Fix selftest.

Recent changes from 0.9.7-stable.
Final(?) version of test suite.
2004-05-06 15:36:28 +00:00 · 2004-05-06 09:54:50 +00:00 · 2004-04-30 09:14:48 +00:00 · 2004-04-29 19:10:52 +00:00 · 2004-04-28 10:20:21 +00:00 · 2004-04-28 10:20:03 +00:00
727 changed files with 248690 additions and 4438 deletions
--- a/15
+++ b/15
@@ -2,20 +2,7 @@
 OpenSSL CHANGES
 _______________

- Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
-
-  *) Avoid a race condition when CRLs are checked in a multi threaded 
-     environment. This would happen due to the reordering of the revoked
-     entries during signature checking and serial number lookup. Now the
-     encoding is cached and the serial number sort performed under a lock.
-     Add new STACK function sk_is_sorted().
-     [Steve Henson]
-
-  *) Add Delta CRL to the extension code.
-     [Steve Henson]
-
-  *) Various fixes to s3_pkt.c so alerts are sent properly.
-     [David Holmes <d.holmes@f5.com>]
+ Changes between 0.9.7d and 0.9.7e  [XX xxx XXXX]

  *) Reduce the chances of duplicate issuer name and serial numbers (in
     violation of RFC3280) using the OpenSSL certificate creation utilities.
--- a/27
+++ b/27
@@ -144,7 +144,7 @@ my %table=(
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -156,12 +156,6 @@ my %table=(
 "gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
 "cc",		"cc:-O::(unknown)::::::",

-####VOS Configurations
-"vos-gcc","gcc:-b hppa1.1-stratus-vos -O3 -Wall -Wuninitialized -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:",
-"debug-vos-gcc","gcc:-b hppa1.1-stratus-vos -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:::::::::::::.so:",
-"vos-vcc","vcc:-b i386-stratus-vos -O3 -D_POSIX_C_SOURCE=200112L -D_BSD::(unknown):VOS:-Wl,-map::::::::::::::.so:",
-"debug-vos-vcc","vcc:-b i386-stratus-vos -O0 -g -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map::::::::::::::.so:",
-
 #### Solaris x86 with GNU C setups
 # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
 # here because whenever GNU C instantiates an assembler template it
@@ -389,7 +383,7 @@ my %table=(
 "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -422,7 +416,7 @@ my %table=(
 "qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",

 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # SCO/Caldera targets.
 #
@@ -650,6 +644,10 @@ my $no_sha=0;
 my $no_rsa=0;
 my $no_dh=0;

+$default_ranlib= &which("ranlib") or $default_ranlib="true";
+$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
+  or $perl="perl";
+
 &usage if ($#ARGV < 0);

 my $flags;
@@ -938,14 +936,9 @@ my $IsWindows=scalar grep /^$target$/,@WinTargets;

 $exe_ext=".exe" if ($target eq "Cygwin");
 $exe_ext=".exe" if ($target eq "DJGPP");
-$exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";

-$default_ranlib= &which("ranlib") or $default_ranlib="true";
-$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
-  or $perl="perl";
-
 chop $openssldir if $openssldir =~ /\/$/;
 chop $prefix if $prefix =~ /\/$/;

@@ -1606,10 +1599,10 @@ sub which
 	my $path;
 	foreach $path (split /:/, $ENV{PATH})
 		{
-		if (-f "$path/$name$exe_ext" and -x _)
+		if (-f "$path/$name" and -x _)
 			{
-			return "$path/$name$exe_ext" unless ($name eq "perl" and
-			 system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
+			return "$path/$name" unless ($name eq "perl" and
+			 system("$path/$name -e " . '\'exit($]<5.0);\''));
 			}
 		}
 	}
--- a/30
+++ b/30
@@ -52,7 +52,6 @@ OpenSSL  -  Frequently Asked Questions
 * Is OpenSSL thread-safe?
 * I've compiled a program under Windows and it crashes: why?
 * How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
 * I've called <some function> and it fails, why?
 * I just get a load of numbers for the error output, what do they mean?
@@ -61,7 +60,6 @@ OpenSSL  -  Frequently Asked Questions
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 * Why doesn't my server application receive a client certificate?
 * Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?

 ===============================================================================

@@ -70,7 +68,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?

 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7e was released on October 25, 2004.
+OpenSSL 0.9.7d was released on March 17, 2004.

 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -685,20 +683,6 @@ and attempts to free the buffer will have unpredictable results
 because it no longer points to the same address.


-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-
-The short answer is yes, because DER is a special case of BER and OpenSSL
-ASN1 decoders can process BER.
-
-The longer answer is that ASN1 structures can be encoded in a number of
-different ways. One set of ways is the Basic Encoding Rules (BER) with various
-permissible encodings. A restriction of BER is the Distinguished Encoding
-Rules (DER): these uniquely specify how a given structure is encoded.
-
-Therefore, because DER is a special case of BER, DER is an acceptable encoding
-for BER.
-
-
 * I've tried using <M_some_evil_pkcs12_macro> and I get errors why?

 This usually happens when you try compiling something using the PKCS#12
@@ -781,17 +765,5 @@ The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
 Change your code to use the new name when compiling against OpenSSL 0.9.7.


-* I think I've detected a memory leak, is this a bug?
-
-In most cases the cause of an apparent memory leak is an OpenSSL internal table
-that is allocated when an application starts up. Since such tables do not grow
-in size over time they are harmless.
-
-These internal tables can be freed up when an application closes using various
-functions.  Currently these include: EVP_cleanup(), ERR_remove_state(),
-ERR_free_strings(), ENGINE_cleanup(), CONF_modules_unload() and
-CRYPTO_cleanup_all_ex_data().
-
-
 ===============================================================================

--- a/Makefile.org
+++ b/Makefile.org
@@ -186,7 +186,7 @@ SDIRS=  objects \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

-FDIRS=	sha1 rand des aes dsa rsa dh
+FDIRS=	sha1 rand des aes dsa rsa

 # tests to perform.  "alltests" is a special word indicating that all tests
 # should be performed.
@@ -205,7 +205,7 @@ ONEDIRS=out tmp
 EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
 WDIRS=  windows
 LIBS=   libcrypto.a libssl.a
-SIGS=	libcrypto.a.sha1
+SIGS=	libcrypto.sha1
 SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
 SHARED_SSL=libssl$(SHLIB_EXT)
 SHARED_LIBS=
@@ -226,10 +226,10 @@ HEADER=         e_os.h
 all: Makefile sub_all openssl.pc

 sigs:	$(SIGS)
-libcrypto.a.sha1: libcrypto.a
+libcrypto.sha1: libcrypto.a
 	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		$(RANLIB) libcrypto.a; \
-		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
+		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.sha1; \
 	fi

 sub_all:
@@ -414,7 +414,6 @@ do_solaris-shared:
 		  set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \
 			-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-			-Wl,-Bsymbolic \
 			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
 			$$libs ${EX_LIBS} -lc ) || exit 1; \
 		libs="-l$$i $$libs"; \
@@ -679,7 +678,7 @@ dclean:

 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
 		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
@@ -725,8 +724,13 @@ lint:
 	done;

 tags:
-	rm -f TAGS
-	find . -name '[^.]*.[ch]' | xargs etags -a
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making tags $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+	fi; \
+	done;

 errors:
 	$(PERL) util/mkerr.pl -recurse -write
@@ -746,14 +750,11 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
 crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h

-apps/openssl-vms.cnf: apps/openssl.cnf
-	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

-update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE

 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
@@ -790,9 +791,7 @@ dist:
 dist_pem_h:
 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)

-install: all install_docs install_sw
-
-install_sw:
+install: all install_docs
 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
 		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
@@ -817,9 +816,7 @@ install_sw:
 		if [ -f "$$i" ]; then \
 		(       echo installing $$i; \
 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-			if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-				: ; \
-			else \
+			if ! egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 				$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
 			fi; \
 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
--- a/7
+++ b/7
@@ -5,17 +5,12 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
-
-      o Fix race condition in CRL checking code.
-      o Fixes to PKCS#7 (S/MIME) code.
-
  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:

      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
      o Security: Fix null-pointer assignment in do_change_cipher_spec()
      o Allow multiple active certificates with same subject in CA index
-      o Multiple X509 verification fixes
+      o Multiple X590 verification fixes
      o Speed up HMAC and other operations

  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
--- a/16
+++ b/16
@@ -1,5 +1,5 @@

- OpenSSL 0.9.7e 25 Oct 2004
+ OpenSSL 0.9.7d 17 Mar 2004

 Copyright (c) 1998-2004 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -173,17 +173,11 @@
 textual explanation of what your patch does.

 Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
- please take some time to look at
-    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and
-    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
- for the details. If "your encryption source code is too large to serve as
- an email attachment", they are glad to receive it by fax instead; hope you
- have a cheap long-distance plan.
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
+ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).

- Our preferred format for changes is "diff -u" output. You might
+ The preferred format for changes is "diff -u" output. You might
 generate it like this:

 # cd openssl-work
--- a/2
+++ b/2
@@ -1,6 +1,6 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2004/03/17 12:01:16 $
+  ______________                           $Date: 2004/03/23 15:00:59 $

  DEVELOPMENT STATE

--- a/114
+++ b/114
@@ -1818,10 +1818,10 @@ $rc4_obj      = asm/rx86-elf.o
 $rmd160_obj   = asm/rm86-elf.o
 $rc5_obj      = asm/r586-elf.o
 $dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
+$shared_target= 
+$shared_cflag = 
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = 
 $ranlib       = 
 $arflags      = 

@@ -2002,12 +2002,12 @@ $arflags      =

 *** debug-steve
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = -ldl
-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$lflags       = -rdynamic -ldl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
 $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
 $bf_obj       = asm/bx86-elf.o
@@ -2075,56 +2075,6 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 

-*** debug-vos-gcc
-$cc           = gcc
-$cflags       = -b hppa1.1-stratus-vos -O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = BN_LLONG
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** debug-vos-vcc
-$cc           = vcc
-$cflags       = -b i386-stratus-vos -O0 -g -D_POSIX_C_SOURCE=200112L -D_BSD -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** dgux-R3-gcc
 $cc           = gcc
 $cflags       = -O3 -fomit-frame-pointer
@@ -3081,7 +3031,7 @@ $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
-$lflags       = -ldl
+$lflags       = 
 $bn_ops       = BN_LLONG
 $bn_obj       = 
 $des_obj      = 
@@ -4350,56 +4300,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 

-*** vos-gcc
-$cc           = gcc
-$cflags       = -b hppa1.1-stratus-vos -O3 -Wall -Wuninitialized -D_POSIX_C_SOURCE=200112L -D_BSD
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = BN_LLONG
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** vos-vcc
-$cc           = vcc
-$cflags       = -b i386-stratus-vos -O3 -D_POSIX_C_SOURCE=200112L -D_BSD
-$unistd       = 
-$thread_cflag = (unknown)
-$sys_id       = VOS
-$lflags       = -Wl,-map
-$bn_ops       = 
-$bn_obj       = 
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = 
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = .so
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
 *** vxworks-mipsle
 $cc           = ccmips
 $cflags       = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I$(WIND_BASE)/target/h
--- a/VMS/VMSify-conf.pl
+++ b/VMS/VMSify-conf.pl
@@ -1,34 +0,0 @@
-#! /usr/bin/perl
-
-use strict;
-use warnings;
-
-my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
-my @file_vars = ( "database", "certificate", "serial", "crlnumber",
-		  "crl", "private_key", "RANDFILE" );
-while(<STDIN>) {
-    chomp;
-    foreach my $d (@directory_vars) {
-	if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1sys\\\$disk:\[.$2$3";
-	} elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1sys\\\$disk:\[.$2$3";
-	}
-	s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
-	while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
-	    $_ = "$1.$3]$4";
-	}
-    }
-    foreach my $f (@file_vars) {
-	s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
-	while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1.$3$4";
-	}
-	if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
-	    $_ = "$1]$3.$4";
-	} elsif  (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
-	    $_ = "$1]$3$4";
-	}
-   }
-    print $_,"\n";
-}
--- a/VMS/mkshared.com
+++ b/VMS/mkshared.com
@@ -266,14 +266,6 @@ $             falsesum = falsesum + 1
 $         endif
 $         if plat_entry .eqs. "VMS" then truesum = truesum + 1
 $         if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1
-$         if f$trnlnm("OPENSSL_FIPS") .nes. ""
-$         then
-$           if plat_entry .eqs. "OPENSSL_FIPS" then truesum = truesum + 1
-$           if plat_entry .eqs. "!OPENSSL_FIPS" then falsesum = falsesum + 1
-$         else
-$           if plat_entry .eqs. "OPENSSL_FIPS" then falsesum = falsesum + 1
-$           if plat_entry .eqs. "!OPENSSL_FIPS" then truesum = truesum + 1
-$         endif
 $	  goto loop1
 $       endif
 $     endloop1:
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@@ -3,4 +3,3 @@ Makefile.save
 der_chop
 der_chop.bak
 CA.pl
-openssl.sha1
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -44,7 +44,7 @@ E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
 	ca crl rsa rsautl dsa dsaparam \
 	x509 genrsa gendsa s_server s_client speed \
 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-	pkcs8 spkac smime rand engine ocsp prime
+	pkcs8 spkac smime rand engine ocsp

