This commit was manufactured by cvs2svn to create tag 'BEN_FIPS_TEST_6'.

CHANGES

@@ -2,43 +2,7 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
-
-  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
-     server and client random values. Previously
-     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
-     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
-
-     This change has negligible security impact because:
-
-     1. Server and client random values still have 24 bytes of pseudo random
-        data.
-
-     2. Server and client random values are sent in the clear in the initial
-        handshake.
-
-     3. The master secret is derived using the premaster secret (48 bytes in
-        size for static RSA ciphersuites) as well as client server and random
-        values.
-
-     The OpenSSL team would like to thank the UK NISCC for bringing this issue
-     to our attention. 
-
-     [Stephen Henson, reported by UK NISCC]
-
-  *) Use Windows randomness collection on Cygwin.
-     [Ulf M<>ller]
-
-  *) Fix hang in EGD/PRNGD query when communication socket is closed
-     prematurely by EGD/PRNGD.
-     [Darren Tucker <dtucker@zip.com.au> via Lutz J<>nicke, resolves #1014]
-
-  *) Prompt for pass phrases when appropriate for PKCS12 input format.
-     [Steve Henson]
-
-  *) Back-port of selected performance improvements from development
-     branch, as well as improved support for PowerPC platforms.
-     [Andy Polyakov]
+ Changes between 0.9.7e and 0.9.7f  [XX xxx XXXX]
 
   *) Add lots of checks for memory allocation failure, error codes to indicate
      failure and freeing up memory if a failure occurs.

Configure

@@ -270,10 +270,10 @@ my %table=(
 "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux64-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -393,9 +393,7 @@ my %table=(
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
 "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc32.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -bpowerpc64-linux is transient option, -m64 should be the one to use...
-"linux-ppc64",  "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:asm/linux_ppc64.o:::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -425,9 +423,7 @@ my %table=(
 "qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
 
 # Linux on ARM
-# ARM comes in both little- and big-endian flavors. The following line is
-# endian neutral, but ./config is free to throw in -D[BL]_ENDIAN...
-"linux-elf-arm","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # SCO/Caldera targets.
 #
@@ -454,10 +450,11 @@ my %table=(
 
 
 # IBM's AIX.
-"aix3-cc",    "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc",    "gcc:-O3 -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:asm/aix_ppc32.o:::::::::dlfcn:",
-"aix-cc",     "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR:asm/aix_ppc32.o:::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc",   "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:asm/aix_ppc64.o:::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
+"aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -520,17 +517,17 @@ my %table=(
 "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # MinGW
-"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:-D_DLL:-mno-cygwin:.dll",
+"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",
 
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
 
 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -553,7 +550,7 @@ my %table=(
 
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 
 ##### A/UX
@@ -940,7 +937,8 @@ print "Configuring for $target\n";
 
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 
-$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
+$exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "DJGPP");
 $exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
@@ -1537,6 +1535,7 @@ EOF
 	} else {
 	    # No path for Perl known ...
 	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne "" && !$make_depend) {

FAQ

@@ -70,7 +70,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7f was released on March 22, 2005.
+OpenSSL 0.9.7e was released on October 25, 2004.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -472,10 +472,6 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
 
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 

INSTALL.DJGPP

@@ -3,45 +3,32 @@
  INSTALLATION ON THE DOS PLATFORM WITH DJGPP
  -------------------------------------------
 
- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
- environment for 16-bit DOS, but only with long filename support.
- If you wish to compile on native DOS with 8+3 filenames, you will
- have to tweak the installation yourself, including renaming files
- with illegal or duplicate names.
+ Openssl has been ported to DOS, but only with long filename support. If
+ you wish to compile on native DOS with 8+3 filenames, you will have to
+ tweak the installation yourself, including renaming files with illegal
+ or duplicate names.
 
  You should have a full DJGPP environment installed, including the
  latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
  requires that PERL and BC also be installed.
 
- All of these can be obtained from the usual DJGPP mirror sites or
- directly at "http://www.delorie.com/pub/djgpp". For help on which
- files to download, see the DJGPP "ZIP PICKER" page at
- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
- the WATT-32 networking package installed before you try to compile
- OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
+ All of these can be obtained from the usual DJGPP mirror sites, such
+ as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
+ have the WATT-32 networking package installed before you try to compile
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/".
  The Makefile assumes that the WATT-32 code is in the directory
  specified by the environment variable WATT_ROOT. If you have watt-32
  in directory "watt32" under your main DJGPP directory, specify
  WATT_ROOT="/dev/env/DJDIR/watt32".
 
- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
- running "./Configure" with appropriate arguments:
-
-	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ To compile openssl, start your BASH shell. Then configure for DOS by
+ running "./Configure" with appropriate arguments. The basic syntax for
+ DOS is:
+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
  
- And finally fire up "make". You may run out of DPMI selectors when
- running in a DOS box under Windows. If so, just close the BASH
- shell, go back to Windows, and restart BASH. Then run "make" again.
+ You may run out of DPMI selectors when running in a DOS box under
+ Windows. If so, just close the BASH shell, go back to Windows, and
+ restart BASH. Then run "make" again.
 
- RUN-TIME CAVEAT LECTOR
- --------------
-
- Quoting FAQ:
-
-  "Cryptographic software needs a source of unpredictable data to work
-   correctly.  Many open source operating systems provide a "randomness
-   device" (/dev/urandom or /dev/random) that serves this purpose."
-
- As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
- party "randomness" DOS driver. One such driver, NOISE.SYS, can be
- obtained from "http://www.rahul.net/dkaufman/index.html".
+ Building openssl under DJGPP has been tested with DJGPP 2.03,
+ GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.

Makefile.org

@@ -227,7 +227,7 @@ all: Makefile sub_all openssl.pc
 
 sigs:	$(SIGS)
 libcrypto.a.sha1: libcrypto.a
-	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		$(RANLIB) libcrypto.a; \
 		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
 	fi
@@ -334,18 +334,11 @@ do_cygwin-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	shlib=cyg$${i}-$(SHLIB_VERSION_NUMBER).dll; \
-	[ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
-	[ -f apps/$$shlib ] && rm apps/$$shlib; \
-	[ -f test/$$shlib ] && rm test/$$shlib; \
-	base=;  [ $$i = "crypto" ] && base=-Wl,--image-base,0xFE00000; \
-	( set -x; ${CC} ${SHARED_LDFLAGS} \
-		-shared $$base -o $$shlib \
+	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
-		-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
-	cp -p $$shlib apps/; cp -p $$shlib test/; \
+		-Wl,--no-whole-archive $$libs ) || exit 1; \
 	libs="-l$$i $$libs"; \
 	done
 
@@ -486,8 +479,8 @@ do_irix-shared:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( WHOLELIB="-all lib$$i.a -none"; \
-		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
+		( WHOLELIB="-all lib$$i.a -notall"; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -512,18 +505,13 @@ do_hpux-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
-		shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	else \
-		shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	fi; \
-	[ -f $$shlib ] && rm -f $$shlib; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		+vnocompatwarnings \
 		-b -z +s \
-		-o $$shlib +h $$shlib \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		-Fl lib$$i.a -ldld -lc ) || exit 1; \
-	chmod a=rx $$shlib; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done
 
 # This assumes that GNU utilities are *not* used
@@ -540,17 +528,12 @@ do_hpux64-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
-		shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	else \
-		shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
-	fi; \
-	[ -f $$shlib ] && rm -f $$shlib; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		-b -z \
-		-o $$shlib +h $$shlib \
+		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a -ldl -lc ) || exit 1; \
-	chmod a=rx $$shlib; \
+	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
 	done
 
 # The following method is said to work on all platforms.  Tests will
@@ -591,8 +574,6 @@ do_aix-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; \
-	  OBJECT_MODE=`expr x${SHARED_LDFLAGS} : 'x\-[a-z]\([0-9]*\)'`; \
-	  OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
 	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
 	    $(SHAREDCMD) $(SHAREDFLAGS) \
@@ -646,7 +627,7 @@ clean:	libclean
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making clean in $$i..." && \
-		$(MAKE) EXE_EXT='${EXE_EXT}' SDIRS='${SDIRS}' clean ) || exit 1; \
+		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
 	fi; \
 	done;
@@ -698,9 +679,20 @@ dclean:
 
 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
-	  OPENSSL_DEBUG_MEMORY=on; \
+	@(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
 	  export OPENSSL OPENSSL_DEBUG_MEMORY; \
+	  if [ -n "$(SHARED_LIBS)" ]; then \
+	    LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+	    DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+	    SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+	    LIBPATH="`pwd`:$$LIBPATH"; \
+	    if [ "$(PLATFORM)" = "Cygwin" ]; then \
+	      PATH="`pwd`:$$PATH"; \
+	    fi; \
+	    LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
+	    export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+	    export LD_PRELOAD; \
+	  fi; \
 	  $(PERL) tools/c_rehash certs)
 	touch rehash.time
 
@@ -709,7 +701,17 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	util/shlib_wrap.sh apps/openssl version -a
+	@if [ -n "$(SHARED_LIBS)" ]; then \
+	  LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+	  DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+	  SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+	  LIBPATH="`pwd`:$$LIBPATH"; \
+	  if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+	  LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
+	  export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+	  export LD_PRELOAD; \
+	fi; \
+	apps/openssl version -a
 
 report:
 	@$(PERL) util/selftest.pl
@@ -887,7 +889,7 @@ install_docs:
 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
 	here="`pwd`"; \
 	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
 		filecase=-i; \
 	fi; \
 	for i in doc/apps/*.pod; do \

NEWS

@@ -5,14 +5,6 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
-
-      o Several compilation issues fixed.
-      o Many memory allocation failure checks added.
-      o Improved comparison of X509 Name type.
-      o Mandatory basic checks on certificates.
-      o Performance improvements.
-
   Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
 
       o Fix race condition in CRL checking code.

