const int enc)
+    {
+    int n;
+    unsigned char ovec[AES_BLOCK_SIZE*2];
+
+    assert(in && out && key && ivec);
+    if(enc)
+	{
+	/* construct the new IV */
+	AES_encrypt(ivec,ovec,key);
+	/* encrypt the input */
+	for(n=0 ; n < (nbits+7)/8 ; ++n)
+	    out[n]=in[n]^ovec[n];
+	/* fill in the first half of the new IV with the current IV */
+	memcpy(ovec,ivec,AES_BLOCK_SIZE);
+	/* and put the ciphertext in the second half */
+	memcpy(ovec+AES_BLOCK_SIZE,out,(nbits+7)/8);
+	/* shift ovec left most of the bits... */
+	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
+	/* now the remaining bits */
+	if(nbits%8 != 0)
+	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+		{
+		ovec[n]<<=nbits%8;
+		ovec[n]|=ovec[n+1]>>(8-nbits%8);
+		}
+	/* finally, move it back into place */
+	memcpy(ivec,ovec,AES_BLOCK_SIZE);
+	}
+    else
+	{
+	/* construct the new IV in the first half of ovec */
+	AES_encrypt(ivec,ovec,key);
+	/* decrypt the input */
+	for(n=0 ; n < (nbits+7)/8 ; ++n)
+	    out[n]=in[n]^ovec[n];
+	/* fill in the first half of the new IV with the current IV */
+	memcpy(ovec,ivec,AES_BLOCK_SIZE);
+	/* append the ciphertext */
+	memcpy(ovec+AES_BLOCK_SIZE,in,(nbits+7)/8);
+	/* shift ovec left most of the bits... */
+	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
+	/* now the remaining bits */
+	if(nbits%8 != 0)
+	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+		{
+		ovec[n]<<=nbits%8;
+		ovec[n]|=ovec[n+1]>>(8-nbits%8);
+		}
+	/* finally, move it back into place */
+	memcpy(ivec,ovec,AES_BLOCK_SIZE);
+	}
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+    }
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+		      const unsigned long length, const AES_KEY *key,
+		      unsigned char *ivec, int *num, const int enc)
+    {
+    unsigned int n;
+    unsigned char c[1],d[1];
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    memset(out,0,(length+7)/8);
+    for(n=0 ; n < length ; ++n)
+	{
+	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+	AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
+	out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+	}
+    }
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+		      const unsigned long length, const AES_KEY *key,
+		      unsigned char *ivec, int *num, const int enc)
+    {
+    unsigned int n;
+
+    assert(in && out && key && ivec && num);
+    assert(*num == 0);
+
+    for(n=0 ; n < length ; ++n)
+	AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
+    }
+
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -37,8 +37,11 @@

 #include <stdlib.h>
 #include <openssl/aes.h>
+#include <openssl/fips.h>
 #include "aes_locl.h"

+#ifndef OPENSSL_FIPS
+
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
@@ -1255,3 +1258,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	PUTU32(out + 12, s3);
 }

+#endif /* ndef OPENSSL_FIPS */
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -77,7 +77,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -115,7 +115,7 @@ err:

 #endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[9]={99, 99,12,31,23,59,59,12,59};
@@ -208,7 +208,6 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 	char *p;
 	struct tm *ts;
 	struct tm data;
-	size_t len = 20; 

 	if (s == NULL)
 		s=M_ASN1_GENERALIZEDTIME_new();
@@ -220,17 +219,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
 		return(NULL);

 	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
+	if ((p == NULL) || (s->length < 16))
 		{
-		p=OPENSSL_malloc(len);
+		p=OPENSSL_malloc(20);
 		if (p == NULL) return(NULL);
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
 		s->data=(unsigned char *)p;
 		}

-	BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_GENERALIZEDTIME;
 #ifdef CHARSET_EBCDIC_not
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,

 	if((minsize > 0) && (nchar < minsize)) {
 		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+		sprintf(strbuf, "%ld", minsize);
 		ERR_add_error_data(2, "minsize=", strbuf);
 		return -1;
 	}

 	if((maxsize > 0) && (nchar > maxsize)) {
 		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+		sprintf(strbuf, "%ld", maxsize);
 		ERR_add_error_data(2, "maxsize=", strbuf);
 		return -1;
 	}
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -285,7 +285,7 @@ const static signed char tag2nbyte[] = {
 	-1, -1, 0, -1,		/* 10-13 */
 	-1, -1, -1, -1,		/* 15-17 */
 	-1, 1, 1,		/* 18-20 */
-	-1, 1, 1, 1,		/* 21-24 */
+	-1, 1, -1,-1,		/* 21-24 */
 	-1, 1, -1,		/* 25-27 */
 	4, -1, 2		/* 28-30 */
 };
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -114,7 +114,7 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}

-int ASN1_TIME_check(ASN1_TIME *t)
+int ASN1_TIME_check(const ASN1_TIME *t)
 	{
 	if (t->type == V_ASN1_GENERALIZEDTIME)
 		return ASN1_GENERALIZEDTIME_check(t);
@@ -124,11 +124,11 @@ int ASN1_TIME_check(ASN1_TIME *t)
 	}

 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+						   ASN1_GENERALIZEDTIME **out)
 	{
 	ASN1_GENERALIZEDTIME *ret;
 	char *str;
-	int newlen;

 	if (!ASN1_TIME_check(t)) return NULL;

@@ -151,14 +151,12 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 	/* grow the string */
 	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
 		return NULL;
-	/* ASN1_STRING_set() allocated 'len + 1' bytes. */
-	newlen = t->length + 2 + 1;
 	str = (char *)ret->data;
 	/* Work out the century and prepend */
-	if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
-	else BUF_strlcpy(str, "20", newlen);
+	if (t->data[0] >= '5') strcpy(str, "19");
+	else strcpy(str, "20");

-	BUF_strlcat(str, (char *)t->data, newlen);
+	BUF_strlcat(str, (char *)t->data, t->length+3);	/* Include space for a '\0' */

 	return ret;
 	}
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -112,7 +112,7 @@ err:

 #endif

-int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[8]={99,12,31,23,59,59,12,59};
@@ -188,7 +188,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	char *p;
 	struct tm *ts;
 	struct tm data;
-	size_t len = 20;

 	if (s == NULL)
 		s=M_ASN1_UTCTIME_new();
@@ -200,17 +199,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 		return(NULL);

 	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
+	if ((p == NULL) || (s->length < 14))
 		{
-		p=OPENSSL_malloc(len);
+		p=OPENSSL_malloc(20);
 		if (p == NULL) return(NULL);
 		if (s->data != NULL)
 			OPENSSL_free(s->data);
 		s->data=(unsigned char *)p;
 		}

