This commit was generated by cvs2git to track changes on a CVS vendor

branch.

28 files changed, 297 insertions, 68 deletions

diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index 44e0bf8cae..f616f1751f 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -1198,19 +1198,20 @@ AES_cbc_encrypt:
         ret
 .align  4
 .Lcbc_enc_tail:
-        cmp     $inp,$out
-        je      .Lcbc_enc_in_place
+        mov     %rax,%r11
+        mov     %rcx,%r12
         mov     %r10,%rcx
         mov     $inp,%rsi
         mov     $out,%rdi
         .long   0xF689A4F3              # rep movsb
-.Lcbc_enc_in_place:
         mov     \$16,%rcx               # zero tail
         sub     %r10,%rcx
         xor     %rax,%rax
         .long   0xF689AAF3              # rep stosb
         mov     $out,$inp               # this is not a mistake!
         movq    \$16,$_len              # len=16
+        mov     %r11,%rax
+        mov     %r12,%rcx
         jmp     .Lcbc_enc_loop          # one more spin...
 #----------------------------- DECRYPT -----------------------------#
 .align  16
diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
index 26c832781e..2da38292c8 100644
--- a/src/lib/libcrypto/asn1/asn1_gen.c
+++ b/src/lib/libcrypto/asn1/asn1_gen.c
@@ -1,5 +1,5 @@
 /* asn1_gen.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c
index c64410dd3a..04c5c874ec 100644
--- a/src/lib/libcrypto/bn/bn_x931p.c
+++ b/src/lib/libcrypto/bn/bn_x931p.c
@@ -1,5 +1,5 @@
 /* bn_x931p.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
 /* ====================================================================
@@ -59,18 +59,15 @@
 #include <stdio.h>
 #include <openssl/bn.h>
 
-#ifdef OPENSSL_FIPS
-
 /* X9.31 routines for prime derivation */
 
-
 /* X9.31 prime derivation. This is used to generate the primes pi
  * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
  * integers.
  */
 
 static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
-                        void (*cb)(int, int, void *), void *cb_arg)
+                        BN_GENCB *cb)
         {
         int i = 0;
         if (!BN_copy(pi, Xpi))
@@ -80,16 +77,14 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
         for(;;)
                 {
                 i++;
-                if (cb)
-                        cb(0, i, cb_arg);
+                BN_GENCB_call(cb, 0, i);
                 /* NB 27 MR is specificed in X9.31 */
-                if (BN_is_prime_fasttest(pi, 27, cb, ctx, cb_arg, 1))
+                if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
                         break;
                 if (!BN_add_word(pi, 2))
                         return 0;
                 }
-        if (cb)
-                cb(2, i, cb_arg);
+        BN_GENCB_call(cb, 2, i);
         return 1;
         }
 
@@ -98,10 +93,9 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
  * not NULL they will be returned too: this is needed for testing.
  */
 
-int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                        void (*cb)(int, int, void *), void *cb_arg,
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                         const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-                        const BIGNUM *e, BN_CTX *ctx)
+                        const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
         {
         int ret = 0;
 
@@ -124,10 +118,10 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 
         pm1 = BN_CTX_get(ctx);
 
-        if (!bn_x931_derive_pi(p1, Xp1, ctx, cb, cb_arg))
+        if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
                 goto err;
 
-        if (!bn_x931_derive_pi(p2, Xp2, ctx, cb, cb_arg))
+        if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
                 goto err;
 
         if (!BN_mul(p1p2, p1, p2, ctx))
@@ -166,8 +160,7 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
         for (;;)
                 {
                 int i = 1;
-                if (cb)
-                        cb(0, i++, cb_arg);
+                BN_GENCB_call(cb, 0, i++);
                 if (!BN_copy(pm1, p))
                         goto err;
                 if (!BN_sub_word(pm1, 1))
@@ -179,14 +172,13 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                  * offering similar or better guarantees 50 MR is considerably 
                  * better.
                  */
-                        && BN_is_prime_fasttest(p, 50, cb, ctx, cb_arg, 1))
+                        && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
                         break;
                 if (!BN_add(p, p, p1p2))
                         goto err;
                 }
 