PROBLEMS

@@ -90,6 +90,15 @@ failures in other parts of the code.
 
 Workaround: modify the target to +O2 when building with no-asm.
 
+* Poor support for AIX shared builds.
+
+do_aix-shared rule is not flexible enough to parameterize through a
+config-line. './Configure aix43-cc shared' is working, but not
+'./Configure aix64-gcc shared'. In latter case make fails to create shared
+libraries. It's possible to build 64-bit shared libraries by running
+'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
+supporting even gcc shared builds. See RT#463 for background information.
+
 * Problems building shared libraries on SCO OpenServer Release 5.0.6
   with gcc 2.95.3
 

README

@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.7f 22 March 2005
+ OpenSSL 0.9.7e 25 Oct 2004
 
- Copyright (c) 1998-2005 The OpenSSL Project
+ Copyright (c) 1998-2004 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

STATUS

@@ -1,12 +1,10 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2005/03/22 18:17:22 $
+  ______________                           $Date: 2004/03/17 12:01:16 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
-    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
-    o  OpenSSL 0.9.7e: Released on October   25th, 2004
     o  OpenSSL 0.9.7d: Released on March     17th, 2004
     o  OpenSSL 0.9.7c: Released on September 30th, 2003
     o  OpenSSL 0.9.7b: Released on April     10th, 2003

TABLE

@@ -92,7 +92,7 @@ $cast_obj     = asm/cx86-out.o
 $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
-$dso_scheme   = dlfcn
+$dso_scheme   = win32
 $shared_target= cygwin-shared
 $shared_cflag = 
 $shared_ldflag = 
@@ -127,7 +127,7 @@ $arflags      =
 
 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM="/dev/urandom\x24"
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@@ -1027,56 +1027,6 @@ $arflags      =
 
 *** aix-cc
 $cc           = cc
-$cflags       = -q32 -O -DB_ENDIAN -qmaxmem=16384
-$unistd       = 
-$thread_cflag = -qthreaded
-$sys_id       = AIX
-$lflags       = 
-$bn_ops       = BN_LLONG RC4_CHAR
-$bn_obj       = asm/aix_ppc32.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= aix-shared
-$shared_cflag = 
-$shared_ldflag = -q32
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = -X 32
-
-*** aix-gcc
-$cc           = gcc
-$cflags       = -O3 -DB_ENDIAN
-$unistd       = 
-$thread_cflag = -D_THREAD_SAFE
-$sys_id       = AIX
-$lflags       = 
-$bn_ops       = BN_LLONG RC4_CHAR
-$bn_obj       = asm/aix_ppc32.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
-$shared_extension = 
-$ranlib       = 
-$arflags      = 
-
-*** aix3-cc
-$cc           = cc
 $cflags       = -O -DB_ENDIAN -qmaxmem=16384
 $unistd       = 
 $thread_cflag = (unknown)
@@ -1100,15 +1050,90 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** aix64-cc
-$cc           = cc
-$cflags       = -q64 -O -DB_ENDIAN -qmaxmem=16384
+*** aix-gcc
+$cc           = gcc
+$cflags       = -O3 -DB_ENDIAN
 $unistd       = 
-$thread_cflag = -qthreaded
+$thread_cflag = (unknown)
 $sys_id       = AIX
 $lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix43-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= aix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** aix43-gcc
+$cc           = gcc
+$cflags       = -O1 -DAIX -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix64-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
-$bn_obj       = asm/aix_ppc64.o
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -1433,7 +1458,7 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
 $lflags       = 
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
-$bn_obj       = asm/osx_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -2346,7 +2371,7 @@ $dso_scheme   = dlfcn
 $shared_target= hpux-shared
 $shared_cflag = +Z
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -2621,7 +2646,7 @@ $dso_scheme   = dlfcn
 $shared_target= hpux64-shared
 $shared_cflag = +Z
 $shared_ldflag = 
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -3052,7 +3077,7 @@ $arflags      =
 
 *** linux-elf-arm
 $cc           = gcc
-$cflags       = -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -3308,7 +3333,7 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -ldl
 $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
-$bn_obj       = asm/linux_ppc32.o
+$bn_obj       = 
 $des_obj      = 
 $bf_obj       = 
 $md5_obj      = 
@@ -3325,31 +3350,6 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
-*** linux-ppc64
-$cc           = gcc
-$cflags       = -bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
-$unistd       = 
-$thread_cflag = -D_REENTRANT
-$sys_id       = 
-$lflags       = -ldl
-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
-$bn_obj       = asm/linux_ppc64.o
-$des_obj      = 
-$bf_obj       = 
-$md5_obj      = 
-$sha1_obj     = 
-$cast_obj     = 
-$rc4_obj      = 
-$rmd160_obj   = 
-$rc5_obj      = 
-$dso_scheme   = dlfcn
-$shared_target= linux-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -bpowerpc64-linux
-$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
-$ranlib       = 
-$arflags      = 
-
 *** linux-ppro
 $cc           = gcc
 $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall
@@ -3556,7 +3556,7 @@ $cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wal
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MINGW32
-$lflags       = -lwsock32 -lgdi32
+$lflags       = -mno-cygwin -lwsock32 -lgdi32
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-out.o asm/co86-out.o
 $des_obj      = asm/dx86-out.o asm/yx86-out.o
@@ -3568,9 +3568,9 @@ $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
 $dso_scheme   = win32
-$shared_target= cygwin-shared
-$shared_cflag = -D_DLL
-$shared_ldflag = -mno-cygwin
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
 $shared_extension = .dll
 $ranlib       = 
 $arflags      = 

apps/CA.pl.in

@@ -36,21 +36,13 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
-my $openssl;
-if(defined $ENV{OPENSSL}) {
-	$openssl = $ENV{OPENSSL};
-} else {
-	$openssl = "openssl";
-	$ENV{OPENSSL} = $openssl;
-}
-
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
-$REQ="$openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
-$X509="$openssl x509";
-$PKCS12="$openssl pkcs12";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+$PKCS12="openssl pkcs12";
 
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";

apps/CA.sh

@@ -30,13 +30,11 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
-if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
-
 DAYS="-days 365"
-REQ="$OPENSSL req $SSLEAY_CONFIG"
-CA="$OPENSSL ca $SSLEAY_CONFIG"
-VERIFY="$OPENSSL verify"
-X509="$OPENSSL x509"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem

apps/Makefile

@@ -144,18 +144,28 @@ $(DLIBCRYPTO):
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
 	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
-	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
-	elif [ -z "$(SHARED_LIBS)" ]; then \
-	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
 	else \
-	  set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
 	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
 	fi
 	-(cd ..; \
-	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
+	  OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \
+	  if [ -n "$(SHARED_LIBS)" ]; then \
+	    LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+	    DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+	    SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+	    LIBPATH="`pwd`:$$LIBPATH"; \
+	    if [ "$(PLATFORM)" = "Cygwin" ]; then \
+	      PATH="`pwd`:$$PATH"; \
+	    fi; \
+	    LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
+	    export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+	    export LD_PRELOAD; \
+	  fi; \
 	  $(PERL) tools/c_rehash certs)
 
 progs.h: progs.pl

apps/apps.c

@@ -330,6 +330,22 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif
 
+#ifdef OPENSSL_SYS_VMS
+int VMS_strcasecmp(const char *str1, const char *str2)
+	{
+	while (*str1 && *str2)
+		{
+		int res = toupper(*str1) - toupper(*str2);
+		if (res) return res < 0 ? -1 : 1;
+		}
+	if (*str1)
+		return 1;
+	if (*str2)
+		return -1;
+	return 0;
+	}
+#endif
+
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -675,51 +691,6 @@ int add_oid_section(BIO *err, CONF *conf)
 	return 1;
 }
 
-static int load_pkcs12(BIO *err, BIO *in, const char *desc,
-		pem_password_cb *pem_cb,  void *cb_data,
-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
-	{
- 	const char *pass;
-	char tpass[PEM_BUFSIZE];
-	int len, ret = 0;
-	PKCS12 *p12;
-	p12 = d2i_PKCS12_bio(in, NULL);
-	if (p12 == NULL)
-		{
-		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);	
-		goto die;
-		}
-	/* See if an empty password will do */
-	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
-		pass = "";
-	else
-		{
-		if (!pem_cb)
-			pem_cb = (pem_password_cb *)password_callback;
-		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
-		if (len < 0) 
-			{
-			BIO_printf(err, "Passpharse callback error for %s\n",
-					desc);
-			goto die;
-			}
-		if (len < PEM_BUFSIZE)
-			tpass[len] = 0;
-		if (!PKCS12_verify_mac(p12, tpass, len))
-			{
-			BIO_printf(err,
-	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);	
-			goto die;
-			}
-		pass = tpass;
-		}
-	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
-	die:
-	if (p12)
-		PKCS12_free(p12);
-	return ret;
-	}
-
 X509 *load_cert(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip)
 	{
@@ -800,9 +771,11 @@ X509 *load_cert(BIO *err, const char *file, int format,
 			(pem_password_cb *)password_callback, NULL);
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
-					NULL, &x, NULL))
-			goto end;
+		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
+
+		PKCS12_parse(p12, NULL, NULL, &x, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
 		}
 	else	{
 		BIO_printf(err,"bad input format specified for %s\n",
@@ -881,10 +854,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 #endif
 	else if (format == FORMAT_PKCS12)
 		{
-		if (!load_pkcs12(err, key, key_descrip,
-				(pem_password_cb *)password_callback, &cb_data,
-				&pkey, NULL, NULL))
-			goto end;
+		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
+
+		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
 		}
 	else
 		{

apps/dgst.c

@@ -78,7 +78,7 @@ static HMAC_CTX hmac_ctx;
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
+	  const char *file,BIO *bmd,const char *hmac_key);
 
 int MAIN(int, char **);
 