 PROGS= $(PROGRAM).c

@@ -60,14 +60,14 @@ E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
 	rsa.o rsautl.o dsa.o dsaparam.o \
 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o prime.o
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o

 E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
 	rsa.c rsautl.c dsa.c dsaparam.c \
 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c prime.c
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c

 SRC=$(E_SRC)

@@ -83,7 +83,7 @@ top:

 all:	exe

-exe:	$(EXE)
+exe:	$(PROGRAM)

 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 	LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
@@ -141,18 +141,16 @@ $(DLIBSSL):
 $(DLIBCRYPTO):
 	(cd ..; $(MAKE) DIRS=crypto all)

-$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(EXE)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
 	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
-	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
 	else \
 	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
-	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-		TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
-	fi
-	-(cd ..; OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \
+	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(PROGRAM)
+	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
 		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
 		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
@@ -752,28 +750,6 @@ pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
 pkcs8.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
 pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
-prime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-prime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-prime.o: ../include/openssl/cast.h ../include/openssl/conf.h
-prime.o: ../include/openssl/crypto.h ../include/openssl/des.h
-prime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-prime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-prime.o: ../include/openssl/engine.h ../include/openssl/err.h
-prime.o: ../include/openssl/evp.h ../include/openssl/idea.h
-prime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-prime.o: ../include/openssl/md4.h ../include/openssl/md5.h
-prime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-prime.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-prime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-prime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-prime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-prime.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c
 rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -148,11 +148,9 @@ int WIN32_rename(char *oldname,char *newname);
 #ifndef NON_MAIN
 CONF *config=NULL;
 BIO *bio_err=NULL;
-int in_FIPS_mode=0;
 #else
 extern CONF *config;
 extern BIO *bio_err;
-extern int in_FIPS_mode;
 #endif

 #else
@@ -161,7 +159,6 @@ extern int in_FIPS_mode;
 extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
-extern int in_FIPS_mode;

 #endif

--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -278,7 +278,6 @@ bad:
 		tmplen=num;
 		for (i=0; i<sk_num(osk); i++)
 			{
-			int typ;
 			ASN1_TYPE *atmp;
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
@@ -297,15 +296,6 @@ bad:
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-			typ = ASN1_TYPE_get(at);
-			if ((typ == V_ASN1_OBJECT)
-				|| (typ == V_ASN1_NULL))
-				{
-				BIO_printf(bio_err, "Can't parse %s type\n",
-					typ == V_ASN1_NULL ? "NULL" : "OBJECT");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
 			/* hmm... this is a little evil but it works */
 			tmpbuf=at->value.asn1_string->data;
 			tmplen=at->value.asn1_string->length;
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -538,6 +538,10 @@ bad:

 	ERR_load_crypto_strings();

+#ifndef OPENSSL_NO_ENGINE
+	e = setup_engine(bio_err, engine, 0);
+#endif
+
 	/*****************************************************************/
 	tofree=NULL;
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
@@ -582,10 +586,6 @@ bad:
 	if (!load_config(bio_err, conf))
 		goto err;

-#ifndef OPENSSL_NO_ENGINE
-	e = setup_engine(bio_err, engine, 0);
-#endif
-
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -330,13 +330,7 @@ int MAIN(int argc, char **argv)
 	}

 	/* we use md as a filter, reading from 'in' */
-	if (!BIO_set_md(bmd,md))
-		{
-		BIO_printf(bio_err, "Error setting digest %s\n", pname);
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-		
+	BIO_set_md(bmd,md);
 	inp=BIO_push(bmd,in);

 	if (argc == 0)
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -114,7 +114,6 @@ int MAIN(int argc, char **argv)
 	unsigned char salt[PKCS5_SALT_LEN];
 	char *str=NULL, *passarg = NULL, *pass = NULL;
 	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
-	char *md=NULL;
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0,nosalt=0;
 	const EVP_CIPHER *cipher=NULL,*c;
@@ -125,7 +124,6 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 	char *engine = NULL;
 #endif
-	const EVP_MD *dgst=NULL;

 	apps_startup();

@@ -255,11 +253,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			hiv= *(++argv);
 			}
-		else if (strcmp(*argv,"-md") == 0)
-			{
-			if (--argc < 1) goto bad;
-			md= *(++argv);
-			}
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
@@ -278,10 +271,8 @@ bad:
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
-			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
-			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
-			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
-			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
+			BIO_printf(bio_err,"%-14s key is the next argument\n","-k");
+			BIO_printf(bio_err,"%-14s key is the first line of the file argument\n","-kfile");
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
@@ -305,20 +296,6 @@ bad:
        e = setup_engine(bio_err, engine, 0);
 #endif

-	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
-		{
-		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
-		goto end;
-		}
-
-	if (dgst == NULL)
-		{
-		if (in_FIPS_mode)
-			dgst = EVP_sha1();
-		else
-			dgst = EVP_md5();
-		}
-
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -506,7 +483,7 @@ bad:
 				sptr = salt;
 			}

-			EVP_BytesToKey(cipher,dgst,sptr,
+			EVP_BytesToKey(cipher,EVP_md5(),sptr,
 				(unsigned char *)str,
 				strlen(str),1,key,iv);
 			/* zero the complete buffer or the string
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@@ -142,13 +142,13 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
 	      "RSA;RSAUTL;DSA;DSAPARAM;"+-
 	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
 	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
-	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME"
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
 $ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
 	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
 	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,-
 	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
 	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
-	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ,PRIME.OBJ
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
     TCPIP_PROGRAMS = ",OPENSSL,"
@@ -679,7 +679,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
@@ -711,7 +711,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -743,7 +743,7 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -3,13 +3,8 @@
 # This is mostly being used for generation of certificate requests.
 #

-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file		= $ENV::HOME/.oid
+oid_file		= $ENV::HOME/.oid
 oid_section		= new_oids

 # To use this configuration file with the "-extfile" option of the
@@ -34,35 +29,22 @@ default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]

-dir		= sys\$disk:[.demoCA		# Where everything is kept
+dir		= sys\$disk:[.demoCA	# Where everything is kept
 certs		= $dir.certs]		# Where the issued certs are kept
 crl_dir		= $dir.crl]		# Where the issued crl are kept
 database	= $dir]index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
-new_certs_dir	= $dir.newcerts]		# default place for new certs.
+new_certs_dir	= $dir.newcerts]	# default place for new certs.

 certificate	= $dir]cacert.pem 	# The CA certificate
-serial		= $dir]serial. 		# The current serial number
-#crlnumber	= $dir]crlnumber.	# the current crl number must be
-					# commented out to leave a V1 CRL
+serial		= $dir]serial.		# The current serial number
 crl		= $dir]crl.pem 		# The current CRL
 private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file

 x509_extensions	= usr_cert		# The extentions to add to the cert

-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
 # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
 # so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext

 default_days	= 365			# how long to certify for
@@ -104,19 +86,16 @@ distinguished_name	= req_distinguished_name
 attributes		= req_attributes
 x509_extensions	= v3_ca	# The extentions to add to the self signed cert

-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
+# This sets the permitted types in a DirectoryString. There are several
+# options. 
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString.
 # utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# nobmp : PrintableString, T61String (no BMPStrings).
 # MASK:XXXX a literal mask value.
 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
 # so use this option with caution!
-string_mask = nombstr
+dirstring_type = nobmp

 # req_extensions = v3_req # The extensions to add to a certificate request

@@ -145,7 +124,7 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64

 emailAddress			= Email Address
-emailAddress_max		= 64
+emailAddress_max		= 40

 # SET-ex3			= SET extension number 3

@@ -193,9 +172,6 @@ authorityKeyIdentifier=keyid,issuer:always
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
 # subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move

 # Copy subject details
 # issuerAltName=issuer:copy
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -148,7 +148,6 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
-int in_FIPS_mode=0;
 #endif


@@ -229,12 +228,10 @@ int main(int Argc, char *Argv[])
 	char **argv,*p;
 	LHASH *prog=NULL;
 	long errline;
-
+ 
 	arg.data=NULL;
 	arg.count=0;

-	in_FIPS_mode = 0;
-
 #ifdef OPENSSL_FIPS
 	if(getenv("OPENSSL_FIPS")) {
 #if defined(_WIN32)
@@ -245,11 +242,10 @@ int main(int Argc, char *Argv[])
 		p = Argv[0];
 #endif
 		if (!FIPS_mode_set(1,p)) {
-			ERR_load_crypto_strings();
-			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-			exit(1);
-		}
-		in_FIPS_mode = 1;
+		ERR_load_crypto_strings();
+		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+		exit(1);
+			}
 		if (getenv("OPENSSL_FIPS_MD5"))
 			FIPS_allow_md5(1);
 		}
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -44,8 +44,8 @@ new_certs_dir	= $dir/newcerts		# default place for new certs.

 certificate	= $dir/cacert.pem 	# The CA certificate
 serial		= $dir/serial 		# The current serial number
-#crlnumber	= $dir/crlnumber	# the current crl number must be
-					# commented out to leave a V1 CRL
+#crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -1,6 +1,6 @@
 /* pkcs8.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999-2004.
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -68,7 +68,7 @@
 int MAIN(int, char **);

 int MAIN(int argc, char **argv)
-	{
+{
 	ENGINE *e = NULL;
 	char **args, *infile = NULL, *outfile = NULL;
 	char *passargin = NULL, *passargout = NULL;
@@ -100,70 +100,43 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp(*args,"-v2"))
-			{
-			if (args[1])
-				{
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp(*args,"-v2")) {
+			if (args[1]) {
 				args++;
 				cipher=EVP_get_cipherbyname(*args);
-				if (!cipher)
-					{
+				if(!cipher) {
 					BIO_printf(bio_err,
 						 "Unknown cipher %s\n", *args);
 					badarg = 1;
-					}
 				}
-			else
-				badarg = 1;
-			}
-		else if (!strcmp(*args,"-v1"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-v1")) {
+			if (args[1]) {
 				args++;
 				pbe_nid=OBJ_txt2nid(*args);
-				if (pbe_nid == NID_undef)
-					{
+				if(pbe_nid == NID_undef) {
 					BIO_printf(bio_err,
 						 "Unknown PBE algorithm %s\n", *args);
 					badarg = 1;
-					}
 				}
-			else
-				badarg = 1;
-			}
-		else if (!strcmp(*args,"-inform"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-inform")) {
+			if (args[1]) {
 				args++;
 				informat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args,"-outform"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-outform")) {
+			if (args[1]) {
 				args++;
 				outformat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-topk8"))
-			topk8 = 1;
-		else if (!strcmp (*args, "-noiter"))
-			iter = 1;
-		else if (!strcmp (*args, "-nocrypt"))
-			nocrypt = 1;
-		else if (!strcmp (*args, "-nooct"))
-			p8_broken = PKCS8_NO_OCTET;
-		else if (!strcmp (*args, "-nsdb"))
-			p8_broken = PKCS8_NS_DB;
-		else if (!strcmp (*args, "-embed"))
-			p8_broken = PKCS8_EMBEDDED_PARAM;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
+		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
+		else if (!strcmp (*args, "-nsdb")) p8_broken = PKCS8_NS_DB;
+		else if (!strcmp (*args, "-embed")) p8_broken = PKCS8_EMBEDDED_PARAM;
 		else if (!strcmp(*args,"-passin"))
 			{
 			if (!args[1]) goto bad;
@@ -181,30 +154,21 @@ int MAIN(int argc, char **argv)
 			engine= *(++args);
 			}
 #endif
-		else if (!strcmp (*args, "-in"))
-			{
-			if (args[1])
-				{
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
 				args++;
 				infile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (args[1])
-				{
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
 				args++;
 				outfile = *args;
-				}
-			else badarg = 1;
-			}
-		else badarg = 1;
+			} else badarg = 1;
+		} else badarg = 1;
 		args++;
-		}
+	}

-	if (badarg)
-		{
+	if (badarg) {
 		bad:
 		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
 		BIO_printf(bio_err, "where options are\n");
@@ -225,199 +189,147 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-		return 1;
-		}
+		return (1);
+	}

 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
-		{
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
 		BIO_printf(bio_err, "Error getting passwords\n");
-		return 1;
-		}
+		return (1);
+	}

-	if ((pbe_nid == -1) && !cipher)
-		pbe_nid = NID_pbeWithMD5AndDES_CBC;
+	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;