-        if (cb)
-                cb(3, 0, cb_arg);
+        BN_GENCB_call(cb, 3, 0);
 
         ret = 1;
 
@@ -248,11 +240,11 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
  * are generated using the previous function and supplied as input.
  */
 
-int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                         BIGNUM *Xp1, BIGNUM *Xp2,
                         const BIGNUM *Xp,
                         const BIGNUM *e, BN_CTX *ctx,
-                        void (*cb)(int, int, void *), void *cb_arg)
+                        BN_GENCB *cb)
         {
         int ret = 0;
 
@@ -266,8 +258,7 @@ int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
                 goto error;
         if (!BN_rand(Xp2, 101, 0, 0))
                 goto error;
-        if (!BN_X931_derive_prime(p, p1, p2, cb, cb_arg,
-                                                Xp, Xp1, Xp2, e, ctx))
+        if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
                 goto error;
 
         ret = 1;
@@ -279,4 +270,3 @@ int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
 
         }
 
-#endif
diff --git a/src/lib/libcrypto/buffer/buf_str.c b/src/lib/libcrypto/buffer/buf_str.c
new file mode 100644
index 0000000000..28dd1e401e
--- /dev/null
+++ b/src/lib/libcrypto/buffer/buf_str.c
@@ -0,0 +1,116 @@
+/* crypto/buffer/buf_str.c */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+
+char *BUF_strdup(const char *str)
+        {
+        if (str == NULL) return(NULL);
+        return BUF_strndup(str, strlen(str));
+        }
+
+char *BUF_strndup(const char *str, size_t siz)
+        {
+        char *ret;
+
+        if (str == NULL) return(NULL);
+
+        ret=OPENSSL_malloc(siz+1);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        BUF_strlcpy(ret,str,siz+1);
+        return(ret);
+        }
+
+void *BUF_memdup(const void *data, size_t siz)
+        {
+        void *ret;
+
+        if (data == NULL) return(NULL);
+
+        ret=OPENSSL_malloc(siz);
+        if (ret == NULL) 
+                {
+                BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        return memcpy(ret, data, siz);
+        }       
+
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 1 && *src; size--)
+                {
+                *dst++ = *src++;
+                l++;
+                }
+        if (size)
+                *dst = '\0';
+        return l + strlen(src);
+        }
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+        {
+        size_t l = 0;
+        for(; size > 0 && *dst; size--, dst++)
+                l++;
+        return l + BUF_strlcpy(dst, src, size);
+        }
diff --git a/src/lib/libcrypto/camellia/camellia.h b/src/lib/libcrypto/camellia/camellia.h
index 3c8a359543..b8a8b6e10b 100644
--- a/src/lib/libcrypto/camellia/camellia.h
+++ b/src/lib/libcrypto/camellia/camellia.h
@@ -87,6 +87,11 @@ struct camellia_key_st
 
 typedef struct camellia_key_st CAMELLIA_KEY;
 
+#ifdef OPENSSL_FIPS
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+        CAMELLIA_KEY *key);
+#endif
+
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key);
 
diff --git a/src/lib/libcrypto/camellia/cmll_misc.c b/src/lib/libcrypto/camellia/cmll_misc.c
index f1047b54e0..2cd7aba9bb 100644
--- a/src/lib/libcrypto/camellia/cmll_misc.c
+++ b/src/lib/libcrypto/camellia/cmll_misc.c
@@ -52,11 +52,24 @@
 #include <openssl/opensslv.h>
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
 
