diff --git a/.openssl.metadata b/.openssl.metadata
new file mode 100644
index 0000000..e6892fa
--- /dev/null
+++ b/.openssl.metadata
@@ -0,0 +1 @@
+95086e8de8260fc514fc8df683a96237308c5e37 SOURCES/openssl-1.0.1e-hobbled.tar.xz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
- 
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
- 
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/Makefile.certificate b/SOURCES/Makefile.certificate
new file mode 100644
index 0000000..e839427
--- /dev/null
+++ b/SOURCES/Makefile.certificate
@@ -0,0 +1,74 @@
+UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
+SERIAL=0
+
+.PHONY: usage
+.SUFFIXES: .key .csr .crt .pem
+.PRECIOUS: %.key %.csr %.crt %.pem
+
+usage:
+	@echo "This makefile allows you to create:"
+	@echo "  o public/private key pairs"
+	@echo "  o SSL certificate signing requests (CSRs)"
+	@echo "  o self-signed SSL test certificates"
+	@echo
+	@echo "To create a key pair, run \"make SOMETHING.key\"."
+	@echo "To create a CSR, run \"make SOMETHING.csr\"."
+	@echo "To create a test certificate, run \"make SOMETHING.crt\"."
+	@echo "To create a key and a test certificate in one file, run \"make SOMETHING.pem\"."
+	@echo
+	@echo "To create a key for use with Apache, run \"make genkey\"."
+	@echo "To create a CSR for use with Apache, run \"make certreq\"."
+	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
+	@echo
+	@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
+	@echo
+	@echo Examples:
+	@echo "  make server.key"
+	@echo "  make server.csr"
+	@echo "  make server.crt"
+	@echo "  make stunnel.pem"
+	@echo "  make genkey"
+	@echo "  make certreq"
+	@echo "  make testcert"
+	@echo "  make server.crt SERIAL=1"
+	@echo "  make stunnel.pem SERIAL=2"
+	@echo "  make testcert SERIAL=3"
+
+%.pem:
+	umask 77 ; \
+	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
+	/usr/bin/openssl req $(UTF8) -newkey rsa:2048 -keyout $$PEM1 -nodes -x509 -days 365 -out $$PEM2 -set_serial $(SERIAL) ; \
+	cat $$PEM1 >  $@ ; \
+	echo ""    >> $@ ; \
+	cat $$PEM2 >> $@ ; \
+	$(RM) $$PEM1 $$PEM2
+
+%.key:
+	umask 77 ; \
+	/usr/bin/openssl genrsa -aes128 2048 > $@
+
+%.csr: %.key
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $^ -out $@
+
+%.crt: %.key
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days 365 -out $@ -set_serial $(SERIAL)
+
+TLSROOT=/etc/pki/tls
+KEY=$(TLSROOT)/private/localhost.key
+CSR=$(TLSROOT)/certs/localhost.csr
+CRT=$(TLSROOT)/certs/localhost.crt
+
+genkey: $(KEY)
+certreq: $(CSR)
+testcert: $(CRT)
+
+$(CSR): $(KEY)
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -out $(CSR)
+
+$(CRT): $(KEY)
+	umask 77 ; \
+	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days 365 -out $(CRT) -set_serial $(SERIAL)
diff --git a/SOURCES/README.FIPS b/SOURCES/README.FIPS
new file mode 100644
index 0000000..eb17bca
--- /dev/null
+++ b/SOURCES/README.FIPS
@@ -0,0 +1,75 @@
+User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
+=================================================================
+
+This package contains libraries which comprise the FIPS 140-2
+Red Hat Enterprise Linux - OPENSSL Module.
+
+The module files
+================
+/usr/lib[64]/libcrypto.so.1.0.0d
+/usr/lib[64]/libssl.so.1.0.0d
+/usr/lib[64]/.libcrypto.so.1.0.0d.hmac
+/usr/lib[64]/.libssl.so.1.0.0d.hmac
+
+Dependencies
+============
+
+The approved mode of operation requires kernel with /dev/urandom RNG running
+with properties as defined in the security policy of the module. This is
+provided by kernel packages with validated Red Hat Enterprise Linux - IPSec
+Crytographic Module.
+
+Installation
+============
+
+The RPM package of the module can be installed by standard tools recommended
+for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
+rpm, RHN remote management tool).
+
+For proper operation of the in-module integrity verification the prelink has to
+be disabled. This can be done with setting PRELINKING=no in the
+/etc/sysconfig/prelink configuration file. If the libraries were already
+prelinked the prelink should be undone on all the system files with the
+'prelink -u -a' command.
+
+Usage and API
+=============
+
+The module respects kernel command line FIPS setting. If the kernel command
+line contains option fips=1 the module will initialize in the FIPS approved
+mode of operation automatically. To allow for the automatic initialization the
+application using the module has to call one of the following API calls:
+
+- void OPENSSL_init_library(void) - this will do only a basic initialization
+of the library and does initialization of the FIPS approved mode without setting
+up EVP API with supported algorithms.
+
+- void OPENSSL_add_all_algorithms(void) - this API function calls
+OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API
+in the approved mode 
+
+- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also
+adds algorithms which are necessary for TLS protocol support and initializes
+the SSL library.
+
+To explicitely put the library to the approved mode the application can call
+the following function:
+
+- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch
+the library from the non-approved to the approved mode. If any of the selftests
+and integrity verification tests fail, the library is put into the error state
+and 0 is returned. If they succeed the return value is 1.
+
+To query the module whether it is in the approved mode or not:
+
+- int FIPS_mode(void) - returns 1 if the module is in the approved mode,
+0 otherwise.
+
+To query whether the module is in the error state:
+
+- int FIPS_selftest_failed(void) - returns 1 if the module is in the error
+state, 0 otherwise.
+
+To zeroize the FIPS RNG key and internal state the application calls:
+
+- void RAND_cleanup(void)
diff --git a/SOURCES/ec_curve.c b/SOURCES/ec_curve.c
new file mode 100644
index 0000000..0c287bf
--- /dev/null
+++ b/SOURCES/ec_curve.c
@@ -0,0 +1,396 @@
+/* crypto/ec/ec_curve.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/opensslconf.h>
+
+typedef struct {
+	int	field_type,	/* either NID_X9_62_prime_field or
+				 * NID_X9_62_characteristic_two_field */
+		seed_len,
+		param_len;
+	unsigned int cofactor;	/* promoted to BN_ULONG */
+} EC_CURVE_DATA;
+
+static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
+	_EC_NIST_PRIME_384 = {
+	{ NID_X9_62_prime_field,20,48,1 },
+	{ 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,	/* seed */
+	  0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73,
+
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+	  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+	  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC,
+	  0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E,	/* b */
+	  0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E,
+	  0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13,
+	  0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D,
+	  0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF,
+	  0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1,	/* x */
+	  0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62,
+	  0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54,
+	  0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C,
+	  0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7,
+	  0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e,	/* y */
+	  0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd,
+	  0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0,
+	  0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d,
+	  0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37,
+	  0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A,
+	  0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
+	};
+
+static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
+	_EC_NIST_PRIME_521 = {
+	{ NID_X9_62_prime_field,20,66,1 },
+	{ 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,	/* seed */
+	  0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
+
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+	  0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F,	/* b */
+	  0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
+	  0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
+	  0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
+	  0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
+	  0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
+	  0x1F,0xD4,0x6B,0x50,0x3F,0x00,
+	  0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD,	/* x */
+	  0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
+	  0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
+	  0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
+	  0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
+	  0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
+	  0x7E,0x31,0xC2,0xE5,0xBD,0x66,
+	  0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04,	/* y */
+	  0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
+	  0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
+	  0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
+	  0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
+	  0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
+	  0x94,0x76,0x9f,0xd1,0x66,0x50,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
+	  0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
+	  0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
+	  0xB7,0x1E,0x91,0x38,0x64,0x09 }
+	};
+
+static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
+	_EC_X9_62_PRIME_256V1 = {
+	{ NID_X9_62_prime_field,20,32,1 },
+	{ 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,	/* seed */
+	  0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90,
+
+	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,	/* p */
+	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,	/* a */
+	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFC,
+	  0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,	/* b */