-	if (infile)
-		{
-		if (!(in = BIO_new_file(infile, "rb")))
-			{
+	if (infile) {
+		if (!(in = BIO_new_file(infile, "rb"))) {
 			BIO_printf(bio_err,
 				 "Can't open input file %s\n", infile);
 			return (1);
-			}
 		}
-	else
-		in = BIO_new_fp (stdin, BIO_NOCLOSE);
+	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);

-	if (outfile)
-		{
-		if (!(out = BIO_new_file (outfile, "wb")))
-			{
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "wb"))) {
 			BIO_printf(bio_err,
 				 "Can't open output file %s\n", outfile);
 			return (1);
-			}
 		}
-	else
-		{
+	} else {
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
-			{
+		{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
-			}
-#endif
 		}
+#endif
+	}
 	if (topk8)
 		{
 		BIO_free(in); /* Not needed in this section */
 		pkey = load_key(bio_err, infile, informat, 1,
 			passin, e, "key");
-		if (!pkey)
-			{
-			BIO_free_all(out);
-			return 1;
-			}
-		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
-			{
+		if (!pkey) {
+			return (1);
+		}
+		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
 			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
-			EVP_PKEY_free(pkey);
-			BIO_free_all(out);
-			return 1;
-			}
-		if (nocrypt)
-			{
-			if (outformat == FORMAT_PEM) 
+			return (1);
+		}
+		if(nocrypt) {
+			if(outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
-			else if (outformat == FORMAT_ASN1)
+			else if(outformat == FORMAT_ASN1)
 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-			else
-				{
+			else {
 				BIO_printf(bio_err, "Bad format specified for key\n");
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
 				return (1);
-				}
 			}
-		else
-			{
-			if (passout)
-				p8pass = passout;
-			else
-				{
+		} else {
+			if(passout) p8pass = passout;
+			else {
 				p8pass = pass;
 				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
-					{
-					PKCS8_PRIV_KEY_INFO_free(p8inf);
-					EVP_PKEY_free(pkey);
-					BIO_free_all(out);
 					return (1);
-					}
-				}
+			}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
-					NULL, 0, iter, p8inf)))
-				{
+					NULL, 0, iter, p8inf))) {
 				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
 				return (1);
-				}
-			app_RAND_write_file(NULL, bio_err);
-			if (outformat == FORMAT_PEM) 
-				PEM_write_bio_PKCS8(out, p8);
-			else if (outformat == FORMAT_ASN1)
-				i2d_PKCS8_bio(out, p8);
-			else
-				{
-				BIO_printf(bio_err, "Bad format specified for key\n");
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				EVP_PKEY_free(pkey);
-				BIO_free_all(out);
-				return (1);
-				}
-			X509_SIG_free(p8);
 			}
-
+			app_RAND_write_file(NULL, bio_err);
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8(out, p8);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_bio(out, p8);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+			X509_SIG_free(p8);
+		}
 		PKCS8_PRIV_KEY_INFO_free (p8inf);
 		EVP_PKEY_free(pkey);
 		BIO_free_all(out);
-		if (passin)
-			OPENSSL_free(passin);
-		if (passout)
-			OPENSSL_free(passout);
+		if(passin) OPENSSL_free(passin);
+		if(passout) OPENSSL_free(passout);
 		return (0);
-		}
+	}

-	if (nocrypt)
-		{
-		if (informat == FORMAT_PEM) 
+	if(nocrypt) {
+		if(informat == FORMAT_PEM) 
 			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
-		else if (informat == FORMAT_ASN1)
+		else if(informat == FORMAT_ASN1)
 			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-		else
-			{
+		else {
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-			}
 		}
-	else
-		{
-		if (informat == FORMAT_PEM) 
+	} else {
+		if(informat == FORMAT_PEM) 
 			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1)
+		else if(informat == FORMAT_ASN1)
 			p8 = d2i_PKCS8_bio(in, NULL);
-		else
-			{
+		else {
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-			}
+		}

-		if (!p8)
-			{
+		if (!p8) {
 			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			return (1);
-			}
-		if (passin)
-			p8pass = passin;
-		else
-			{
+		}
+		if(passin) p8pass = passin;
+		else {
 			p8pass = pass;
 			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
-			}
+		}
 		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		X509_SIG_free(p8);
-		}
+	}

-	if (!p8inf)
-		{
+	if (!p8inf) {
 		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
-		}
+	}

-	if (!(pkey = EVP_PKCS82PKEY(p8inf)))
-		{
+	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
 		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		return (1);
-		}
+	}
 	
-	if (p8inf->broken)
-		{
+	if (p8inf->broken) {
 		BIO_printf(bio_err, "Warning: broken key encoding: ");
-		switch (p8inf->broken)
-			{
+		switch (p8inf->broken) {
 			case PKCS8_NO_OCTET:
 			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
 			break;
@@ -437,24 +349,21 @@ int MAIN(int argc, char **argv)
 	}
 	
 	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	if (outformat == FORMAT_PEM) 
+	if(outformat == FORMAT_PEM) 
 		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
-	else if (outformat == FORMAT_ASN1)
+	else if(outformat == FORMAT_ASN1)
 		i2d_PrivateKey_bio(out, pkey);
-	else
-		{
+	else {
 		BIO_printf(bio_err, "Bad format specified for key\n");
 			return (1);
-		}
+	}

 	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
-	if (passin)
-		OPENSSL_free(passin);
-	if (passout)
-		OPENSSL_free(passout);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);

 	return (0);
-	}
+}
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-
-#include "apps.h"
-#include <openssl/bn.h>
-
-
-#undef PROG
-#define PROG prime_main
-
-int MAIN(int argc, char **argv)
-    {
-    int hex=0;
-    int checks=20;
-    BIGNUM *bn=NULL;
-    BIO *bio_out=NULL;
-
-    apps_startup();
-
-    if (bio_err == NULL)
-	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-	    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-    if (bio_out == NULL)
-	if ((bio_out=BIO_new(BIO_s_file())) != NULL)
-	    {
-	    BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	    {
-	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	    bio_out = BIO_push(tmpbio, bio_out);
-	    }
-#endif
-	    }
-
-    --argc;
-    ++argv;
-    while (argc >= 1 && **argv == '-')
-	{
-	if(!strcmp(*argv,"-hex"))
-	    hex=1;
-	else if(!strcmp(*argv,"-checks"))
-	    if(--argc < 1)
-		goto bad;
-	    else
-		checks=atoi(*++argv);
-	else
-	    {
-	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
-	bad:
-	    BIO_printf(bio_err,"options are\n");
-	    BIO_printf(bio_err,"%-14s hex\n","-hex");
-	    BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
-	    exit(1);
-	    }
-	--argc;
-	++argv;
-	}
-
-    if(hex)
-	BN_hex2bn(&bn,argv[0]);
-    else
-	BN_dec2bn(&bn,argv[0]);
-
-    BN_print(bio_out,bn);
-    BIO_printf(bio_out," is %sprime\n",
-	       BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not ");
-
-    return 0;
-    }
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -35,7 +35,6 @@ extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
 extern int smime_main(int argc,char *argv[]);
 extern int rand_main(int argc,char *argv[]);
-extern int prime_main(int argc,char *argv[]);
 #ifndef OPENSSL_NO_ENGINE
 extern int engine_main(int argc,char *argv[]);
 #endif
@@ -116,7 +115,6 @@ FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
 	{FUNC_TYPE_GENERAL,"smime",smime_main},
 	{FUNC_TYPE_GENERAL,"rand",rand_main},
-	{FUNC_TYPE_GENERAL,"prime",prime_main},
 #ifndef OPENSSL_NO_ENGINE
 	{FUNC_TYPE_GENERAL,"engine",engine_main},
 #endif
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1395,7 +1395,6 @@ int MAIN(int argc, char **argv)
 					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
 				else
 					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
-				EVP_CIPHER_CTX_set_padding(&ctx, 0);

 				Time_F(START);
 				if(decrypt)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -593,16 +593,12 @@ bad:
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;

-		if (sno == NULL)
+		if (sno)
 			{
-			sno = ASN1_INTEGER_new();
-			if (!sno || !rand_serial(NULL, sno))
+			if (!X509_set_serialNumber(x, sno))
 				goto end;
 			}
-
-		if (!X509_set_serialNumber(x, sno)) 
-			goto end;
-
+		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;

@@ -1071,6 +1067,13 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create
 		}
 	else
 		BUF_strlcpy(buf,serialfile,len);
+	serial=BN_new();
+	bs=ASN1_INTEGER_new();
+	if ((serial == NULL) || (bs == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}

 	serial = load_serial(buf, create, NULL);
 	if (serial == NULL) goto end;
--- a/23
+++ b/23
@@ -23,7 +23,6 @@
 PREFIX=""
 SUFFIX=""
 TEST="false"
-EXE=""

 # pick up any command line args to config
 for i
@@ -289,14 +288,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-sysv4"; exit 0
 	;;

-    VOS:*:*:i786)
-     echo "i386-stratus-vos"; exit 0
-     ;;
-
-    VOS:*:*:*)
-     echo "hppa1.1-stratus-vos"; exit 0
-     ;;
-
    *:4*:R4*:m88k)
 	echo "${MACHINE}-whatever-sysv4"; exit 0
 	;;
@@ -688,10 +679,6 @@ EOF
  *-*-UnixWare21*) OUT="unixware-2.1" ;;
  *-*-Unixware20*) OUT="unixware-2.0" ;;
  *-*-Unixware21*) OUT="unixware-2.1" ;;
-  *-*-vos)
-	options="$options no-threads no-shared no-asm no-dso"
-	EXE=".pm"
-	OUT="vos-$CC" ;;
  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
  *-siemens-sysv4) OUT="SINIX" ;;
@@ -819,8 +806,8 @@ fi

 if [ ".$PERL" = . ] ; then
 	for i in . `echo $PATH | sed 's/:/ /g'`; do
-		if [ -f "$i/perl5$EXE" ] ; then
-			PERL="$i/perl5$EXE"
+		if [ -f "$i/perl5" ] ; then
+			PERL="$i/perl5"
 			break;
 		fi;
 	done
@@ -828,9 +815,9 @@ fi

 if [ ".$PERL" = . ] ; then
 	for i in . `echo $PATH | sed 's/:/ /g'`; do
-		if [ -f "$i/perl$EXE" ] ; then
-			if "$i/perl$EXE" -e 'exit($]<5.0)'; then
-				PERL="$i/perl$EXE"
+		if [ -f "$i/perl" ] ; then
+			if "$i/perl" -e 'exit($]<5.0)'; then
+				PERL="$i/perl"
 				break;
 			fi;
 		fi;
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -52,8 +52,6 @@
 #ifndef HEADER_AES_H
 #define HEADER_AES_H

-#include <openssl/e_os2.h>
-
 #ifdef OPENSSL_NO_AES
 #error AES is disabled.
 #endif
@@ -66,10 +64,6 @@
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16

-#if defined(OPENSSL_FIPS)
-#define FIPS_AES_SIZE_T	int
-#endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
--- a/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
@@ -59,7 +59,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"

-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
+/* NOTE: CTR mode is big-endian.  The rest of the AES code
 * is endian-neutral. */

 /* increment counter (128-bit int) by 1 */
@@ -67,36 +67,61 @@ static void AES_ctr128_inc(unsigned char *counter) {
 	unsigned long c;

 	/* Grab bottom dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  0);
+	c++;
+	PUTU32(counter +  0, c);
+#else
 	c = GETU32(counter + 12);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter + 12, c);
+#endif

 	/* if no overflow, we're done */
 	if (c)
 		return;

 	/* Grab 1st dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  4);
+	c++;
+	PUTU32(counter +  4, c);
+#else
 	c = GETU32(counter +  8);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter +  8, c);
+#endif

 	/* if no overflow, we're done */
 	if (c)
 		return;

 	/* Grab 2nd dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter +  8);
+	c++;
+	PUTU32(counter +  8, c);
+#else
 	c = GETU32(counter +  4);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter +  4, c);
+#endif

 	/* if no overflow, we're done */
 	if (c)
 		return;

 	/* Grab top dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter + 12);
+	c++;
+	PUTU32(counter + 12, c);
+#else
 	c = GETU32(counter +  0);
-	c++;	c &= 0xFFFFFFFF;
+	c++;
 	PUTU32(counter +  0, c);
+#endif
+
 }

 /* The input encrypted as though 128bit counter mode is being
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>

-#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 # define GETU32(p) SWAP(*((u32 *)(p)))
 # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -115,7 +115,7 @@ err:

 #endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 	{
 	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[9]={99, 99,12,31,23,59,59,12,59};
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -64,26 +64,7 @@ ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}