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key)
+#ifdef OPENSSL_FIPS
+        {
+        if (FIPS_mode())
+                FIPS_BAD_ABORT(CAMELLIA)
+        return private_Camellia_set_key(userKey, bits, key);
+        }
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+        CAMELLIA_KEY *key)
+#endif
         {
         if (!userKey || !key)
                 {
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index 591bfbec33..cdac3b870d 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -830,7 +830,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
         cms_fixup_mctx(&mctx, si->pkey);
         r = EVP_VerifyFinal(&mctx,
                         si->signature->data, si->signature->length, si->pkey);
-        if (!r)
+        if (r <= 0)
                 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
         err:
         EVP_MD_CTX_cleanup(&mctx);
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index 3d6c900b95..12fb0e6d6d 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -296,7 +296,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
         {
         int     ok   = 0;
         BN_CTX  *ctx = NULL;
-        BIGNUM  *order  = NULL;
+        const BIGNUM    *order  = NULL;
         EC_POINT *point = NULL;
 
         if (!eckey || !eckey->group || !eckey->pub_key)
@@ -307,8 +307,6 @@ int EC_KEY_check_key(const EC_KEY *eckey)
         
         if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
-        if ((order = BN_new()) == NULL)
-                goto err;
         if ((point = EC_POINT_new(eckey->group)) == NULL)
                 goto err;
 
@@ -319,17 +317,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
                 goto err;
                 }
         /* testing whether pub_key * order is the point at infinity */
-        if (!EC_GROUP_get_order(eckey->group, order, ctx))
+        order = &eckey->group->order;
+        if (BN_is_zero(order))
                 {
                 ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
                 goto err;
                 }
-        if (!EC_POINT_copy(point, eckey->pub_key))
-                {
-                ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
-                goto err;
-                }
-        if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx))
+        if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx))
                 {
                 ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
                 goto err;
@@ -366,8 +360,6 @@ int EC_KEY_check_key(const EC_KEY *eckey)
 err:
         if (ctx   != NULL)
                 BN_CTX_free(ctx);
-        if (order != NULL)
-                BN_free(order);
         if (point != NULL)
                 EC_POINT_free(point);
         return(ok);
diff --git a/src/lib/libcrypto/engine/eng_padlock.c b/src/lib/libcrypto/engine/eng_padlock.c
index 1ba9d85db4..743558ab33 100644
--- a/src/lib/libcrypto/engine/eng_padlock.c
+++ b/src/lib/libcrypto/engine/eng_padlock.c
@@ -234,8 +234,8 @@ padlock_bind_fn(ENGINE *e, const char *id)
         return 1;
 }
 
-IMPLEMENT_DYNAMIC_CHECK_FN ();
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn);
+IMPLEMENT_DYNAMIC_CHECK_FN ()
+IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
 #endif /* DYNAMIC_ENGINE */
 
 /* ===== Here comes the "real" engine ===== */
diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c
index a7b40d1c60..365d397164 100644
--- a/src/lib/libcrypto/evp/e_camellia.c
+++ b/src/lib/libcrypto/evp/e_camellia.c
@@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
         EVP_CIPHER_get_asn1_iv,
         NULL)
 
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
+#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)    IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
 
 IMPLEMENT_CAMELLIA_CFBR(128,1)
 IMPLEMENT_CAMELLIA_CFBR(192,1)
diff --git a/src/lib/libcrypto/o_init.c b/src/lib/libcrypto/o_init.c
new file mode 100644
index 0000000000..00ed65a6cf
--- /dev/null
+++ b/src/lib/libcrypto/o_init.c
@@ -0,0 +1,86 @@
+/* o_init.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <e_os.h>
+#include <openssl/err.h>
+
+/* Perform any essential OpenSSL initialization operations.
+ * Currently only sets FIPS callbacks
+ */
+
+void OPENSSL_init(void)
+        {
+#ifdef OPENSSL_FIPS
+        static int done = 0;
+        if (!done)
+                {
+                int_ERR_lib_init();
+#ifdef CRYPTO_MDEBUG
+                CRYPTO_malloc_debug_init();
+#endif
+#ifdef OPENSSL_ENGINE
+                int_EVP_MD_init_engine_callbacks();
+                int_EVP_CIPHER_init_engine_callbacks();
+                int_RAND_init_engine_callbacks();
+#endif
+                done = 1;
+                }
+#endif
+        }
+                
+
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index e19d18c5b9..9b993aca49 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
 /* rsa_pss.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
 /* ====================================================================
@@ -81,7 +81,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
         EVP_MD_CTX ctx;
         unsigned char H_[EVP_MAX_MD_SIZE];
 