@@ -108,7 +108,6 @@ int MAIN(int argc, char **argv)
 	char *engine=NULL;
 #endif
 	char *hmac_key=NULL;
-	int non_fips_allow = 0;
 
 	apps_startup();
 
@@ -193,8 +192,6 @@ int MAIN(int argc, char **argv)
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
-		else if (strcmp(*argv,"-non-fips-allow") == 0)
-			non_fips_allow=1;
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
@@ -345,18 +342,10 @@ int MAIN(int argc, char **argv)
 		}
 	}
 
-	if (non_fips_allow)
-		{
-		EVP_MD_CTX *md_ctx;
-		BIO_get_md_ctx(bmd,&md_ctx);
-		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-		}
-
 	/* we use md as a filter, reading from 'in' */
 	if (!BIO_set_md(bmd,md))
 		{
-		BIO_printf(bio_err, "Error setting digest %s\n",
-							EVP_MD_name(md));
+		BIO_printf(bio_err, "Error setting digest %s\n", pname);
 		ERR_print_errors(bio_err);
 		goto end;
 		}
@@ -367,7 +356,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)",bmd,hmac_key, non_fips_allow);
+			  siglen,"","(stdin)",bmd,hmac_key);
 		}
 	else
 		{
@@ -393,7 +382,7 @@ int MAIN(int argc, char **argv)
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
+				siglen,tmp,argv[i],bmd,hmac_key);
 			if(r)
 			    err=r;
 			if(tofree)
@@ -420,7 +409,7 @@ end:
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow)
+	  const char *file,BIO *bmd,const char *hmac_key)
 	{
 	unsigned int len;
 	int i;
@@ -431,11 +420,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 		EVP_MD *md;
 
 		BIO_get_md(bmd,&md);
-		HMAC_CTX_init(&hmac_ctx);
-		if (non_fips_allow)
-			HMAC_CTX_set_flags(&hmac_ctx,
-					EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
+		HMAC_Init(&hmac_ctx,hmac_key,strlen(hmac_key),md);
 		BIO_get_md_ctx(bmd,&md_ctx);
 		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
 		}

apps/enc.c

@@ -118,7 +118,6 @@ int MAIN(int argc, char **argv)
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0,nosalt=0;
 	const EVP_CIPHER *cipher=NULL,*c;
-	EVP_CIPHER_CTX *ctx = NULL;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
@@ -127,7 +126,6 @@ int MAIN(int argc, char **argv)
 	char *engine = NULL;
 #endif
 	const EVP_MD *dgst=NULL;
-	int non_fips_allow = 0;
 
 	apps_startup();
 
@@ -262,8 +260,6 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			md= *(++argv);
 			}
-		else if (strcmp(*argv,"-non-fips-allow") == 0)
-			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
@@ -543,43 +539,13 @@ bad:
 
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
-
-		/* Since we may be changing parameters work on the encryption
-		 * context rather than calling BIO_set_cipher().
-		 */
-
-		BIO_get_cipher_ctx(benc, &ctx);
-		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
-			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-					EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		if (non_fips_allow)
-			EVP_CIPHER_CTX_set_flags(ctx,
-				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-
-		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
-			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-					EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
+		BIO_set_cipher(benc,cipher,key,iv,enc);
 		if (nopad)
-			EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
 			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-					EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
+			EVP_CIPHER_CTX *ctx;
+			BIO_get_cipher_ctx(benc, &ctx);
+			EVP_CIPHER_CTX_set_padding(ctx, 0);
 			}
-
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);

apps/openssl.c

@@ -247,7 +247,7 @@ int main(int Argc, char *Argv[])
 		if (!FIPS_mode_set(1,p)) {
 			ERR_load_crypto_strings();
 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-			EXIT(1);
+			exit(1);
 		}
 		in_FIPS_mode = 1;
 		if (getenv("OPENSSL_FIPS_MD5"))

apps/pkcs12.c

@@ -109,7 +109,7 @@ int MAIN(int argc, char **argv)
     int maciter = PKCS12_DEFAULT_ITER;
     int twopass = 0;
     int keytype = 0;
-    int cert_pbe;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
     int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
     int ret = 1;
     int macver = 1;
@@ -126,13 +126,6 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-#endif
-    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 

apps/req.c

@@ -175,7 +175,7 @@ int MAIN(int argc, char **argv)
 	char *passin = NULL, *passout = NULL;
 	char *p;
 	char *subj = NULL;
-	const EVP_MD *md_alg=NULL,*digest;
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
 	char *to_free;
@@ -197,13 +197,6 @@ int MAIN(int argc, char **argv)
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 
-#ifdef  OPENSSL_FIPS
-	if (FIPS_mode())
-		digest = EVP_sha1();
-	else
-#endif
-		digest = EVP_md5();
-
 	prog=argv[0];
 	argc--;
 	argv++;

apps/s_client.c

@@ -197,9 +197,6 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
-#ifdef WATT32
-	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
-#endif
 	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -351,10 +348,6 @@ int MAIN(int argc, char **argv)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
-#ifdef WATT32
-		else if	(strcmp(*argv,"-wdebug") == 0)
-			dbug_init();
-#endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			c_msg=1;
 		else if	(strcmp(*argv,"-showcerts") == 0)
@@ -595,8 +588,6 @@ re_start:
 	if (starttls_proto == 1)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
-		BIO_printf(sbio,"EHLO some.host.name\r\n");
-		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}

apps/s_socket.c

@@ -153,6 +153,7 @@ static int ssl_sock_init(void)
 #ifdef WATT32
 	extern int _watt_do_exit;
 	_watt_do_exit = 0;
+	dbug_init();
 	if (sock_init())
 		return (0);
 #elif defined(OPENSSL_SYS_WINDOWS)

apps/x509.c

@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	const EVP_MD *md_alg,*digest;
+	const EVP_MD *md_alg,*digest=EVP_md5();
 	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
@@ -216,13 +216,6 @@ int MAIN(int argc, char **argv)
 	if (ctx == NULL) goto end;
 	X509_STORE_set_verify_cb_func(ctx,callb);
 
-#ifdef  OPENSSL_FIPS
-	if (FIPS_mode())
-		digest = EVP_sha1();
-	else
-#endif
-		digest = EVP_md5();
-
 	argc--;
 	argv++;
 	num=0;

config

@@ -111,16 +111,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "m68k-apple-aux3"; exit 0
 	;;
 
-    AIX:[3-9]:4:*)
-	echo "${MACHINE}-ibm-aix"; exit 0
+    AIX:[3456789]:4:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;
 
-    AIX:*:[5-9]:*)
-	echo "${MACHINE}-ibm-aix"; exit 0
+    AIX:*:[56789]:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
 	;;
 
     AIX:*)
-	echo "${MACHINE}-ibm-aix3"; exit 0
+	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
 
     dgux:*)
@@ -491,29 +491,29 @@ case "$GUESSOS" in
 	OUT="irix-$CC"
 	;;
   mips3-sgi-irix)
-	#CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-	#CPU=${CPU:-0}
-	#if [ $CPU -ge 5000 ]; then
-	#	options="$options -mips4"
-	#else
-	#	options="$options -mips3"
-	#fi
+	CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 5000 ]; then
+		options="$options -mips4"
+	else
+		options="$options -mips3"
+	fi
 	OUT="irix-mips3-$CC"
 	;;
   mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
-	if [ "$TEST" = "false" -a -t 1 ]; then
+	if [ "$TEST" = "false" ]; then
 	  echo "         You have about 5 seconds to press Ctrl-C to abort."
-	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
 	fi
-        #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-        #CPU=${CPU:-0}
-        #if [ $CPU -ge 5000 ]; then
-        #        options="$options -mips4"
-        #else
-        #        options="$options -mips3"
-        #fi
+        CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=${CPU:-0}
+        if [ $CPU -ge 5000 ]; then
+                options="$options -mips4"
+        else
+                options="$options -mips3"
+        fi
 	OUT="irix-mips3-$CC"
 	;;
   alpha-*-linux2)
@@ -547,14 +547,9 @@ EOF
 	rm dummy dummy.c
 	;;
   ppc64-*-linux2)
-	echo "WARNING! If you wish to build 64-bit library, then you have to"
-	echo "         invoke './Configure linux-ppc64' *manually*."
-	if [ "$TEST" = "false" -a -t 1 ]; then
-	    echo "         You have about 5 seconds to press Ctrl-C to abort."
-	    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-	fi
-	OUT="linux-ppc"
-	;;
+	#Use the standard target for PPC architecture until we create a
+	#special one for the 64bit architecture.
+	OUT="linux-ppc" ;;
   ppc-*-linux2) OUT="linux-ppc" ;;
   m68k-*-linux*) OUT="linux-m68k" ;;
   ia64-*-linux?) OUT="linux-ia64" ;;
@@ -565,9 +560,9 @@ EOF
 	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
 	echo "         and wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure linux64-sparcv9' *manually*."
-	if [ "$TEST" = "false" -a -t 1 ]; then
+	if [ "$TEST" = "false" ]; then
 	  echo "          You have about 5 seconds to press Ctrl-C to abort."
-	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
 	fi
 	OUT="linux-sparcv9" ;;
   sparc-*-linux2)
@@ -598,9 +593,7 @@ EOF
 