 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
-	{ 
-	int neg, ret;
-	/* Compare signs */
-	neg = x->type & V_ASN1_NEG;
-	if (neg != (y->type & V_ASN1_NEG))
-		{
-		if (neg)
-			return -1;
-		else
-			return 1;
-		}
-
-	ret = ASN1_STRING_cmp(x, y);
-
-	if (neg)
-		return -ret;
-	else
-		return ret;
-	}
-	
+{ return M_ASN1_INTEGER_cmp(x,y);}

 /* 
 * This converts an ASN1 INTEGER into its content encoding.
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -553,12 +553,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 	if((type < 0) || (type > 30)) return -1;
 	mbflag = tag2nbyte[type];
 	if(mbflag == -1) return -1;
-	if (mbflag == 0)
-		mbflag = MBSTRING_UTF8;
-	else if (mbflag == 4)
-		mbflag = MBSTRING_UNIV;
-	else		
-		mbflag |= MBSTRING_FLAG;
+	mbflag |= MBSTRING_FLAG;
 	stmp.data = NULL;
 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
 	if(ret < 0) return ret;
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -114,7 +114,7 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 	return ASN1_GENERALIZEDTIME_set(s,t);
 	}

-int ASN1_TIME_check(ASN1_TIME *t)
+int ASN1_TIME_check(const ASN1_TIME *t)
 	{
 	if (t->type == V_ASN1_GENERALIZEDTIME)
 		return ASN1_GENERALIZEDTIME_check(t);
@@ -124,7 +124,8 @@ int ASN1_TIME_check(ASN1_TIME *t)
 	}

 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+						   ASN1_GENERALIZEDTIME **out)
 	{
 	ASN1_GENERALIZEDTIME *ret;
 	char *str;
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -112,7 +112,7 @@ err:

 #endif

-int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[8]={99,12,31,23,59,59,12,59};
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -754,7 +754,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);

 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)

-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
@@ -762,7 +762,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 #endif

-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 

@@ -793,8 +793,8 @@ DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);

 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
 			int (*func)(), int ex_tag, int ex_class, int is_set);
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -1,6 +1,6 @@
 /* p5_pbev2.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999-2004.
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -113,8 +113,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;

 	/* Create random IV */
-	if (EVP_CIPHER_iv_length(cipher) &&
-		RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
 		goto err;

 	EVP_CIPHER_CTX_init(&ctx);
@@ -124,7 +123,6 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
 	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
 		ASN1err(ASN1_F_PKCS5_PBE2_SET,
 					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
-		EVP_CIPHER_CTX_cleanup(&ctx);
 		goto err;
 	}
 	EVP_CIPHER_CTX_cleanup(&ctx);
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -63,6 +63,8 @@

 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
 				const X509_REVOKED * const *b);
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+				const X509_REVOKED * const *b);

 ASN1_SEQUENCE(X509_REVOKED) = {
 	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
@@ -70,28 +72,43 @@ ASN1_SEQUENCE(X509_REVOKED) = {
 	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)

-/* The X509_CRL_INFO structure needs a bit of customisation.
- * Since we cache the original encoding the signature wont be affected by
- * reordering of the revoked field.
+/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
+ * mirroring the old behaviour: its purpose is to allow the use of
+ * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
+ * this will zap the original order and the signature so we keep a copy
+ * of the original positions and reorder appropriately before encoding.
+ *
+ * Might want to see if there's a better way of doing this later...
 */
 static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+	int i;
+	int (*old_cmp)(const X509_REVOKED * const *,
+			const X509_REVOKED * const *);

 	if(!a || !a->revoked) return 1;
 	switch(operation) {
-		/* Just set cmp function here. We don't sort because that
-		 * would affect the output of X509_CRL_print().
-		 */
+
+		/* Save original order */
 		case ASN1_OP_D2I_POST:
+		for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
+			sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
 		sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
 		break;
+
+		/* Restore original order */
+		case ASN1_OP_I2D_PRE:
+		old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+		sk_X509_REVOKED_sort(a->revoked);
+		sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
+		break;
 	}
 	return 1;
 }


-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
 	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
 	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
 	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
@@ -99,7 +116,7 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
 	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
 	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
 	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)

 ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
 	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
@@ -120,6 +137,12 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
 		(ASN1_STRING *)(*b)->serialNumber));
 	}

+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+				const X509_REVOKED * const *b)
+	{
+	return((*a)->sequence-(*b)->sequence);
+	}
+
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
 	X509_CRL_INFO *inf;
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
@@ -1,6 +1,6 @@
 .explicit
 .text
-.ident	"ia64.S, Version 2.1"
+.ident	"ia64.S, Version 2.0"
 .ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"

 //
@@ -35,7 +35,7 @@
 // What does it mean? You might ratiocinate that the original code
 // should run just faster... Because sum of latencies is smaller...
 // Wrong! Note that getf latency increased. This means that if a loop is
-// scheduled for lower latency (as they were), then it will suffer from
+// scheduled for lower latency (and they are), then it will suffer from
 // stall condition and the code will therefore turn anti-scalable, e.g.
 // original bn_mul_words spun at 5*n or 2.5 times slower than expected
 // on Itanium2! What to do? Reschedule loops for Itanium2? But then
@@ -145,12 +145,6 @@
 //	-Drum=nop.m in command line.
 //

-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-#define	ADDP	addp4
-#else
-#define	ADDP	add
-#endif
-
 #if 1
 //
 // bn_[add|sub]_words routines.
@@ -184,12 +178,27 @@ bn_add_words:
 	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
 					}
 	.body
-{ .mib;	ADDP		r14=0,r32		// rp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r14=0,r32		// rp
+#else
+	mov		r14=r32			// rp
+#endif
 	mov		r9=pr		};;
-{ .mii;	ADDP		r15=0,r33		// ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r15=0,r33		// ap
+#else
+	mov		r15=r33			// ap
+#endif
 	mov		ar.lc=r10
 	mov		ar.ec=6		}
-{ .mib;	ADDP		r16=0,r34		// bp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r16=0,r34		// bp
+#else
+	mov		r16=r34			// bp
+#endif
 	mov		pr.rot=1<<16	};;

 .L_bn_add_words_ctop:
@@ -237,12 +246,27 @@ bn_sub_words:
 	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
 					}
 	.body
-{ .mib;	ADDP		r14=0,r32		// rp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r14=0,r32		// rp
+#else
+	mov		r14=r32			// rp
+#endif
 	mov		r9=pr		};;
-{ .mii;	ADDP		r15=0,r33		// ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r15=0,r33		// ap
+#else
+	mov		r15=r33			// ap
+#endif
 	mov		ar.lc=r10
 	mov		ar.ec=6		}
-{ .mib;	ADDP		r16=0,r34		// bp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r16=0,r34		// bp
+#else
+	mov		r16=r34			// bp
+#endif
 	mov		pr.rot=1<<16	};;

 .L_bn_sub_words_ctop:
@@ -308,10 +332,16 @@ bn_mul_words:

 #ifndef XMA_TEMPTATION

-{ .mmi;	ADDP		r14=0,r32	// rp
-	ADDP		r15=0,r33	// ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r14=0,r32	// rp
+	addp4		r15=0,r33	// ap
+#else
+	mov		r14=r32		// rp
+	mov		r15=r33		// ap
+#endif
 	mov		ar.lc=r10	}
-{ .mmi;	mov		r40=0		// serves as r35 at first (p27)
+{ .mii;	mov		r40=0	// serves as r35 at first (p27)
 	mov		ar.ec=13	};;

 // This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
@@ -394,64 +424,89 @@ bn_mul_words:
 .global	bn_mul_add_words#
 .proc	bn_mul_add_words#
 .align	64
-.skip	48	// makes the loop body aligned at 64-byte boundary
+//.skip	0	// makes the loop split at 64-byte boundary
 bn_mul_add_words:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-	.save	ar.lc,r3
-	.save	pr,r9
-{ .mmi;	alloc		r2=ar.pfs,4,4,0,8
-	cmp4.le		p6,p0=r34,r0
-	mov		r3=ar.lc	};;
-{ .mib;	mov		r8=r0		// return value
-	sub		r10=r34,r0,1
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r34,r0	};;
+{ .mfb;	mov		r8=r0			// return value
 (p6)	br.ret.spnt.many	b0	};;

+	.save	ar.lc,r3
+{ .mii;	sub	r10=r34,r0,1
+	mov	r3=ar.lc
+	mov	r9=pr			};;
+
 	.body
-{ .mib;	setf.sig	f8=r35		// w
-	mov		r9=pr
+{ .mib;	setf.sig	f8=r35	// w
+	mov		pr.rot=0x800001<<16
+			// ------^----- serves as (p50) at first (p27)
 	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
 					}
-{ .mmi;	ADDP		r14=0,r32	// rp
-	ADDP		r15=0,r33	// ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r14=0,r32	// rp
+	addp4		r15=0,r33	// ap
+#else
+	mov		r14=r32		// rp
+	mov		r15=r33		// ap
+#endif
 	mov		ar.lc=r10	}
-{ .mii;	ADDP		r16=0,r32	// rp copy
-	mov		pr.rot=0x2001<<16
-			// ------^----- serves as (p40) at first (p27)
-	mov		ar.ec=11	};;
+{ .mii;	mov		r40=0	// serves as r35 at first (p27)
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+	addp4		r18=0,r32	// rp copy
+#else
+	mov		r18=r32		// rp copy
+#endif
+	mov		ar.ec=15	};;

-// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
-// Itanium 2. Yes, unlike previous versions it scales:-) Previous
-// version was peforming *all* additions in IALU and was starving
-// for those even on Itanium 2. In this version one addition is
-// moved to FPU and is folded with multiplication. This is at cost
-// of propogating the result from previous call to this subroutine
-// to L2 cache... In other words negligible even for shorter keys.
-// *Overall* performance improvement [over previous version] varies
-// from 11 to 22 percent depending on key length.
+// This loop spins in 3*(n+14) ticks on Itanium and should spin in
+// 2*(n+14) on "wider" IA-64 implementations (to be verified with new
+// <EFBFBD>-architecture manuals as they become available). As usual it's
+// possible to compress the epilogue, down to 10 in this case, at the
+// cost of scalability. Compressed (and therefore non-scalable) loop
+// running at 3*(n+11) would buy you ~10% on Itanium but take ~35%
+// from "wider" IA-64 so let it be scalable! Special attention was
+// paid for having the loop body split at 64-byte boundary. ld8 is
+// scheduled for L1 cache as the data is more than likely there.
+// Indeed, bn_mul_words has put it there a moment ago:-)
 .L_bn_mul_add_words_ctop:
-.pred.rel	"mutex",p40,p42
-{ .mfi;	(p23)	getf.sig	r36=f45			// low
-	(p20)	xma.lu		f42=f36,f8,f50		// low
-	(p40)	add		r39=r39,r35	}	// (p27)
-{ .mfi;	(p16)	ldf8		f32=[r15],8		// *(ap++)
-	(p20)	xma.hu		f36=f36,f8,f50		// high
-	(p42)	add		r39=r39,r35,1	};;	// (p27)
-{ .mmi;	(p24)	getf.sig	r32=f40			// high
-	(p16)	ldf8		f46=[r16],8		// *(rp1++)
-	(p40)	cmp.ltu		p41,p39=r39,r35	}	// (p27)
-{ .mib;	(p26)	st8		[r14]=r39,8		// *(rp2++)
-	(p42)	cmp.leu		p41,p39=r39,r35		// (p27)
+{ .mfi;	(p25)	getf.sig	r36=f52			// low
+	(p21)	xmpy.lu		f48=f37,f8
+	(p28)	cmp.ltu		p54,p50=r41,r39	}
+{ .mfi;	(p16)	ldf8		f32=[r15],8
+	(p21)	xmpy.hu		f40=f37,f8
+	(p28)	add		r45=r45,r41	};;
+{ .mii;	(p25)	getf.sig	r32=f44			// high
+	.pred.rel	"mutex",p50,p54
+	(p50)	add		r40=r38,r35		// (p27)
+	(p54)	add		r40=r38,r35,1	}	// (p27)
+{ .mfb;	(p28)	cmp.ltu.unc	p60,p0=r45,r41
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p27)	ld8		r44=[r18],8
+	(p62)	cmp.eq.or	p61,p0=-1,r46
+	(p62)	add		r46=1,r46	}
+{ .mfb;	(p30)	st8		[r14]=r47,8
+	(p0)	nop.f		0x0
 	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
 .L_bn_mul_add_words_cend:

