merge 0.9.7b with local changes; crank majors for libssl/libcrypto

20 files changed, 119 insertions, 69 deletions

diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl
index 58843f61a9..b4172406ae 100644
--- a/src/lib/libcrypto/evp/Makefile.ssl
+++ b/src/lib/libcrypto/evp/Makefile.ssl
@@ -70,7 +70,7 @@ links:
         @sh $(TOP)/util/point.sh Makefile.ssl Makefile
         @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
         @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA)
+        cp $(TESTDATA) ../../test
         @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
@@ -89,7 +89,7 @@ lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
         $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -496,21 +496,19 @@ evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_acnf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-evp_acnf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-evp_acnf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_acnf.o: ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
-evp_acnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-evp_acnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_acnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_acnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-evp_acnf.o: ../cryptlib.h evp_acnf.c
+evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
 evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index f12eac1b55..6e550f6a43 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl)
                 {
                 i=ctx->buf_len-ctx->buf_off;
                 if (i > outl) i=outl;
+                OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
                 memcpy(out,&(ctx->buf[ctx->buf_off]),i);
                 ret=i;
                 out+=i;
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index 64fb2353af..ab81851503 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -132,7 +132,7 @@ static int enc_free(BIO *a)
         if (a == NULL) return(0);
         b=(BIO_ENC_CTX *)a->ptr;
         EVP_CIPHER_CTX_cleanup(&(b->cipher));
-        memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
         OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
@@ -271,7 +271,7 @@ static int enc_write(BIO *b, const char *in, int inl)
                         if (i <= 0)
                                 {
                                 BIO_copy_next_retry(b);
-                                return(i);
+                                return (ret == inl) ? i : ret - inl;
                                 }
                         n-=i;
                         ctx->buf_off+=i;
@@ -325,10 +325,7 @@ again:
                         {
                         i=enc_write(b,NULL,0);
                         if (i < 0)
-                                {
-                                ret=i;
-                                break;
-                                }
+                                return i;
                         }
 
                 if (!ctx->finished)
diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c
index d2be03be82..4e3f10141b 100644
--- a/src/lib/libcrypto/evp/bio_ok.c
+++ b/src/lib/libcrypto/evp/bio_ok.c
@@ -211,7 +211,7 @@ static int ok_free(BIO *a)
         {
         if (a == NULL) return(0);
         EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-        memset(a->ptr,0,sizeof(BIO_OK_CTX));
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
         OPENSSL_free(a->ptr);
         a->ptr=NULL;
         a->init=0;
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index 3d59812e20..1b31a14e37 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -73,5 +73,9 @@ void OPENSSL_add_all_algorithms_noconf(void)
         {
         OpenSSL_add_all_ciphers();
         OpenSSL_add_all_digests();
-        ENGINE_setup_openbsd();
+#ifndef OPENSSL_NO_ENGINE
+# if defined(__OpenBSD__) || defined(__FreeBSD__)
+        ENGINE_setup_bsd_cryptodev();
+# endif
+#endif
         }
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index a969ac69ed..b22eed4421 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -113,7 +113,9 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
         {
@@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
         {
         EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
         /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
          * so this context may already have an ENGINE! Try to avoid releasing
          * the previous handle, re-querying for an ENGINE, and having a
@@ -183,11 +186,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                 else
                         ctx->engine = NULL;
                 }
-        else if(!ctx->digest)
+        else
+        if(!ctx->digest)
                 {
                 EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
                 return 0;
                 }
+#endif
         if (ctx->digest != type)
                 {
                 if (ctx->digest && ctx->digest->ctx_size)
@@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                 if (type->ctx_size)
                         ctx->md_data=OPENSSL_malloc(type->ctx_size);
                 }
+#ifndef OPENSSL_NO_ENGINE
 skip_to_init:
+#endif
         return ctx->digest->init(ctx);
         }
 
@@ -219,6 +226,8 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         {
         int ret;
+
+        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
         ret=ctx->digest->final(ctx,md);
         if (size != NULL)
                 *size=ctx->digest->md_size;
@@ -244,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
                 EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
                 return 0;
                 }
+#ifndef OPENSSL_NO_ENGINE
         /* Make sure it's safe to copy a digest context using an ENGINE */
         if (in->engine && !ENGINE_init(in->engine))
                 {
                 EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
                 return 0;
                 }
+#endif
 
         EVP_MD_CTX_cleanup(out);
         memcpy(out,in,sizeof *out);
@@ -299,13 +310,15 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                 ctx->digest->cleanup(ctx);
         if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
                 {
-                memset(ctx->md_data,0,ctx->digest->ctx_size);
+                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                 OPENSSL_free(ctx->md_data);
                 }
+#ifndef OPENSSL_NO_ENGINE
         if(ctx->engine)
                 /* The EVP_MD we used belongs to an ENGINE, release the
                  * functional reference we held for this reason. */
                 ENGINE_finish(ctx->engine);
+#endif
         memset(ctx,'\0',sizeof *ctx);
 
         return 1;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index c323fa2892..fe8bcda631 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -52,7 +52,6 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
 #include "evp_locl.h"
 