 	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
 	OUT="linux-parisc" ;;
-  arm*b-*-linux2) OUT="linux-elf-arm"; options="$options -DB_ENDIAN" ;;
-  arm*l-*-linux2) OUT="linux-elf-arm"; options="$options -DL_ENDIAN" ;;
-  arm*-*-linux2)  OUT="linux-elf-arm" ;;
+  arm*-*-linux2) OUT="linux-elf-arm" ;;
   s390-*-linux2) OUT="linux-s390" ;;
   s390x-*-linux?) OUT="linux-s390x" ;;
   x86_64-*-linux?) OUT="linux-x86_64" ;;
@@ -624,9 +617,9 @@ EOF
 	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
 		# $GCC_ARCH denotes default ABI chosen by compiler driver
@@ -636,17 +629,17 @@ EOF
 		OUT="solaris64-sparcv9-gcc"
 		echo "WARNING! If you wish to build 32-bit library, then you have to"
 		echo "         invoke './Configure solaris-sparcv9-gcc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	    elif [ "$GCC_ARCH" = "-m32" ]; then
 		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
 		echo "        and wish to build 64-bit library, then you have to"
 		echo "        invoke './Configure solaris64-sparcv9-gcc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	    fi
 	fi
@@ -722,9 +715,9 @@ EOF
 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
 	     echo "         If you wish to build 32-bit library, the you have to"
 	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
-	     if [ "$TEST" = "false" -a -t 1 ]; then
+	     if [ "$TEST" = "false" ]; then
 		echo "         You have about 5 seconds to press Ctrl-C to abort."
-		(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		(stty -icanon min 0 time 50; read waste) < /dev/tty
 	     fi
 	     OUT="hpux64-ia64-cc"
 	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
@@ -734,9 +727,9 @@ EOF
 	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
 		echo "WARNING! If you wish to build 64-bit library then you have to"
 		echo "         invoke './Configure hpux64-parisc2-cc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
+		if [ "$TEST" = "false" ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
 		fi
 	     fi
 	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
@@ -748,28 +741,8 @@ EOF
 	fi
 	options="$options -D_REENTRANT" ;;
   *-hpux)	OUT="hpux-parisc-$CC" ;;
-  *-aix)
-	KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
-	KERNEL_BITS=${KERNEL_BITS:-32}
-	OBJECT_MODE=${OBJECT_MODE:-32}
-	if [ "$CC" = "gcc" ]; then
-	    OUT="aix-gcc"
-	elif [ $OBJECT_MODE -eq 64 ]; then
-	    echo 'Your $OBJECT_MODE was found to be set to 64' 
-	    OUT="aix64-cc"
-	else
-	    OUT="aix-cc"
-	    if [ $KERNEL_BITS -eq 64 ]; then
-		echo "WARNING! If you wish to build 64-bit kit, then you have to"
-		echo "         invoke './Configure aix64-cc' *manually*."
-		if [ "$TEST" = "false" -a -t 1 ]; then
-		    echo "         You have ~5 seconds to press Ctrl-C to abort."
-		    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-		fi
-	    fi
-	fi
-	;;
   # these are all covered by the catchall below
+  # *-aix) OUT="aix-$CC" ;;
   # *-dgux) OUT="dgux" ;;
   mips-sony-newsos4) OUT="newsos4-gcc" ;;
   *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;

crypto/Makefile

@@ -94,9 +94,10 @@ lib:	$(LIBOBJ)
 	@touch lib
 
 shared: buildinf.h lib subdirs
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-		egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null || \
+	if [ -n "$(SHARED_LIBS)" ]; then \
+	    if ! egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		(cd ..; $(MAKE) $(SHARED_LIB)); \
+	    fi \
 	fi
 
 libs:
@@ -201,8 +202,8 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
-o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-o_str.o: o_str.c o_str.h
+o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c
+o_str.o: o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
 tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

crypto/aes/aes_cbc.c

@@ -66,7 +66,6 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	unsigned long n;
 	unsigned long len = length;
 	unsigned char tmp[AES_BLOCK_SIZE];
-	const unsigned char *iv = ivec;
 
 	assert(in && out && key && ivec);
 	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@@ -74,39 +73,22 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	if (AES_ENCRYPT == enc) {
 		while (len >= AES_BLOCK_SIZE) {
 			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				out[n] = in[n] ^ iv[n];
-			AES_encrypt(out, out, key);
-			iv = out;
+				tmp[n] = in[n] ^ ivec[n];
+			AES_encrypt(tmp, out, key);
+			memcpy(ivec, out, AES_BLOCK_SIZE);
 			len -= AES_BLOCK_SIZE;
 			in += AES_BLOCK_SIZE;
 			out += AES_BLOCK_SIZE;
 		}
 		if (len) {
 			for(n=0; n < len; ++n)
-				out[n] = in[n] ^ iv[n];
+				tmp[n] = in[n] ^ ivec[n];
 			for(n=len; n < AES_BLOCK_SIZE; ++n)
-				out[n] = iv[n];
-			AES_encrypt(out, out, key);
-			iv = out;
-		}
-		memcpy(ivec,iv,AES_BLOCK_SIZE);
-	} else if (in != out) {
-		while (len >= AES_BLOCK_SIZE) {
-			AES_decrypt(in, out, key);
-			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				out[n] ^= iv[n];
-			iv = in;
-			len -= AES_BLOCK_SIZE;
-			in  += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-		}
-		if (len) {
-			AES_decrypt(in,tmp,key);
-			for(n=0; n < len; ++n)
-				out[n] = tmp[n] ^ iv[n];
-			iv = in;
-		}
-		memcpy(ivec,iv,AES_BLOCK_SIZE);
+				tmp[n] = ivec[n];
+			AES_encrypt(tmp, tmp, key);
+			memcpy(out, tmp, AES_BLOCK_SIZE);
+			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+		}			
 	} else {
 		while (len >= AES_BLOCK_SIZE) {
 			memcpy(tmp, in, AES_BLOCK_SIZE);
@@ -120,12 +102,10 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 		}
 		if (len) {
 			memcpy(tmp, in, AES_BLOCK_SIZE);
-			AES_decrypt(tmp, out, key);
+			AES_decrypt(tmp, tmp, key);
 			for(n=0; n < len; ++n)
-				out[n] ^= ivec[n];
-			for(n=len; n < AES_BLOCK_SIZE; ++n)
-				out[n] = tmp[n];
+				out[n] = tmp[n] ^ ivec[n];
 			memcpy(ivec, tmp, AES_BLOCK_SIZE);
-		}
+		}			
 	}
 }

crypto/aes/aes_cfb.c

@@ -158,35 +158,61 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 
 /* This expects a single block of size nbits for both in and out. Note that
    it corrupts any extra bits in the last byte of out */
+/* Untested, once it is working, it will be optimised */
 void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
 			    const int nbits,const AES_KEY *key,
 			    unsigned char *ivec,const int enc)
     {
-    int n,rem,num;
+    int n;
     unsigned char ovec[AES_BLOCK_SIZE*2];
 
-    if (nbits<=0 || nbits>128) return;
-
+    assert(in && out && key && ivec);
+    if(enc)
+	{
+	/* construct the new IV */
+	AES_encrypt(ivec,ovec,key);
+	/* encrypt the input */
+	for(n=0 ; n < (nbits+7)/8 ; ++n)
+	    out[n]=in[n]^ovec[n];
 	/* fill in the first half of the new IV with the current IV */
 	memcpy(ovec,ivec,AES_BLOCK_SIZE);
-	/* construct the new IV */
-	AES_encrypt(ivec,ivec,key);
-	num = (nbits+7)/8;
-	if (enc)	/* encrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-	else		/* decrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-	/* shift ovec left... */
-	rem = nbits%8;
-	num = nbits/8;
-	if(rem==0)
-	    memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
-	else
+	/* and put the ciphertext in the second half */
+	memcpy(ovec+AES_BLOCK_SIZE,out,(nbits+7)/8);
+	/* shift ovec left most of the bits... */
+	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
+	/* now the remaining bits */
+	if(nbits%8 != 0)
 	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-		ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-
+		{
+		ovec[n]<<=nbits%8;
+		ovec[n]|=ovec[n+1]>>(8-nbits%8);
+		}
+	/* finally, move it back into place */
+	memcpy(ivec,ovec,AES_BLOCK_SIZE);
+	}
+    else
+	{
+	/* construct the new IV in the first half of ovec */
+	AES_encrypt(ivec,ovec,key);
+	/* decrypt the input */
+	for(n=0 ; n < (nbits+7)/8 ; ++n)
+	    out[n]=in[n]^ovec[n];
+	/* fill in the first half of the new IV with the current IV */
+	memcpy(ovec,ivec,AES_BLOCK_SIZE);
+	/* append the ciphertext */
+	memcpy(ovec+AES_BLOCK_SIZE,in,(nbits+7)/8);
+	/* shift ovec left most of the bits... */
+	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
+	/* now the remaining bits */
+	if(nbits%8 != 0)
+	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+		{
+		ovec[n]<<=nbits%8;
+		ovec[n]|=ovec[n+1]>>(8-nbits%8);
+		}
+	/* finally, move it back into place */
+	memcpy(ivec,ovec,AES_BLOCK_SIZE);
+	}
     /* it is not necessary to cleanse ovec, since the IV is not secret */
     }
 

crypto/asn1/a_type.c

@@ -71,10 +71,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		{
-		ASN1_TYPE **tmp_a = &a;
-		ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
-		}
+		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
 	a->type=type;
 	a->value.ptr=value;
 	}

crypto/asn1/a_verify.c

@@ -142,13 +142,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}
 
-	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-
 	inl = ASN1_item_i2d(asn, &buf_in, it);
 	
 	if (buf_in == NULL)
@@ -157,6 +150,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}
 