+	  0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,
+	  0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2,
+	  0x60,0x4B,
+	  0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,	/* x */
+	  0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,
+	  0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,
+	  0xC2,0x96,
+	  0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,	/* y */
+	  0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,
+	  0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,
+	  0x51,0xf5,
+	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,
+	  0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63,
+	  0x25,0x51 }
+	};
+
+typedef struct _ec_list_element_st {
+	int	nid;
+	const EC_CURVE_DATA *data;
+	const EC_METHOD *(*meth)(void);
+	const char *comment;
+	} ec_list_element;
+
+static const ec_list_element curve_list[] = {
+	/* prime field curves */
+	/* secg curves */
+	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+	{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
+#else
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
+#else
+	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" },
+#endif
+};
+
+#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
+
+static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
+	{
+	EC_GROUP *group=NULL;
+	EC_POINT *P=NULL;
+	BN_CTX	 *ctx=NULL;
+	BIGNUM	 *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
+	int	 ok=0;
+	int	 seed_len,param_len;
+	const EC_METHOD *meth;
+	const EC_CURVE_DATA *data;
+	const unsigned char *params;
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	data = curve.data;
+	seed_len  = data->seed_len;
+	param_len = data->param_len;
+	params	  = (const unsigned char *)(data+1);	/* skip header */
+	params	 += seed_len;				/* skip seed   */
+
+	if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
+		|| !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
+		|| !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+
+	if (curve.meth != 0)
+		{
+		meth = curve.meth();
+		if (((group = EC_GROUP_new(meth)) == NULL) ||
+			(!(group->meth->group_set_curve(group, p, a, b, ctx))))
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	else if (data->field_type == NID_X9_62_prime_field)
+		{
+		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+#ifndef OPENSSL_NO_EC2M
+	else	/* field_type == NID_X9_62_characteristic_two_field */
+		{
+		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+#endif
+
+	if ((P = EC_POINT_new(group)) == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+
+	if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
+		|| !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
+		|| !BN_set_word(x, (BN_ULONG)data->cofactor))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+	if (!EC_GROUP_set_generator(group, P, order, x))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (seed_len)
+		{
+		if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	ok=1;
+err:
+	if (!ok)
+		{
+		EC_GROUP_free(group);
+		group = NULL;
+		}
+	if (P)
+		EC_POINT_free(P);
+	if (ctx)
+		BN_CTX_free(ctx);
+	if (p)
+		BN_free(p);
+	if (a)
+		BN_free(a);
+	if (b)
+		BN_free(b);
+	if (order)
+		BN_free(order);
+	if (x)
+		BN_free(x);
+	if (y)
+		BN_free(y);
+	return group;
+	}
+
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+	{
+	size_t i;
+	EC_GROUP *ret = NULL;
+
+	if (nid <= 0)
+		return NULL;
+
+	for (i=0; i<curve_list_length; i++)
+		if (curve_list[i].nid == nid)
+			{
+			ret = ec_group_new_from_data(curve_list[i]);
+			break;
+			}
+
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+		return NULL;
+		}
+
+	EC_GROUP_set_curve_name(ret, nid);
+
+	return ret;
+	}
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+	{
+	size_t	i, min;
+
+	if (r == NULL || nitems == 0)
+		return curve_list_length;
+
+	min = nitems < curve_list_length ? nitems : curve_list_length;
+
+	for (i = 0; i < min; i++)
+		{
+		r[i].nid = curve_list[i].nid;
+		r[i].comment = curve_list[i].comment;
+		}
+
+	return curve_list_length;
+	}
diff --git a/SOURCES/ectest.c b/SOURCES/ectest.c
new file mode 100644
index 0000000..921edcd
--- /dev/null
+++ b/SOURCES/ectest.c
@@ -0,0 +1,742 @@
+/* crypto/ec/ectest.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+#else
+
+
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+
+#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
+/* suppress "too big too optimize" warning */
+#pragma warning(disable:4959)
+#endif
+
+#define ABORT do { \
+	fflush(stdout); \
+	fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+	ERR_print_errors_fp(stderr); \
+	EXIT(1); \
+} while (0)
+
+#define TIMING_BASE_PT 0
+#define TIMING_RAND_PT 1
+#define TIMING_SIMUL 2
+
+#if 0
+static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
+	{
+	clock_t clck;
+	int i, j;
+	BIGNUM *s;
+	BIGNUM *r[10], *r0[10];
+	EC_POINT *P;
+		
+	s = BN_new();
+	if (s == NULL) ABORT;
+
+	fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
+	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
+	fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
+	fflush(stdout);
+
+	P = EC_POINT_new(group);
+	if (P == NULL) ABORT;
+	EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+
+	for (i = 0; i < 10; i++)
+		{
+		if ((r[i] = BN_new()) == NULL) ABORT;
+		if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;
+		if (type != TIMING_BASE_PT)
+			{
+			if ((r0[i] = BN_new()) == NULL) ABORT;
+			if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;
+			}
+		}
+
+	clck = clock();
+	for (i = 0; i < 10; i++)
+		{
+		for (j = 0; j < 10; j++)
+			{
+			if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, 
+				(type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT;
+			}
+		}
+	clck = clock() - clck;
+
+	fprintf(stdout, "\n");
+
+#ifdef CLOCKS_PER_SEC
+	/* "To determine the time in seconds, the value returned
+	 * by the clock function should be divided by the value
+	 * of the macro CLOCKS_PER_SEC."
+	 *                                       -- ISO/IEC 9899 */
+#	define UNIT "s"
+#else
+	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
+	 *                            -- cc on NeXTstep/OpenStep */
+#	define UNIT "units"
+#	define CLOCKS_PER_SEC 1
+#endif
+
+	if (type == TIMING_BASE_PT) {
+		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+			"base point multiplications", (double)clck/CLOCKS_PER_SEC);
+	} else if (type == TIMING_RAND_PT) {
+		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+			"random point multiplications", (double)clck/CLOCKS_PER_SEC);
+	} else if (type == TIMING_SIMUL) {
+		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+			"s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC);
+	}
+	fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
+
+	EC_POINT_free(P);
+	BN_free(s);
+	for (i = 0; i < 10; i++)
+		{
+		BN_free(r[i]);
+		if (type != TIMING_BASE_PT) BN_free(r0[i]);
+		}
+	}
+#endif
+
+/* test multiplication with group order, long and negative scalars */
+static void group_order_tests(EC_GROUP *group)
+	{
+	BIGNUM *n1, *n2, *order;
+	EC_POINT *P = EC_POINT_new(group);
+	EC_POINT *Q = EC_POINT_new(group);
+	BN_CTX *ctx = BN_CTX_new();
+
+	n1 = BN_new(); n2 = BN_new(); order = BN_new();
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, order, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+	fprintf(stdout, "long/negative scalar tests ... ");
+	if (!BN_one(n1)) ABORT;
+	/* n1 = 1 - order */
+	if (!BN_sub(n1, n1, order)) ABORT;
+	if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+	/* n2 = 1 + order */
+	if (!BN_add(n2, order, BN_value_one())) ABORT;
+	if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+	/* n2 = (1 - order) * (1 + order) */
+	if (!BN_mul(n2, n1, n2, ctx)) ABORT;
+	if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+	fprintf(stdout, "ok\n");
+	EC_POINT_free(P);
+	EC_POINT_free(Q);
+	BN_free(n1);
+	BN_free(n2);
+	BN_free(order);
+	BN_CTX_free(ctx);
+	}
+
+static void prime_field_tests(void)
+	{
+	BN_CTX *ctx = NULL;
+	BIGNUM *p, *a, *b;
+	EC_GROUP *group;
+	EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
+	EC_POINT *P, *Q, *R;
+	BIGNUM *x, *y, *z;
+	unsigned char buf[100];
+	size_t i, len;
+	int k;
+	
+#if 1 /* optional */
+	ctx = BN_CTX_new();
+	if (!ctx) ABORT;
+#endif
+
+	p = BN_new();
+	a = BN_new();
+	b = BN_new();
+	if (!p || !a || !b) ABORT;
+	
+	group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
+	                                             * so that the library gets to choose the EC_METHOD */
+	if (!group) ABORT;
+
+	P = EC_POINT_new(group);
+	Q = EC_POINT_new(group);
+	R = EC_POINT_new(group);
+	if (!P || !Q || !R) ABORT;
+
+	x = BN_new();
+	y = BN_new();
+	z = BN_new();
+	if (!x || !y || !z) ABORT;
+
+/* Curve P-256 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+		"84F3B9CAC2FC632551")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 256) ABORT;
+	fprintf(stdout, " ok\n");
+	
+	group_order_tests(group);
+
+	if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_256, group)) ABORT;
+
+
+	/* Curve P-384 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
+	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+		"120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+		"7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 384) ABORT;
+	fprintf(stdout, " ok\n");
+
+	group_order_tests(group);
+
+	if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_384, group)) ABORT;
+
+
+	/* Curve P-521 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+		"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+		"DF883D2C34F1EF451FD46B503F00")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+		"C9B8899C47AEBB6FB71E91386409")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+		"B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+		"7086A272C24088BE94769FD16650")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 521) ABORT;
+	fprintf(stdout, " ok\n");
+
+ 	group_order_tests(group);
+
+	if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_521, group)) ABORT;