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index ed838d3e62..b9efa75ae7 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
                 idea_set_encrypt_key(key,&tmp);
                 idea_set_decrypt_key(&tmp,ctx->cipher_data);
-                memset((unsigned char *)&tmp,0,
+                OPENSSL_cleanse((unsigned char *)&tmp,
                                 sizeof(IDEA_KEY_SCHEDULE));
                 }
         return 1;
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index 4685198e2e..d42cbfd17e 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -174,6 +174,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         if (type != NULL)
                 {
                 l=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(l <= sizeof iv);
                 i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
                 if (i != l)
                         return(-1);
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 4064cc5fa0..d58f507837 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -69,8 +69,6 @@
 
 typedef struct
     {
-    /* FIXME: what is the key for? */
-    unsigned char key[EVP_RC4_KEY_SIZE];
     RC4_KEY ks; /* working key */
     } EVP_RC4_KEY;
 
@@ -121,9 +119,8 @@ const EVP_CIPHER *EVP_rc4_40(void)
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc)
         {
-        memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
         RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-                data(ctx)->key);
+                    key);
         return 1;
         }
 
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 12c6379df1..08209357ce 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 
         *outl=0;
         if (inl == 0) return;
+        OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
         if ((ctx->num+inl) < ctx->length)
                 {
                 memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                 /* only save the good data :-) */
                 if (!B64_NOT_BASE64(v))
                         {
+                        OPENSSL_assert(n < sizeof ctx->enc_data);
                         d[n++]=tmp;
                         ln++;
                         }
diff --git a/src/lib/libcrypto/evp/evp_acnf.c b/src/lib/libcrypto/evp/evp_acnf.c
index a68b979bdb..ff3e311cc5 100644
--- a/src/lib/libcrypto/evp/evp_acnf.c
+++ b/src/lib/libcrypto/evp/evp_acnf.c
@@ -59,7 +59,6 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/conf.h>
-#include <openssl/engine.h>
 
 
 /* Load all algorithms and configure OpenSSL.
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 32a1c7a2e9..be0758a879 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -60,11 +60,11 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #include "evp_locl.h"
 
-#include <assert.h>
-
 const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -93,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                         enc = 1;
                 ctx->encrypt = enc;
                 }
+#ifndef OPENSSL_NO_ENGINE
         /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
          * so this context may already have an ENGINE! Try to avoid releasing
          * the previous handle, re-querying for an ENGINE, and having a
@@ -100,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
         if (ctx->engine && ctx->cipher && (!cipher ||
                         (cipher && (cipher->nid == ctx->cipher->nid))))
                 goto skip_to_init;
+#endif
         if (cipher)
                 {
                 /* Ensure a context left lying around from last time is cleared
@@ -109,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 
                 /* Restore encrypt field: it is zeroed by cleanup */
                 ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
                 if(impl)
                         {
                         if (!ENGINE_init(impl))
@@ -142,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                         }
                 else
                         ctx->engine = NULL;
+#endif
 
                 ctx->cipher=cipher;
                 ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
@@ -161,11 +165,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                 EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
                 return 0;
                 }
+#ifndef OPENSSL_NO_ENGINE
 skip_to_init:
+#endif
         /* we assume block size is a power of 2 in *cryptUpdate */
-        assert(ctx->cipher->block_size == 1
-               || ctx->cipher->block_size == 8
-               || ctx->cipher->block_size == 16);
+        OPENSSL_assert(ctx->cipher->block_size == 1
+            || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 16);
 
         if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
                 switch(EVP_CIPHER_CTX_mode(ctx)) {
@@ -181,6 +187,7 @@ skip_to_init:
 
                         case EVP_CIPH_CBC_MODE:
 
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
                         if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
                         memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
                         break;
@@ -237,7 +244,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
              const unsigned char *key, const unsigned char *iv)
         {
-        return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
+        return EVP_CipherInit(ctx, cipher, key, iv, 0);
         }
 
 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
@@ -251,6 +258,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         {
         int i,j,bl;
 