+	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
 	OPENSSL_cleanse(buf_in,(unsigned int)inl);

crypto/asn1/x_name.c

@@ -160,22 +160,21 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, cons
 					int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
 	unsigned char *p = *in, *q;
-	STACK *intname = NULL, **intname_pp = &intname;
+	STACK *intname = NULL;
 	int i, j, ret;
-	X509_NAME *nm = NULL, **nm_pp = &nm;
+	X509_NAME *nm = NULL;
 	STACK_OF(X509_NAME_ENTRY) *entries;
 	X509_NAME_ENTRY *entry;
 	q = p;
 
 	/* Get internal representation of Name */
-	ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
-			       &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-			       tag, aclass, opt, ctx);
+	ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+								tag, aclass, opt, ctx);
 	
 	if(ret <= 0) return ret;
 
 	if(*val) x509_name_ex_free(val, NULL);
-	if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;
+	if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err;
 	/* We've decoded it: now cache encoding */
 	if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
 	memcpy(nm->bytes->data, q, p - q);
@@ -219,7 +218,7 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
 
 static int x509_name_encode(X509_NAME *a)
 {
-	STACK *intname = NULL, **intname_pp = &intname;
+	STACK *intname = NULL;
 	int len;
 	unsigned char *p;
 	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
@@ -237,12 +236,10 @@ static int x509_name_encode(X509_NAME *a)
 		}
 		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
-	len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
-			       ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
 	p=(unsigned char *)a->bytes->data;
-	ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
-			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	sk_pop_free(intname, sk_internal_free);
 	a->modified = 0;
 	return len;

crypto/bf/Makefile

@@ -109,8 +109,5 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
 bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
-bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-bf_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c

crypto/bf/bf_skey.c

@@ -58,12 +58,11 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/crypto.h>
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
 
-FIPS_NON_FIPS_VCIPHER_Init(BF)
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
 	{
 	int i;
 	BF_LONG *p,ri,in[2];

crypto/bf/blowfish.h

@@ -104,10 +104,7 @@ typedef struct bf_key_st
 	BF_LONG S[4*256];
 	} BF_KEY;
 
-
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
+ 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);

crypto/bio/bss_file.c

@@ -266,7 +266,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 			ret=0;
 			break;
 			}
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2)
 		if (!(num & BIO_FP_TEXT))
 			strcat(p,"b");
 		else

crypto/bn/Makefile

@@ -122,12 +122,6 @@ asm/x86_64-gcc.o: asm/x86_64-gcc.c
 asm/pa-risc2W.o: asm/pa-risc2W.s
 	/usr/ccs/bin/as -o asm/pa-risc2W.o asm/pa-risc2W.s
 
-asm/linux_ppc32.s: asm/ppc.pl;	$(PERL) $< $@
-asm/linux_ppc64.s: asm/ppc.pl;	$(PERL) $< $@
-asm/aix_ppc32.s: asm/ppc.pl;	$(PERL) asm/ppc.pl $@
-asm/aix_ppc64.s: asm/ppc.pl;	$(PERL) asm/ppc.pl $@
-asm/osx_ppc32.s: asm/ppc.pl;	$(PERL) $< $@
-
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 

crypto/cast/Makefile

@@ -114,7 +114,5 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 c_ofb64.o: c_ofb64.c cast_lcl.h
 c_skey.o: ../../e_os.h ../../include/openssl/cast.h
-c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-c_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h

crypto/cast/c_skey.c

@@ -56,9 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/crypto.h>
 #include <openssl/cast.h>
-
 #include "cast_lcl.h"
 #include "cast_s.h"
 
@@ -74,7 +72,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 
-FIPS_NON_FIPS_VCIPHER_Init(CAST)
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
 	{
 	CAST_LONG x[16];
 	CAST_LONG z[16];

crypto/cast/cast.h

@@ -81,10 +81,7 @@ typedef struct cast_key_st
 	int short_key;	/* Use reduced rounds for short key */
 	} CAST_KEY;
 
-
-#ifdef OPENSSL_FIPS 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
+ 
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
 		      int enc);

crypto/comp/Makefile

@@ -90,7 +90,6 @@ c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
 c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
 c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-c_zlib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

crypto/comp/c_zlib.c

@@ -3,7 +3,6 @@
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
-#include <openssl/err.h>
 
 COMP_METHOD *COMP_zlib(void );
 

crypto/crypto.h

@@ -439,58 +439,6 @@ void OpenSSLDie(const char *file,int line,const char *assertion);
 #ifdef OPENSSL_FIPS
 int FIPS_mode(void);
 void *FIPS_rand_check(void);
-
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
-		alg " previous FIPS forbidden algorithm error ignored");
-
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
-		#alg " Algorithm forbidden in FIPS mode");
-
-#ifdef OPENSSL_FIPS_STRICT
-#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
-#else
-#define FIPS_BAD_ALGORITHM(alg) \
-	{ \
-	FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
-	ERR_add_error_data(2, "Algorithm=", #alg); \
-	return 0; \
-	}
-#endif
-
-/* Low level digest API blocking macro */
-
-#define FIPS_NON_FIPS_MD_Init(alg) \
-	int alg##_Init(alg##_CTX *c) \
-		{ \
-		if (FIPS_mode()) \
-			FIPS_BAD_ALGORITHM(alg) \
-		return private_##alg##_Init(c); \
-		} \
-	int private_##alg##_Init(alg##_CTX *c)
-
-/* For ciphers the API often varies from cipher to cipher and each needs to
- * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
- * CAST) however are very similar and can use a blocking macro.
- */
-
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-	void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
-		{ \
-		if (FIPS_mode()) \
-			FIPS_BAD_ABORT(alg) \
-		private_##alg##_set_key(key, len, data); \
-		} \
-	void private_##alg##_set_key(alg##_KEY *key, int len, \
-					const unsigned char *data)
-
-#else
-
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
-	void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
-
-#define FIPS_NON_FIPS_MD_Init(alg) \
-	int alg##_Init(alg##_CTX *c) 
-
 #endif /* def OPENSSL_FIPS */
 
 /* BEGIN ERROR CODES */

crypto/dso/dso_win32.c

@@ -61,7 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/dso.h>
 
-#if !defined(DSO_WIN32)
+#if !defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
 DSO_METHOD *DSO_METHOD_win32(void)
 	{
 	return NULL;

crypto/evp/Makefile

@@ -448,7 +448,7 @@ e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c evp_locl.h
+e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c
 e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -713,7 +713,7 @@ m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md2.o: ../cryptlib.h evp_locl.h m_md2.c
+m_md2.o: ../cryptlib.h m_md2.c
 m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -734,7 +734,7 @@ m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md4.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md4.o: ../cryptlib.h evp_locl.h m_md4.c
+m_md4.o: ../cryptlib.h m_md4.c
 m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -755,7 +755,7 @@ m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md5.o: ../cryptlib.h evp_locl.h m_md5.c
+m_md5.o: ../cryptlib.h m_md5.c
 m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -776,7 +776,7 @@ m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_mdc2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_mdc2.o: ../cryptlib.h evp_locl.h m_mdc2.c
+m_mdc2.o: ../cryptlib.h m_mdc2.c
 m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -840,7 +840,7 @@ m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_sha.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
+m_sha.o: ../cryptlib.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

crypto/evp/bio_md.c

@@ -192,8 +192,13 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 			ret=0;
 		break;
 	case BIO_C_GET_MD_CTX:
-		pctx=ptr;
-		*pctx=ctx;
+		if (b->init)
+			{
+			pctx=ptr;
+			*pctx=ctx;
+			}
+		else
+			ret=0;
 		break;
 	case BIO_C_SET_MD_CTX:
 		if (b->init)

crypto/evp/c_alld.c

@@ -75,7 +75,7 @@ void OpenSSL_add_all_digests(void)
 	EVP_add_digest_alias(SN_md5,"ssl2-md5");
 	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+#ifndef OPENSSL_NO_SHA
 	EVP_add_digest(EVP_sha());
 #ifndef OPENSSL_NO_DSA
 	EVP_add_digest(EVP_dss());

crypto/evp/digest.c

@@ -137,39 +137,6 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 	return EVP_DigestInit_ex(ctx, type, NULL);
 	}
 