+
+
+	/* more tests using the last curve */
+
+	if (!EC_POINT_copy(Q, P)) ABORT;
+	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+	{
+		const EC_POINT *points[4];
+		const BIGNUM *scalars[4];
+		BIGNUM scalar3;
+	
+		if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+		points[0] = Q;
+		points[1] = Q;
+		points[2] = Q;
+		points[3] = Q;
+
+		if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+		if (!BN_add(y, z, BN_value_one())) ABORT;
+		if (BN_is_odd(y)) ABORT;
+		if (!BN_rshift1(y, y)) ABORT;
+		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+		scalars[1] = y;
+
+		fprintf(stdout, "combined multiplication ...");
+		fflush(stdout);
+
+		/* z is still the group order */
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+		if (!BN_add(z, z, y)) ABORT;
+		BN_set_negative(z, 1);
+		scalars[0] = y;
+		scalars[1] = z; /* z = -(order + y) */
+
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+		if (!BN_add(z, x, y)) ABORT;
+		BN_set_negative(z, 1);
+		scalars[0] = x;
+		scalars[1] = y;
+		scalars[2] = z; /* z = -(x+y) */
+
+		BN_init(&scalar3);
+		BN_zero(&scalar3);
+		scalars[3] = &scalar3;
+
+		if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, " ok\n\n");
+
+		BN_free(&scalar3);
+	}
+
+
+#if 0
+	timings(P_256, TIMING_BASE_PT, ctx);
+	timings(P_256, TIMING_RAND_PT, ctx);
+	timings(P_256, TIMING_SIMUL, ctx);
+	timings(P_384, TIMING_BASE_PT, ctx);
+	timings(P_384, TIMING_RAND_PT, ctx);
+	timings(P_384, TIMING_SIMUL, ctx);
+#endif
+
+
+	if (ctx)
+		BN_CTX_free(ctx);
+	BN_free(p); BN_free(a);	BN_free(b);
+	EC_GROUP_free(group);
+	EC_POINT_free(P);
+	EC_POINT_free(Q);
+	EC_POINT_free(R);
+	BN_free(x); BN_free(y); BN_free(z);
+
+	if (P_160) EC_GROUP_free(P_160);
+	if (P_192) EC_GROUP_free(P_192);
+	if (P_224) EC_GROUP_free(P_224);
+	if (P_256) EC_GROUP_free(P_256);
+	if (P_384) EC_GROUP_free(P_384);
+	if (P_521) EC_GROUP_free(P_521);
+
+	}
+
+
+static void internal_curve_test(void)
+	{
+	EC_builtin_curve *curves = NULL;
+	size_t crv_len = 0, n = 0;
+	int    ok = 1;
+
+	crv_len = EC_get_builtin_curves(NULL, 0);
+
+	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+	if (curves == NULL)
+		return;
+
+	if (!EC_get_builtin_curves(curves, crv_len))
+		{
+		OPENSSL_free(curves);
+		return;
+		}
+
+	fprintf(stdout, "testing internal curves: ");
+		
+	for (n = 0; n < crv_len; n++)
+		{
+		EC_GROUP *group = NULL;
+		int nid = curves[n].nid;
+		if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
+			{
+			ok = 0;
+			fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
+				" curve %s\n", OBJ_nid2sn(nid));
+			/* try next curve */
+			continue;
+			}
+		if (!EC_GROUP_check(group, NULL))
+			{
+			ok = 0;
+			fprintf(stdout, "\nEC_GROUP_check() failed with"
+				" curve %s\n", OBJ_nid2sn(nid));
+			EC_GROUP_free(group);
+			/* try the next curve */
+			continue;
+			}
+		fprintf(stdout, ".");
+		fflush(stdout);
+		EC_GROUP_free(group);
+		}
+	if (ok)
+		fprintf(stdout, " ok\n\n");
+	else
+		{
+		fprintf(stdout, " failed\n\n");
+		ABORT;
+		}
+	OPENSSL_free(curves);
+	return;
+	}
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* nistp_test_params contains magic numbers for testing our optimized
+ * implementations of several NIST curves with characteristic > 3. */
+struct nistp_test_params
+	{
+	const EC_METHOD* (*meth) ();
+	int degree;
+	/* Qx, Qy and D are taken from
+	 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+	 * Otherwise, values are standard curve parameters from FIPS 180-3 */
+	const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+	};
+
+static const struct nistp_test_params nistp_tests_params[] =
+	{
+		{
+		/* P-256 */
+		EC_GFp_nistp256_method,
+		256,
+		"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
+		"ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
+		"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
+		"b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
+		"3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
+		"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
+		"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
+		"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
+		"c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
+		},
+	};
+
+void nistp_single_test(const struct nistp_test_params *test)
+	{
+	BN_CTX *ctx;
+	BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
+	EC_GROUP *NISTP;
+	EC_POINT *G, *P, *Q, *Q_CHECK;
+
+	fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
+	ctx = BN_CTX_new();
+	p = BN_new();
+	a = BN_new();
+	b = BN_new();
+	x = BN_new(); y = BN_new();
+	m = BN_new(); n = BN_new(); order = BN_new();
+
+	NISTP = EC_GROUP_new(test->meth());
+	if(!NISTP) ABORT;
+	if (!BN_hex2bn(&p, test->p)) ABORT;
+	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, test->a)) ABORT;
+	if (!BN_hex2bn(&b, test->b)) ABORT;
+	if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT;
+	G = EC_POINT_new(NISTP);
+	P = EC_POINT_new(NISTP);
+	Q = EC_POINT_new(NISTP);
+	Q_CHECK = EC_POINT_new(NISTP);
+	if(!BN_hex2bn(&x, test->Qx)) ABORT;
+	if(!BN_hex2bn(&y, test->Qy)) ABORT;
+	if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT;
+	if (!BN_hex2bn(&x, test->Gx)) ABORT;
+	if (!BN_hex2bn(&y, test->Gy)) ABORT;
+	if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT;
+	if (!BN_hex2bn(&order, test->order)) ABORT;
+	if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+
+	fprintf(stdout, "verify degree ... ");
+	if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT;
+	fprintf(stdout, "ok\n");
+
+	fprintf(stdout, "NIST test vectors ... ");
+	if (!BN_hex2bn(&n, test->d)) ABORT;
+	/* fixed point multiplication */
+	EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+	/* random point multiplication */
+	EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+	/* set generator to P = 2*G, where G is the standard generator */
+	if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT;
+	if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT;
+	/* set the scalar to m=n/2, where n is the NIST test scalar */
+	if (!BN_rshift(m, n, 1)) ABORT;
+
+	/* test the non-standard generator */
+	/* fixed point multiplication */
+	EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+	/* random point multiplication */
+	EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+	/* now repeat all tests with precomputation */
+	if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT;
+
+	/* fixed point multiplication */
+	EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+	/* random point multiplication */
+	EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+	/* reset generator */
+	if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+	/* fixed point multiplication */
+	EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+	/* random point multiplication */
+	EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+	fprintf(stdout, "ok\n");
+	group_order_tests(NISTP);
+#if 0
+	timings(NISTP, TIMING_BASE_PT, ctx);
+	timings(NISTP, TIMING_RAND_PT, ctx);
+#endif
+	EC_GROUP_free(NISTP);
+	EC_POINT_free(G);
+	EC_POINT_free(P);
+	EC_POINT_free(Q);
+	EC_POINT_free(Q_CHECK);
+	BN_free(n);
+	BN_free(m);
+	BN_free(p);
+	BN_free(a);
+	BN_free(b);
+	BN_free(x);
+	BN_free(y);
+	BN_free(order);
+	BN_CTX_free(ctx);
+	}
+
+void nistp_tests()
+	{
+	unsigned i;
+
+	for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++)
+		{
+		nistp_single_test(&nistp_tests_params[i]);
+		}
+	}
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+	{	
+	
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+	ERR_load_crypto_strings();
+
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+	prime_field_tests();
+	puts("");
+#ifndef OPENSSL_NO_EC2M
+	char2_field_tests();
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+	nistp_tests();
+#endif
+	/* test the internal curves */
+	internal_curve_test();
+
+#ifndef OPENSSL_NO_ENGINE
+	ENGINE_cleanup();
+#endif
+	CRYPTO_cleanup_all_ex_data();
+	ERR_free_strings();
+	ERR_remove_thread_state(NULL);
+	CRYPTO_mem_leaks_fp(stderr);
+	
+	return 0;
+	}
+#endif
diff --git a/SOURCES/hobble-openssl b/SOURCES/hobble-openssl
new file mode 100755
index 0000000..3c75ea1
--- /dev/null
+++ b/SOURCES/hobble-openssl
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Quit out if anything fails.
+set -e
+
+# Clean out patent-or-otherwise-encumbered code.
+# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
+# IDEA:  5,214,703 07/01/2012 - expired, we do not remove it anymore
+# RC5:   5,724,428 01/11/2015
+# EC:    ????????? ??/??/2020
+# SRP:   ????????? ??/??/20??
+
+# Remove assembler portions of IDEA, MDC2, and RC5.
+(find crypto/rc5/asm -type f | xargs -r rm -fv)
+
+# RC5, SRP.
+for a in rc5 srp; do
+  for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
+	echo Destroying $c
+	> $c
+  done
+done
+
+for c in `find crypto/evp -name "*_rc5.c"`; do
+	echo Destroying $c
+	> $c
+done
+
+for c in `find crypto/bn -name "*gf2m.c"`; do
+	echo Destroying $c
+	> $c
+done
+
+for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp?2?.c" -o -name "ectest.c"`; do
+	echo Destroying $c
+	> $c
+done
+
+for h in `find crypto ssl apps test -name "*.h"` ; do
+	echo Removing RC5, SRP and EC2M references from $h
+	cat $h | \
+	awk    'BEGIN {ech=1;} \
+		/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
+                /^#[ \t]*if/ {if(ech < 1) ech--;} \
+		{if(ech>0) {;print $0};} \
+		/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
+	mv $h.hobbled $h
+done
+
+# Make the makefiles happy.
+touch crypto/rc5/asm/rc5-586.pl
diff --git a/SOURCES/make-dummy-cert b/SOURCES/make-dummy-cert
new file mode 100755
index 0000000..f5f0453
--- /dev/null
+++ b/SOURCES/make-dummy-cert
@@ -0,0 +1,28 @@
+#!/bin/sh
+umask 077
+
+answers() {
+	echo --
+	echo SomeState
+	echo SomeCity
+	echo SomeOrganization
+	echo SomeOrganizationalUnit
+	echo localhost.localdomain
+	echo root@localhost.localdomain
+}
+
+if [ $# -eq 0 ] ; then
+	echo $"Usage: `basename $0` filename [...]"