-        hLen = EVP_MD_size(Hash);
+        hLen = M_EVP_MD_size(Hash);
         /*
          * Negative sLen has special meanings:
          *      -1      sLen == hLen
@@ -176,7 +176,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
         unsigned char *H, *salt = NULL, *p;
         EVP_MD_CTX ctx;
 
-        hLen = EVP_MD_size(Hash);
+        hLen = M_EVP_MD_size(Hash);
         /*
          * Negative sLen has special meanings:
          *      -1      sLen == hLen
diff --git a/src/lib/libcrypto/rsa/rsa_x931.c b/src/lib/libcrypto/rsa/rsa_x931.c
index e918654176..21548e37ed 100644
--- a/src/lib/libcrypto/rsa/rsa_x931.c
+++ b/src/lib/libcrypto/rsa/rsa_x931.c
@@ -1,5 +1,5 @@
 /* rsa_x931.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index 867f90cc97..3256a83e98 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -12,12 +12,19 @@
 
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #include <openssl/opensslv.h>
 
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 
 int SHA224_Init (SHA256_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=0xc1059ed8UL;   c->h[1]=0x367cd507UL;
         c->h[2]=0x3070dd17UL;   c->h[3]=0xf70e5939UL;
         c->h[4]=0xffc00b31UL;   c->h[5]=0x68581511UL;
@@ -29,6 +36,9 @@ int SHA224_Init (SHA256_CTX *c)
 
 int SHA256_Init (SHA256_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=0x6a09e667UL;   c->h[1]=0xbb67ae85UL;
         c->h[2]=0x3c6ef372UL;   c->h[3]=0xa54ff53aUL;
         c->h[4]=0x510e527fUL;   c->h[5]=0x9b05688cUL;
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index 987fc07c99..f5ed468b85 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -5,6 +5,10 @@
  * ====================================================================
  */
 #include <openssl/opensslconf.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 /*
  * IMPLEMENTATION NOTES.
@@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 
 int SHA384_Init (SHA512_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=U64(0xcbbb9d5dc1059ed8);
         c->h[1]=U64(0x629a292a367cd507);
         c->h[2]=U64(0x9159015a3070dd17);
@@ -76,6 +83,9 @@ int SHA384_Init (SHA512_CTX *c)
 