-#ifdef OPENSSL_FIPS
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-static int bad_init(EVP_MD_CTX *ctx)
-	{ FIPS_ERROR_IGNORED("Digest init"); return 0;}
-
-static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-	{ FIPS_ERROR_IGNORED("Digest update"); return 0;}
-
-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ FIPS_ERROR_IGNORED("Digest Final"); return 0;}
-
-static const EVP_MD bad_md =
-	{
-	0,
-	0,
-	0,
-	0,
-	bad_init,
-	bad_update,
-	bad_final,
-	NULL,
-	NULL,
-	NULL,
-	0,
-	{0,0,0,0},
-	};
-
-#endif
-
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 	{
 	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
@@ -228,18 +195,6 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 #endif
 	if (ctx->digest != type)
 		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			{
-			if (!(type->flags & EVP_MD_FLAG_FIPS) 
-			 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
-				{
-				EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
-				ctx->digest = &bad_md;
-				return 0;
-				}
-			}
-#endif
 		if (ctx->digest && ctx->digest->ctx_size)
 			OPENSSL_free(ctx->md_data);
 		ctx->digest=type;

crypto/evp/e_aes.c

@@ -67,32 +67,32 @@ typedef struct
 
 IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
 		       NID_aes_128, 16, 16, 16, 128,
-		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
+		       0, aes_init_key, NULL, 
 		       EVP_CIPHER_set_asn1_iv,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
 		       NID_aes_192, 16, 24, 16, 128,
-		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
+		       0, aes_init_key, NULL, 
 		       EVP_CIPHER_set_asn1_iv,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
 		       NID_aes_256, 16, 32, 16, 128,
-		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
+		       0, aes_init_key, NULL, 
 		       EVP_CIPHER_set_asn1_iv,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)
 
-#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
+#define IMPLEMENT_AES_CFBR(ksize,cbits)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
 
-IMPLEMENT_AES_CFBR(128,1,0)
-IMPLEMENT_AES_CFBR(192,1,0)
-IMPLEMENT_AES_CFBR(256,1,0)
+IMPLEMENT_AES_CFBR(128,1)
+IMPLEMENT_AES_CFBR(192,1)
+IMPLEMENT_AES_CFBR(256,1)
 
-IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(128,8)
+IMPLEMENT_AES_CFBR(192,8)
+IMPLEMENT_AES_CFBR(256,8)
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		   const unsigned char *iv, int enc)

crypto/evp/e_des.c

@@ -127,18 +127,16 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-			EVP_CIPH_FLAG_FIPS, des_init_key, NULL,
+			0, des_init_key, NULL,
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)
 
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-		     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,0,des_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-		     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,0,des_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 

crypto/evp/e_des3.c

@@ -160,7 +160,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-			EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 
+			0, des_ede_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)
@@ -171,18 +171,18 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-			EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 
+			0, des_ede3_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)
 
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-		     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,0,
+		     des_ede3_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-		     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,0,
+		     des_ede3_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 

crypto/evp/e_rc4.c

@@ -62,7 +62,6 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include "evp_locl.h"
 #include <openssl/rc4.h>
 
 /* FIXME: surely this is available elsewhere? */

crypto/evp/evp.h

@@ -117,10 +117,6 @@
 #include <openssl/aes.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 /*
 #define EVP_RC2_KEY_SIZE		16
 #define EVP_RC4_KEY_SIZE		16
@@ -294,7 +290,6 @@ struct env_md_st
 
 #define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single
 					* block */
-#define EVP_MD_FLAG_FIPS	0x0400 /* Note if suitable for use in FIPS mode */
 
 #define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
 
@@ -337,9 +332,6 @@ struct env_md_ctx_st
 #define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data
 						* in EVP_MD_CTX_cleanup */
 
-#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	0x0008	/* Allow use of non FIPS digest
-						 * in FIPS mode */
-
 struct evp_cipher_st
 	{
 	int nid;
@@ -381,10 +373,6 @@ struct evp_cipher_st
 #define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80
 /* Don't use standard block padding */
 #define 	EVP_CIPH_NO_PADDING		0x100
-/* Note if suitable for use in FIPS mode */
-#define		EVP_CIPH_FLAG_FIPS		0x400
-/* Allow non FIPS cipher in FIPS mode */
-#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x800
 
 /* ctrl() values */
 
@@ -490,9 +478,6 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
 #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
 #define EVP_CIPHER_CTX_flags(e)		((e)->cipher->flags)
-#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
 #define EVP_CIPHER_CTX_mode(e)		((e)->cipher->flags & EVP_CIPH_MODE)
 
 #define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
@@ -868,16 +853,12 @@ void ERR_load_EVP_strings(void);
 /* Function codes. */
 #define EVP_F_AES_INIT_KEY				 129
 #define EVP_F_D2I_PKEY					 100
-#define EVP_F_EVP_ADD_CIPHER				 130
-#define EVP_F_EVP_ADD_DIGEST				 131
 #define EVP_F_EVP_CIPHERINIT				 123
 #define EVP_F_EVP_CIPHER_CTX_CTRL			 124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122
 #define EVP_F_EVP_DECRYPTFINAL				 101
 #define EVP_F_EVP_DIGESTINIT				 128
 #define EVP_F_EVP_ENCRYPTFINAL				 127
-#define EVP_F_EVP_GET_CIPHERBYNAME			 132
-#define EVP_F_EVP_GET_DIGESTBYNAME			 133
 #define EVP_F_EVP_MD_CTX_COPY				 110
 #define EVP_F_EVP_OPENINIT				 102
 #define EVP_F_EVP_PBE_ALG_ADD				 115
@@ -913,7 +894,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138
 #define EVP_R_DECODE_ERROR				 114
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
-#define EVP_R_DISABLED_FOR_FIPS				 141
 #define EVP_R_ENCODE_ERROR				 115
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
 #define EVP_R_EXPECTING_AN_RSA_KEY			 127

crypto/evp/evp_enc.c

@@ -82,48 +82,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
 	}
 
-#ifdef OPENSSL_FIPS
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	    const unsigned char *iv, int enc)
-	{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
-
-int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		 const unsigned char *in, unsigned int inl)
-	{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
-
-/* NB: no cleanup because it is allowed after failed init */
-
-int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-	{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
-int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-	{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
-int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-	{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
-
-static const EVP_CIPHER bad_cipher =
-	{
-	0,
-	0,
-	0,
-	0,
-	0,
-	bad_init,
-	bad_do_cipher,
-	NULL,
-	0,
-	bad_set_asn1,
-	bad_get_asn1,
-	bad_ctrl,
-	NULL
-	};
-
-#endif
-
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
@@ -188,6 +146,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 		else
 			ctx->engine = NULL;
 #endif
+
 		ctx->cipher=cipher;
 		if (ctx->cipher->ctx_size)
 			{
@@ -251,24 +210,6 @@ skip_to_init:
 		}
 	}
 
-#ifdef OPENSSL_FIPS
-	/* After 'key' is set no further parameters changes are permissible.
-	 * So only check for non FIPS enabling at this point.
-	 */
-	if (key && FIPS_mode())
-		{
-		if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
-			& !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-			{
-			EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
-			ERR_add_error_data(2, "cipher=",
-						EVP_CIPHER_name(ctx->cipher));
-			ctx->cipher = &bad_cipher;
-			return 0;
-			}
-		}
-#endif
-
 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
 	}

crypto/evp/evp_err.c

@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -68,16 +68,12 @@ static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_PACK(0,EVP_F_AES_INIT_KEY,0),	"AES_INIT_KEY"},
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
-{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0),	"EVP_add_cipher"},
-{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0),	"EVP_add_digest"},
 {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0),	"EVP_CipherInit"},
 {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0),	"EVP_CIPHER_CTX_ctrl"},
 {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0),	"EVP_CIPHER_CTX_set_key_length"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
 {ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0),	"EVP_DigestInit"},
 {ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0),	"EVP_EncryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0),	"EVP_get_cipherbyname"},
-{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0),	"EVP_get_digestbyname"},
 {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),	"EVP_MD_CTX_copy"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
 {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),	"EVP_PBE_alg_add"},
@@ -116,7 +112,6 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
 {EVP_R_DECODE_ERROR                      ,"decode error"},
 {EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
-{EVP_R_DISABLED_FOR_FIPS                 ,"disabled for fips"},
 {EVP_R_ENCODE_ERROR                      ,"encode error"},
 {EVP_R_EVP_PBE_CIPHERINIT_ERROR          ,"evp pbe cipherinit error"},
 {EVP_R_EXPECTING_AN_RSA_KEY              ,"expecting an rsa key"},

crypto/evp/evp_locl.h

@@ -226,27 +226,11 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
 
 #define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)
 
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
 	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
 	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
 			     NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-			     flags, cipher##_init_key, NULL, \
+			     0, cipher##_init_key, NULL, \
 			     EVP_CIPHER_set_asn1_iv, \
 			     EVP_CIPHER_get_asn1_iv, \
 			     NULL)
-
-#ifdef OPENSSL_FIPS
-#define RC2_set_key	private_RC2_set_key
-#define RC4_set_key	private_RC4_set_key
-#define CAST_set_key	private_CAST_set_key
-#define RC5_32_set_key	private_RC5_32_set_key
-#define BF_set_key	private_BF_set_key
-#define idea_set_encrypt_key private_idea_set_encrypt_key
-
-#define MD5_Init	private_MD5_Init
-#define MD4_Init	private_MD4_Init
-#define MD2_Init	private_MD2_Init
-#define MDC2_Init	private_MDC2_Init
-#define SHA_Init	private_SHA_Init
-
-#endif

crypto/evp/m_dss.c

@@ -77,7 +77,7 @@ static const EVP_MD dsa_md=
 	NID_dsaWithSHA,
 	NID_dsaWithSHA,
 	SHA_DIGEST_LENGTH,
-	EVP_MD_FLAG_FIPS,
+	0,
 	init,
 	update,
 	final,

crypto/evp/m_md2.c

@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md2.h>

crypto/evp/m_md4.c

@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md4.h>

crypto/evp/m_md5.c

@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>

crypto/evp/m_mdc2.c

@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/mdc2.h>

crypto/evp/m_sha.c

@@ -56,11 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
-#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 

crypto/evp/m_sha1.c

@@ -77,7 +77,7 @@ static const EVP_MD sha1_md=
 	NID_sha1,
 	NID_sha1WithRSAEncryption,
 	SHA_DIGEST_LENGTH,
-	EVP_MD_FLAG_FIPS,
+	0,
 	init,
 	update,
 	final,

crypto/evp/names.c

@@ -61,9 +61,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 int EVP_add_cipher(const EVP_CIPHER *c)
 	{

crypto/hmac/hmac.c

@@ -77,15 +77,6 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
 
 	if (key != NULL)
 		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
-		&& (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
-		 || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
-		 || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
-		OpenSSLDie(__FILE__,__LINE__,
-			"HMAC: digest not allowed in FIPS mode");
-#endif
-		
 		reset=1;
 		j=EVP_MD_block_size(md);
 		OPENSSL_assert(j <= sizeof ctx->key);
@@ -180,10 +171,3 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 	return(md);
 	}
 