+	exit 0
+fi
+
+for target in $@ ; do
+	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
+	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
+	trap "rm -f $PEM1 $PEM2" SIGINT
+	answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
+	cat $PEM1 >  ${target}
+	echo ""   >> ${target}
+	cat $PEM2 >> ${target}
+	rm -f $PEM1 $PEM2
+done
diff --git a/SOURCES/openssl-0.9.6-x509.patch b/SOURCES/openssl-0.9.6-x509.patch
new file mode 100644
index 0000000..7b3f49f
--- /dev/null
+++ b/SOURCES/openssl-0.9.6-x509.patch
@@ -0,0 +1,29 @@
+Do not treat duplicate certs as an error.
+
+--- openssl-0.9.6/crypto/x509/by_file.c	Wed Sep 27 15:09:05 2000
++++ openssl-0.9.6/crypto/x509/by_file.c	Wed Sep 27 14:21:20 2000
+@@ -163,8 +163,12 @@
+ 					}
+ 				}
+ 			i=X509_STORE_add_cert(ctx->store_ctx,x);
+-			if (!i) goto err;
+-			count++;
++			/* ignore any problems with current certificate 
++			    and continue with the next one */
++			if (i)
++			    count++;
++			else
++			    ERR_clear_error();
+ 			X509_free(x);
+ 			x=NULL;
+ 			}
+@@ -179,7 +183,8 @@
+ 			goto err;
+ 			}
+ 		i=X509_STORE_add_cert(ctx->store_ctx,x);
+-		if (!i) goto err;
++		if (!i)
++		  ERR_clear_error();
+ 		ret=i;
+ 		}
+ 	else
diff --git a/SOURCES/openssl-0.9.8a-no-rpath.patch b/SOURCES/openssl-0.9.8a-no-rpath.patch
new file mode 100644
index 0000000..8f8fb91
--- /dev/null
+++ b/SOURCES/openssl-0.9.8a-no-rpath.patch
@@ -0,0 +1,11 @@
+--- openssl-0.9.8a/Makefile.shared.no-rpath	2005-06-23 22:47:54.000000000 +0200
++++ openssl-0.9.8a/Makefile.shared	2005-11-16 22:35:37.000000000 +0100
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/SOURCES/openssl-0.9.8b-test-use-localhost.patch b/SOURCES/openssl-0.9.8b-test-use-localhost.patch
new file mode 100644
index 0000000..08adf1c
--- /dev/null
+++ b/SOURCES/openssl-0.9.8b-test-use-localhost.patch
@@ -0,0 +1,24 @@
+diff -up openssl-0.9.8b/ssl/ssltest.c.use-localhost openssl-0.9.8b/ssl/ssltest.c
+--- openssl-0.9.8b/ssl/ssltest.c.use-localhost	2006-02-24 18:58:35.000000000 +0100
++++ openssl-0.9.8b/ssl/ssltest.c	2007-08-03 14:06:16.000000000 +0200
+@@ -839,19 +839,8 @@ bad:
+ #ifndef OPENSSL_NO_KRB5
+ 	if (c_ssl  &&  c_ssl->kssl_ctx)
+                 {
+-                char	localhost[MAXHOSTNAMELEN+2];
+-
+-		if (gethostname(localhost, sizeof localhost-1) == 0)
+-                        {
+-			localhost[sizeof localhost-1]='\0';
+-			if(strlen(localhost) == sizeof localhost-1)
+-				{
+-				BIO_printf(bio_err,"localhost name too long\n");
+-				goto end;
+-				}
+ 			kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+-                                localhost);
+-			}
++                                "localhost");
+ 		}
+ #endif    /* OPENSSL_NO_KRB5  */
+ 
diff --git a/SOURCES/openssl-0.9.8j-version-add-engines.patch b/SOURCES/openssl-0.9.8j-version-add-engines.patch
new file mode 100644
index 0000000..f54326c
--- /dev/null
+++ b/SOURCES/openssl-0.9.8j-version-add-engines.patch
@@ -0,0 +1,48 @@
+diff -up openssl-0.9.8j/apps/version.c.version-add-engines openssl-0.9.8j/apps/version.c
+--- openssl-0.9.8j/apps/version.c.version-add-engines	2008-10-20 14:53:33.000000000 +0200
++++ openssl-0.9.8j/apps/version.c	2009-01-13 23:22:03.000000000 +0100
+@@ -131,6 +131,7 @@
+ #ifndef OPENSSL_NO_BF
+ # include <openssl/blowfish.h>
+ #endif
++#include <openssl/engine.h>
+ 
+ #undef PROG
+ #define PROG	version_main
+@@ -140,7 +141,7 @@ int MAIN(int, char **);
+ int MAIN(int argc, char **argv)
+ 	{
+ 	int i,ret=0;
+-	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
++	int cflags=0,version=0,date=0,options=0,platform=0,dir=0,engines=0;
+ 
+ 	apps_startup();
+ 
+@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv)
+ 		else if (strcmp(argv[i],"-d") == 0)
+ 			dir=1;
+ 		else if (strcmp(argv[i],"-a") == 0)
+-			date=version=cflags=options=platform=dir=1;
++			date=version=cflags=options=platform=dir=engines=1;
+ 		else
+ 			{
+ 			BIO_printf(bio_err,"usage:version -[avbofpd]\n");
+@@ -211,6 +212,18 @@ int MAIN(int argc, char **argv)
+ 		}
+ 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+ 	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
++	if (engines)
++		{
++		ENGINE *e;
++		printf("engines:  ");
++		e = ENGINE_get_first();
++		while (e)
++			{
++			printf("%s ", ENGINE_get_id(e));
++			e = ENGINE_get_next(e);
++			}
++		printf("\n");
++		}
+ end:
+ 	apps_shutdown();
+ 	OPENSSL_EXIT(ret);
diff --git a/SOURCES/openssl-1.0.0-beta4-ca-dir.patch b/SOURCES/openssl-1.0.0-beta4-ca-dir.patch
new file mode 100644
index 0000000..751cabd
--- /dev/null
+++ b/SOURCES/openssl-1.0.0-beta4-ca-dir.patch
@@ -0,0 +1,36 @@
+diff -up openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir openssl-1.0.0-beta4/apps/CA.pl.in
+--- openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir	2006-04-28 02:30:49.000000000 +0200
++++ openssl-1.0.0-beta4/apps/CA.pl.in	2009-11-12 12:33:13.000000000 +0100
+@@ -53,7 +53,7 @@ $VERIFY="$openssl verify";
+ $X509="$openssl x509";
+ $PKCS12="$openssl pkcs12";
+ 
+-$CATOP="./demoCA";
++$CATOP="/etc/pki/CA";
+ $CAKEY="cakey.pem";
+ $CAREQ="careq.pem";
+ $CACERT="cacert.pem";
+diff -up openssl-1.0.0-beta4/apps/CA.sh.ca-dir openssl-1.0.0-beta4/apps/CA.sh
+--- openssl-1.0.0-beta4/apps/CA.sh.ca-dir	2009-10-15 19:27:47.000000000 +0200
++++ openssl-1.0.0-beta4/apps/CA.sh	2009-11-12 12:35:14.000000000 +0100
+@@ -68,7 +68,7 @@ VERIFY="$OPENSSL verify"
+ X509="$OPENSSL x509"
+ PKCS12="openssl pkcs12"
+ 
+-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
++if [ -z "$CATOP" ] ; then CATOP=/etc/pki/CA ; fi
+ CAKEY=./cakey.pem
+ CAREQ=./careq.pem
+ CACERT=./cacert.pem
+diff -up openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir openssl-1.0.0-beta4/apps/openssl.cnf
+--- openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir	2009-11-12 12:33:13.000000000 +0100
++++ openssl-1.0.0-beta4/apps/openssl.cnf	2009-11-12 12:33:13.000000000 +0100
+@@ -39,7 +39,7 @@ default_ca	= CA_default		# The default c
+ ####################################################################
+ [ CA_default ]
+ 
+-dir		= ./demoCA		# Where everything is kept
++dir		= /etc/pki/CA		# Where everything is kept
+ certs		= $dir/certs		# Where the issued certs are kept
+ crl_dir		= $dir/crl		# Where the issued crl are kept
+ database	= $dir/index.txt	# database index file.
diff --git a/SOURCES/openssl-1.0.0-beta5-enginesdir.patch b/SOURCES/openssl-1.0.0-beta5-enginesdir.patch
new file mode 100644
index 0000000..d942d6e
--- /dev/null
+++ b/SOURCES/openssl-1.0.0-beta5-enginesdir.patch
@@ -0,0 +1,52 @@
+diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure
+--- openssl-1.0.0-beta5/Configure.enginesdir	2010-01-20 18:07:05.000000000 +0100
++++ openssl-1.0.0-beta5/Configure	2010-01-20 18:10:48.000000000 +0100
+@@ -622,6 +622,7 @@ my $idx_multilib = $idx++;
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
++my $enginesdir="";
+ my $exe_ext="";
+ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+ my $cross_compile_prefix="";
+@@ -833,6 +834,10 @@ PROCESS_ARGS:
+ 				{
+ 				$openssldir=$1;
+ 				}
++			elsif (/^--enginesdir=(.*)$/)
++				{
++				$enginesdir=$1;
++				}
+ 			elsif (/^--install.prefix=(.*)$/)
+ 				{
+ 				$install_prefix=$1;
+@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/;
+ 
+ $openssldir=$prefix . "/ssl" if $openssldir eq "";
+ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+-
++$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
+ 
+ print "IsMK1MF=$IsMK1MF\n";
+ 
+@@ -1673,7 +1678,7 @@ while (<IN>)
+ 		}
+ 	elsif	(/^#define\s+ENGINESDIR/)
+ 		{
+-		my $foo = "$prefix/$libdir/engines";
++		my $foo = "$enginesdir";
+ 		$foo =~ s/\\/\\\\/g;
+ 		print OUT "#define ENGINESDIR \"$foo\"\n";
+ 		}
+diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile
+--- openssl-1.0.0-beta5/engines/Makefile.enginesdir	2010-01-16 21:06:09.000000000 +0100
++++ openssl-1.0.0-beta5/engines/Makefile	2010-01-20 18:07:05.000000000 +0100
+@@ -124,7 +124,7 @@ install:
+ 				sfx=".so"; \
+ 				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ 			  fi; \
+-			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++			  chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
diff --git a/SOURCES/openssl-1.0.0-beta5-readme-warning.patch b/SOURCES/openssl-1.0.0-beta5-readme-warning.patch
new file mode 100644
index 0000000..0d89720
--- /dev/null
+++ b/SOURCES/openssl-1.0.0-beta5-readme-warning.patch
@@ -0,0 +1,39 @@
+diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
+--- openssl-1.0.0-beta5/README.warning	2010-01-20 16:00:47.000000000 +0100
++++ openssl-1.0.0-beta5/README	2010-01-21 09:06:11.000000000 +0100
+@@ -5,6 +5,35 @@
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+  All rights reserved.
