Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

14 files changed, 108 insertions, 55 deletions

diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 0fe1b96bff..0447b442bc 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -67,7 +67,7 @@ files:
 links:
         @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
         @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        cp $(TESTDATA) ../../test
+        @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
         @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
@@ -356,6 +356,20 @@ evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -437,28 +451,22 @@ evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
 m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss.o: ../cryptlib.h m_dss.c
 m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss1.o: ../cryptlib.h m_dss1.c
 m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -563,16 +571,13 @@ m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
 m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha1.o: ../cryptlib.h m_sha1.c
 m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
 m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index 72a2a67277..ac6d441aad 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
                                 }
 
                         /* we fell off the end without starting */
-                        if (j == i)
+                        if ((j == i) && (num == 0))
                                 {
                                 /* Is this is one long chunk?, if so, keep on
                                  * reading until a new line. */
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 467e6b5ae9..d14e8e48d5 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -267,6 +267,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         return FIPS_digestfinal(ctx, md, size);
 #else
         int ret;
+
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
         ret=ctx->digest->final(ctx,md);
         if (size != NULL)
@@ -365,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
         {
-        EVP_MD_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
+        if (ctx)
+                {
+                EVP_MD_CTX_cleanup(ctx);
+                OPENSSL_free(ctx);
+                }
         }
 
 /* This call frees resources associated with the context */
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 1e4af0cb75..c7869b69ef 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         gctx->ctr = NULL;
                         break;
                         }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -969,8 +972,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
         if (!gctx->iv_set)
                 return -1;
-        if (!ctx->encrypt && gctx->taglen < 0)
-                return -1;
         if (in)
                 {
                 if (out == NULL)
@@ -1012,6 +1013,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 {
                 if (!ctx->encrypt)
                         {
+                        if (gctx->taglen < 0)
+                                return -1;
                         if (CRYPTO_gcm128_finish(&gctx->gcm,
                                         ctx->buf, gctx->taglen) != 0)
                                 return -1;
@@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         xctx->xts.block1 = (block128_f)vpaes_decrypt;
                         }
 
-                vpaes_set_encrypt_key(key + ctx->key_len/2,
+                    vpaes_set_encrypt_key(key + ctx->key_len/2,
                                                 ctx->key_len * 4, &xctx->ks2);
-                xctx->xts.block2 = (block128_f)vpaes_encrypt;
+                    xctx->xts.block2 = (block128_f)vpaes_encrypt;
 
-                xctx->xts.key1 = &xctx->ks1;
-                break;
-                }
+                    xctx->xts.key1 = &xctx->ks1;
+                    break;
+                    }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 if (enc)
                         {
                         AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
@@ -1217,6 +1223,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
                         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                         &cctx->ks, (block128_f)vpaes_encrypt);
+                        cctx->str = NULL;
                         cctx->key_set = 1;
                         break;
                         }
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index 483e04b605..fb2c884a78 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
                                 if (res!=SHA_CBLOCK) continue;
 