-	BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_UTCTIME;
 #ifdef CHARSET_EBCDIC_not
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -754,7 +754,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);

 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)

-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
@@ -762,7 +762,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 #endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 

@@ -793,8 +793,8 @@ DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);

 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
 	{
 	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];

-	BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
-	BIO_snprintf(buf2,sizeof buf2,"%d",offset);
+	sprintf(buf1,"%lu",(unsigned long)address);
+	sprintf(buf2,"%d",offset);
 	ERR_add_error_data(4,"address=",buf1," offset=",buf2);
 	}

--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,

 	p=str;
 	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-		BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
+		sprintf(str,"priv [ %d ] ",tag);
 	else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-		BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
+		sprintf(str,"cont [ %d ]",tag);
 	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-		BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
+		sprintf(str,"appl [ %d ]",tag);
 	else p = ASN1_tag2str(tag);

 	if (p2 != NULL)
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -87,14 +87,9 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
 			}
 		}
 	return 1;
-	}
-
-static void oid_module_finish(CONF_IMODULE *md)
-	{
-	OBJ_cleanup();
-	}
+}

 void ASN1_add_oid_module(void)
 	{
-	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+	CONF_module_add("oid_section", oid_module_init, 0);
 	}
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -139,9 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
 		}

 	if (x->d == NULL)
-		BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
+		sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n));
 	else
-		BUF_strlcpy(str,"modulus:",sizeof str);
+		strcpy(str,"modulus:");
 	if (!print(bp,str,x->n,m,off)) goto err;
 	s=(x->d == NULL)?"Exponent:":"publicExponent:";
 	if (!print(bp,s,x->e,m,off)) goto err;
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -104,12 +104,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
 	long ltmp;
 	unsigned long utmp;
 	int clen, pad, i;
-	/* this exists to bypass broken gcc optimization */
-	char *cp = (char *)pval;
-
-	/* use memcpy, because we may not be long aligned */
-	memcpy(&ltmp, cp, sizeof(long));
-
+	ltmp = *(long *)pval;
 	if(ltmp == it->size) return -1;
 	/* Convert the long to positive: we subtract one if negative so
 	 * we can cleanly handle the padding if only the MSB of the leading
@@ -141,7 +136,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
 	int neg, i;
 	long ltmp;
 	unsigned long utmp = 0;
-	char *cp = (char *)pval;
 	if(len > sizeof(long)) {
 		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
 		return 0;
@@ -164,6 +158,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype,
 		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
 		return 0;
 	}
-	memcpy(cp, &ltmp, sizeof(long));
+	*(long *)pval = ltmp;
 	return 1;
 }
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -22,7 +22,6 @@ BF_ENC=		bf_enc.o
 #DES_ENC=	bx86-elf.o

 CFLAGS= $(INCLUDES) $(CFLAG)
-ASFLAGS= $(INCLUDES) $(ASFLAG)

 GENERAL=Makefile
 TEST=bftest.c
@@ -68,7 +67,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -57,7 +57,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@@ -104,41 +104,38 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
 	for(i=0;i<rows;i++)
 		{
 		buf[0]='\0';	/* start with empty string */
-		BUF_strlcpy(buf,str,sizeof buf);
-		BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
-		BUF_strlcat(buf,tmp,sizeof buf);
+		strcpy(buf,str);
+		sprintf(tmp,"%04x - ",i*dump_width);
+		strcat(buf,tmp);
 		for(j=0;j<dump_width;j++)
 			{
 			if (((i*dump_width)+j)>=len)
 				{
-				BUF_strlcat(buf,"   ",sizeof buf);
+				strcat(buf,"   ");
 				}
 			else
 				{
 				ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-				BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
-					 j==7?'-':' ');
-				BUF_strlcat(buf,tmp,sizeof buf);
+				sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
+				strcat(buf,tmp);
 				}
 			}
-		BUF_strlcat(buf,"  ",sizeof buf);
+		strcat(buf,"  ");
 		for(j=0;j<dump_width;j++)
 			{
 			if (((i*dump_width)+j)>=len)
 				break;
 			ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
 #ifndef CHARSET_EBCDIC
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				 ((ch>=' ')&&(ch<='~'))?ch:'.');
+			sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
 #else
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-				 ? os_toebcdic[ch]
-				 : '.');
+			sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+				? os_toebcdic[ch]
+				: '.');
 #endif
-			BUF_strlcat(buf,tmp,sizeof buf);
+			strcat(buf,tmp);
 			}
-		BUF_strlcat(buf,"\n",sizeof buf);
+		strcat(buf,"\n");
 		/* if this is the last call then update the ddt_dump thing so that
 		 * we will move the selection point in the debug window 
 		 */
@@ -147,8 +144,7 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
 #ifdef TRUNCATE
 	if (trunc > 0)
 		{
-		BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
-			 len+trunc);
+		sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
 		ret+=BIO_write(bio,(char *)buf,strlen(buf));
 		}
 #endif
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -576,12 +576,12 @@ abs_val(LDOUBLE value)
 }

 static LDOUBLE
-pow10(int in_exp)
+pow10(int exp)
 {
    LDOUBLE result = 1;
-    while (in_exp) {
+    while (exp) {
        result *= 10;
-        in_exp--;
+        exp--;
    }
    return result;
 }
@@ -652,8 +652,8 @@ fmtfp(
            (caps ? "0123456789ABCDEF"
              : "0123456789abcdef")[intpart % 10];
        intpart = (intpart / 10);
-    } while (intpart && (iplace < sizeof iconvert));
-    if (iplace == sizeof iconvert)
+    } while (intpart && (iplace < sizeof iplace));
+    if (iplace == sizeof iplace)
        iplace--;
    iconvert[iplace] = 0;

@@ -664,7 +664,7 @@ fmtfp(
              : "0123456789abcdef")[fracpart % 10];
        fracpart = (fracpart / 10);
    } while (fplace < max);
-    if (fplace == sizeof fconvert)
+    if (fplace == sizeof fplace)
        fplace--;
    fconvert[fplace] = 0;

--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
 			}
 		*addr=p;
 		}
-	BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
-		     (unsigned char)(l>>24L)&0xff,
-		     (unsigned char)(l>>16L)&0xff,
-		     (unsigned char)(l>> 8L)&0xff,
-		     (unsigned char)(l     )&0xff,
-		     port);
+	sprintf(*addr,"%d.%d.%d.%d:%d",
+		(unsigned char)(l>>24L)&0xff,
+		(unsigned char)(l>>16L)&0xff,
+		(unsigned char)(l>> 8L)&0xff,
+		(unsigned char)(l     )&0xff,
+		port);
 end:
 	return(ret);
 	}
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -70,61 +70,55 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
 	MS_STATIC char buf[256];
 	char *p;
 	long r=1;
-	size_t p_maxlen;

 	if (BIO_CB_RETURN & cmd)
 		r=ret;