-{ .mmi;	.pred.rel	"mutex",p40,p42
-(p40)	add		r8=r35,r0
-(p42)	add		r8=r35,r0,1
-	mov		pr=r9,0x1ffff	}
-{ .mib;	rum		1<<5		// clear um.mfh
-	mov		ar.lc=r3
+{ .mii;	nop.m		0x0
+.pred.rel	"mutex",p53,p57
+(p53)	add		r8=r38,r0
+(p57)	add		r8=r38,r0,1	}
+{ .mfb;	nop.m	0x0
+	nop.f	0x0
+	nop.b	0x0			};;
+{ .mii;
+(p63)	add		r8=1,r8
+	mov		pr=r9,0x1ffff
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
 	br.ret.sptk.many	b0	};;
 .endp	bn_mul_add_words#
 #endif
@@ -472,8 +527,7 @@ bn_sqr_words:
 	sxt4		r34=r34		};;
 { .mii;	cmp.le		p6,p0=r34,r0
 	mov		r8=r0		}	// return value
-{ .mfb;	ADDP		r32=0,r32
-	nop.f		0x0
+{ .mfb;	nop.f		0x0
 (p6)	br.ret.spnt.many	b0	};;

 	.save	ar.lc,r3
@@ -482,7 +536,11 @@ bn_sqr_words:
 	mov	r9=pr			};;

 	.body
-{ .mib;	ADDP		r33=0,r33
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+{ .mii; addp4		r32=0,r32
+	addp4		r33=0,r33	};;
+#endif
+{ .mib;
 	mov		pr.rot=1<<16
 	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
 					}
@@ -547,7 +605,7 @@ bn_sqr_comba8:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
 { .mii;	alloc	r2=ar.pfs,2,1,0,0
 	addp4	r33=0,r33
 	addp4	r32=0,r32		};;
@@ -573,10 +631,6 @@ bn_sqr_comba8:
 // clause in Itanium <EFBFBD>-architecture manual? Comments are welcomed and
 // highly appreciated.
 //
-// On Itanium 2 it takes ~190 ticks. This is because of stalls on
-// result from getf.sig. I do nothing about it at this point for
-// reasons depicted below.
-//
 // However! It should be noted that even 160 ticks is darn good result
 // as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
 // C version (compiled with gcc with inline assembler). I really
@@ -619,7 +673,7 @@ bn_mul_comba8:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
 { .mii;	alloc	r2=ar.pfs,3,0,0,0
 	addp4	r33=0,r33
 	addp4	r34=0,r34		};;
@@ -1177,7 +1231,7 @@ bn_sqr_comba4:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
 { .mii;	alloc   r2=ar.pfs,2,1,0,0
 	addp4	r32=0,r32
 	addp4	r33=0,r33		};;
@@ -1210,7 +1264,7 @@ bn_mul_comba4:
 	.prologue
 	.fframe	0
 	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
 { .mii;	alloc   r2=ar.pfs,3,0,0,0
 	addp4	r33=0,r33
 	addp4	r34=0,r34		};;
@@ -1394,8 +1448,8 @@ bn_mul_comba4:
 #define	I	r21

 #if 0
-// Some preprocessors (most notably HP-UX) appear to be allergic to
-// macros enclosed to parenthesis [as these three were].
+// Some preprocessors (most notably HP-UX) apper to be allergic to
+// macros enclosed to parenthesis as these three will be.
 #define	cont	p16
 #define	break	p0	// p20
 #define	equ	p24
@@ -1527,18 +1581,9 @@ bn_div_words:
 // output:	f8 = (int)(a/b)
 // clobbered:	f8,f9,f10,f11,pred
 pred=p15
-// One can argue that this snippet is copyrighted to Intel
-// Corporation, as it's essentially identical to one of those
-// found in "Divide, Square Root and Remainder" section at
-// http://www.intel.com/software/products/opensource/libraries/num.htm.
-// Yes, I admit that the referred code was used as template,
-// but after I realized that there hardly is any other instruction
-// sequence which would perform this operation. I mean I figure that
-// any independent attempt to implement high-performance division
-// will result in code virtually identical to the Intel code. It
-// should be noted though that below division kernel is 1 cycle
-// faster than Intel one (note commented splits:-), not to mention
-// original prologue (rather lack of one) and epilogue.
+// This procedure is essentially Intel code and therefore is
+// copyrighted to Intel Corporation (I suppose...). It's sligtly
+// modified for specific needs.
 .align	32
 .skip	16
 .L_udiv64_32_b6:
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -189,17 +189,7 @@ COMP_METHOD *COMP_zlib(void)
 	if (!zlib_loaded)
 		{
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-		zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-		if (!zlib_dso)
-			{
-			zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
-			if (zlib_dso)
-				{
-				/* Clear the errors from the first failed
-				   DSO_load() */
-				ERR_clear_error();
-				}
-			}
+		zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
 #else
 		zlib_dso = DSO_load(NULL, "z", NULL, 0);
 #endif
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -66,6 +66,11 @@
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif

+#ifdef OPENSSL_FIPS
+int FIPS_mode;
+void *FIPS_rand_check;
+#endif /* def OPENSSL_FIPS */
+
 DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)

@@ -105,9 +110,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	"engine",
 	"ui",
 	"hwcrhk",		/* This is a HACK which will disappear in 0.9.8 */
-	"fips",
-	"fips2",
-#if CRYPTO_NUM_LOCKS != 35
+#if CRYPTO_NUM_LOCKS != 33
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
 	};
@@ -514,122 +517,3 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
 		file,line,assertion);
 	abort();
 	}
-
-#ifdef OPENSSL_FIPS
-static int fips_started = 0;
-static int fips_mode = 0;
-static void *fips_rand_check = 0;
-static unsigned long fips_thread = 0;
-
-void fips_set_started(void)
-	{
-	fips_started = 1;
-	}
-
-int fips_is_started(void)
-	{
-	return fips_started;
-	}
-
-int fips_is_owning_thread(void)
-	{
-	int ret = 0;
-
-	if (fips_is_started())
-		{
-		CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
-		if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
-			ret = 1;
-		CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
-		}
-	return ret;
-	}
-
-int fips_set_owning_thread(void)
-	{
-	int ret = 0;
-
-	if (fips_is_started())
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
-		if (fips_thread == 0)
-			{
-			fips_thread = CRYPTO_thread_id();
-			ret = 1;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
-		}
-	return ret;
-	}
-
-int fips_clear_owning_thread(void)
-	{
-	int ret = 0;
-
-	if (fips_is_started())
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
-		if (fips_thread == CRYPTO_thread_id())
-			{
-			fips_thread = 0;
-			ret = 1;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
-		}
-	return ret;
-	}
-
-void fips_set_mode(int onoff)
-	{
-	int owning_thread = fips_is_owning_thread();
-
-	if (fips_is_started())
-		{
-		if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
-		fips_mode = onoff;
-		if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
-		}
-	}
-
-void fips_set_rand_check(void *rand_check)
-	{
-	int owning_thread = fips_is_owning_thread();
-
-	if (fips_is_started())
-		{
-		if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
-		fips_rand_check = rand_check;
-		if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
-		}
-	}
-
-int FIPS_mode(void)
-	{
-	int ret = 0;
-	int owning_thread = fips_is_owning_thread();
-
-	if (fips_is_started())
-		{
-		if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
-		ret = fips_mode;
-		if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
-		}
-	return ret;
-	}
-
-void *FIPS_rand_check(void)
-	{
-	void *ret = 0;
-	int owning_thread = fips_is_owning_thread();
-
-	if (fips_is_started())
-		{
-		if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
-		ret = fips_rand_check;
-		if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
-		}
-	return ret;
-	}
-
-#endif /* OPENSSL_FIPS */
-
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -752,8 +752,8 @@ $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.SSL]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.SSL]*.EXE Programs."
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -128,9 +128,7 @@ extern "C" {
 #define CRYPTO_LOCK_ENGINE		30
 #define CRYPTO_LOCK_UI			31
 #define CRYPTO_LOCK_HWCRHK		32 /* This is a HACK which will disappear in 0.9.8 */
-#define CRYPTO_LOCK_FIPS		33
-#define CRYPTO_LOCK_FIPS2		34
-#define CRYPTO_NUM_LOCKS		35
+#define CRYPTO_NUM_LOCKS		33

 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
@@ -436,11 +434,6 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 void OpenSSLDie(const char *file,int line,const char *assertion);
 #define OPENSSL_assert(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))

-#ifdef OPENSSL_FIPS
-int FIPS_mode(void);
-void *FIPS_rand_check(void);
-#endif /* def OPENSSL_FIPS */
-
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
--- a/crypto/des/Makefile
+++ b/crypto/des/Makefile
@@ -168,7 +168,7 @@ des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c
+des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h
 des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -70,8 +70,6 @@
 * should hold.
 */

-#ifndef OPENSSL_FIPS
-
 int DH_check(const DH *dh, int *ret)
 	{
 	int ok=0;
@@ -120,5 +118,3 @@ err:
 	if (q != NULL) BN_free(q);
 	return(ok);
 	}
-
-#endif
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -86,9 +86,6 @@
 * It's just as OK (and in some sense better) to use a generator of the
 * order-q subgroup.
 */
-
-#ifndef OPENSSL_FIPS
-
 DH *DH_generate_parameters(int prime_len, int generator,
 	     void (*callback)(int,int,void *), void *cb_arg)
 	{
@@ -170,5 +167,3 @@ err:
 		}
 	return(ret);
 	}
-
-#endif
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -62,8 +62,6 @@
 #include <openssl/rand.h>
 #include <openssl/dh.h>

-#ifndef OPENSSL_FIPS
-
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -222,5 +220,3 @@ static int dh_finish(DH *dh)
 		BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
 	return(1);
 	}
-
-#endif
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -81,10 +81,6 @@

 #define DSA_FLAG_CACHE_MONT_P	0x01

-#if defined(OPENSSL_FIPS)
-#define FIPS_DSA_SIZE_T	int
-#endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -72,7 +72,7 @@
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !FIPS_dsa_check(dsa))
+	if(FIPS_mode && !FIPS_dsa_check(dsa))
 		return NULL;
 #endif
 	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
@@ -96,7 +96,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !FIPS_dsa_check(dsa))
+	if(FIPS_mode && !FIPS_dsa_check(dsa))
 		return 0;
 #endif
 	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -74,7 +74,7 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		  DSA *dsa)
 	{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !FIPS_dsa_check(dsa))
+	if(FIPS_mode && !FIPS_dsa_check(dsa))
 		return -1;
 #endif
 	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
--- a/crypto/engine/hw_cryptodev.c
+++ b/crypto/engine/hw_cryptodev.c
@@ -260,7 +260,7 @@ get_cryptodev_ciphers(const int **cnids)
 	int fd, i, count = 0;

 	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
+		*nids = NULL;
 		return (0);
 	}
 	memset(&sess, 0, sizeof(sess));
@@ -300,7 +300,7 @@ get_cryptodev_digests(const int **cnids)
 	int fd, i, count = 0;

 	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
+		*nids = NULL;
 		return (0);
 	}
 	memset(&sess, 0, sizeof(sess));
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -149,7 +149,6 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_DSO,0,0)		,"DSO support routines"},
 {ERR_PACK(ERR_LIB_ENGINE,0,0)		,"engine routines"},
 {ERR_PACK(ERR_LIB_OCSP,0,0)		,"OCSP routines"},
-{ERR_PACK(ERR_LIB_FIPS,0,0)		,"FIPS routines"},
 {0,NULL},
 	};

--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -32,8 +32,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
 	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
 	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
 	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
-	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-	e_old.c
+	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c

 LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
 	e_des.o e_bf.o e_idea.o e_des3.o \
@@ -44,8 +43,7 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
 	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
 	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
 	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
-	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-	e_old.o
+	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o

 SRC= $(LIBSRC)

@@ -394,23 +392,6 @@ e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 e_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 e_null.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_null.c
-e_old.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-e_old.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-e_old.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
-e_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_old.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-e_old.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-e_old.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-e_old.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-e_old.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-e_old.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-e_old.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-e_old.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-e_old.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-e_old.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_old.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_old.c
 e_rc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 e_rc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -176,11 +176,10 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 		{
 	case BIO_CTRL_RESET:
 		if (b->init)
-			ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
+			EVP_DigestInit_ex(ctx,ctx->digest, NULL);
 		else
 			ret=0;
-		if (ret > 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 	case BIO_C_GET_MD:
 		if (b->init)
@@ -214,9 +213,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)

 	case BIO_C_SET_MD:
 		md=ptr;
-		ret = EVP_DigestInit_ex(ctx,md, NULL);
-		if (ret > 0)
-			b->init=1;
+		EVP_DigestInit_ex(ctx,md, NULL);
+		b->init=1;
 		break;
 	case BIO_CTRL_DUP:
 		dbio=ptr;
--- a/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
@@ -1,108 +0,0 @@
-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/evp.h>
-
-/* Define some deprecated functions, so older programs
-   don't crash and burn too quickly.  On Windows and VMS,
-   these will never be used, since functions and variables
-   in shared libraries are selected by entry point location,
-   not by name.  */
-
-#ifndef OPENSSL_NO_BF
-#undef EVP_bf_cfb
-const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_DES
-#undef EVP_des_cfb
-const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
-#undef EVP_des_ede3_cfb
-const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
-#undef EVP_des_ede_cfb
-const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_IDEA
-#undef EVP_idea_cfb
-const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC2
-#undef EVP_rc2_cfb
-const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_CAST5
-#undef EVP_cast5_cfb
-const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC5
-#undef EVP_rc5_32_12_16_cfb
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_AES
-#undef EVP_aes_128_cfb
-const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
-#undef EVP_aes_192_cfb
-const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
-#undef EVP_aes_256_cfb
-const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
-#endif
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	if (c->cipher->set_asn1_parameters != NULL)
 		ret=c->cipher->set_asn1_parameters(c,type);
 	else
-		return -1;
+		ret=1;
 	return(ret);
 	}

