20 files changed, 119 insertions, 69 deletions
diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl
index 58843f61a9..b4172406ae 100644
--- a/src/lib/libcrypto/evp/Makefile.ssl
+++ b/src/lib/libcrypto/evp/Makefile.ssl
@@ -70,7 +70,7 @@ links:
        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA)
+        cp $(TESTDATA) ../../test
        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 install:
@@ -89,7 +89,7 @@ lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
 depend:
-        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 dclean:
        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -496,21 +496,19 @@ evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_acnf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-evp_acnf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-evp_acnf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-evp_acnf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-evp_acnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-evp_acnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_acnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-evp_acnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
-evp_acnf.o: ../cryptlib.h evp_acnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
 evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index f12eac1b55..6e550f6a43 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl)
                {
                i=ctx->buf_len-ctx->buf_off;
                if (i > outl) i=outl;
+                OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
                ret=i;
                out+=i;
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index 64fb2353af..ab81851503 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -132,7 +132,7 @@ static int enc_free(BIO *a)
        if (a == NULL) return(0);
        b=(BIO_ENC_CTX *)a->ptr;
        EVP_CIPHER_CTX_cleanup(&(b->cipher));
-        memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
        OPENSSL_free(a->ptr);
        a->ptr=NULL;
        a->init=0;
@@ -271,7 +271,7 @@ static int enc_write(BIO *b, const char *in, int inl)
                        if (i <= 0)
                                {
                                BIO_copy_next_retry(b);
-                                return(i);
+                                return (ret == inl) ? i : ret - inl;
                                }
                        n-=i;
                        ctx->buf_off+=i;
@@ -325,10 +325,7 @@ again:
                        {
                        i=enc_write(b,NULL,0);
                        if (i < 0)
-                                {
+                                return i;
-                                ret=i;
-                                break;
-                                }
                        }
                if (!ctx->finished)
diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c
index d2be03be82..4e3f10141b 100644
--- a/src/lib/libcrypto/evp/bio_ok.c
+++ b/src/lib/libcrypto/evp/bio_ok.c
@@ -211,7 +211,7 @@ static int ok_free(BIO *a)
        {
        if (a == NULL) return(0);
        EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-        memset(a->ptr,0,sizeof(BIO_OK_CTX));
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
        OPENSSL_free(a->ptr);
        a->ptr=NULL;
        a->init=0;
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index 3d59812e20..1b31a14e37 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -73,5 +73,9 @@ void OPENSSL_add_all_algorithms_noconf(void)
        {
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
-        ENGINE_setup_openbsd();
+#ifndef OPENSSL_NO_ENGINE
+# if defined(__OpenBSD__) || defined(__FreeBSD__)
+        ENGINE_setup_bsd_cryptodev();
+# endif
+#endif
        }
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index a969ac69ed..b22eed4421 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -113,7 +113,9 @@
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
@@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
        {
        EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
         * so this context may already have an ENGINE! Try to avoid releasing
         * the previous handle, re-querying for an ENGINE, and having a
@@ -183,11 +186,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                else
                        ctx->engine = NULL;
                }
-        else if(!ctx->digest)
+        else
+        if(!ctx->digest)
                {
                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
                return 0;
                }
+#endif
        if (ctx->digest != type)
                {
                if (ctx->digest && ctx->digest->ctx_size)
@@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                if (type->ctx_size)
                        ctx->md_data=OPENSSL_malloc(type->ctx_size);
                }
+#ifndef OPENSSL_NO_ENGINE
 skip_to_init:
+#endif
        return ctx->digest->init(ctx);
        }
@@ -219,6 +226,8 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
        int ret;
+        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
        ret=ctx->digest->final(ctx,md);
        if (size != NULL)
                *size=ctx->digest->md_size;
@@ -244,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
                EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
                return 0;
                }
+#ifndef OPENSSL_NO_ENGINE
        /* Make sure it's safe to copy a digest context using an ENGINE */
        if (in->engine && !ENGINE_init(in->engine))
                {
                EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
                return 0;
                }
+#endif
        EVP_MD_CTX_cleanup(out);
        memcpy(out,in,sizeof *out);
@@ -299,13 +310,15 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                ctx->digest->cleanup(ctx);
        if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
                {