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-	{
-	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-	}
-

crypto/hmac/hmac.h

@@ -98,7 +98,6 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 		    const unsigned char *d, int n, unsigned char *md,
 		    unsigned int *md_len);
 
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
 
 #ifdef  __cplusplus
 }

crypto/idea/Makefile

@@ -85,8 +85,5 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ofb64.o: i_ofb64.c idea_lcl.h
-i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i_skey.o: i_skey.c idea_lcl.h

crypto/idea/i_skey.c

@@ -57,23 +57,10 @@
  */
 
 #include <openssl/idea.h>
-#include <openssl/crypto.h>
 #include "idea_lcl.h"
 
 static IDEA_INT inverse(unsigned int xin);
-
-#ifdef OPENSSL_FIPS
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-	{
-	if (FIPS_mode())
-		FIPS_BAD_ABORT(IDEA)
-	private_idea_set_encrypt_key(key, ks);
-	}
-void private_idea_set_encrypt_key(const unsigned char *key,
-						IDEA_KEY_SCHEDULE *ks)
-#else
-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#endif
 	{
 	int i;
 	register IDEA_INT *kt,*kf,r0,r1,r2;

crypto/idea/idea.h

@@ -82,10 +82,6 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key,
-						IDEA_KEY_SCHEDULE *ks);
-#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

crypto/md2/Makefile

@@ -77,9 +77,7 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
 md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

crypto/md2/md2.h

@@ -80,9 +80,6 @@ typedef struct MD2state_st
 	} MD2_CTX;
 
 const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);

crypto/md2/md2_dgst.c

@@ -62,8 +62,6 @@
 #include <openssl/md2.h>
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
 
 const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
 
@@ -118,7 +116,7 @@ const char *MD2_options(void)
 		return("md2(int)");
 	}
 
-FIPS_NON_FIPS_MD_Init(MD2)
+int MD2_Init(MD2_CTX *c)
 	{
 	c->num=0;
 	memset(c->state,0,sizeof c->state);

crypto/md32_common.h

@@ -211,7 +211,7 @@
 				: "cc");		\
 			   ret;				\
 			})
-#  elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+#  elif defined(__powerpc) || defined(__ppc)
 #   define ROTATE(a,n)	({ register unsigned int ret;	\
 				asm (			\
 				"rlwinm %0,%1,%2,0,31"	\
@@ -559,7 +559,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	static const unsigned char end[4]={0x80,0x00,0x00,0x00};
 	const unsigned char *cp=end;
 
-#if 0
+#ifdef OPENSSL_FIPS
 	if(FIPS_mode() && !FIPS_md5_allowed())
 	    {
 	    FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);

crypto/md4/md4.h

@@ -104,9 +104,6 @@ typedef struct MD4state_st
 	int num;
 	} MD4_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);

crypto/md4/md4_dgst.c

@@ -70,7 +70,7 @@ const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-FIPS_NON_FIPS_MD_Init(MD4)
+int MD4_Init(MD4_CTX *c)
 	{
 	c->A=INIT_DATA_A;
 	c->B=INIT_DATA_B;

crypto/md5/md5.h

@@ -104,9 +104,6 @@ typedef struct MD5state_st
 	int num;
 	} MD5_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);

crypto/md5/md5_dgst.c

@@ -70,7 +70,7 @@ const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-FIPS_NON_FIPS_MD_Init(MD5)
+int MD5_Init(MD5_CTX *c)
 	{
 	c->A=INIT_DATA_A;
 	c->B=INIT_DATA_B;

crypto/mdc2/Makefile

@@ -87,10 +87,8 @@ mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 mdc2_one.o: ../cryptlib.h mdc2_one.c
-mdc2dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-mdc2dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
 mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h

crypto/mdc2/mdc2.h

@@ -80,9 +80,7 @@ typedef struct mdc2_ctx_st
 	int pad_type; /* either 1 or 2, default 1 */
 	} MDC2_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
+
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);

crypto/mdc2/mdc2dgst.c

@@ -60,8 +60,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/des.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
 #include <openssl/mdc2.h>
 
 #undef c2l
@@ -77,7 +75,7 @@
 			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
 
 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len);
-FIPS_NON_FIPS_MD_Init(MDC2)
+int MDC2_Init(MDC2_CTX *c)
 	{
 	c->num=0;
 	c->pad_type=1;

crypto/o_str.c

@@ -57,12 +57,20 @@
  */
 
 #include <ctype.h>
-#include <e_os.h>
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_SYS_WINDOWS
+# include <string.h>
+#else
+# include <strings.h>
+#endif
 #include "o_str.h"
 
+#undef strncasecmp
+#undef strcasecmp
+
 int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
 	{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+#if defined(OPENSSL_SYS_VMS)
 	while (*str1 && *str2 && n)
 		{
 		int res = toupper(*str1) - toupper(*str2);
@@ -78,17 +86,18 @@ int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
 	if (*str2)
 		return -1;
 	return 0;
+#elif defined(OPENSSL_SYS_WINDOWS)
+	return _strnicmp(str1, str2, n);
 #else
-	/* Recursion hazard warning! Whenever strncasecmp is #defined as
-	 * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be
-	 * defined as well. */
 	return strncasecmp(str1, str2, n);
 #endif
 	}
 int OPENSSL_strcasecmp(const char *str1, const char *str2)
 	{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+#if defined(OPENSSL_SYS_VMS)
 	return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
+#elif defined(OPENSSL_SYS_WINDOWS)
+	return _stricmp(str1, str2);
 #else
 	return strcasecmp(str1, str2);
 #endif

crypto/objects/Makefile

@@ -49,7 +49,6 @@ obj_dat.h: obj_dat.pl obj_mac.h
 # objects.pl both reads and writes obj_mac.num
 obj_mac.h: objects.pl objects.txt obj_mac.num
 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
-	@sleep 1; touch obj_mac.h; sleep 1
 
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

crypto/opensslv.h

@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x0090706FL
+#define OPENSSL_VERSION_NUMBER	0x00907060L
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7f-fips 22 Mar 2005"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7f-fips-dev XX xxx XXXX"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7f 22 Mar 2005"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7f-dev XX xxx XXXX"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

crypto/pem/pem_lib.c

@@ -73,7 +73,7 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 
 #define MIN_LENGTH	4
 
-static int load_iv(char **fromp,unsigned char *to, int num);
+static int load_iv(unsigned char **fromp,unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
 
 int PEM_def_callback(char *buf, int num, int w, void *key)
@@ -432,7 +432,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
 	int o;
 	const EVP_CIPHER *enc=NULL;
 	char *p,c;
-	char **header_pp = &header;
 
 	cipher->cipher=NULL;
 	if ((header == NULL) || (*header == '\0') || (*header == '\n'))
@@ -479,16 +478,15 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
 		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
 		return(0);
 		}
-	if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
-		return(0);
+	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
 
 	return(1);
 	}
 
-static int load_iv(char **fromp, unsigned char *to, int num)
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
 	{
 	int v,i;
-	char *from;
+	unsigned char *from;
 
 	from= *fromp;
 	for (i=0; i<num; i++) to[i]=0;
@@ -625,9 +623,6 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
 	dataB=BUF_MEM_new();
 	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
 		{
-		BUF_MEM_free(nameB);
-		BUF_MEM_free(headerB);
-		BUF_MEM_free(dataB);
 		PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
 		return(0);
 		}

crypto/pkcs7/pk7_smime.c

@@ -155,7 +155,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	char buf[4096];
 	int i, j=0, k, ret = 0;
 	BIO *p7bio;
-	BIO *tmpin, *tmpout;
+	BIO *tmpout;
 
 	if(!p7) {
 		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
@@ -228,30 +228,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 		/* Check for revocation status here */
 	}
 
-	/* Performance optimization: if the content is a memory BIO then
-	 * store its contents in a temporary read only memory BIO. This
-	 * avoids potentially large numbers of slow copies of data which will
-	 * occur when reading from a read write memory BIO when signatures
-	 * are calculated.
-	 */
-
-	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
-		{
-		char *ptr;
-		long len;
-		len = BIO_get_mem_data(indata, &ptr);
-		tmpin = BIO_new_mem_buf(ptr, len);
-		if (tmpin == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-	else
-		tmpin = indata;
-		
-
-	p7bio=PKCS7_dataInit(p7,tmpin);
+	p7bio=PKCS7_dataInit(p7,indata);
 
 	if(flags & PKCS7_TEXT) {
 		if(!(tmpout = BIO_new(BIO_s_mem()))) {
@@ -293,15 +270,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	ret = 1;
 
 	err:
-	
-	if (tmpin == indata)
-		{
-		if(indata) BIO_pop(p7bio);
-		BIO_free_all(p7bio);
-		}
-	else
-		BIO_free_all(tmpin);
 