-	BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
+	sprintf(buf,"BIO[%08lX]:",(unsigned long)bio);
 	p= &(buf[14]);
-	p_maxlen = sizeof buf - 14;
 	switch (cmd)
 		{
 	case BIO_CB_FREE:
-		BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
+		sprintf(p,"Free - %s\n",bio->method->name);
 		break;
 	case BIO_CB_READ:
 		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
-				 bio->num,argi,bio->method->name,bio->num);
+			sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
 		else
-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
-				 bio->num,argi,bio->method->name);
+			sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name);
 		break;
 	case BIO_CB_WRITE:
 		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
-				 bio->num,argi,bio->method->name,bio->num);
+			sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num);
 		else
-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
-				 bio->num,argi,bio->method->name);
+			sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name);
 		break;
 	case BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
+		sprintf(p,"puts() - %s\n",bio->method->name);
 		break;
 	case BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
+		sprintf(p,"gets(%d) - %s\n",argi,bio->method->name);
 		break;
 	case BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
+		sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name);
 		break;
 	case BIO_CB_RETURN|BIO_CB_READ:
-		BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
+		sprintf(p,"read return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_WRITE:
-		BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
+		sprintf(p,"write return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
+		sprintf(p,"gets return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
+		sprintf(p,"puts return %ld\n",ret);
 		break;
 	case BIO_CB_RETURN|BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
+		sprintf(p,"ctrl return %ld\n",ret);
 		break;
 	default:
-		BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
+		sprintf(p,"bio callback - unknown type (%d)\n",cmd);
 		break;
 		}

--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 				char buf[16];
 				unsigned char *p = ptr;

-				BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
-					     p[0],p[1],p[2],p[3]);
+				sprintf(buf,"%d.%d.%d.%d",
+					p[0],p[1],p[2],p[3]);
 				if (data->param_hostname != NULL)
 					OPENSSL_free(data->param_hostname);
 				data->param_hostname=BUF_strdup(buf);
@@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 				{
 				char buf[DECIMAL_SIZE(int)+1];

-				BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
+				sprintf(buf,"%d",*(int *)ptr);
 				if (data->param_port != NULL)
 					OPENSSL_free(data->param_port);
 				data->param_port=BUF_strdup(buf);
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 		if (num & BIO_FP_APPEND)
 			{
 			if (num & BIO_FP_READ)
-				BUF_strlcpy(p,"a+",sizeof p);
-			else	BUF_strlcpy(p,"a",sizeof p);
+				strcpy(p,"a+");
+			else	strcpy(p,"a");
 			}
 		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			BUF_strlcpy(p,"r+",sizeof p);
+			strcpy(p,"r+");
 		else if (num & BIO_FP_WRITE)
-			BUF_strlcpy(p,"w",sizeof p);
+			strcpy(p,"w");
 		else if (num & BIO_FP_READ)
-			BUF_strlcpy(p,"r",sizeof p);
+			strcpy(p,"r");
 		else
 			{
 			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -120,14 +120,11 @@ asm/ia64-cpp.o:	asm/ia64.S

 asm/x86_64-gcc.o: asm/x86_64-gcc.c

-asm/pa-risc2W.o: asm/pa-risc2W.s
-	/usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
-
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/bn/asm/bn-586.pl
+++ b/crypto/bn/asm/bn-586.pl
@@ -11,7 +11,7 @@ require "x86asm.pl";
 &bn_div_words("bn_div_words");
 &bn_add_words("bn_add_words");
 &bn_sub_words("bn_sub_words");
-#&bn_sub_part_words("bn_sub_part_words");
+&bn_sub_part_words("bn_sub_part_words");

 &asm_finish();

--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -142,7 +142,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 {	BN_ULONG ret,waste;

-	asm ("divq	%4"
+	asm ("divq	%3"
 		: "=a"(ret),"=d"(waste)
 		: "a"(l),"d"(h),"g"(d)
 		: "cc");
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -433,18 +433,19 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
 int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
 int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
 	int cl, int dl);
-#ifdef BN_RECURSION
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-	BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
-	int n, BN_ULONG *t);
+#if 0
+/* bn_mul.c rollback <appro> */
+void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+	int dna,int dnb,BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
+	int n,int tna,int tnb,BN_ULONG *t);
+#endif
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
 void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
 	BN_ULONG *t);
 void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
 	BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-#endif
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);

 #ifdef  __cplusplus
 }
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -145,11 +145,11 @@ char *BN_options(void)
 		{
 		init++;
 #ifdef BN_LLONG
-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-			     (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+		sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8,
+			(int)sizeof(BN_ULONG)*8);
 #else
-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-			     (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+		sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8,
+			(int)sizeof(BN_ULONG)*8);
 #endif
 		}
 	return(data);
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -119,7 +119,6 @@ char *BN_bn2dec(const BIGNUM *a)
 		}
 	if ((t=BN_dup(a)) == NULL) goto err;

-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
 	p=buf;
 	lp=bn_data;
 	if (t->neg) *(p++)='-';
@@ -140,12 +139,12 @@ char *BN_bn2dec(const BIGNUM *a)
 		/* We now have a series of blocks, BN_DEC_NUM chars
 		 * in length, where the last one needs truncation.
 		 * The blocks need to be reversed in order. */
-		BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
+		sprintf(p,BN_DEC_FMT1,*lp);
 		while (*p) p++;
 		while (lp != bn_data)
 			{
 			lp--;
-			BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
+			sprintf(p,BN_DEC_FMT2,*lp);
 			while (*p) p++;
 			}
 		}
--- a/crypto/buffer/Makefile.ssl
+++ b/crypto/buffer/Makefile.ssl
@@ -47,7 +47,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/cast/Makefile.ssl
+++ b/crypto/cast/Makefile.ssl
@@ -25,7 +25,6 @@ CAST_ENC=c_enc.o
 #CAST_ENC=asm/cx86bdsi.o

 CFLAGS= $(INCLUDES) $(CFLAG)
-ASFLAGS= $(INCLUDES) $(ASFLAG)