-                memset(ctx->md_data,0,ctx->digest->ctx_size);
+                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
+#ifndef OPENSSL_NO_ENGINE
        if(ctx->engine)
                /* The EVP_MD we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(ctx->engine);
+#endif
        memset(ctx,'\0',sizeof *ctx);
        return 1;
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index c323fa2892..fe8bcda631 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -52,7 +52,6 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
 #include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index ed838d3e62..b9efa75ae7 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                idea_set_encrypt_key(key,&tmp);
                idea_set_decrypt_key(&tmp,ctx->cipher_data);
-                memset((unsigned char *)&tmp,0,
+                OPENSSL_cleanse((unsigned char *)&tmp,
                                sizeof(IDEA_KEY_SCHEDULE));
                }
        return 1;
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index 4685198e2e..d42cbfd17e 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -174,6 +174,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (type != NULL)
                {
                l=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(l <= sizeof iv);
                i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
                if (i != l)
                        return(-1);
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 4064cc5fa0..d58f507837 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -69,8 +69,6 @@
 typedef struct
    {
-    /* FIXME: what is the key for? */
-    unsigned char key[EVP_RC4_KEY_SIZE];
    RC4_KEY ks; /* working key */
    } EVP_RC4_KEY;
@@ -121,9 +119,8 @@ const EVP_CIPHER *EVP_rc4_40(void)
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc)
        {
-        memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
        RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-                data(ctx)->key);
+                    key);
        return 1;
        }
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 12c6379df1..08209357ce 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
        *outl=0;
        if (inl == 0) return;
+        OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
        if ((ctx->num+inl) < ctx->length)
                {
                memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                /* only save the good data :-) */
                if (!B64_NOT_BASE64(v))
                        {
+                        OPENSSL_assert(n < sizeof ctx->enc_data);
                        d[n++]=tmp;
                        ln++;
                        }
diff --git a/src/lib/libcrypto/evp/evp_acnf.c b/src/lib/libcrypto/evp/evp_acnf.c
index a68b979bdb..ff3e311cc5 100644
--- a/src/lib/libcrypto/evp/evp_acnf.c
+++ b/src/lib/libcrypto/evp/evp_acnf.c
@@ -59,7 +59,6 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/conf.h>
-#include <openssl/engine.h>
 /* Load all algorithms and configure OpenSSL.
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 32a1c7a2e9..be0758a879 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -60,11 +60,11 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 #include "evp_locl.h"
-#include <assert.h>
 const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -93,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        enc = 1;
                ctx->encrypt = enc;
                }
+#ifndef OPENSSL_NO_ENGINE
        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
         * so this context may already have an ENGINE! Try to avoid releasing
         * the previous handle, re-querying for an ENGINE, and having a
@@ -100,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
        if (ctx->engine && ctx->cipher && (!cipher ||
                        (cipher && (cipher->nid == ctx->cipher->nid))))
                goto skip_to_init;
+#endif
        if (cipher)
                {
                /* Ensure a context left lying around from last time is cleared
@@ -109,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                /* Restore encrypt field: it is zeroed by cleanup */
                ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
                if(impl)
                        {
                        if (!ENGINE_init(impl))
@@ -142,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        }
                else
                        ctx->engine = NULL;
+#endif
                ctx->cipher=cipher;
                ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
@@ -161,11 +165,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
                return 0;
                }
+#ifndef OPENSSL_NO_ENGINE
 skip_to_init:
+#endif
        /* we assume block size is a power of 2 in *cryptUpdate */
-        assert(ctx->cipher->block_size == 1
+        OPENSSL_assert(ctx->cipher->block_size == 1
-               || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 8
-               || ctx->cipher->block_size == 16);
+            || ctx->cipher->block_size == 16);
        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
                switch(EVP_CIPHER_CTX_mode(ctx)) {
@@ -181,6 +187,7 @@ skip_to_init:
                        case EVP_CIPH_CBC_MODE:
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
                        break;
@@ -237,7 +244,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
             const unsigned char *key, const unsigned char *iv)
        {
-        return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
+        return EVP_CipherInit(ctx, cipher, key, iv, 0);
        }
 int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
@@ -251,6 +258,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        {
        int i,j,bl;
+        OPENSSL_assert(inl > 0);
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
                if(ctx->cipher->do_cipher(ctx,out,in,inl))