@@ -79,7 +79,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	if (c->cipher->get_asn1_parameters != NULL)
 		ret=c->cipher->get_asn1_parameters(c,type);
 	else
-		return -1;
+		ret=1;
 	return(ret);
 	}

--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -162,7 +162,6 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
 	    {
 	    fprintf(stderr,"EncryptInit failed\n");
-	    ERR_print_errors_fp(stderr);
 	    test1_exit(10);
 	    }
 	EVP_CIPHER_CTX_set_padding(&ctx,0);
@@ -170,13 +169,11 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier))
 	    {
 	    fprintf(stderr,"Encrypt failed\n");
-	    ERR_print_errors_fp(stderr);
 	    test1_exit(6);
 	    }
 	if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
 	    {
 	    fprintf(stderr,"EncryptFinal failed\n");
-	    ERR_print_errors_fp(stderr);
 	    test1_exit(7);
 	    }

@@ -201,7 +198,6 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
 	    {
 	    fprintf(stderr,"DecryptInit failed\n");
-	    ERR_print_errors_fp(stderr);
 	    test1_exit(11);
 	    }
 	EVP_CIPHER_CTX_set_padding(&ctx,0);
@@ -209,13 +205,11 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
 	if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier))
 	    {
 	    fprintf(stderr,"Decrypt failed\n");
-	    ERR_print_errors_fp(stderr);
 	    test1_exit(6);
 	    }
 	if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
 	    {
 	    fprintf(stderr,"DecryptFinal failed\n");
-	    ERR_print_errors_fp(stderr);
 	    test1_exit(7);
 	    }

@@ -278,19 +272,16 @@ static int test_digest(const char *digest,
    if(!EVP_DigestInit_ex(&ctx,d, NULL))
 	{
 	fprintf(stderr,"DigestInit failed\n");
-	ERR_print_errors_fp(stderr);
 	EXIT(100);
 	}
    if(!EVP_DigestUpdate(&ctx,plaintext,pn))
 	{
 	fprintf(stderr,"DigestUpdate failed\n");
-	ERR_print_errors_fp(stderr);
 	EXIT(101);
 	}
    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
 	{
 	fprintf(stderr,"DigestFinal failed\n");
-	ERR_print_errors_fp(stderr);
 	EXIT(101);
 	}
    EVP_MD_CTX_cleanup(&ctx);
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -128,9 +128,9 @@
 *					<appro@fy.chalmers.se>
 */

-#include <openssl/crypto.h>
 #include <openssl/fips.h>
 #include <openssl/err.h>
+#include "../fips/fips_locl.h"

 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #error "DATA_ORDER must be defined!"
@@ -560,7 +560,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	const unsigned char *cp=end;

 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !FIPS_md5_allowed())
+	if(FIPS_mode && !FIPS_md5_allowed)
 	    {
 	    FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
 	    return 0;
--- a/crypto/md4/Makefile
+++ b/crypto/md4/Makefile
@@ -78,10 +78,11 @@ clean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
+md4_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+md4_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
 md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 md4_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 md4_dgst.o: ../md32_common.h md4_dgst.c md4_locl.h
--- a/crypto/md5/Makefile
+++ b/crypto/md5/Makefile
@@ -114,10 +114,11 @@ clean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
+md5_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+md5_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
 md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 md5_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 md5_dgst.o: ../md32_common.h md5_dgst.c md5_locl.h
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -56,17 +56,8 @@
 *
 */

-#include <ctype.h>
+#include <o_str.h>
 #include <openssl/e_os2.h>
-#ifdef OPENSSL_SYS_WINDOWS
-# include <string.h>
-#else
-# include <strings.h>
-#endif
-#include "o_str.h"
-
-#undef strncasecmp
-#undef strcasecmp

 int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
 	{
@@ -95,7 +86,7 @@ int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
 int OPENSSL_strcasecmp(const char *str1, const char *str2)
 	{
 #if defined(OPENSSL_SYS_VMS)
-	return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
+	return OSSL_strncasecmp(str1, str2, (size_t)-1);
 #elif defined(OPENSSL_SYS_WINDOWS)
 	return _stricmp(str1, str2);
 #else
--- a/crypto/o_str.h
+++ b/crypto/o_str.h
@@ -59,7 +59,7 @@
 #ifndef HEADER_O_STR_H
 #define HEADER_O_STR_H

-#include <stddef.h>		/* to get size_t */
+#include <string.h>

 int OPENSSL_strcasecmp(const char *str1, const char *str2);
 int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -114,28 +114,16 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 			return NULL;
 		logvalue[reslen] = '\0';

-		t = *timer;
-
-/* The following is extracted from the DEC C header time.h */
-/*
-**  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
-**  have two implementations.  One implementation is provided
-**  for compatibility and deals with time in terms of local time,
-**  the other __utc_* deals with time in terms of UTC.
-*/
-/* We use the same conditions as in said time.h to check if we should
-   assume that t contains local time (and should therefore be adjusted)
-   or UTC (and should therefore be left untouched). */
-#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
 		/* Get the numerical value of the equivalence string */
 		status = atoi(logvalue);

 		/* and use it to move time to GMT */
-		t -= status;
-#endif
+		t = *timer - status;

 		/* then convert the result to the time structure */
-
+#ifndef OPENSSL_THREADS
+		ts=(struct tm *)localtime(&t);
+#else
 		/* Since there was no gmtime_r() to do this stuff for us,
 		   we have to do it the hard way. */
 		{
@@ -210,6 +198,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 		result->tm_isdst = 0; /* There's no way to know... */

 		ts = result;
+#endif
 		}
 		}
 #endif
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,12 +25,8 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x0090705FL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7e-fips 25 Oct 2004"
-#else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7e 25 Oct 2004"
-#endif
+#define OPENSSL_VERSION_NUMBER	0x00907050L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7e-dev [fips] XX xxx XXXX"
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT


--- a/crypto/pem/Makefile
+++ b/crypto/pem/Makefile
@@ -88,21 +88,20 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_all.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
-pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-pem_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-pem_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
-pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_all.o: ../cryptlib.h pem_all.c
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
 pem_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 pem_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -64,7 +64,6 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
-#include <openssl/fips.h>

 #ifndef OPENSSL_NO_RSA
 static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
@@ -129,49 +128,7 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,

 #endif

-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_RSA(k, x);
-
-	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-
-	EVP_PKEY_set1_RSA(k, x);
-
-	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-
-#endif
-
 IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)

@@ -201,48 +158,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
 	return pkey_get_dsa(pktmp, dsa);
 }

-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_DSA(k, x);
-
-	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_DSA(k, x);
-	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-
-#endif
-
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)

 #ifndef OPENSSL_NO_FP_API
@@ -274,42 +190,7 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
 * appropriate.)
 */
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-	{
-		if (FIPS_mode())
-			return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
-						(char *)kstr, klen, cb, u);
-		else
-                	return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                        bp,(char *)x,enc,kstr,klen,cb,u);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-	{
-		if (FIPS_mode())
-			return PEM_write_PKCS8PrivateKey(fp, x, enc,
-						(char *)kstr, klen, cb, u);
-		else
-                	return PEM_ASN1_write((int (*)())i2d_PrivateKey,
-                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-                        fp,(char *)x,enc,kstr,klen,cb,u);
-	}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)

-#endif
-
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)

--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
@@ -3,7 +3,7 @@
 * project 2001.
 */
 /* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -94,18 +94,17 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 }

 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
-	{
+{
 	ASN1_TYPE *cap;
 	unsigned char *p;
 	cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
-	if (!cap || (cap->type != V_ASN1_SEQUENCE))
-		return NULL;
+	if (!cap) return NULL;
 	p = cap->value.sequence->data;
 	return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
 					  cap->value.sequence->length,
 					  d2i_X509_ALGOR, X509_ALGOR_free,
 					  V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-	}
+}

 /* Basic smime-capabilities OID and optional integer arg */
 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -334,7 +334,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
 	int do_stir_pool = 0;

 #ifdef OPENSSL_FIPS
-	if(FIPS_mode())
+	if(FIPS_mode)
 	    {
 	    FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
 	    return 0;
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -71,10 +71,6 @@
 extern "C" {
 #endif

-#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T int
-#endif
-
 typedef struct rand_meth_st
 	{
 	void (*seed)(const void *buf, int num);
@@ -131,9 +127,6 @@ void ERR_load_RAND_strings(void);

 /* Reason codes. */
 #define RAND_R_NON_FIPS_METHOD				 101
-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH			 105
-#define RAND_R_PRNG_NOT_REKEYED				 103
-#define RAND_R_PRNG_NOT_RESEEDED			 104
 #define RAND_R_PRNG_NOT_SEEDED				 100
 #define RAND_R_PRNG_STUCK				 102

--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -95,7 +95,7 @@
 *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
 */

-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 	{
 	return(-1);
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -75,9 +75,6 @@ static ERR_STRING_DATA RAND_str_functs[]=
 static ERR_STRING_DATA RAND_str_reasons[]=
 	{
 {RAND_R_NON_FIPS_METHOD                  ,"non fips method"},
-{RAND_R_PRNG_ASKING_FOR_TOO_MUCH         ,"prng asking for too much"},
-{RAND_R_PRNG_NOT_REKEYED                 ,"prng not rekeyed"},
-{RAND_R_PRNG_NOT_RESEEDED                ,"prng not reseeded"},
 {RAND_R_PRNG_NOT_SEEDED                  ,"PRNG not seeded"},
 {RAND_R_PRNG_STUCK                       ,"prng stuck"},
 {0,NULL}
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -88,8 +88,7 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
 const RAND_METHOD *RAND_get_rand_method(void)
 	{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode()
-		&& default_RAND_meth != FIPS_rand_check())
+	if(FIPS_mode && default_RAND_meth != FIPS_rand_check)
 	    {
 	    RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
 	    return 0;
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -125,7 +125,7 @@
 * http://developer.intel.com/design/security/rng/redist_license.htm
 */
 #define PROV_INTEL_SEC 22
-#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+#define INTEL_DEF_PROV TEXT("Intel Hardware Cryptographic Service Provider")

 static void readtimer(void);
 static void readscreen(void);
@@ -152,7 +152,7 @@ typedef struct tagCURSORINFO
 #define CURSOR_SHOWING     0x00000001
 #endif /* CURSOR_SHOWING */

-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
 				    DWORD, DWORD);
 typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
 typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
@@ -194,7 +194,7 @@ int RAND_poll(void)
 	HWND h;

 	HMODULE advapi, kernel, user, netapi;
-	CRYPTACQUIRECONTEXTW acquire = 0;
+	CRYPTACQUIRECONTEXT acquire = 0;
 	CRYPTGENRANDOM gen = 0;
 	CRYPTRELEASECONTEXT release = 0;
 #if 1 /* There was previously a problem with NETSTATGET.  Currently, this
@@ -213,9 +213,6 @@ int RAND_poll(void)
        GetVersionEx( &osverinfo ) ;

 #if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO
-#ifndef CryptAcquireContext
-#define CryptAcquireContext CryptAcquireContextW
-#endif
 	/* poll the CryptoAPI PRNG */
 	/* The CryptoAPI returns sizeof(buf) bytes of randomness */
 	if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
@@ -226,35 +223,21 @@ int RAND_poll(void)
 		}
 #endif

-#ifndef OPENSSL_SYS_WINCE
-	/*
-	 * None of below libraries are present on Windows CE, which is
-	 * why we #ifndef the whole section. This also excuses us from
-	 * handling the GetProcAddress issue. The trouble is that in
-	 * real Win32 API GetProcAddress is available in ANSI flavor
-	 * only. In WinCE on the other hand GetProcAddress is a macro
-	 * most commonly defined as GetProcAddressW, which accepts
-	 * Unicode argument. If we were to call GetProcAddress under
-	 * WinCE, I'd recommend to either redefine GetProcAddress as
-	 * GetProcAddressA (there seem to be one in common CE spec) or
-	 * implement own shim routine, which would accept ANSI argument
-	 * and expand it to Unicode.
-	 */
-
 	/* load functions dynamically - not available on all systems */
 	advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
 	kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
 	user = LoadLibrary(TEXT("USER32.DLL"));
 	netapi = LoadLibrary(TEXT("NETAPI32.DLL"));