 GENERAL=Makefile
 TEST=casttest.c
@@ -71,7 +70,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/cast/asm/.cvsignore
+++ b/crypto/cast/asm/.cvsignore
@@ -1 +1,2 @@
 cx86unix.cpp
+cx86-elf.s
--- a/crypto/comp/Makefile.ssl
+++ b/crypto/comp/Makefile.ssl
@@ -50,7 +50,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -50,7 +50,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	BUF_strlcpy(section,"default",10);
+	strcpy(section,"default");

 	if (_CONF_new_data(conf) == 0)
 		{
@@ -392,7 +392,7 @@ again:
 							ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
-			BUF_strlcpy(v->name,pname,strlen(pname)+1);
+			strcpy(v->name,pname);
 			if (!str_copy(conf,psection,&(v->value),start)) goto err;

 			if (strcmp(psection,section) != 0)
@@ -447,7 +447,7 @@ err:
 	if (buff != NULL) BUF_MEM_free(buff);
 	if (section != NULL) OPENSSL_free(section);
 	if (line != NULL) *line=eline;
-	BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
+	sprintf(btmp,"%ld",eline);
 	ERR_add_error_data(2,"line ",btmp);
 	if ((h != conf->data) && (conf->data != NULL))
 		{
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
 			{
 			char rcode[DECIMAL_SIZE(ret)+1];
 			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
-			BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
+			sprintf(rcode, "%-8d", ret);
 			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
 			}
 		}
@@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)

 	if (!file)
 		return NULL;
-	BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
+	strcpy(file,X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
-	BUF_strlcat(file,"/",len + 1);
+	strcat(file,"/");
 #endif
-	BUF_strlcat(file,OPENSSL_CONF,len + 1);
+	strcat(file,OPENSSL_CONF);

 	return file;
 	}
@@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
 * be used to parse comma separated lists for example.
 */

-int CONF_parse_list(const char *list_, int sep, int nospc,
+int CONF_parse_list(const char *list, int sep, int nospc,
 	int (*list_cb)(const char *elem, int len, void *usr), void *arg)
 	{
 	int ret;
 	const char *lstart, *tmpend, *p;
-	lstart = list_;
+	lstart = list;

 	for(;;)
 		{
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -66,6 +66,11 @@
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif

+#ifdef OPENSSL_FIPS
+int FIPS_mode;
+void *FIPS_rand_check;
+#endif /* def OPENSSL_FIPS */
+
 DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)

--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -158,7 +158,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -61,9 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/crypto.h>

-#ifndef NO_WINDOWS_BRAINDEATH
 #include "buildinf.h"
-#endif

 const char *SSLeay_version(int t)
 	{
@@ -74,7 +72,7 @@ const char *SSLeay_version(int t)
 #ifdef DATE
 		static char buf[sizeof(DATE)+11];

-		BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
+		sprintf(buf,"built on: %s",DATE);
 		return(buf);
 #else
 		return("built on: date not available");
@@ -85,7 +83,7 @@ const char *SSLeay_version(int t)
 #ifdef CFLAGS
 		static char buf[sizeof(CFLAGS)+11];

-		BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
+		sprintf(buf,"compiler: %s",CFLAGS);
 		return(buf);
 #else
 		return("compiler: information not available");
@@ -96,7 +94,7 @@ const char *SSLeay_version(int t)
 #ifdef PLATFORM
 		static char buf[sizeof(PLATFORM)+11];

-		BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
+		sprintf(buf,"platform: %s", PLATFORM);
 		return(buf);
 #else
 		return("platform: information not available");
--- a/crypto/des/Makefile.ssl
+++ b/crypto/des/Makefile.ssl
@@ -22,7 +22,6 @@ DES_ENC=	des_enc.o fcrypt_b.o
 #DES_ENC=	dx86-elf.o yx86-elf.o

 CFLAGS= $(INCLUDES) $(CFLAG)
-ASFLAGS= $(INCLUDES) $(ASFLAG)

 GENERAL=Makefile
 TEST=destest.c
@@ -97,7 +96,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -158,13 +157,12 @@ cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 cfb64enc.o: cfb64enc.c des_locl.h
-cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
-cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-cfb_enc.o: cfb_enc.c des_locl.h
+cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
 des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -193,13 +191,13 @@ ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 ecb3_enc.o: des_locl.h ecb3_enc.c
-ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h
+ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
 ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -140,3 +140,114 @@ void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
 	DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
 	}
 #endif
+
+/* This is compatible with the single key CFB-r for DES, even thought that's
+ * not what EVP needs.
+ */
+
+void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
+			  int numbits,long length,DES_key_schedule *ks1,
+			  DES_key_schedule *ks2,DES_key_schedule *ks3,
+			  DES_cblock *ivec,int enc)
+	{
+	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+	register unsigned long l=length;
+	register int num=numbits;
+	DES_LONG ti[2];
+	unsigned char *iv;
+	unsigned char ovec[16];
+
+	if (num > 64) return;
+	iv = &(*ivec)[0];
+	c2l(iv,v0);
+	c2l(iv,v1);
+	if (enc)
+		{
+		while (l >= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			DES_encrypt3(ti,ks1,ks2,ks3);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			d0^=ti[0];
+			d1^=ti[1];
+			l2cn(d0,d1,out,n);
+			out+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else
+				{
+				iv=&ovec[0];
+				l2c(v0,iv);
+				l2c(v1,iv);
+				l2c(d0,iv);
+				l2c(d1,iv);
+				/* shift ovec left most of the bits... */
+				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+				/* now the remaining bits */
+				if(num%8 != 0)
+					for(n=0 ; n < 8 ; ++n)
+						{
+						ovec[n]<<=num%8;
+						ovec[n]|=ovec[n+1]>>(8-num%8);
+						}
+				iv=&ovec[0];
+				c2l(iv,v0);
+				c2l(iv,v1);
+				}
+			}
+		}
+	else
+		{
+		while (l >= n)
+			{
+			l-=n;
+			ti[0]=v0;
+			ti[1]=v1;
+			DES_encrypt3(ti,ks1,ks2,ks3);
+			c2ln(in,d0,d1,n);
+			in+=n;
+			/* 30-08-94 - eay - changed because l>>32 and
+			 * l<<32 are bad under gcc :-( */
+			if (num == 32)
+				{ v0=v1; v1=d0; }
+			else if (num == 64)
+				{ v0=d0; v1=d1; }
+			else
+				{
+				iv=&ovec[0];
+				l2c(v0,iv);
+				l2c(v1,iv);
+				l2c(d0,iv);
+				l2c(d1,iv);
+				/* shift ovec left most of the bits... */
+				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
+				/* now the remaining bits */
+				if(num%8 != 0)
+					for(n=0 ; n < 8 ; ++n)
+						{
+						ovec[n]<<=num%8;
+						ovec[n]|=ovec[n+1]>>(8-num%8);
+						}
+				iv=&ovec[0];
+				c2l(iv,v0);
+				c2l(iv,v1);
+				}
+			d0^=ti[0];
+			d1^=ti[1];
+			l2cn(d0,d1,out,n);
+			out+=n;
+			}
+		}
+	iv = &(*ivec)[0];
+	l2c(v0,iv);
+	l2c(v1,iv);
+	v0=v1=d0=d1=ti[0]=ti[1]=0;
+	}
+
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -65,15 +65,17 @@
 * the second.  The second 12 bits will come from the 3rd and half the 4th
 * byte.
 */
+/* WARNING WARNING: this uses in and out in 8-byte chunks regardless of
+ * length */
 /* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
 * will not be compatible with any encryption prior to that date. Ben. */
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 		     long length, DES_key_schedule *schedule, DES_cblock *ivec,
 		     int enc)
 	{
-	register DES_LONG d0,d1,v0,v1;
-	register unsigned long l=length,n=(numbits+7)/8;
-	register int num=numbits,i;
+	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
+	register unsigned long l=length;
+	register int num=numbits;
 	DES_LONG ti[2];
 	unsigned char *iv;
 	unsigned char ovec[16];
@@ -113,10 +115,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
 				/* now the remaining bits */
 				if(num%8 != 0)
-					for(i=0 ; i < 8 ; ++i)
+					for(n=0 ; n < 8 ; ++n)
 						{
-						ovec[i]<<=num%8;
-						ovec[i]|=ovec[i+1]>>(8-num%8);
+						ovec[n]<<=num%8;
+						ovec[n]|=ovec[n+1]>>(8-num%8);
 						}
 				iv=&ovec[0];
 				c2l(iv,v0);
@@ -151,10 +153,10 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
 				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
 				/* now the remaining bits */
 				if(num%8 != 0)
-					for(i=0 ; i < 8 ; ++i)
+					for(n=0 ; n < 8 ; ++n)
 						{
-						ovec[i]<<=num%8;
-						ovec[i]|=ovec[i+1]>>(8-num%8);
+						ovec[n]<<=num%8;
+						ovec[n]|=ovec[n+1]>>(8-num%8);
 						}
 				iv=&ovec[0];
 				c2l(iv,v0);
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -128,7 +128,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */
 #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)