+ 
++ WARNING
++ -------
++
++ This version of OpenSSL is built in a way that supports operation in
++ the so called FIPS mode. Note though that the library as we build it
++ is not FIPS validated and the FIPS mode is present for testing purposes
++ only.
++ 
++ This version also contains a few differences from the upstream code
++ some of which are:
++   * There are added changes forward ported from the upstream OpenSSL
++     0.9.8 FIPS branch however the FIPS integrity verification check
++     is implemented differently from the upstream FIPS validated OpenSSL
++     module. It verifies HMAC-SHA256 checksum of the whole shared
++     libraries. For this reason the changes are ported to files in the
++     crypto directory and not in a separate fips subdirectory. Also
++     note that the FIPS integrity verification check requires unmodified
++     libcrypto and libssl shared library files which means that it will
++     fail if these files are modified for example by prelink.
++   * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
++     tries to initialize the FIPS mode if it is set to 1 aborting if the
++     FIPS mode could not be initialized. It is also possible to force the
++     OpenSSL library to FIPS mode especially for debugging purposes by
++     setting the environment variable OPENSSL_FORCE_FIPS_MODE.
++   * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
++     will not automatically load the built in compression method ZLIB
++     when initialized. Applications can still explicitely ask for ZLIB
++     compression method.
++
+  DESCRIPTION
+  -----------
+ 
diff --git a/SOURCES/openssl-1.0.0-timezone.patch b/SOURCES/openssl-1.0.0-timezone.patch
new file mode 100644
index 0000000..b1d6682
--- /dev/null
+++ b/SOURCES/openssl-1.0.0-timezone.patch
@@ -0,0 +1,21 @@
+diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org
+--- openssl-1.0.0/Makefile.org.timezone	2010-03-30 11:08:40.000000000 +0200
++++ openssl-1.0.0/Makefile.org	2010-04-06 12:49:21.000000000 +0200
+@@ -609,7 +609,7 @@ install_docs:
+ 		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ 		(cd `$(PERL) util/dirname.pl $$i`; \
+-		sh -c "$$pod2man \
++		sh -c "TZ=UTC $$pod2man \
+ 			--section=$$sec --center=OpenSSL \
+ 			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+@@ -626,7 +626,7 @@ install_docs:
+ 		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ 		(cd `$(PERL) util/dirname.pl $$i`; \
+-		sh -c "$$pod2man \
++		sh -c "TZ=UTC $$pod2man \
+ 			--section=$$sec --center=OpenSSL \
+ 			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
diff --git a/SOURCES/openssl-1.0.0c-rsa-x931.patch b/SOURCES/openssl-1.0.0c-rsa-x931.patch
new file mode 100644
index 0000000..a60bbcb
--- /dev/null
+++ b/SOURCES/openssl-1.0.0c-rsa-x931.patch
@@ -0,0 +1,36 @@
+diff -up openssl-1.0.0c/apps/genrsa.c.x931 openssl-1.0.0c/apps/genrsa.c
+--- openssl-1.0.0c/apps/genrsa.c.x931	2010-03-01 15:22:02.000000000 +0100
++++ openssl-1.0.0c/apps/genrsa.c	2011-02-01 18:32:05.000000000 +0100
+@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
+ 	int ret=1;
+ 	int i,num=DEFBITS;
+ 	long l;
++	int use_x931 = 0;
+ 	const EVP_CIPHER *enc=NULL;
+ 	unsigned long f4=RSA_F4;
+ 	char *outfile=NULL;
+@@ -138,6 +139,8 @@ int MAIN(int argc, char **argv)
+ 			f4=3;
+ 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
+ 			f4=RSA_F4;
++		else if (strcmp(*argv,"-x931") == 0)
++			use_x931 = 1;
+ #ifndef OPENSSL_NO_ENGINE
+ 		else if (strcmp(*argv,"-engine") == 0)
+ 			{
+@@ -273,7 +276,14 @@ bad:
+ 	if (!rsa)
+ 		goto err;
+ 
+-	if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
++	if (use_x931)
++		{
++		if (!BN_set_word(bn, f4))
++			goto err;
++		if (!RSA_X931_generate_key_ex(rsa, num, bn, &cb))
++			goto err;
++		}
++	else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
+ 		goto err;
+ 		
+ 	app_RAND_write_file(NULL, bio_err);
diff --git a/SOURCES/openssl-1.0.0d-apps-dgst.patch b/SOURCES/openssl-1.0.0d-apps-dgst.patch
new file mode 100644
index 0000000..da20481
--- /dev/null
+++ b/SOURCES/openssl-1.0.0d-apps-dgst.patch
@@ -0,0 +1,110 @@
+diff -up openssl-1.0.0d/apps/ca.c.dgst openssl-1.0.0d/apps/ca.c
+--- openssl-1.0.0d/apps/ca.c.dgst	2009-12-02 15:41:24.000000000 +0100
++++ openssl-1.0.0d/apps/ca.c	2011-04-05 21:09:42.000000000 +0200
+@@ -157,7 +157,7 @@ static const char *ca_usage[]={
+ " -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",
+ " -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",
+ " -days arg       - number of days to certify the certificate for\n",
+-" -md arg         - md to use, one of md2, md5, sha or sha1\n",
++" -md arg         - md to use, see openssl dgst -h for list\n",
+ " -policy arg     - The CA 'policy' to support\n",
+ " -keyfile arg    - private key file\n",
+ " -keyform arg    - private key file format (PEM or ENGINE)\n",
+diff -up openssl-1.0.0d/apps/enc.c.dgst openssl-1.0.0d/apps/enc.c
+--- openssl-1.0.0d/apps/enc.c.dgst	2010-06-15 19:25:02.000000000 +0200
++++ openssl-1.0.0d/apps/enc.c	2011-04-05 21:11:54.000000000 +0200
+@@ -302,7 +302,7 @@ bad:
+ 			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+ 			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+ 			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
+-			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
++			BIO_printf(bio_err,"%-14s   from a passphrase. See openssl dgst -h for list.\n","");
+ 			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
+ 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+ 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+diff -up openssl-1.0.0d/apps/req.c.dgst openssl-1.0.0d/apps/req.c
+--- openssl-1.0.0d/apps/req.c.dgst	2010-03-10 14:48:21.000000000 +0100
++++ openssl-1.0.0d/apps/req.c	2011-04-05 21:12:33.000000000 +0200
+@@ -421,7 +421,7 @@ bad:
+ #ifndef OPENSSL_NO_ECDSA
+ 		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
+ #endif
+-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
++		BIO_printf(bio_err," -[digest]      Digest to sign with (see openssl dgst -h for list)\n");
+ 		BIO_printf(bio_err," -config file   request template file.\n");
+ 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
+ 		BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
+diff -up openssl-1.0.0d/apps/ts.c.dgst openssl-1.0.0d/apps/ts.c
+--- openssl-1.0.0d/apps/ts.c.dgst	2009-10-18 16:42:26.000000000 +0200
++++ openssl-1.0.0d/apps/ts.c	2011-04-05 21:16:07.000000000 +0200
+@@ -368,7 +368,7 @@ int MAIN(int argc, char **argv)
+ 	BIO_printf(bio_err, "usage:\n"
+ 		   "ts -query [-rand file%cfile%c...] [-config configfile] "
+ 		   "[-data file_to_hash] [-digest digest_bytes]"
+-		   "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
++		   "[-<hashalg>] "
+ 		   "[-policy object_id] [-no_nonce] [-cert] "
+ 		   "[-in request.tsq] [-out request.tsq] [-text]\n",
+ 		   LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+diff -up openssl-1.0.0d/apps/x509.c.dgst openssl-1.0.0d/apps/x509.c
+--- openssl-1.0.0d/apps/x509.c.dgst	2011-04-05 21:13:42.000000000 +0200
++++ openssl-1.0.0d/apps/x509.c	2011-04-05 21:13:17.000000000 +0200
+@@ -141,7 +141,7 @@ static const char *x509_usage[]={
+ " -set_serial     - serial number to use\n",
+ " -text           - print the certificate in text form\n",
+ " -C              - print out C code forms\n",
+-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
++" -<dgst>         - digest to use, see openssl dgst -h output for list\n",
+ " -extfile        - configuration file with X509V3 extensions to add\n",
+ " -extensions     - section from config file with X509V3 extensions to add\n",
+ " -clrext         - delete extensions before signing and input certificate\n",
+diff -up openssl-1.0.0d/doc/apps/ca.pod.dgst openssl-1.0.0d/doc/apps/ca.pod
+--- openssl-1.0.0d/doc/apps/ca.pod.dgst	2009-04-10 13:25:53.000000000 +0200
++++ openssl-1.0.0d/doc/apps/ca.pod	2011-04-05 21:16:39.000000000 +0200
+@@ -160,7 +160,8 @@ the number of days to certify the certif
+ =item B<-md alg>
+ 
+ the message digest to use. Possible values include md5, sha1 and mdc2.