@@ -266,6 +274,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                }
        i=ctx->buf_len;
        bl=ctx->cipher->block_size;
+        OPENSSL_assert(bl <= sizeof ctx->buf);
        if (i != 0)
                {
                if (i+inl < bl)
@@ -314,6 +323,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int i,n,b,bl,ret;
        b=ctx->cipher->block_size;
+        OPENSSL_assert(b <= sizeof ctx->buf);
        if (b == 1)
                {
                *outl=0;
@@ -358,6 +368,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                return EVP_EncryptUpdate(ctx, out, outl, in, inl);
        b=ctx->cipher->block_size;
+        OPENSSL_assert(b <= sizeof ctx->final);
        if(ctx->final_used)
                {
@@ -420,6 +431,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                        return(0);
                        }
+                OPENSSL_assert(b <= sizeof ctx->final);
                n=ctx->final[b-1];
                if (n > b)
                        {
@@ -450,16 +462,18 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
                        return 0;
-                /* Zero cipher context data */
+                /* Cleanse cipher context data */
                if (c->cipher_data)
-                        memset(c->cipher_data, 0, c->cipher->ctx_size);
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(c->engine);
+#endif
        memset(c,0,sizeof(EVP_CIPHER_CTX));
        return 1;
        }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 4271393069..5f387a94d3 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -103,7 +103,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
                        buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
        ret = UI_process(ui);
        UI_free(ui);
-        memset(buff,0,BUFSIZ);
+        OPENSSL_cleanse(buff,BUFSIZ);
        return ret;
        }
@@ -118,6 +118,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
        nkey=type->key_len;
        niv=type->iv_len;
+        OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+        OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
        if (data == NULL) return(nkey);
@@ -166,7 +168,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                if ((nkey == 0) && (niv == 0)) break;
                }
        EVP_MD_CTX_cleanup(&c);
-        memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+        OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
        return(type->key_len);
        }
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index a431945ef5..52a3b287be 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (type != NULL) 
                {
                l=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(l <= sizeof c->iv);
                i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
                if (i != l)
                        return(-1);
@@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (type != NULL)
                {
                j=EVP_CIPHER_CTX_iv_length(c);
+                OPENSSL_assert(j <= sizeof c->iv);
                i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
                }
        return(i);
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index 4234cd7684..bc98e63363 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
                char obj_tmp[80];
                EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
                if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-                else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
+                else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
                ERR_add_error_data(2, "TYPE=", obj_tmp);
                return 0;
        }
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
index 90294ef686..28460173f7 100644
--- a/src/lib/libcrypto/evp/evp_test.c
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -49,8 +49,14 @@
 #include <stdio.h>
 #include <string.h>
+#include "../e_os.h"
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
 #include <openssl/conf.h>
 static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
@@ -78,7 +84,7 @@ static int convert(unsigned char *s)
        if(!s[1])
            {
            fprintf(stderr,"Odd number of hex digits!");
-            exit(4);
+            EXIT(4);
            }
        sscanf((char *)s,"%2x",&n);
        *d=(unsigned char)n;
@@ -120,6 +126,12 @@ static char *sstrsep(char **string, const char *delim)
 static unsigned char *ustrsep(char **p,const char *sep)
    { return (unsigned char *)sstrsep(p,sep); }
+static int test1_exit(int ec)
+        {
+        EXIT(ec);
+        return(0);              /* To keep some compilers quiet */
+        }
 static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
                  const unsigned char *iv,int in,
                  const unsigned char *plaintext,int pn,
@@ -142,7 +154,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        {
        fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
                c->key_len);
-        exit(5);
+        test1_exit(5);
        }
    EVP_CIPHER_CTX_init(&ctx);
    if (encdec != 0)
@@ -150,26 +162,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
            {
            fprintf(stderr,"EncryptInit failed\n");
-            exit(10);
+            test1_exit(10);
            }
        EVP_CIPHER_CTX_set_padding(&ctx,0);
        if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
            {
            fprintf(stderr,"Encrypt failed\n");
-            exit(6);
+            test1_exit(6);
            }
        if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
            {
            fprintf(stderr,"EncryptFinal failed\n");
-            exit(7);
+            test1_exit(7);
            }
        if(outl+outl2 != cn)
            {
            fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
                    outl+outl2,cn);
-            exit(8);
+            test1_exit(8);
            }