 const char *DES_options(void);
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output,
 		      DES_key_schedule *ks1,DES_key_schedule *ks2,
 		      DES_key_schedule *ks3, int enc);
 DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
@@ -187,6 +187,10 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
 			    long length,DES_key_schedule *ks1,
 			    DES_key_schedule *ks2,DES_key_schedule *ks3,
 			    DES_cblock *ivec,int *num,int enc);
+void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
+			  int numbits,long length,DES_key_schedule *ks1,
+			  DES_key_schedule *ks2,DES_key_schedule *ks3,
+			  DES_cblock *ivec,int enc);
 void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
 			    long length,DES_key_schedule *ks1,
 			    DES_key_schedule *ks2,DES_key_schedule *ks3,
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,6 +58,8 @@

 #include "des_locl.h"

+#ifndef OPENSSL_FIPS
+
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
@@ -287,6 +289,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 	data[1]=r;
 	}

+#endif /* ndef OPENSSL_FIPS */
+
 #ifndef DES_DEFAULT_OPTIONS

 #undef CBC_ENC_C__DONT_UPDATE_IV
--- a/crypto/des/des_old.c
+++ b/crypto/des/des_old.c
@@ -84,7 +84,7 @@ void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock
 	des_key_schedule ks1,des_key_schedule ks2,
 	des_key_schedule ks3, int enc)
 	{
-	DES_ecb3_encrypt((const_DES_cblock *)input, output,
+	DES_ecb3_encrypt((const unsigned char *)input, (unsigned char *)output,
 		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
 		(DES_key_schedule *)ks3, enc);
 	}
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -439,8 +439,8 @@ int main(int argc, char *argv[])
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
-		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
+		des_ecb2_encrypt(in,out,ks,ks2,DES_ENCRYPT);
+		des_ecb2_encrypt(out,outin,ks,ks2,DES_DECRYPT);

 		if (memcmp(out,cipher_ecb2[i],8) != 0)
 			{
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
@@ -58,15 +58,13 @@

 #include "des_locl.h"

-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out,
 		      DES_key_schedule *ks1, DES_key_schedule *ks2,
 		      DES_key_schedule *ks3,
 	     int enc)
 	{
 	register DES_LONG l0,l1;
 	DES_LONG ll[2];
-	const unsigned char *in = &(*input)[0];
-	unsigned char *out = &(*output)[0];

 	c2l(in,l0);
 	c2l(in,l1);
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -60,7 +60,6 @@
 #include "des_ver.h"
 #include "spr.h"
 #include <openssl/opensslv.h>
-#include <openssl/bio.h>

 OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
 OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
@@ -98,8 +97,7 @@ const char *DES_options(void)
 			size="int";
 		else
 			size="long";
-		BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
-			     size);
+		sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
 		init=0;
 		}
 	return(buf);
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -47,7 +47,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -49,7 +49,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -153,19 +153,23 @@ dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
 dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 dsa_sign.o: ../cryptlib.h dsa_sign.c
 dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -80,6 +80,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>

+#ifndef OPENSSL_FIPS
 DSA *DSA_generate_parameters(int bits,
 		unsigned char *seed_in, int seed_len,
 		int *counter_ret, unsigned long *h_ret,
@@ -293,4 +294,6 @@ err:
 	if (mont != NULL) BN_MONT_CTX_free(mont);
 	return(ok?ret:NULL);
 	}
-#endif
+#endif /* ndef OPENSSL_FIPS */
+#endif /* ndef OPENSSL_NO_SHA */
+
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -65,6 +65,7 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>

+#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -346,3 +347,4 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
 {
 	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
+#endif
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -64,9 +64,17 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>

 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
+#ifdef OPENSSL_FIPS
+	if(FIPS_mode && !FIPS_dsa_check(dsa))
+		return NULL;
+#endif
 	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 	}

@@ -87,6 +95,10 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,

 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
+#ifdef OPENSSL_FIPS
+	if(FIPS_mode && !FIPS_dsa_check(dsa))
+		return 0;
+#endif
 	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}

--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -65,10 +65,18 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>

 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
+#ifdef OPENSSL_FIPS
+	if(FIPS_mode && !FIPS_dsa_check(dsa))
+		return -1;
+#endif
 	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
 	}