+-This option also applies to CRLs.
++For full list of digests see openssl dgst -h output. This option also
++applies to CRLs.
+ 
+ =item B<-policy arg>
+ 
+diff -up openssl-1.0.0d/doc/apps/ocsp.pod.dgst openssl-1.0.0d/doc/apps/ocsp.pod
+--- openssl-1.0.0d/doc/apps/ocsp.pod.dgst	2008-02-25 19:11:47.000000000 +0100
++++ openssl-1.0.0d/doc/apps/ocsp.pod	2011-04-05 21:18:17.000000000 +0200
+@@ -210,7 +210,8 @@ check is not performed.
+ =item B<-md5|-sha1|-sha256|-ripemod160|...>
+ 
+ this option sets digest algorithm to use for certificate identification
+-in the OCSP request. By default SHA-1 is used. 
++in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
++the list of available algorithms.
+ 
+ =back
+ 
+diff -up openssl-1.0.0d/doc/apps/req.pod.dgst openssl-1.0.0d/doc/apps/req.pod
+--- openssl-1.0.0d/doc/apps/req.pod.dgst	2009-04-10 18:42:28.000000000 +0200
++++ openssl-1.0.0d/doc/apps/req.pod	2011-04-05 21:20:47.000000000 +0200
+@@ -201,7 +201,8 @@ will not be encrypted.
+ 
+ this specifies the message digest to sign the request with (such as
+ B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
+-the configuration file.
++the configuration file. For full list of possible digests see openssl
++dgst -h output.
+ 
+ Some public key algorithms may override this choice. For instance, DSA
+ signatures always use SHA1, GOST R 34.10 signatures always use
+diff -up openssl-1.0.0d/doc/apps/x509.pod.dgst openssl-1.0.0d/doc/apps/x509.pod
+--- openssl-1.0.0d/doc/apps/x509.pod.dgst	2010-01-12 18:27:11.000000000 +0100
++++ openssl-1.0.0d/doc/apps/x509.pod	2011-04-05 21:19:56.000000000 +0200
+@@ -101,6 +101,7 @@ the digest to use. This affects any sign
+ digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
+ specified then SHA1 is used. If the key being used to sign with is a DSA key
+ then this option has no effect: SHA1 is always used with DSA keys.
++For full list of digests see openssl dgst -h output.
+ 
+ =item B<-engine id>
+ 
diff --git a/SOURCES/openssl-1.0.0d-xmpp-starttls.patch b/SOURCES/openssl-1.0.0d-xmpp-starttls.patch
new file mode 100644
index 0000000..b3999cc
--- /dev/null
+++ b/SOURCES/openssl-1.0.0d-xmpp-starttls.patch
@@ -0,0 +1,12 @@
+diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c
+--- openssl-1.0.0d.old/apps/s_client.c	2011-07-17 21:05:19.934181169 +0200
++++ openssl-1.0.0d/apps/s_client.c	2011-07-17 21:11:42.747824990 +0200
+@@ -1186,7 +1186,7 @@
+ 		    "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ 		seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ 		mbuf[seen] = 0;
+-		while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
++		while (!strcasestr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && !strcasestr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
+ 			{
+ 			if (strstr(mbuf, "/stream:features>"))
+ 				goto shut;
diff --git a/SOURCES/openssl-1.0.0e-chil-fixes.patch b/SOURCES/openssl-1.0.0e-chil-fixes.patch
new file mode 100644
index 0000000..58a035f
--- /dev/null
+++ b/SOURCES/openssl-1.0.0e-chil-fixes.patch
@@ -0,0 +1,24 @@
+diff -up openssl-1.0.0e/engines/e_chil.c.chil openssl-1.0.0e/engines/e_chil.c
+--- openssl-1.0.0e/engines/e_chil.c.chil	2010-06-15 19:25:12.000000000 +0200
++++ openssl-1.0.0e/engines/e_chil.c	2011-09-21 17:32:03.000000000 +0200
+@@ -1261,6 +1261,11 @@ static int hwcrhk_insert_card(const char
+         UI *ui;
+ 	void *callback_data = NULL;
+         UI_METHOD *ui_method = NULL;
++	/* Despite what the documentation says prompt_info can be
++	 * an empty string.
++	 */
++	if (prompt_info && !*prompt_info)
++		prompt_info = NULL;
+ 
+         if (cactx)
+                 {
+@@ -1287,7 +1292,7 @@ static int hwcrhk_insert_card(const char
+ 
+ 	if (ui)
+ 		{
+-		char answer;
++		char answer = '\0';
+ 		char buf[BUFSIZ];
+ 		/* Despite what the documentation says wrong_info can be
+ 	 	 * an empty string.
diff --git a/SOURCES/openssl-1.0.0e-doc-noeof.patch b/SOURCES/openssl-1.0.0e-doc-noeof.patch
new file mode 100644
index 0000000..9686575
--- /dev/null
+++ b/SOURCES/openssl-1.0.0e-doc-noeof.patch
@@ -0,0 +1,23 @@
+diff -up openssl-1.0.0e/doc/apps/s_client.pod.doc-noeof openssl-1.0.0e/doc/apps/s_client.pod
+--- openssl-1.0.0e/doc/apps/s_client.pod.doc-noeof	2009-06-26 13:28:51.000000000 +0200
++++ openssl-1.0.0e/doc/apps/s_client.pod	2011-11-03 08:30:35.000000000 +0100
+@@ -27,6 +27,7 @@ B<openssl> B<s_client>
+ [B<-nbio>]
+ [B<-crlf>]
+ [B<-ign_eof>]
++[B<-no_ign_eof>]
+ [B<-quiet>]
+ [B<-ssl2>]
+ [B<-ssl3>]
+@@ -161,6 +162,11 @@ by some servers.
+ inhibit shutting down the connection when end of file is reached in the
+ input.
+ 
++=item B<-no_ign_eof>
++
++shut down the connection when end of file is reached in the
++input. Can be used to override the implicit B<-ign_eof> after B<-quiet>.