+#ifndef OPENSSL_SYS_WINCE
 #if 1 /* There was previously a problem with NETSTATGET.  Currently, this
       * section is still experimental, but if all goes well, this conditional
       * will be removed
       */
 	if (netapi)
 		{
-		netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
-		netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
+		netstatget = (NETSTATGET) GetProcAddress(netapi,TEXT("NetStatisticsGet"));
+		netfree = (NETFREE) GetProcAddress(netapi,TEXT("NetApiBufferFree"));
 		}

 	if (netstatget && netfree)
@@ -281,7 +264,9 @@ int RAND_poll(void)
 	if (netapi)
 		FreeLibrary(netapi);
 #endif /* 1 */
-
+#endif /* !OPENSSL_SYS_WINCE */
+ 
+#ifndef OPENSSL_SYS_WINCE
        /* It appears like this can cause an exception deep within ADVAPI32.DLL
         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
         * Only use it on NT.
@@ -336,20 +321,16 @@ int RAND_poll(void)
 			free(buf);
 		}
 #endif
+#endif /* !OPENSSL_SYS_WINCE */

 	if (advapi)
 		{
-		/*
-		 * If it's available, then it's available in both ANSI
-		 * and UNICODE flavors even in Win9x, documentation says.
-		 * We favor Unicode...
-		 */
-		acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
-			"CryptAcquireContextW");
+		acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
+			TEXT("CryptAcquireContextA"));
 		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
-			"CryptGenRandom");
+			TEXT("CryptGenRandom"));
 		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
-			"CryptReleaseContext");
+			TEXT("CryptReleaseContext"));
 		}

 	if (acquire && gen && release)
@@ -386,15 +367,26 @@ int RAND_poll(void)
        if (advapi)
 		FreeLibrary(advapi);

+	/* timer data */
+	readtimer();
+	
+	/* memory usage statistics */
+	GlobalMemoryStatus(&m);
+	RAND_add(&m, sizeof(m), 1);
+
+	/* process ID */
+	w = GetCurrentProcessId();
+	RAND_add(&w, sizeof(w), 1);
+
 	if (user)
 		{
 		GETCURSORINFO cursor;
 		GETFOREGROUNDWINDOW win;
 		GETQUEUESTATUS queue;

-		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
-		cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
-		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, TEXT("GetForegroundWindow"));
+		cursor = (GETCURSORINFO) GetProcAddress(user, TEXT("GetCursorInfo"));
+		queue = (GETQUEUESTATUS) GetProcAddress(user, TEXT("GetQueueStatus"));

 		if (win)
 			{
@@ -466,19 +458,19 @@ int RAND_poll(void)
 		MODULEENTRY32 m;

 		snap = (CREATETOOLHELP32SNAPSHOT)
-			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+			GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
 		close_snap = (CLOSETOOLHELP32SNAPSHOT)
-			GetProcAddress(kernel, "CloseToolhelp32Snapshot");
-		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
-		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
-		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
-		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
-		process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
-		process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
-		thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
-		thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
-		module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
-		module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+			GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
+		heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
+		heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
+		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
+		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListNext"));
+		process_first = (PROCESS32) GetProcAddress(kernel, TEXT("Process32First"));
+		process_next = (PROCESS32) GetProcAddress(kernel, TEXT("Process32Next"));
+		thread_first = (THREAD32) GetProcAddress(kernel, TEXT("Thread32First"));
+		thread_next = (THREAD32) GetProcAddress(kernel, TEXT("Thread32Next"));
+		module_first = (MODULE32) GetProcAddress(kernel, TEXT("Module32First"));
+		module_next = (MODULE32) GetProcAddress(kernel, TEXT("Module32Next"));

 		if (snap && heap_first && heap_next && heaplist_first &&
 			heaplist_next && process_first && process_next &&
@@ -554,18 +546,6 @@ int RAND_poll(void)

 		FreeLibrary(kernel);
 		}
-#endif /* !OPENSSL_SYS_WINCE */
-
-	/* timer data */
-	readtimer();
-	
-	/* memory usage statistics */
-	GlobalMemoryStatus(&m);
-	RAND_add(&m, sizeof(m), 1);
-
-	/* process ID */
-	w = GetCurrentProcessId();
-	RAND_add(&w, sizeof(w), 1);

 #if 0
 	printf("Exiting RAND_poll\n");
@@ -627,7 +607,7 @@ static void readtimer(void)
 	DWORD w;
 	LARGE_INTEGER l;
 	static int have_perfc = 1;
-#if defined(_MSC_VER) && defined(_M_X86)
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
 	static int have_tsc = 1;
 	DWORD cyclecount;

--- a/crypto/ripemd/Makefile
+++ b/crypto/ripemd/Makefile
@@ -96,10 +96,10 @@ clean:

 # DO NOT DELETE THIS LINE -- make depend depends on it.

-rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-rmd_dgst.o: ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
+rmd_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+rmd_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
 rmd_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 rmd_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h rmd_dgst.c
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -72,10 +72,6 @@
 #error RSA is disabled.
 #endif

-#if defined(OPENSSL_FIPS)
-#define FIPS_RSA_SIZE_T	int
-#endif
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
--- a/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
@@ -101,18 +101,12 @@ sha1_one.o: ../../include/openssl/opensslconf.h
 sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
-sha1dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-sha1dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 sha1dgst.o: ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-sha1dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha1dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha1dgst.c
-sha1dgst.o: sha_locl.h
-sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-sha_dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h sha1dgst.c
+sha_dgst.o: ../../fips/fips_locl.h ../../include/openssl/bio.h
+sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_dgst.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+sha_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 sha_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 sha_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha_dgst.c
--- a/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
@@ -69,10 +69,6 @@ extern "C" {
 #error SHA is disabled.
 #endif

-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T unsigned long
-#endif
-
 /*
 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -113,8 +113,6 @@ STACK_OF(type) \
 	((type * (*)(STACK_OF(type) *))sk_pop)(st)
 #define SKM_sk_sort(type, st) \
 	((void (*)(STACK_OF(type) *))sk_sort)(st)
-#define SKM_sk_is_sorted(type, st) \
-	((int (*)(const STACK_OF(type) *))sk_is_sorted)(st)

 #define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
@@ -189,8 +187,6 @@ STACK_OF(type) \
 	((type *)sk_pop(st))
 #define SKM_sk_sort(type, st) \
 	sk_sort(st)
-#define SKM_sk_is_sorted(type, st) \
-	sk_is_sorted(st)

 #define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
@@ -227,7 +223,6 @@ STACK_OF(type) \
 #define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))

 #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
@@ -248,7 +243,6 @@ STACK_OF(type) \
 #define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))

 #define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
@@ -269,7 +263,6 @@ STACK_OF(type) \
 #define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
 #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))

 #define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
@@ -290,7 +283,6 @@ STACK_OF(type) \
 #define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
 #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))

 #define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
@@ -311,7 +303,6 @@ STACK_OF(type) \
 #define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
 #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))

 #define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
@@ -332,7 +323,6 @@ STACK_OF(type) \
 #define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
 #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))

 #define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
@@ -353,7 +343,6 @@ STACK_OF(type) \
 #define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
 #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))

 #define sk_BIO_new(st) SKM_sk_new(BIO, (st))
 #define sk_BIO_new_null() SKM_sk_new_null(BIO)
@@ -374,7 +363,6 @@ STACK_OF(type) \
 #define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
 #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))

 #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
@@ -395,7 +383,6 @@ STACK_OF(type) \
 #define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))

 #define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
 #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
@@ -416,7 +403,6 @@ STACK_OF(type) \
 #define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
 #define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
 #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))

 #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
 #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
@@ -437,7 +423,6 @@ STACK_OF(type) \
 #define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
 #define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
 #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))

 #define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
@@ -458,7 +443,6 @@ STACK_OF(type) \
 #define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
 #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))

 #define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
@@ -479,7 +463,6 @@ STACK_OF(type) \
 #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
 #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))

 #define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
 #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
@@ -500,7 +483,6 @@ STACK_OF(type) \
 #define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
 #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
 #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))

 #define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
 #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
@@ -521,7 +503,6 @@ STACK_OF(type) \
 #define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
 #define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
 #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))

 #define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
@@ -542,7 +523,6 @@ STACK_OF(type) \
 #define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
 #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))

 #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
@@ -563,7 +543,6 @@ STACK_OF(type) \
 #define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))

 #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
@@ -584,7 +563,6 @@ STACK_OF(type) \
 #define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))

 #define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
@@ -605,7 +583,6 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
 #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))

 #define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
@@ -626,7 +603,6 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
 #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))

 #define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
@@ -647,7 +623,6 @@ STACK_OF(type) \
 #define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
 #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))

 #define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
@@ -668,7 +643,6 @@ STACK_OF(type) \
 #define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
 #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))

 #define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
@@ -689,7 +663,6 @@ STACK_OF(type) \
 #define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
 #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))

 #define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
@@ -710,7 +683,6 @@ STACK_OF(type) \
 #define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
 #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))

 #define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
@@ -731,7 +703,6 @@ STACK_OF(type) \
 #define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
 #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))

 #define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
 #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
@@ -752,7 +723,6 @@ STACK_OF(type) \
 #define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
 #define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
 #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))

 #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
 #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
@@ -773,7 +743,6 @@ STACK_OF(type) \
 #define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
 #define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
 #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))

 #define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
@@ -794,7 +763,6 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))

 #define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
@@ -815,7 +783,6 @@ STACK_OF(type) \
 #define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
 #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))

 #define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
@@ -836,7 +803,6 @@ STACK_OF(type) \
 #define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))

 #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
@@ -857,7 +823,6 @@ STACK_OF(type) \
 #define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))

 #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
@@ -878,7 +843,6 @@ STACK_OF(type) \
 #define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))

 #define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
 #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
@@ -899,7 +863,6 @@ STACK_OF(type) \
 #define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
 #define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
 #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))

 #define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
@@ -920,7 +883,6 @@ STACK_OF(type) \
 #define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
 #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))

 #define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
@@ -941,7 +903,6 @@ STACK_OF(type) \
 #define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
 #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))

 #define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
 #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
@@ -962,7 +923,6 @@ STACK_OF(type) \
 #define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
 #define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
 #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))

 #define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
@@ -983,7 +943,6 @@ STACK_OF(type) \
 #define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))

 #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
@@ -1004,7 +963,6 @@ STACK_OF(type) \
 #define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))

 #define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
 #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
@@ -1025,7 +983,6 @@ STACK_OF(type) \
 #define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
 #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
 #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))

 #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
 #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
@@ -1046,7 +1003,6 @@ STACK_OF(type) \
 #define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
 #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
 #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))

 #define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
 #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
@@ -1067,7 +1023,6 @@ STACK_OF(type) \
 #define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
 #define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
 #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))

 #define sk_X509_new(st) SKM_sk_new(X509, (st))
 #define sk_X509_new_null() SKM_sk_new_null(X509)
@@ -1088,7 +1043,6 @@ STACK_OF(type) \
 #define sk_X509_shift(st) SKM_sk_shift(X509, (st))
 #define sk_X509_pop(st) SKM_sk_pop(X509, (st))
 #define sk_X509_sort(st) SKM_sk_sort(X509, (st))
-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))

 #define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
@@ -1109,7 +1063,6 @@ STACK_OF(type) \
 #define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
 #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))

 #define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
 #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
@@ -1130,7 +1083,6 @@ STACK_OF(type) \
 #define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
 #define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
 #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))

 #define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
@@ -1151,7 +1103,6 @@ STACK_OF(type) \
 #define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
 #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))

 #define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
 #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
@@ -1172,7 +1123,6 @@ STACK_OF(type) \
 #define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
 #define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
 #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))

 #define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
@@ -1193,7 +1143,6 @@ STACK_OF(type) \
 #define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
 #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))

 #define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
 #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
@@ -1214,7 +1163,6 @@ STACK_OF(type) \
 #define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
 #define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
 #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))

 #define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
@@ -1235,7 +1183,6 @@ STACK_OF(type) \
 #define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
 #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))

 #define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
 #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
@@ -1256,7 +1203,6 @@ STACK_OF(type) \
 #define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
 #define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
 #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))

 #define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
@@ -1277,7 +1223,6 @@ STACK_OF(type) \
 #define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
 #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))

 #define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
 #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
@@ -1298,7 +1243,6 @@ STACK_OF(type) \
 #define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
 #define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
 #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))

 #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
@@ -1319,7 +1263,6 @@ STACK_OF(type) \
 #define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))

 #define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
 #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
@@ -1340,7 +1283,6 @@ STACK_OF(type) \
 #define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
 #define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
 #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))