--- a/crypto/dso/Makefile.ssl
+++ b/crypto/dso/Makefile.ssl
@@ -49,7 +49,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -383,7 +383,7 @@ int DSO_set_filename(DSO *dso, const char *filename)
 		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
 		return(0);
 		}
-	BUF_strlcpy(copied, filename, strlen(filename) + 1);
+	strcpy(copied, filename);
 	if(dso->filename)
 		OPENSSL_free(dso->filename);
 	dso->filename = copied;
@@ -422,7 +422,7 @@ char *DSO_convert_filename(DSO *dso, const char *filename)
 					ERR_R_MALLOC_FAILURE);
 			return(NULL);
 			}
-		BUF_strlcpy(result, filename, strlen(filename) + 1);
+		strcpy(result, filename);
 		}
 	return(result);
 	}
--- a/crypto/ec/Makefile.ssl
+++ b/crypto/ec/Makefile.ssl
@@ -50,7 +50,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -896,7 +896,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
 		}
 	form = buf[0];
 	y_bit = form & 1;
-	form = form & ~1U;
+	form = form & ~1;
 	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
 		&& (form != POINT_CONVERSION_UNCOMPRESSED)
 		&& (form != POINT_CONVERSION_HYBRID))
--- a/crypto/engine/Makefile.ssl
+++ b/crypto/engine/Makefile.ssl
@@ -57,7 +57,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
@@ -160,19 +160,15 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
 	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
 		return strlen(e->cmd_defns[idx].cmd_name);
 	case ENGINE_CTRL_GET_NAME_FROM_CMD:
-		return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
-				    "%s", e->cmd_defns[idx].cmd_name);
+		return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
 	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
 		if(e->cmd_defns[idx].cmd_desc)
 			return strlen(e->cmd_defns[idx].cmd_desc);
 		return strlen(int_no_description);
 	case ENGINE_CTRL_GET_DESC_FROM_CMD:
 		if(e->cmd_defns[idx].cmd_desc)
-			return BIO_snprintf(s,
-					    strlen(e->cmd_defns[idx].cmd_desc) + 1,
-					    "%s", e->cmd_defns[idx].cmd_desc);
-		return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
-				    int_no_description);
+			return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
+		return sprintf(s, "%s", int_no_description);
 	case ENGINE_CTRL_GET_CMD_FLAGS:
 		return e->cmd_defns[idx].cmd_flags;
 		}
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
@@ -107,14 +107,14 @@ static int int_def_cb(const char *alg, int len, void *arg)
 	}


-int ENGINE_set_default_string(ENGINE *e, const char *def_list)
+int ENGINE_set_default_string(ENGINE *e, const char *list)
 	{
 	unsigned int flags = 0;
-	if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
+	if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags))
 		{
 		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
 					ENGINE_R_INVALID_STRING);
-		ERR_add_error_data(2, "str=",def_list);
+		ERR_add_error_data(2, "str=",list);
 		return 0;
 		}
 	return ENGINE_set_default(e, flags);
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -513,7 +513,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
 * structure will have had its reference count up'd so the caller
 * should still free their own reference 'e'. */
 int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *def_list);
+int ENGINE_set_default_string(ENGINE *e, const char *list);
 /* Same for the other "methods" */
 int ENGINE_set_default_DSA(ENGINE *e);
 int ENGINE_set_default_DH(ENGINE *e);
@@ -616,20 +616,17 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
 				const dynamic_fns *fns);
 #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
 	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-		if (ERR_get_implementation() != fns->err_fns) \
-			{ \
-			if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-				fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-				return 0; \
-			CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
-			CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
-			CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
-			CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
-			CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-			if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-				return 0; \
-			if(!ERR_set_implementation(fns->err_fns)) return 0; \
-			} \
+		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+			return 0; \
+		CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+		CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+		CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+		CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+		CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+			return 0; \
+		if(!ERR_set_implementation(fns->err_fns)) return 0; \
 		if(!fn(e,id)) return 0; \
 		return 1; }

--- a/crypto/engine/hw_cryptodev.c
+++ b/crypto/engine/hw_cryptodev.c
@@ -12,6 +12,9 @@
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
@@ -77,7 +80,7 @@ static int cryptodev_max_iv(int cipher);
 static int cryptodev_key_length_valid(int cipher, int len);
 static int cipher_nid_to_cryptodev(int nid);
 static int get_cryptodev_ciphers(const int **cnids);
-static int get_cryptodev_digests(const int **cnids);
+/*static int get_cryptodev_digests(const int **cnids);*/
 static int cryptodev_usable_ciphers(const int **nids);
 static int cryptodev_usable_digests(const int **nids);
 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -137,6 +140,7 @@ static struct {
 	{ 0,				NID_undef,		0,	 0, },
 };

+#if 0 /* UNUSED */
 static struct {
 	int	id;
 	int	nid;
@@ -149,6 +153,7 @@ static struct {
 	{ CRYPTO_SHA1,			NID_undef,		},
 	{ 0,				NID_undef,		},
 };
+#endif

 /*
 * Return a fd if /dev/crypto seems usable, 0 otherwise.
@@ -289,6 +294,7 @@ get_cryptodev_ciphers(const int **cnids)
 * returning them here is harmless, as long as we return NULL
 * when asked for a handler in the cryptodev_engine_digests routine
 */
+#if 0 /* UNUSED */
 static int
 get_cryptodev_digests(const int **cnids)
 {
@@ -318,6 +324,7 @@ get_cryptodev_digests(const int **cnids)
 		*cnids = NULL;
 	return (count);
 }
+#endif

 /*
 * Find the useable ciphers|digests from dev/crypto - this is the first
@@ -623,7 +630,7 @@ static int
 bn2crparam(const BIGNUM *a, struct crparam *crp)
 {
 	int i, j, k;
-	ssize_t words, bytes, bits;
+	ssize_t bytes, bits;
 	u_char *b;

 	crp->crp_p = NULL;
@@ -871,6 +878,7 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		goto err;
 	}

+	printf("bar\n");
 	memset(&kop, 0, sizeof kop);
 	kop.crk_op = CRK_DSA_SIGN;

@@ -1050,17 +1058,14 @@ ENGINE_load_cryptodev(void)

 	if (engine == NULL)
 		return;
-	if ((fd = get_dev_crypto()) < 0) {
-		ENGINE_free(engine);
+	if ((fd = get_dev_crypto()) < 0)
 		return;
-	}