++
+ =item B<-quiet>
+ 
+ inhibit printing of session and certificate information.  This implicitly
diff --git a/SOURCES/openssl-1.0.0f-defaults.patch b/SOURCES/openssl-1.0.0f-defaults.patch
new file mode 100644
index 0000000..d20c7fc
--- /dev/null
+++ b/SOURCES/openssl-1.0.0f-defaults.patch
@@ -0,0 +1,44 @@
+diff -up openssl-1.0.0f/apps/openssl.cnf.defaults openssl-1.0.0f/apps/openssl.cnf
+--- openssl-1.0.0f/apps/openssl.cnf.defaults	2011-12-06 01:01:00.000000000 +0100
++++ openssl-1.0.0f/apps/openssl.cnf	2012-01-05 13:16:15.000000000 +0100
+@@ -103,7 +103,8 @@ emailAddress		= optional
+ 
+ ####################################################################
+ [ req ]
+-default_bits		= 1024
++default_bits		= 2048
++default_md		= sha1
+ default_keyfile 	= privkey.pem
+ distinguished_name	= req_distinguished_name
+ attributes		= req_attributes
+@@ -126,17 +127,18 @@ string_mask = utf8only
+ 
+ [ req_distinguished_name ]
+ countryName			= Country Name (2 letter code)
+-countryName_default		= AU
++countryName_default		= XX
+ countryName_min			= 2
+ countryName_max			= 2
+ 
+ stateOrProvinceName		= State or Province Name (full name)
+-stateOrProvinceName_default	= Some-State
++#stateOrProvinceName_default	= Default Province
+ 
+ localityName			= Locality Name (eg, city)
++localityName_default	= Default City
+ 
+ 0.organizationName		= Organization Name (eg, company)
+-0.organizationName_default	= Internet Widgits Pty Ltd
++0.organizationName_default	= Default Company Ltd
+ 
+ # we can do this but it is not needed normally :-)
+ #1.organizationName		= Second Organization Name (eg, company)
+@@ -145,7 +147,7 @@ localityName			= Locality Name (eg, city
+ organizationalUnitName		= Organizational Unit Name (eg, section)
+ #organizationalUnitName_default	=
+ 
+-commonName			= Common Name (e.g. server FQDN or YOUR name)
++commonName			= Common Name (eg, your name or your server\'s hostname)
+ commonName_max			= 64
+ 
+ emailAddress			= Email Address
diff --git a/SOURCES/openssl-1.0.1-beta2-dtls1-abi.patch b/SOURCES/openssl-1.0.1-beta2-dtls1-abi.patch
new file mode 100644
index 0000000..6a556be
--- /dev/null
+++ b/SOURCES/openssl-1.0.1-beta2-dtls1-abi.patch
@@ -0,0 +1,23 @@
+diff -up openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi openssl-1.0.1-beta2/ssl/dtls1.h
+--- openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi	2012-02-06 17:07:34.630336118 +0100
++++ openssl-1.0.1-beta2/ssl/dtls1.h	2012-02-06 17:10:08.956623707 +0100
+@@ -222,9 +222,6 @@ typedef struct dtls1_state_st
+ 	 */
+ 	record_pqueue buffered_app_data;
+ 
+-	/* Is set when listening for new connections with dtls1_listen() */
+-	unsigned int listen;
+-
+ 	unsigned int mtu; /* max DTLS packet size */
+ 
+ 	struct hm_header_st w_msg_hdr;
+@@ -248,6 +245,9 @@ typedef struct dtls1_state_st
+ 	unsigned int retransmitting;
+ 	unsigned int change_cipher_spec_ok;
+ 
++	/* Is set when listening for new connections with dtls1_listen() */
++	unsigned int listen;
++
+ #ifndef OPENSSL_NO_SCTP
+ 	/* used when SSL_ST_XX_FLUSH is entered */
+ 	int next_state;
diff --git a/SOURCES/openssl-1.0.1-beta2-fips-md5-allow.patch b/SOURCES/openssl-1.0.1-beta2-fips-md5-allow.patch
new file mode 100644
index 0000000..d654730
--- /dev/null
+++ b/SOURCES/openssl-1.0.1-beta2-fips-md5-allow.patch
@@ -0,0 +1,21 @@
+diff -up openssl-1.0.1-beta2/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.1-beta2/crypto/md5/md5_dgst.c
+--- openssl-1.0.1-beta2/crypto/md5/md5_dgst.c.md5-allow	2012-02-06 20:09:56.000000000 +0100
++++ openssl-1.0.1-beta2/crypto/md5/md5_dgst.c	2012-02-06 20:14:02.332117603 +0100
+@@ -71,7 +71,16 @@ const char MD5_version[]="MD5" OPENSSL_V
+ #define INIT_DATA_C (unsigned long)0x98badcfeL
+ #define INIT_DATA_D (unsigned long)0x10325476L
+ 
+-nonfips_md_init(MD5)
++int MD5_Init(MD5_CTX *c)
++#ifdef OPENSSL_FIPS
++	{
++	if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
++		OpenSSLDie(__FILE__, __LINE__, \
++                "Digest MD5 forbidden in FIPS mode!");
++	return private_MD5_Init(c);
++	}
++int private_MD5_Init(MD5_CTX *c)
++#endif
+ 	{
+ 	memset (c,0,sizeof(*c));
+ 	c->A=INIT_DATA_A;
diff --git a/SOURCES/openssl-1.0.1-beta2-padlock64.patch b/SOURCES/openssl-1.0.1-beta2-padlock64.patch
new file mode 100644
index 0000000..4b7f7da
--- /dev/null
+++ b/SOURCES/openssl-1.0.1-beta2-padlock64.patch
@@ -0,0 +1,193 @@
+diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/engines/e_padlock.c
+--- openssl-1.0.1-beta2/engines/e_padlock.c.padlock64	2011-06-21 18:42:15.000000000 +0200
++++ openssl-1.0.1-beta2/engines/e_padlock.c	2012-02-06 20:18:52.039537799 +0100
+@@ -101,7 +101,10 @@
+    compiler choice is limited to GCC and Microsoft C. */
+ #undef COMPILE_HW_PADLOCK
+ #if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
+-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
++# if (defined(__GNUC__) && __GNUC__>=2 && \
++	(defined(__i386__) || defined(__i386) || \
++	 defined(__x86_64__) || defined(__x86_64)) \
++     ) || \
+      (defined(_MSC_VER) && defined(_M_IX86))
+ #  define COMPILE_HW_PADLOCK
+ # endif
+@@ -137,7 +140,7 @@ void ENGINE_load_padlock (void)
+ # endif
+ #elif defined(__GNUC__)
+ # ifndef alloca
+-#  define alloca(s) __builtin_alloca(s)
++#  define alloca(s) __builtin_alloca((s))
+ # endif
+ #endif
+ 
+@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_da
+  * =======================================================
+  */
+ #if defined(__GNUC__) && __GNUC__>=2
++#if defined(__i386__) || defined(__i386)
+ /*
+  * As for excessive "push %ebx"/"pop %ebx" found all over.
+  * When generating position-independent code GCC won't let
+@@ -383,21 +387,6 @@ padlock_available(void)
+ 	return padlock_use_ace + padlock_use_rng;
+ }
+ 
+-#ifndef OPENSSL_NO_AES
+-/* Our own htonl()/ntohl() */
+-static inline void
+-padlock_bswapl(AES_KEY *ks)
+-{
+-	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
+-	unsigned int *key = ks->rd_key;
+-
+-	while (i--) {
+-		asm volatile ("bswapl %0" : "+r"(*key));
+-		key++;
+-	}
+-}
+-#endif
+-
+ /* Force key reload from memory to the CPU microcode.
+    Loading EFLAGS from the stack clears EFLAGS[30] 
+    which does the trick. */
+@@ -455,12 +444,127 @@ static inline void *name(size_t cnt,		\
+ 		: "edx", "cc", "memory");	\
+ 	return iv;				\
+ }
++#endif
++
++#elif defined(__x86_64__) || defined(__x86_64)
++
++/* Load supported features of the CPU to see if
++   the PadLock is available. */
++static int
++padlock_available(void)
++{
++	char vendor_string[16];
++	unsigned int eax, edx;
+ 
++	/* Are we running on the Centaur (VIA) CPU? */
++	eax = 0x00000000;
++	vendor_string[12] = 0;
++	asm volatile (
++		"cpuid\n"
++		"movl	%%ebx,(%1)\n"
++		"movl	%%edx,4(%1)\n"
++		"movl	%%ecx,8(%1)\n"
++		: "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx");
++	if (strcmp(vendor_string, "CentaurHauls") != 0)
++		return 0;
++
++	/* Check for Centaur Extended Feature Flags presence */
++	eax = 0xC0000000;
++	asm volatile ("cpuid"
++		: "+a"(eax) : : "rbx", "rcx", "rdx");
++	if (eax < 0xC0000001)
++		return 0;
++
++	/* Read the Centaur Extended Feature Flags */
++	eax = 0xC0000001;
++	asm volatile ("cpuid"
++		: "+a"(eax), "=d"(edx) : : "rbx", "rcx");
++
++	/* Fill up some flags */
++	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
++	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
++
++	return padlock_use_ace + padlock_use_rng;
++}
++
++/* Force key reload from memory to the CPU microcode.
++   Loading EFLAGS from the stack clears EFLAGS[30] 
++   which does the trick. */
++static inline void
++padlock_reload_key(void)
++{
++	asm volatile ("pushfq; popfq");
++}
++
++#ifndef OPENSSL_NO_AES
++/*
++ * This is heuristic key context tracing. At first one
++ * believes that one should use atomic swap instructions,
++ * but it's not actually necessary. Point is that if
++ * padlock_saved_context was changed by another thread
++ * after we've read it and before we compare it with cdata,
++ * our key *shall* be reloaded upon thread context switch
++ * and we are therefore set in either case...
++ */
++static inline void
++padlock_verify_context(struct padlock_cipher_data *cdata)
++{
++	asm volatile (
++	"pushfq\n"
++"	btl	$30,(%%rsp)\n"
++"	jnc	1f\n"
++"	cmpq	%2,%1\n"
++"	je	1f\n"
++"	popfq\n"
++"	subq	$8,%%rsp\n"
++"1:	addq	$8,%%rsp\n"
++"	movq	%2,%0"
++	:"+m"(padlock_saved_context)
++	: "r"(padlock_saved_context), "r"(cdata) : "cc");
++}
++
++/* Template for padlock_xcrypt_* modes */
++/* BIG FAT WARNING: 
++ * 	The offsets used with 'leal' instructions
++ * 	describe items of the 'padlock_cipher_data'
++ * 	structure.
++ */
++#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt)	\
++static inline void *name(size_t cnt,		\
++	struct padlock_cipher_data *cdata,	\
++	void *out, const void *inp) 		\
++{	void *iv; 				\
++	asm volatile ( "leaq	16(%0),%%rdx\n"	\
++		"	leaq	32(%0),%%rbx\n"	\
++			rep_xcrypt "\n"		\
++		: "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
++		: "0"(cdata), "1"(cnt), "2"(out), "3"(inp)  \
++		: "rbx", "rdx", "cc", "memory");	\
++	return iv;				\
++}
++#endif
++
++#endif	/* cpu */
++
++#ifndef OPENSSL_NO_AES
+ /* Generate all functions with appropriate opcodes */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")	/* rep xcryptecb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")	/* rep xcryptcbc */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")	/* rep xcryptcfb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")	/* rep xcryptofb */
++
++/* Our own htonl()/ntohl() */
++static inline void
++padlock_bswapl(AES_KEY *ks)
++{
++	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
++	unsigned int *key = ks->rd_key;
++
++	while (i--) {
++		asm volatile ("bswapl %0" : "+r"(*key));
++		key++;
++	}
++}
+ #endif
+ 
+ /* The RNG call itself */
+@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int
+ static inline unsigned char *
+ padlock_memcpy(void *dst,const void *src,size_t n)
+ {
+-	long       *d=dst;
+-	const long *s=src;
++	size_t       *d=dst;
++	const size_t *s=src;
+ 
+ 	n /= sizeof(*d);
+ 	do { *d++ = *s++; } while (--n);
diff --git a/SOURCES/openssl-1.0.1-beta2-rpmbuild.patch b/SOURCES/openssl-1.0.1-beta2-rpmbuild.patch
new file mode 100644
index 0000000..a4bb691
--- /dev/null
+++ b/SOURCES/openssl-1.0.1-beta2-rpmbuild.patch
@@ -0,0 +1,110 @@
+diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
+--- openssl-1.0.1-beta2/Configure.rpmbuild	2012-01-05 01:07:34.000000000 +0100
++++ openssl-1.0.1-beta2/Configure	2012-02-02 12:43:56.547409325 +0100
+@@ -343,23 +343,23 @@ my %table=(
+ ####
+ # *-generic* is endian-neutral target, but ./config is free to
+ # throw in -D[BL]_ENDIAN, whichever appropriate...