 int SHA512_Init (SHA512_CTX *c)
         {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
         c->h[0]=U64(0x6a09e667f3bcc908);
         c->h[1]=U64(0xbb67ae8584caa73b);
         c->h[2]=U64(0x3c6ef372fe94f82b);
@@ -327,7 +337,7 @@ static const SHA_LONG64 K512[80] = {
                                 ((SHA_LONG64)hi)<<32|lo;        })
 #   else
 #    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-                         unsigned int hi=p[0],lo=p[1];          \
+                         unsigned int hi=p[0],lo=p[1];                  \
                                 asm ("bswapl %0; bswapl %1;"    \
                                 : "=r"(lo),"=r"(hi)             \
                                 : "0"(lo),"1"(hi));             \
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index e9db6d62a7..c92e65936f 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,5 +1,5 @@
 /* x509_vpm.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c
index c18beb89f5..1030931b71 100644
--- a/src/lib/libcrypto/x509v3/pcy_cache.c
+++ b/src/lib/libcrypto/x509v3/pcy_cache.c
@@ -1,5 +1,5 @@
 /* pcy_cache.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h
index ba62a209da..3780de4fcd 100644
--- a/src/lib/libcrypto/x509v3/pcy_int.h
+++ b/src/lib/libcrypto/x509v3/pcy_int.h
@@ -1,5 +1,5 @@
 /* pcy_int.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/pcy_lib.c b/src/lib/libcrypto/x509v3/pcy_lib.c
index dae4840bc5..93bfd92703 100644
--- a/src/lib/libcrypto/x509v3/pcy_lib.c
+++ b/src/lib/libcrypto/x509v3/pcy_lib.c
@@ -1,5 +1,5 @@
 /* pcy_lib.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/pcy_map.c b/src/lib/libcrypto/x509v3/pcy_map.c
index 35221e8ba8..f28796e6d4 100644
--- a/src/lib/libcrypto/x509v3/pcy_map.c
+++ b/src/lib/libcrypto/x509v3/pcy_map.c
@@ -1,5 +1,5 @@
 /* pcy_map.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c
index dcc1554e29..6587cb05ab 100644
--- a/src/lib/libcrypto/x509v3/pcy_node.c
+++ b/src/lib/libcrypto/x509v3/pcy_node.c
@@ -1,5 +1,5 @@
 /* pcy_node.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c
index 42e7f5a879..4e706be3e1 100644
--- a/src/lib/libcrypto/x509v3/v3_ncons.c
+++ b/src/lib/libcrypto/x509v3/v3_ncons.c
@@ -1,5 +1,5 @@
 /* v3_ncons.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c
index 13248c2ada..86c0ff70e6 100644
--- a/src/lib/libcrypto/x509v3/v3_pcons.c
+++ b/src/lib/libcrypto/x509v3/v3_pcons.c
@@ -1,5 +1,5 @@
 /* v3_pcons.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c
index 626303264f..da03bbc35d 100644
--- a/src/lib/libcrypto/x509v3/v3_pmaps.c
+++ b/src/lib/libcrypto/x509v3/v3_pmaps.c
@@ -1,5 +1,5 @@
 /* v3_pmaps.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c
index cbff7495c5..cf3332e4e4 100644
--- a/src/lib/libssl/d1_enc.c
+++ b/src/lib/libssl/d1_enc.c
@@ -115,12 +115,16 @@
 
 #include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
 #include <openssl/rand.h>
-
+#ifdef KSSL_DEBUG
+#include <openssl/des.h>
+#endif
 
 int dtls1_enc(SSL *s, int send)
         {
@@ -202,10 +206,11 @@ int dtls1_enc(SSL *s, int send)
                 {
                 unsigned long ui;
                 printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        ds,rec->data,rec->input,l);
-                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        (void *)ds,rec->data,rec->input,l);
+                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
                         ds->buf_len, ds->cipher->key_len,
-                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        (unsigned long)DES_KEY_SZ,
+                        (unsigned long)DES_SCHEDULE_SZ,
                         ds->cipher->iv_len);
                 printf("\t\tIV: ");
                 for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -230,10 +235,10 @@ int dtls1_enc(SSL *s, int send)
 
 #ifdef KSSL_DEBUG
                 {
-                unsigned long i;
+                unsigned long ki;
                 printf("\trec->data=");
-                for (i=0; i<l; i++)
-                        printf(" %02x", rec->data[i]);  printf("\n");
+                for (ki=0; ki<l; ki++)
+                        printf(" %02x", rec->data[ki]);  printf("\n");
                 }
 #endif  /* KSSL_DEBUG */
 
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index fc088b4148..3568e97a87 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -106,6 +106,7 @@ int dtls1_new(SSL *s)
         pq_64bit_init(&(d1->bitmap.map));
         pq_64bit_init(&(d1->bitmap.max_seq_num));
         
+        d1->next_bitmap.length = d1->bitmap.length;
         pq_64bit_init(&(d1->next_bitmap.map));
         pq_64bit_init(&(d1->next_bitmap.max_seq_num));
 
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
index 20f8f05e3d..546e660626 100644
--- a/src/lib/libssl/test/CAss.cnf
+++ b/src/lib/libssl/test/CAss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 
 ####################################################################
 [ req ]
-default_bits            = 512
+default_bits            = 1024
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
index 0c0ebb5f67..98b2e054b7 100644
--- a/src/lib/libssl/test/Uss.cnf
+++ b/src/lib/libssl/test/Uss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 
 ####################################################################
 [ req ]
-default_bits            = 512
+default_bits            = 1024
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no