+        OPENSSL_assert(inl > 0);
         if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                 {
                 if(ctx->cipher->do_cipher(ctx,out,in,inl))
@@ -266,6 +274,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                 }
         i=ctx->buf_len;
         bl=ctx->cipher->block_size;
+        OPENSSL_assert(bl <= sizeof ctx->buf);
         if (i != 0)
                 {
                 if (i+inl < bl)
@@ -314,6 +323,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
         int i,n,b,bl,ret;
 
         b=ctx->cipher->block_size;
+        OPENSSL_assert(b <= sizeof ctx->buf);
         if (b == 1)
                 {
                 *outl=0;
@@ -358,6 +368,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                 return EVP_EncryptUpdate(ctx, out, outl, in, inl);
 
         b=ctx->cipher->block_size;
+        OPENSSL_assert(b <= sizeof ctx->final);
 
         if(ctx->final_used)
                 {
@@ -420,6 +431,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                         EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                         return(0);
                         }
+                OPENSSL_assert(b <= sizeof ctx->final);
                 n=ctx->final[b-1];
                 if (n > b)
                         {
@@ -450,16 +462,18 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                 {
                 if(c->cipher->cleanup && !c->cipher->cleanup(c))
                         return 0;
-                /* Zero cipher context data */
+                /* Cleanse cipher context data */
                 if (c->cipher_data)
-                        memset(c->cipher_data, 0, c->cipher->ctx_size);
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
                 }
         if (c->cipher_data)
                 OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
         if (c->engine)
                 /* The EVP_CIPHER we used belongs to an ENGINE, release the
                  * functional reference we held for this reason. */
                 ENGINE_finish(c->engine);
+#endif
         memset(c,0,sizeof(EVP_CIPHER_CTX));
         return 1;
         }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 4271393069..5f387a94d3 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
                         buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
         ret = UI_process(ui);
         UI_free(ui);
-        memset(buff,0,BUFSIZ);
+        OPENSSL_cleanse(buff,BUFSIZ);
         return ret;
         }
 
@@ -118,6 +118,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
 
         nkey=type->key_len;
         niv=type->iv_len;
+        OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+        OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
         if (data == NULL) return(nkey);
 
@@ -166,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                 if ((nkey == 0) && (niv == 0)) break;
                 }
         EVP_MD_CTX_cleanup(&c);
-        memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+        OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
         return(type->key_len);
         }
 
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index a431945ef5..52a3b287be 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         if (type != NULL) 
                 {
                 l=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(l <= sizeof c->iv);
                 i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
                 if (i != l)
                         return(-1);
@@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
         if (type != NULL)
                 {
                 j=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(j <= sizeof c->iv);
                 i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
                 }
         return(i);
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 4234cd7684..bc98e63363 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
                 char obj_tmp[80];
                 EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
                 if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
+                else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
                 ERR_add_error_data(2, "TYPE=", obj_tmp);
                 return 0;
         }
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
index 90294ef686..28460173f7 100644
--- a/src/lib/libcrypto/evp/evp_test.c
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -49,8 +49,14 @@
 
 #include <stdio.h>
 #include <string.h>
+
+#include "../e_os.h"
+
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
 #include <openssl/conf.h>
 
 static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
@@ -78,7 +84,7 @@ static int convert(unsigned char *s)
         if(!s[1])
             {
             fprintf(stderr,"Odd number of hex digits!");
-            exit(4);
+            EXIT(4);
             }
         sscanf((char *)s,"%2x",&n);
         *d=(unsigned char)n;
@@ -120,6 +126,12 @@ static char *sstrsep(char **string, const char *delim)
 static unsigned char *ustrsep(char **p,const char *sep)
     { return (unsigned char *)sstrsep(p,sep); }
 
+static int test1_exit(int ec)
+        {
+        EXIT(ec);
+        return(0);              /* To keep some compilers quiet */
+        }
+
 static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
                   const unsigned char *iv,int in,
                   const unsigned char *plaintext,int pn,
@@ -142,7 +154,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
         {
         fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
                 c->key_len);
-        exit(5);
+        test1_exit(5);
         }
     EVP_CIPHER_CTX_init(&ctx);
     if (encdec != 0)
@@ -150,26 +162,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
         if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
             {
             fprintf(stderr,"EncryptInit failed\n");
-            exit(10);
+            test1_exit(10);
             }
         EVP_CIPHER_CTX_set_padding(&ctx,0);
 
         if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
             {
             fprintf(stderr,"Encrypt failed\n");
-            exit(6);
+            test1_exit(6);
             }
         if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
             {
             fprintf(stderr,"EncryptFinal failed\n");
-            exit(7);
+            test1_exit(7);
             }
 
         if(outl+outl2 != cn)
             {
             fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
                     outl+outl2,cn);
-            exit(8);
+            test1_exit(8);
             }
 
         if(memcmp(out,ciphertext,cn))
@@ -177,7 +189,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
             fprintf(stderr,"Ciphertext mismatch\n");
             hexdump(stderr,"Got",out,cn);
             hexdump(stderr,"Expected",ciphertext,cn);
-            exit(9);
+            test1_exit(9);
             }
         }
 