 	/*
 	 * find out what asymmetric crypto algorithms we support
 	 */
 	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
 		close(fd);
-		ENGINE_free(engine);
 		return;
 	}
 	close(fd);
--- a/crypto/err/Makefile.ssl
+++ b/crypto/err/Makefile.ssl
@@ -47,7 +47,7 @@ files:
 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO

 links:
-	@sh $(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
@@ -94,22 +94,23 @@ err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
 err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
-err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+err_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+err_all.o: err_all.c
 err_prn.o: ../../e_os.h ../../include/openssl/bio.h
 err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ben Laurie	fdf12fd455	Change scary wording.	2003-10-22 11:28:25 +00:00
Ben Laurie	50c71f8701	Include extra libraries/flags.	2003-10-22 11:05:19 +00:00
Ben Laurie	f25b0dddbb	Another stupid diff.	2003-10-08 13:12:50 +00:00
Ben Laurie	871743aea9	FIPS depends on object, so crypto must be built before fips.	2003-10-08 10:18:02 +00:00
Ben Laurie	2821a5e587	Don't assume diff is any good.	2003-10-07 10:55:36 +00:00
Ben Laurie	739320b840	No test.	2003-10-05 22:22:15 +00:00
Ben Laurie	c9ee3ccd45	Fingerprinting needs to work even if OpenSSL isn't installed yet.	2003-10-04 14:11:45 +00:00
Richard Levitte	95a64aa4b8	Recent changes from 0.9.7-stable	2003-10-02 10:55:25 +00:00
Ben Laurie	80be2f484f	setkey is already defined on HP/UX.	2003-09-30 16:15:49 +00:00
Richard Levitte	cf54f06dcb	Make sure we get OPENSSL_FIPS.	2003-09-29 22:29:03 +00:00
Richard Levitte	5389c2dfa1	Recent changes from 0.9.7-stable	2003-09-29 19:02:26 +00:00
Richard Levitte	4e2307ebdc	Detect correctly that we're in FIPS mode. Don't run testfipsssl unless in FIPS mode.	2003-09-29 18:46:31 +00:00
Richard Levitte	64961dc3c5	Recent changes from 0.9.7-stable	2003-09-29 15:10:24 +00:00
Richard Levitte	ed2e0e3988	Synchronise util/libeay.num with the 0.9.7-stable one. Correct some depend targets in the fips directory tree. make update	2003-09-28 09:26:37 +00:00
Richard Levitte	7027553741	Recent changes from 0.9.7-stable	2003-09-28 09:07:11 +00:00
Ben Laurie	445aa1c44a	DSA self-test.	2003-09-27 20:07:17 +00:00
Ben Laurie	2343078660	Selftest RSA and some fixes.	2003-09-27 15:54:43 +00:00
Richard Levitte	2fe7c59277	Recent changes from 0.9.7-stable.	2003-09-27 10:13:11 +00:00
Ben Laurie	899ffab2c9	Make FIPS work again.	2003-09-25 20:04:40 +00:00
Ben Laurie	577332db14	Constification.	2003-09-25 20:01:57 +00:00
Richard Levitte	3b84ce3b6f	Use OPENSSL_FIPS instead of FIPS.	2003-09-25 12:24:52 +00:00
Richard Levitte	2667b068a1	Uhmm, o_str.o, not o_str.c...	2003-09-25 12:22:46 +00:00
Dr. Stephen Henson	a26be0386e	In order to get the expected self signed error when calling X509_verify_cert() in x509.c the cert should not be added to the trusted store.	2003-09-21 02:12:36 +00:00
Ben Laurie	d5adc4b475	Missing file.	2003-09-14 13:01:54 +00:00
Ben Laurie	fe2d15d814	Don't debug.	2003-09-13 20:41:53 +00:00
Ben Laurie	c45c8f3f1c	Make TLSv1 work in FIPS mode.	2003-09-13 17:03:54 +00:00
Ben Laurie	b09c9a91cb	Add a debug flag.	2003-09-13 16:57:56 +00:00
Ben Laurie	a2fd4d03e8	Temporarily remove FIPS test that doesn't work.	2003-09-13 13:36:13 +00:00
Ben Laurie	52fc641da0	Add RSA to FIPS.	2003-09-11 21:37:01 +00:00
Richard Levitte	f29f610bf5	make update	2003-09-10 09:15:22 +00:00
Richard Levitte	27d63818e1	Include "e_os.h" instead of "../e_os.h", and trust the building procedure to give the correct -I options to the compiler. This is especially true for test programs that appear in two places, with different paths to e_os.h depending on where they are built.	2003-09-10 09:15:09 +00:00
Richard Levitte	fa68935f57	Include openssl/fips.h outside of the check for FIPS, so make depend doesn't differ between FIPS and non-FIPS modes.	2003-09-10 09:06:01 +00:00
Richard Levitte	b2f94f81e1	We currently define FIPS, not OPENSSL_FIPS. The reason for this is (probably) that FIPS is an entirely internal macro, and is not accessible by third-party authors.	2003-09-10 09:05:06 +00:00
Dr. Stephen Henson	ad6eec30a3	Use BIO_snprintf() instead of snprintf(). Update hashes.	2003-09-10 00:44:53 +00:00
Dr. Stephen Henson	25c578f3ca	Typo.	2003-09-10 00:16:42 +00:00
Dr. Stephen Henson	22f083815c	Include e_os.h in a few cases (to pick up str(n)icmp defs). Disable a few tests if not FIPS.	2003-09-10 00:10:34 +00:00
Dr. Stephen Henson	c61e45fba0	Update hashes. Fix a few typos in o_str.c	2003-09-09 23:43:29 +00:00
Richard Levitte	7418027279	make update	2003-09-09 16:39:41 +00:00
Richard Levitte	d3446728f9	Move the FIPS check so make depend doesn't give different results depending on FIPS mode.	2003-09-09 16:38:16 +00:00
Richard Levitte	245dac4d17	Generalise the definition of strcasecmp() and strncasecmp() for platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately).	2003-09-09 14:48:52 +00:00
cvs2svn	c377882c39	This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips- 0_9_7-stable'.	2003-09-09 14:48:37 +00:00
Richard Levitte	c2cdb1a877	Test data files should not be part of the TEST value, or util/mk1mf.pl gets confused... The separate TESTDATA variable was inspired from crypto/evp/Makefile.ssl.	2003-09-09 09:10:45 +00:00
Dr. Stephen Henson	31b28f95be	Put #ifdef FIPS round FIPS DSA_generate_parameters . #if 0 unimplemented ciphers so mkdef.pl doesn't pick them up.	2003-09-08 17:01:48 +00:00