 #define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
 #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
@@ -1361,7 +1303,6 @@ STACK_OF(type) \
 #define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
 #define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
 #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))

 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -331,10 +331,3 @@ void sk_sort(STACK *st)
 		st->sorted=1;
 		}
 	}
-
-int sk_is_sorted(const STACK *st)
-	{
-	if (!st)
-		return 1;
-	return st->sorted;
-	}
--- a/crypto/stack/stack.h
+++ b/crypto/stack/stack.h
@@ -99,7 +99,6 @@ int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
 			(const char * const *, const char * const *);
 STACK *sk_dup(STACK *st);
 void sk_sort(STACK *st);
-int sk_is_sorted(const STACK *st);

 #ifdef  __cplusplus
 }
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -410,7 +410,6 @@ typedef struct X509_crl_info_st
 	ASN1_TIME *nextUpdate;
 	STACK_OF(X509_REVOKED) *revoked;
 	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-	ASN1_ENCODING enc;
 	} X509_CRL_INFO;

 struct X509_crl_st
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -118,7 +118,7 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 * used and there may be more: so the list is configurable.
 */

-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
+static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};

 static int *ext_nids = ext_nid_list;

@@ -143,33 +143,32 @@ void X509_REQ_set_extension_nids(int *nids)
 }

 STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
-	{
+{
 	X509_ATTRIBUTE *attr;
+	STACK_OF(X509_ATTRIBUTE) *sk;
 	ASN1_TYPE *ext = NULL;
-	int idx, *pnid;
+	int i;
 	unsigned char *p;
-
-	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
+	if ((req == NULL) || (req->req_info == NULL))
 		return(NULL);
-	for (pnid = ext_nids; *pnid != NID_undef; pnid++)
-		{
-		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-		if (idx == -1)
-			continue;
-		attr = X509_REQ_get_attr(req, idx);
-		if(attr->single) ext = attr->value.single;
-		else if(sk_ASN1_TYPE_num(attr->value.set))
-			ext = sk_ASN1_TYPE_value(attr->value.set, 0);
-		break;
+	sk=req->req_info->attributes;
+        if (!sk) return NULL;
+	for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+		attr = sk_X509_ATTRIBUTE_value(sk, i);
+		if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
+			if(attr->single) ext = attr->value.single;
+			else if(sk_ASN1_TYPE_num(attr->value.set))
+				ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+			break;
 		}
-	if(!ext || (ext->type != V_ASN1_SEQUENCE))
-		return NULL;
+	}
+	if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
 	p = ext->value.sequence->data;
 	return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
 			ext->value.sequence->length,
 			d2i_X509_EXTENSION, X509_EXTENSION_free,
 			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-	}
+}

 /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
 * in case we want to create a non standard one.
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -627,15 +627,6 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
 	X509_EXTENSION *ext;
 	/* Look for serial number of certificate in CRL */
 	rtmp.serialNumber = X509_get_serialNumber(x);
-	/* Sort revoked into serial number order if not already sorted.
-	 * Do this under a lock to avoid race condition.
- 	 */
-	if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
-		sk_X509_REVOKED_sort(crl->crl->revoked);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
-		}
 	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
 	/* If found assume revoked: want something cleverer than
 	 * this to handle entry extensions in V2 CRLs.
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -60,8 +60,7 @@
 extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold;
@@ -90,7 +89,6 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_akey_id,
 &v3_crld,
 &v3_ext_ku,
-&v3_delta_crl,
 &v3_crl_reason,
 #ifndef OPENSSL_NO_OCSP
 &v3_crl_invdate,
--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,16 +61,9 @@
 #include <openssl/x509v3.h>

 X509V3_EXT_METHOD v3_crl_num = { 
-	NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	0,
-	0,0,0,0, NULL};
-
-X509V3_EXT_METHOD v3_delta_crl = { 
-	NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	0,
-	0,0,0,0, NULL};
+NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+0,0,0,0,
+(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+0,
+0,0,0,0, NULL};

--- a/demos/engines/rsaref/rsaref.c
+++ b/demos/engines/rsaref/rsaref.c
@@ -426,7 +426,7 @@ static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned c
 	}
 	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
 		goto err;
-	if ((i=RSAPrivateEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+	if ((i=RSAPrivateEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
 		{
 		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
 		outlen= -1;
@@ -444,7 +444,7 @@ static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned ch

 	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
 		goto err;
-	if ((i=RSAPublicDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+	if ((i=RSAPublicDecrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
 		{
 		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
 		outlen= -1;
@@ -481,7 +481,7 @@ static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned ch

 	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
 		goto err;
-	if ((i=RSAPublicEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
+	if ((i=RSAPublicEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
 		{
 		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
 		outlen= -1;
--- a/doc/apps/enc.pod
+++ b/doc/apps/enc.pod
@@ -86,7 +86,7 @@ versions of OpenSSL. Superseded by the B<-pass> argument.
 =item B<-kfile filename>

 read the password to derive the key from the first line of B<filename>.
-This is for compatibility with previous versions of OpenSSL. Superseded by
+This is for computability with previous versions of OpenSSL. Superseded by
 the B<-pass> argument.

 =item B<-S salt>
--- a/doc/crypto/BN_num_bytes.pod
+++ b/doc/crypto/BN_num_bytes.pod
@@ -16,14 +16,8 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size

 =head1 DESCRIPTION

-BN_num_bytes() returns the size of a B<BIGNUM> in bytes.
-
-BN_num_bits_word() returns the number of significant bits in a word.
-If we take 0x00000432 as an example, it returns 11, not 16, not 32.
-Basically, except for a zero, it returns I<floor(log2(w))+1>.
-
-BN_num_bits() returns the number of significant bits in a B<BIGNUM>,
-following the same principle as BN_num_bits_word().
+These functions return the size of a B<BIGNUM> in bytes or bits,
+and the size of an unsigned integer in bits.

 BN_num_bytes() is a macro.

@@ -31,23 +25,9 @@ BN_num_bytes() is a macro.

 The size.

-=head1 NOTES
-
-Some have tried using BN_num_bits() on individual numbers in RSA keys,
-DH keys and DSA keys, and found that they don't always come up with
-the number of bits they expected (something like 512, 1024, 2048,
-...).  This is because generating a number with some specific number
-of bits doesn't always set the highest bits, thereby making the number
-of I<significant> bits a little lower.  If you want to know the "key
-size" of such a key, either use functions like RSA_size(), DH_size()
-and DSA_size(), or use BN_num_bytes() and multiply with 8 (although
-there's no real guarantee that will match the "key size", just a lot
-more probability).
-
 =head1 SEE ALSO

-L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>,
-L<RSA_size(3)|RSA_size(3)>
+L<bn(3)|bn(3)>

 =head1 HISTORY

--- a/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -46,8 +46,7 @@ B<SSL_MAX_SSL_SESSION_ID_LENGTH>.

 =head1 WARNINGS

-If the session id context is not set on an SSL/TLS server and client
-certificates are used, stored sessions
+If the session id context is not set on an SSL/TLS server, stored sessions
 will not be reused but a fatal error will be flagged and the handshake
 will fail.

--- a/e_os.h
+++ b/e_os.h
@@ -515,7 +515,7 @@ extern char *sys_errlist[]; extern int sys_nerr;
 #  define strncasecmp _strnicmp
 #elif defined(OPENSSL_SYS_VMS)
 /* VMS below version 7.0 doesn't have strcasecmp() */
-#  include "o_str.h"
+#  include <openssl/o_str.h>
 #  define strcasecmp OPENSSL_strcasecmp
 #  define strncasecmp OPENSSL_strncasecmp
 #elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
--- a/e_os2.h
+++ b/e_os2.h
@@ -189,11 +189,6 @@ extern "C" {
 # endif
 #endif

-/* --------------------------------- VOS ----------------------------------- */
-#ifdef OPENSSL_SYSNAME_VOS
-# define OPENSSL_SYS_VOS
-#endif
-
 /* ------------------------------- VxWorks --------------------------------- */
 #ifdef OPENSSL_SYSNAME_VXWORKS
 # define OPENSSL_SYS_VXWORKS
@@ -248,7 +243,7 @@ extern "C" {
 #define OPENSSL_EXTERN OPENSSL_IMPORT

 /* Macros to allow global variables to be reached through function calls when
-   required (if a shared library version requires it, for example.
+   required (if a shared library version requvres it, for example.
   The way it's done allows definitions like this:

 	// in foobar.c
@@ -258,10 +253,9 @@ extern "C" {
 	#define foobar OPENSSL_GLOBAL_REF(foobar)
 */
 #ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name)			     \
-	extern type _hide_##name;				     \
-	type *_shadow_##name(void) { return &_hide_##name; }	     \
-	static type _hide_##name
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) static type _hide_##name; \
+        type *_shadow_##name(void) { return &_hide_##name; } \
+        static type _hide_##name
 # define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
 # define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
 #else
--- a/fips/.cvsignore
+++ b/fips/.cvsignore
@@ -1,4 +1 @@
-lib
 Makefile.save
-fips_test_suite
-fips_test_suite.sha1
--- a/fips/Makefile
+++ b/fips/Makefile
@@ -25,7 +25,7 @@ CFLAGS= $(INCLUDE) $(CFLAG)

 LIBS=

-FDIRS=sha1 rand des aes dsa rsa dh
+FDIRS=sha1 rand des aes dsa rsa

 GENERAL=Makefile README fips-lib.com install.com

@@ -193,4 +193,10 @@ fips.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 fips.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips.c
 fips.o: fips_locl.h
-fips_err_wrapper.o: ../include/openssl/opensslconf.h fips_err_wrapper.c
+fips_err_wrapper.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+fips_err_wrapper.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_err_wrapper.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+fips_err_wrapper.o: ../include/openssl/opensslconf.h
+fips_err_wrapper.o: ../include/openssl/opensslv.h
+fips_err_wrapper.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+fips_err_wrapper.o: ../include/openssl/symhacks.h fips_err.h fips_err_wrapper.c
--- a/fips/aes/.cvsignore
+++ b/fips/aes/.cvsignore
@@ -1,2 +1,5 @@
 lib
+fips_aesavs
+fips_aesavs.sha1
+testlist
 Makefile.save
--- a/fips/aes/Makefile
+++ b/fips/aes/Makefile
@@ -56,13 +56,11 @@ links:
 	@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)

 install:
-	@if test -n "$(EXHEADER)"; then \
-	  for i in $(EXHEADER) ; \
-	  do  \
-	    (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-	    chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-	  done; \
-	fi
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;

 tags:
 	ctags $(SRC)
--- a/fips/aes/fingerprint.sha1
+++ b/fips/aes/fingerprint.sha1
@@ -1,3 +1,3 @@
-HMAC-SHA1(fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55
+HMAC-SHA1(fips_aes_core.c)= 979e9a3084dc8e15d9f222bf721e6faccf6bcd18
 HMAC-SHA1(fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0
 HMAC-SHA1(fips_aes_locl.h)= ded58f0cda8cb967dc5f5f3a860601c0b8744623
--- a/fips/aes/fips_aes_core.c
+++ b/fips/aes/fips_aes_core.c
@@ -727,18 +727,18 @@ static const u32 rcon[] = {
 /**
 * Expand the cipher key into the encryption key schedule.
 */
-int AES_set_encrypt_key(const unsigned char *userKey,
-			const FIPS_AES_SIZE_T bits, AES_KEY *key) {
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+			AES_KEY *key) {

 	u32 *rk;
-	int i = 0;
+   	int i = 0;
 	u32 temp;

 	if (!userKey || !key)
 		return -1;
 	if (bits != 128 && bits != 192 && bits != 256)
 		return -2;
-	if(FIPS_selftest_failed())
+	if(FIPS_selftest_fail)
 		return -3;

 	rk = key->rd_key;
@@ -830,8 +830,8 @@ int AES_set_encrypt_key(const unsigned char *userKey,
 /**
 * Expand the cipher key into the decryption key schedule.
 */
-int AES_set_decrypt_key(const unsigned char *userKey,
-	const FIPS_AES_SIZE_T bits, AES_KEY *key) {
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+			 AES_KEY *key) {

        u32 *rk;
 	int i, j, status;
--- a/fips/aes/fips_aes_data/.cvsignore
+++ b/fips/aes/fips_aes_data/.cvsignore
@@ -0,0 +1 @@
+rsp
--- a/fips/aes/fips_aesavs.c
+++ b/fips/aes/fips_aesavs.c
@@ -1,56 +1,8 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
 /*---------------------------------------------
  NIST AES Algorithm Validation Suite
  Test Program

-  Donated to OpenSSL by:
+  Copyright
  V-ONE Corporation
  20250 Century Blvd, Suite 300
  Germantown, MD 20874
--- a/Show More
+++ b/Show More