@@ -186,26 +198,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
         if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
             {
             fprintf(stderr,"DecryptInit failed\n");
-            exit(11);
+            test1_exit(11);
             }
         EVP_CIPHER_CTX_set_padding(&ctx,0);
 
         if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
             {
             fprintf(stderr,"Decrypt failed\n");
-            exit(6);
+            test1_exit(6);
             }
         if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
             {
             fprintf(stderr,"DecryptFinal failed\n");
-            exit(7);
+            test1_exit(7);
             }
 
         if(outl+outl2 != cn)
             {
             fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
                     outl+outl2,cn);
-            exit(8);
+            test1_exit(8);
             }
 
         if(memcmp(out,plaintext,cn))
@@ -213,7 +225,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
             fprintf(stderr,"Plaintext mismatch\n");
             hexdump(stderr,"Got",out,cn);
             hexdump(stderr,"Expected",plaintext,cn);
-            exit(9);
+            test1_exit(9);
             }
         }
 
@@ -260,24 +272,24 @@ static int test_digest(const char *digest,
     if(!EVP_DigestInit_ex(&ctx,d, NULL))
         {
         fprintf(stderr,"DigestInit failed\n");
-        exit(100);
+        EXIT(100);
         }
     if(!EVP_DigestUpdate(&ctx,plaintext,pn))
         {
         fprintf(stderr,"DigestUpdate failed\n");
-        exit(101);
+        EXIT(101);
         }
     if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
         {
         fprintf(stderr,"DigestFinal failed\n");
-        exit(101);
+        EXIT(101);
         }
     EVP_MD_CTX_cleanup(&ctx);
 
     if(mdn != cn)
         {
         fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
-        exit(102);
+        EXIT(102);
         }
 
     if(memcmp(md,ciphertext,cn))
@@ -285,7 +297,7 @@ static int test_digest(const char *digest,
         fprintf(stderr,"Digest mismatch\n");
         hexdump(stderr,"Got",md,cn);
         hexdump(stderr,"Expected",ciphertext,cn);
-        exit(103);
+        EXIT(103);
         }
 
     printf("\n");
@@ -303,7 +315,7 @@ int main(int argc,char **argv)
     if(argc != 2)
         {
         fprintf(stderr,"%s <test file>\n",argv[0]);
-        exit(1);
+        EXIT(1);
         }
     CRYPTO_malloc_debug_init();
     CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
@@ -315,17 +327,20 @@ int main(int argc,char **argv)
     if(!f)
         {
         perror(szTestFile);
-        exit(2);
+        EXIT(2);
         }
 
     /* Load up the software EVP_CIPHER and EVP_MD definitions */
     OpenSSL_add_all_ciphers();
     OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
     /* Load all compiled-in ENGINEs */
     ENGINE_load_builtin_engines();
+#endif
 #if 0
     OPENSSL_config();
 #endif
+#ifndef OPENSSL_NO_ENGINE
     /* Register all available ENGINE implementations of ciphers and digests.
      * This could perhaps be changed to "ENGINE_register_all_complete()"? */
     ENGINE_register_all_ciphers();
@@ -334,6 +349,7 @@ int main(int argc,char **argv)
      * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
      * they weren't already initialised. */
     /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
 
     for( ; ; )
         {
@@ -371,11 +387,13 @@ int main(int argc,char **argv)
            && !test_digest(cipher,plaintext,pn,ciphertext,cn))
             {
             fprintf(stderr,"Can't find %s\n",cipher);
-            exit(3);
+            EXIT(3);
             }
         }
 
+#ifndef OPENSSL_NO_ENGINE
     ENGINE_cleanup();
+#endif
     EVP_cleanup();
     CRYPTO_cleanup_all_ex_data();
     ERR_remove_state(0);
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 27a8286489..a1874e83b2 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -140,12 +140,14 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
                 EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
         }
         EVP_MD_CTX_cleanup(&ctx);
+        OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
         memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+        OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
         memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
                                                  EVP_CIPHER_iv_length(cipher));
         EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
-        memset(md_tmp, 0, EVP_MAX_MD_SIZE);
-        memset(key, 0, EVP_MAX_KEY_LENGTH);
-        memset(iv, 0, EVP_MAX_IV_LENGTH);
+        OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
         return 1;
 }
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 7485d6a278..1f94e1ef88 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                 goto err;
         }
         keylen = EVP_CIPHER_CTX_key_length(ctx);
+        OPENSSL_assert(keylen <= sizeof key);
 
         /* Now decode key derivation function */
 
@@ -230,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
         iter = ASN1_INTEGER_get(kdf->iter);
         PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
         EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-        memset(key, 0, keylen);
+        OPENSSL_cleanse(key, keylen);
         PBKDF2PARAM_free(kdf);
         return 1;
 
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 6976f2a867..5a933d1cda 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
 
         ret=1;
 err:
-        if (key != NULL) memset(key,0,size);
+        if (key != NULL) OPENSSL_cleanse(key,size);
         OPENSSL_free(key);
         return(ret);
         }