+	if(indata) BIO_pop(p7bio);
+	BIO_free_all(p7bio);
 	sk_X509_free(signers);
 
 	return ret;
@@ -325,6 +296,10 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
 		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
 		return NULL;
 	}
+	if(!(signers = sk_X509_new_null())) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
 
 	/* Collect all the signers together */
 
@@ -335,11 +310,6 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
 		return 0;
 	}
 
-	if(!(signers = sk_X509_new_null())) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
 	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
 	{
 	    si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);

crypto/rand/rand_egd.c

@@ -216,9 +216,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 	    while (numbytes != 1)
 		{
 	        num = read(fd, egdbuf, 1);
-	        if (num == 0)
-			goto err;	/* descriptor closed */
-		else if (num > 0)
+	        if (num >= 0)
 		    numbytes += num;
 	    	else
 		    {
@@ -248,9 +246,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 	    while (numbytes != egdbuf[0])
 		{
 	        num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
-		if (num == 0)
-			goto err;	/* descriptor closed */
-	        else if (num > 0)
+	        if (num >= 0)
 		    numbytes += num;
 	    	else
 		    {

crypto/rand/rand_unix.c

@@ -120,7 +120,6 @@
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/times.h>
-#include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <time.h>
@@ -152,9 +151,9 @@ int RAND_poll(void)
 	int n = 0;
 #endif
 #ifdef DEVRANDOM
-	static const char *randomfiles[] = { DEVRANDOM };
-	struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
-	int fd,i;
+	static const char *randomfiles[] = { DEVRANDOM, NULL };
+	const char **randomfile = NULL;
+	int fd;
 #endif
 #ifdef DEVRANDOM_EGD
 	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -162,42 +161,26 @@ int RAND_poll(void)
 #endif
 
 #ifdef DEVRANDOM
-	memset(randomstats,0,sizeof(randomstats));
 	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
 	 * have this. Use /dev/urandom if you can as /dev/random may block
 	 * if it runs out of random entries.  */
 
-	for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
+	for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++)
 		{
-		if ((fd = open(randomfiles[i], O_RDONLY
-#ifdef O_NONBLOCK
-			|O_NONBLOCK
-#endif
-#ifdef O_BINARY
-			|O_BINARY
-#endif
+		if ((fd = open(*randomfile, O_RDONLY|O_NONBLOCK
 #ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
 		   our controlling tty */
 			|O_NOCTTY
+#endif
+#ifdef O_NOFOLLOW /* Fail if the file is a symbolic link */
+			|O_NOFOLLOW
 #endif
 			)) >= 0)
 			{
 			struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
 							      each file. */
-			int r,j;
+			int r;
 			fd_set fset;
-			struct stat *st=&randomstats[i];
-
-			/* Avoid using same input... Used to be O_NOFOLLOW
-			 * above, but it's not universally appropriate... */
-			if (fstat(fd,st) != 0)	{ close(fd); continue; }
-			for (j=0;j<i;j++)
-				{
-				if (randomstats[j].st_ino==st->st_ino &&
-				    randomstats[j].st_dev==st->st_dev)
-					break;
-				}
-			if (j<i)		{ close(fd); continue; }
 
 			do
 				{

crypto/rand/rand_vms.c

@@ -101,12 +101,11 @@ int RAND_poll(void)
 	pitem = item;
 
 	/* Setup */
-	while (pitems_data->length
-		&& (total_length + pitems_data->length <= 256))
+	while (pitems_data->length)
 		{
 		pitem->length = pitems_data->length;
 		pitem->code = pitems_data->code;
-		pitem->buffer = (long *)&data_buffer[total_length];
+		pitem->buffer = (long *)data_buffer[total_length];
 		pitem->retlen = 0;
 		total_length += pitems_data->length;
 		pitems_data++;

crypto/rand/rand_win.c

@@ -113,7 +113,7 @@
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 #include <windows.h>
 #ifndef _WIN32_WINNT
 # define _WIN32_WINNT 0x0400
@@ -680,7 +680,7 @@ static void readtimer(void)
 
 static void readscreen(void)
 {
-#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
+#ifndef OPENSSL_SYS_WINCE
   HDC		hScrDC;		/* screen DC */
   HDC		hMemDC;		/* memory DC */
   HBITMAP	hBitmap;	/* handle for our bitmap */

crypto/rc2/Makefile

@@ -81,11 +81,8 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2_cbc.o: rc2_cbc.c rc2_locl.h
 rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
-rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rc2_skey.o: ../../include/openssl/opensslconf.h
-rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
-rc2_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rc2_skey.o: ../../include/openssl/symhacks.h rc2_locl.h rc2_skey.c
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
 rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2cfb64.o: rc2_locl.h rc2cfb64.c
 rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h

crypto/rc2/rc2.h

@@ -79,10 +79,7 @@ typedef struct rc2_key_st
 	RC2_INT data[64];
 	} RC2_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-								int bits);
-#endif
+ 
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
 		     int enc);

crypto/rc2/rc2_skey.c

@@ -57,7 +57,6 @@
  */
 
 #include <openssl/rc2.h>
-#include <openssl/crypto.h>
 #include "rc2_locl.h"
 
 static unsigned char key_table[256]={
@@ -91,19 +90,7 @@ static unsigned char key_table[256]={
  * BSAFE uses the 'retarded' version.  What I previously shipped is
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
-
-#ifdef OPENSSL_FIPS
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-	{
-	if (FIPS_mode())
-		FIPS_BAD_ABORT(RC2)
-	private_RC2_set_key(key, len, data, bits);
-	}
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-								int bits)
-#else
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
 	{
 	int i,j;
 	unsigned char *k;

crypto/rc4/rc4.h

@@ -81,9 +81,6 @@ typedef struct rc4_key_st
 
  
 const char *RC4_options(void);
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-#endif
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
 		unsigned char *outdata);

crypto/rc4/rc4_skey.c

@@ -57,7 +57,6 @@
  */
 
 #include <openssl/rc4.h>
-#include <openssl/crypto.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
 
@@ -86,7 +85,7 @@ const char *RC4_options(void)
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-FIPS_NON_FIPS_VCIPHER_Init(RC4)
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
 	{
         register RC4_INT tmp;
         register int id1,id2;

crypto/rc5/Makefile

@@ -101,10 +101,6 @@ clean:
 rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
 rc5_ecb.o: rc5_ecb.c rc5_locl.h
 rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
-rc5_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rc5_skey.o: ../../include/openssl/opensslconf.h
-rc5_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
-rc5_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rc5_skey.o: ../../include/openssl/symhacks.h rc5_locl.h rc5_skey.c
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c
 rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c
 rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c

crypto/rc5/rc5.h

@@ -92,10 +92,7 @@ typedef struct rc5_key_st
 	RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
 	} RC5_32_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
-	int rounds);
-#endif
+ 
 void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
 	int rounds);
 void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,

crypto/rc5/rc5_skey.c

@@ -56,26 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/crypto.h>
 #include <openssl/rc5.h>
 #include "rc5_locl.h"
 
-
-#ifdef OPENSSL_FIPS
 void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
 		    int rounds)
 	{
-	if (FIPS_mode())
-		FIPS_BAD_ABORT(RC5)
-	private_RC5_32_set_key(key, len, data, rounds);
-	}
-void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
-		    int rounds)
-#else
-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
-		    int rounds)
-#endif
-	{
 	RC5_32_INT L[64],l,ll,A,B,*S,k;
 	int i,j,m,c,t,ii,jj;
 

crypto/ripemd/ripemd.h

@@ -90,9 +90,6 @@ typedef struct RIPEMD160state_st
 	int num;
 	} RIPEMD160_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

crypto/ripemd/rmd_dgst.c

@@ -58,7 +58,6 @@
 
 #include <stdio.h>
 #include "rmd_locl.h"
-#include <openssl/fips.h>
 #include <openssl/opensslv.h>
 
 const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
@@ -70,7 +69,7 @@ const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
      void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
 #  endif
 
-FIPS_NON_FIPS_MD_Init(RIPEMD160)
+int RIPEMD160_Init(RIPEMD160_CTX *c)
 	{
 	c->A=RIPEMD160_A;
 	c->B=RIPEMD160_B;

crypto/sha/Makefile

@@ -104,14 +104,8 @@ sha1_one.o: ../../include/openssl/opensslconf.h
 sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
-sha1dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-sha1dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 sha1dgst.o: ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
-sha1dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha1dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha1dgst.c
-sha1dgst.o: sha_locl.h
+sha1dgst.o: ../../include/openssl/opensslv.h sha1dgst.c
 sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h

crypto/sha/sha.h

@@ -105,9 +105,6 @@ typedef struct SHAstate_st
 	} SHA_CTX;
 
 #ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, unsigned long len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);

crypto/sha/sha_locl.h

@@ -143,11 +143,7 @@
 #define INIT_DATA_h3 0x10325476UL
 #define INIT_DATA_h4 0xc3d2e1f0UL
 
-#if defined(SHA_0) && defined(OPENSSL_FIPS)
-FIPS_NON_FIPS_MD_Init(SHA)
-#else
 int HASH_INIT (SHA_CTX *c)
-#endif
 	{
 	c->h0=INIT_DATA_h0;
 	c->h1=INIT_DATA_h1;