Richard Levitte	f61bc950c1	Recent changes from 0.9.7-stable.	2003-09-08 16:49:37 +00:00
Richard Levitte	64a014a6d2	Make it builadable in non-FIPS mode. The current solution is very Unix-bound, and there is probably a better way to do this.	2003-09-08 16:43:55 +00:00
Dr. Stephen Henson	a86eff4296	included <string.h> in fips.c to pick up memcmp definition. update fips_make_sha1 to use fips_err.h update hashes.	2003-09-08 12:49:08 +00:00
Dr. Stephen Henson	4c4ef336a9	Update dependencies.	2003-09-08 12:39:13 +00:00
Richard Levitte	1ce9c76f8e	More files to ignore.	2003-09-08 11:37:31 +00:00
Richard Levitte	19c8d4a5f8	Ignore the directory rsp (introduced when running tests).	2003-09-08 11:36:32 +00:00
Richard Levitte	e7d580a924	Some more files to ignore.	2003-09-08 11:35:23 +00:00
Richard Levitte	1f8e046af9	Since fips_err is really just used as a header by fips_err_wrapper.c, let's change it's suffix from .c to .h. This also avoids some otherwise very mysterious (and probably sensible from a historical point of view :-)) name changes done by mk1mf.pl.	2003-09-08 11:33:07 +00:00
Richard Levitte	7e1ef2d62a	When building the FIPS test binaries, also build the corresponding fingerprints.	2003-09-08 10:00:23 +00:00
Richard Levitte	ccf61c87fe	Remove some unneeded space.	2003-09-08 09:59:43 +00:00
Richard Levitte	6d02c53762	Use $(TOP) instead of ../.. as much as possible.	2003-09-08 09:59:11 +00:00
Richard Levitte	dac0d334ad	Because of changes in Makefile.ssl, the files got reordered.	2003-09-08 09:57:57 +00:00
Richard Levitte	f63ff4a1a3	Produce libcrypto.sha1 directly after building the libraries. Otherwise, the test target will fail because libcrypto.sha1 is missing or not up to date.	2003-09-08 09:57:27 +00:00
Richard Levitte	9ef37a8dc9	make update.	2003-09-08 09:17:36 +00:00
Richard Levitte	fbb40083c1	fips_err.c doesn't belong with the headers.	2003-09-08 09:17:13 +00:00
Richard Levitte	549d89f7ed	Include all the fips directories.	2003-09-08 09:16:39 +00:00
Richard Levitte	5db9e7bec8	Handle the "fips" option.	2003-09-08 09:16:17 +00:00
Ben Laurie	104f570c73	Missing file.	2003-09-07 11:13:54 +00:00
Ben Laurie	e1015c1fe7	Samples.	2003-09-07 10:59:34 +00:00
Ben Laurie	97e62d5554	Add samples.	2003-09-07 10:53:13 +00:00
Dr. Stephen Henson	9aca5b2259	Fix signed/unsigned warning.	2003-09-06 16:57:16 +00:00
Ben Laurie	b8b47f67d0	Add fingerprint chain and checking.	2003-09-06 13:31:40 +00:00
Ben Laurie	b5da126b21	Make the problem clearer.	2003-09-06 10:41:27 +00:00
Richard Levitte	a7d64957b9	Include e_os.h to get the proper definition of OPENSSL_UNISTD, and use that macro. It's possible that OPENSSL_UNISTD_IO should be used instead of OPENSSL_UNISTD, for the MSDOS case...	2003-09-05 14:09:40 +00:00
Richard Levitte	f743ef233a	make update	2003-09-05 13:41:04 +00:00
Richard Levitte	79176d6053	ALWAYS check the standalone source. make update.	2003-09-05 13:37:28 +00:00
Richard Levitte	e726e5f170	Make sure the compilation of the FIPS stuff goes through even in non-FIPS mode. Update the appropriate fingerprints accordingly. (something is weird, someone else was working on the same stuff, and removed fips_sha1_selftest.c from fips/sha1/standalone.sha1...)	2003-09-05 13:26:52 +00:00
Dr. Stephen Henson	c1a32376db	Fix signed/unsigned warnings and C++ comments. Update hashes	2003-09-05 13:00:34 +00:00
Richard Levitte	6b211d8cd2	Include string.h and stdlib.h where needed, to avoid warnings about strlen(), memcmp(), exit() and others to be used without a proper declaration. Update the appropriate fingerprints accordingly.	2003-09-05 12:22:21 +00:00
Ben Laurie	f3bda010df	Missing files.	2003-09-04 16:46:42 +00:00
Ben Laurie	4ccac96346	Automagically seed FIPS PRNG. Add OPENSSL_FIPS flag.	2003-09-04 10:22:13 +00:00
Ben Laurie	4ef3352608	-DFIPS may be the last thing on the line.	2003-09-04 09:04:24 +00:00
Ben Laurie	1f1bd3a51a	Selftests.	2003-09-04 07:17:43 +00:00
Ben Laurie	b2293a6cc6	DSA stuff and tests.	2003-09-03 14:11:33 +00:00
Ben Laurie	766332ac11	More test vectors.	2003-08-31 09:50:11 +00:00
Ben Laurie	51f7c5a6ea	Add test.	2003-08-31 08:52:39 +00:00
Ben Laurie	fc0376e257	Handle 3DES tests.	2003-08-30 17:28:08 +00:00
Ben Laurie	51c568b309	Add 3-DES CFB-r mode (no test vectors yet).	2003-08-30 15:50:26 +00:00
Ben Laurie	2b3784c235	Updated test vectors (probably incorrect, but who am I to question?).	2003-08-30 15:35:37 +00:00
Ben Laurie	2e9f3c4636	Oops. Need to allocate extra buffer.	2003-08-30 14:49:08 +00:00
Ben Laurie	aac3861773	Build the test program when needed.	2003-08-30 13:19:03 +00:00
Ben Laurie	e0162fa745	Remove unused functions/data.	2003-08-29 18:58:03 +00:00
Richard Levitte	a8e3195083	Undo the change that left LD_LIBRARY_PATH unchanged. The errors I saw weren't due to that, but to a change on the SCO machines I used for testing, where my $PATH was suddenly incorrect.	2003-08-14 07:02:27 +00:00
Richard Levitte	4435349cc6	Make sure the order matches the command line in Makefile.ssl.	2003-08-11 10:31:21 +00:00
Richard Levitte	ec47bb7c81	- Add a configuration keyword "fips" to compile with FIPS implementations. - Reorder the build so the standalone FIPS SHA1 checker is built first. - Add necessary defines to avoid symbol clashes between FIPS and non-FIPS implementations. - Change necessary signatures. - Correct bugs in FIPS build Makefiles. - make update	2003-08-11 10:24:52 +00:00
cvs2svn	bf50d5b4ac	This commit was manufactured by cvs2svn to create branch 'OpenSSL-fips- 0_9_7-stable'.	2003-08-08 10:08:15 +00:00