-                                mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+                                /* j is not incremented yet */
+                                mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
                                 data->u[SHA_LBLOCK-1] |= bitlen&mask;
                                 sha1_block_data_order(&key->md,data,1);
-                                mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+                                mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
                                 pmac->u[0] |= key->md.h0 & mask;
                                 pmac->u[1] |= key->md.h1 & mask;
                                 pmac->u[2] |= key->md.h2 & mask;
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 1e69972662..8d7b7de292 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         printf("\n");
         }
 #endif    /* KSSL_DEBUG */
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 3b1fa87576..faeb3c24e6 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -788,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
@@ -799,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -809,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_xts(void);
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
@@ -1242,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
         int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                         const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1256,6 +1258,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_AES_INIT_KEY                               133
 #define EVP_F_AES_XTS                                    172
 #define EVP_F_AES_XTS_CIPHER                             175
+#define EVP_F_ALG_MODULE_INIT                            177
 #define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_CMAC_INIT                                  173
 #define EVP_F_D2I_PKEY                                   100
@@ -1349,15 +1352,19 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_PARAMETERS                       153
 #define EVP_R_DISABLED_FOR_FIPS                          163
 #define EVP_R_ENCODE_ERROR                               115
+#define EVP_R_ERROR_LOADING_SECTION                      165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                    166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
 #define EVP_R_INVALID_DIGEST                             152
+#define EVP_R_INVALID_FIPS_MODE                          168
 #define EVP_R_INVALID_KEY_LENGTH                         130
 #define EVP_R_INVALID_OPERATION                          148
 #define EVP_R_IV_TOO_LARGE                               102
@@ -1382,6 +1389,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_TOO_LARGE                                  164
 #define EVP_R_UNKNOWN_CIPHER                             160
 #define EVP_R_UNKNOWN_DIGEST                             161
+#define EVP_R_UNKNOWN_OPTION                             169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
 #define EVP_R_UNSUPPORTED_ALGORITHM                      156
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index db0f76d59b..08eab9882f 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -75,6 +75,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_XTS),       "AES_XTS"},
 {ERR_FUNC(EVP_F_AES_XTS_CIPHER),        "AES_XTS_CIPHER"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT),       "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_CMAC_INIT),     "CMAC_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
@@ -171,15 +172,19 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
@@ -204,6 +209,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 4ad63ada6f..6fb7e9a861 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index f80170efeb..2df362a670 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -63,7 +63,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 3cb11f1ebb..bd0c01ad3c 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -65,7 +65,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 975d004df4..fe3c6c8813 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
         int cplen, j, k, tkeylen, mdlen;
         unsigned long i = 1;
-        HMAC_CTX hctx;
+        HMAC_CTX hctx_tpl, hctx;
 
         mdlen = EVP_MD_size(digest);
         if (mdlen < 0)
                 return 0;
 
-        HMAC_CTX_init(&hctx);
+        HMAC_CTX_init(&hctx_tpl);
         p = out;
         tkeylen = keylen;
         if(!pass)
                 passlen = 0;
         else if(passlen == -1)
                 passlen = strlen(pass);
+        if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
+                {
+                HMAC_CTX_cleanup(&hctx_tpl);
+                return 0;
+                }
         while(tkeylen)
                 {
                 if(tkeylen > mdlen)
@@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 itmp[1] = (unsigned char)((i >> 16) & 0xff);
                 itmp[2] = (unsigned char)((i >> 8) & 0xff);
                 itmp[3] = (unsigned char)(i & 0xff);
-                if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
-                        || !HMAC_Update(&hctx, salt, saltlen)
-                        || !HMAC_Update(&hctx, itmp, 4)
-                        || !HMAC_Final(&hctx, digtmp, NULL))
+                if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
                         {
+                        HMAC_CTX_cleanup(&hctx_tpl);
+                        return 0;
+                        }
+                if (!HMAC_Update(&hctx, salt, saltlen)
+                    || !HMAC_Update(&hctx, itmp, 4)
+                    || !HMAC_Final(&hctx, digtmp, NULL))
+                        {
+                        HMAC_CTX_cleanup(&hctx_tpl);
                         HMAC_CTX_cleanup(&hctx);
                         return 0;
                         }
+                HMAC_CTX_cleanup(&hctx);
                 memcpy(p, digtmp, cplen);
                 for(j = 1; j < iter; j++)
                         {
-                        HMAC(digest, pass, passlen,
-                                 digtmp, mdlen, digtmp, NULL);
+                        if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                return 0;
+                                }
+                        if (!HMAC_Update(&hctx, digtmp, mdlen)
+                            || !HMAC_Final(&hctx, digtmp, NULL))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                HMAC_CTX_cleanup(&hctx);
+                                return 0;
+                                }
+                        HMAC_CTX_cleanup(&hctx);
                         for(k = 0; k < cplen; k++)
                                 p[k] ^= digtmp[k];
                         }
@@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 i++;
                 p+= cplen;
                 }
-        HMAC_CTX_cleanup(&hctx);
+        HMAC_CTX_cleanup(&hctx_tpl);
 #ifdef DEBUG_PKCS5V2
         fprintf(stderr, "Password:\n");
         h__dump (pass, passlen);
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index dfa48c157c..8afb664306 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=0,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 5f5c409f45..c66d63ccf8 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=-1,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;