        if(memcmp(out,ciphertext,cn))
@@ -177,7 +189,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
            fprintf(stderr,"Ciphertext mismatch\n");
            hexdump(stderr,"Got",out,cn);
            hexdump(stderr,"Expected",ciphertext,cn);
-            exit(9);
+            test1_exit(9);
            }
        }
@@ -186,26 +198,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
            {
            fprintf(stderr,"DecryptInit failed\n");
-            exit(11);
+            test1_exit(11);
            }
        EVP_CIPHER_CTX_set_padding(&ctx,0);
        if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
            {
            fprintf(stderr,"Decrypt failed\n");
-            exit(6);
+            test1_exit(6);
            }
        if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
            {
            fprintf(stderr,"DecryptFinal failed\n");
-            exit(7);
+            test1_exit(7);
            }
        if(outl+outl2 != cn)
            {
            fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
                    outl+outl2,cn);
-            exit(8);
+            test1_exit(8);
            }
        if(memcmp(out,plaintext,cn))
@@ -213,7 +225,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
            fprintf(stderr,"Plaintext mismatch\n");
            hexdump(stderr,"Got",out,cn);
            hexdump(stderr,"Expected",plaintext,cn);
-            exit(9);
+            test1_exit(9);
            }
        }
@@ -260,24 +272,24 @@ static int test_digest(const char *digest,
    if(!EVP_DigestInit_ex(&ctx,d, NULL))
        {
        fprintf(stderr,"DigestInit failed\n");
-        exit(100);
+        EXIT(100);
        }
    if(!EVP_DigestUpdate(&ctx,plaintext,pn))
        {
        fprintf(stderr,"DigestUpdate failed\n");
-        exit(101);
+        EXIT(101);
        }
    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
        {
        fprintf(stderr,"DigestFinal failed\n");
-        exit(101);
+        EXIT(101);
        }
    EVP_MD_CTX_cleanup(&ctx);
    if(mdn != cn)
        {
        fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
-        exit(102);
+        EXIT(102);
        }
    if(memcmp(md,ciphertext,cn))
@@ -285,7 +297,7 @@ static int test_digest(const char *digest,
        fprintf(stderr,"Digest mismatch\n");
        hexdump(stderr,"Got",md,cn);
        hexdump(stderr,"Expected",ciphertext,cn);
-        exit(103);
+        EXIT(103);
        }
    printf("\n");
@@ -303,7 +315,7 @@ int main(int argc,char **argv)
    if(argc != 2)
        {
        fprintf(stderr,"%s <test file>\n",argv[0]);
-        exit(1);
+        EXIT(1);
        }
    CRYPTO_malloc_debug_init();
    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
@@ -315,17 +327,20 @@ int main(int argc,char **argv)
    if(!f)
        {
        perror(szTestFile);
-        exit(2);
+        EXIT(2);
        }
    /* Load up the software EVP_CIPHER and EVP_MD definitions */
    OpenSSL_add_all_ciphers();
    OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
    /* Load all compiled-in ENGINEs */
    ENGINE_load_builtin_engines();
+#endif
 #if 0
    OPENSSL_config();
 #endif
+#ifndef OPENSSL_NO_ENGINE
    /* Register all available ENGINE implementations of ciphers and digests.
     * This could perhaps be changed to "ENGINE_register_all_complete()"? */
    ENGINE_register_all_ciphers();
@@ -334,6 +349,7 @@ int main(int argc,char **argv)
     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
     * they weren't already initialised. */
    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
    for( ; ; )
        {
@@ -371,11 +387,13 @@ int main(int argc,char **argv)
           && !test_digest(cipher,plaintext,pn,ciphertext,cn))
            {
            fprintf(stderr,"Can't find %s\n",cipher);
-            exit(3);
+            EXIT(3);
            }
        }
+#ifndef OPENSSL_NO_ENGINE
    ENGINE_cleanup();
+#endif
    EVP_cleanup();
    CRYPTO_cleanup_all_ex_data();
    ERR_remove_state(0);
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 27a8286489..a1874e83b2 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -140,12 +140,14 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
                EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
        }
        EVP_MD_CTX_cleanup(&ctx);
+        OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
        memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+        OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
                                                 EVP_CIPHER_iv_length(cipher));
        EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
-        memset(md_tmp, 0, EVP_MAX_MD_SIZE);
+        OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
-        memset(key, 0, EVP_MAX_KEY_LENGTH);
+        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-        memset(iv, 0, EVP_MAX_IV_LENGTH);
+        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
        return 1;
 }
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 7485d6a278..1f94e1ef88 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                goto err;
        }
        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        OPENSSL_assert(keylen <= sizeof key);
        /* Now decode key derivation function */
@@ -230,7 +231,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        iter = ASN1_INTEGER_get(kdf->iter);
        PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
        EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-        memset(key, 0, keylen);
+        OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
        return 1;
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 6976f2a867..5a933d1cda 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -101,7 +101,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
        ret=1;
 err:
-        if (key != NULL) memset(key,0,size);
+        if (key != NULL) OPENSSL_cleanse(key,size);
        OPENSSL_free(key);
        return(ret);
        }