+-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # It's believed that majority of ARM toolchains predefine appropriate -march.
+ # If you compiler does not, do complement config command line with one!
+-"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-armv4",	"gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### IA-32 targets...
+ "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+ ####
+-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+ # /proc/cpuinfo. The idea is to preserve most significant bits of
+@@ -373,16 +373,17 @@ my %table=(
+ # ldconfig and run-time linker to autodiscover. Unfortunately it
+ # doesn't work just yet, because of couple of bugs in glibc
+ # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+-"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
++"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+ # assisted with debugging of following two configs.
+-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # it's a real mess with -mcpu=ultrasparc option under Linux, but
+ # -Wa,-Av8plus should do the trick no matter what.
+-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # GCC 3.1 is a requirement
+-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-aarch64","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+ #### Alpha Linux with GNU C and Compaq C setups
+ # Special notes:
+ # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+@@ -396,8 +397,8 @@ my %table=(
+ #
+ #					<appro@fy.chalmers.se>
+ #
+-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ 
+@@ -1678,7 +1679,7 @@ while (<IN>)
+ 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+ 		{
+ 		my $sotmp = $1;
+-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
+ 		}
+ 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+ 		{
+diff -up openssl-1.0.1-beta2/Makefile.org.rpmbuild openssl-1.0.1-beta2/Makefile.org
+--- openssl-1.0.1-beta2/Makefile.org.rpmbuild	2011-12-27 16:17:50.000000000 +0100
++++ openssl-1.0.1-beta2/Makefile.org	2012-02-02 12:30:23.652495435 +0100
+@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
+ SHLIB_MAJOR=
+ SHLIB_MINOR=
+ SHLIB_EXT=
++SHLIB_SONAMEVER=10
+ PLATFORM=dist
+ OPTIONS=
+ CONFIGURE_ARGS=
+@@ -333,10 +334,9 @@ clean-shared:
+ link-shared:
+ 	@ set -e; for i in $(SHLIBDIRS); do \
+ 		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ 			symlink.$(SHLIB_TARGET); \
+-		libs="$$libs -l$$i"; \
+ 	done
+ 
+ build-shared: do_$(SHLIB_TARGET) link-shared
+@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
+ 			libs="$(LIBKRB5) $$libs"; \
+ 		fi; \
+ 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ 			LIBDEPS="$$libs $(EX_LIBS)" \
+ 			link_a.$(SHLIB_TARGET); \
diff --git a/SOURCES/openssl-1.0.1-beta2-ssl-op-all.patch b/SOURCES/openssl-1.0.1-beta2-ssl-op-all.patch
new file mode 100644
index 0000000..3259d8c
--- /dev/null
+++ b/SOURCES/openssl-1.0.1-beta2-ssl-op-all.patch
@@ -0,0 +1,21 @@
+diff -up openssl-1.0.1-beta2/ssl/ssl.h.op-all openssl-1.0.1-beta2/ssl/ssl.h
+--- openssl-1.0.1-beta2/ssl/ssl.h.op-all	2012-02-02 12:49:00.828035916 +0100
++++ openssl-1.0.1-beta2/ssl/ssl.h	2012-02-02 12:52:27.297818182 +0100
+@@ -540,7 +540,7 @@ struct ssl_session_st
+ #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
+ /* Allow initial connection to servers that don't support RI */
+ #define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
+-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
++#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L /* no effect since 1.0.0c due to CVE-2010-4180 */
+ #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
+ #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
+ #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+@@ -558,7 +558,7 @@ struct ssl_session_st
+ 
+ /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
+  *             This used to be 0x000FFFFFL before 0.9.7. */
+-#define SSL_OP_ALL					0x80000BFFL
++#define SSL_OP_ALL					0x80000BF7L /* we still have to include SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
+ 
+ /* DTLS options */
+ #define SSL_OP_NO_QUERY_MTU                 0x00001000L
diff --git a/SOURCES/openssl-1.0.1-pkgconfig-krb5.patch b/SOURCES/openssl-1.0.1-pkgconfig-krb5.patch
new file mode 100644
index 0000000..14a17bf
--- /dev/null
+++ b/SOURCES/openssl-1.0.1-pkgconfig-krb5.patch
@@ -0,0 +1,30 @@
+diff -up openssl-1.0.1/Makefile.org.krb5 openssl-1.0.1/Makefile.org
+--- openssl-1.0.1/Makefile.org.krb5	2012-03-14 21:15:04.000000000 +0100
++++ openssl-1.0.1/Makefile.org	2012-04-11 16:28:31.254725422 +0200
+@@ -370,7 +370,7 @@ libcrypto.pc: Makefile
+ 	    echo 'Requires: '; \
+ 	    echo 'Libs: -L$${libdir} -lcrypto'; \
+ 	    echo 'Libs.private: $(EX_LIBS)'; \
+-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
++	    echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
+ 
+ libssl.pc: Makefile
+ 	@ ( echo 'prefix=$(INSTALLTOP)'; \
+@@ -383,7 +383,7 @@ libssl.pc: Makefile
+ 	    echo 'Version: '$(VERSION); \
+ 	    echo 'Requires: '; \
+ 	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+-	    echo 'Libs.private: $(EX_LIBS)'; \
++	    echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
+ 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+ 
+ openssl.pc: Makefile
+@@ -397,7 +397,7 @@ openssl.pc: Makefile
+ 	    echo 'Version: '$(VERSION); \
+ 	    echo 'Requires: '; \
+ 	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+-	    echo 'Libs.private: $(EX_LIBS)'; \
++	    echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
+ 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+ 
+ Makefile: Makefile.org Configure config
diff --git a/SOURCES/openssl-1.0.1a-algo-doc.patch b/SOURCES/openssl-1.0.1a-algo-doc.patch
new file mode 100644
index 0000000..c4aaa89
--- /dev/null
+++ b/SOURCES/openssl-1.0.1a-algo-doc.patch
@@ -0,0 +1,77 @@
+diff -up openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod
+--- openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc	2012-04-11 00:28:22.000000000 +0200
++++ openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod	2012-04-20 09:14:01.865167011 +0200
+@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
+ 
+ EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+ B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
++function. B<type> will typically be supplied by a function such as EVP_sha1().
+ If B<impl> is NULL then the default implementation of digest B<type> is used.
+ 
+ EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+@@ -165,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
+ EVP_MD_CTX_block_size()	and EVP_MD_block_size() return the digest or block
+ size in bytes.
+ 
+-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
++EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
++EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
+ EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+ corresponding EVP_MD structures.
+ 
+diff -up openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod
+--- openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc	2005-04-15 18:01:35.000000000 +0200
++++ openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod	2012-04-20 09:10:59.114736465 +0200
+@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
+  int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+  int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ 
++ const EVP_CIPHER *EVP_des_ede3(void);
++ const EVP_CIPHER *EVP_des_ede3_ecb(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
++ const EVP_CIPHER *EVP_des_ede3_ofb(void);
++ const EVP_CIPHER *EVP_des_ede3_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_ecb(void);
++ const EVP_CIPHER *EVP_aes_128_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_cfb1(void);
++ const EVP_CIPHER *EVP_aes_128_cfb8(void);
++ const EVP_CIPHER *EVP_aes_128_cfb128(void);
++ const EVP_CIPHER *EVP_aes_128_ofb(void);
++ const EVP_CIPHER *EVP_aes_192_ecb(void);
++ const EVP_CIPHER *EVP_aes_192_cbc(void);
++ const EVP_CIPHER *EVP_aes_192_cfb1(void);
++ const EVP_CIPHER *EVP_aes_192_cfb8(void);
++ const EVP_CIPHER *EVP_aes_192_cfb128(void);
++ const EVP_CIPHER *EVP_aes_192_ofb(void);
++ const EVP_CIPHER *EVP_aes_256_ecb(void);
++ const EVP_CIPHER *EVP_aes_256_cbc(void);
++ const EVP_CIPHER *EVP_aes_256_cfb1(void);
++ const EVP_CIPHER *EVP_aes_256_cfb8(void);
++ const EVP_CIPHER *EVP_aes_256_cfb128(void);
++ const EVP_CIPHER *EVP_aes_256_ofb(void);
++
+ =head1 DESCRIPTION
+ 
+ The EVP cipher routines are a high level interface to certain
+@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
+ 
+ DESX algorithm in CBC mode.
+ 
++=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
++
++AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
++
++AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
++
++AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
+ =item EVP_rc4(void)
+ 
+ RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
diff --git a/SOURCES/openssl-1.0.1c-aliasing.patch b/SOURCES/openssl-1.0.1c-aliasing.patch
new file mode 100644
index 0000000..582418c
--- /dev/null
+++ b/SOURCES/openssl-1.0.1c-aliasing.patch
@@ -0,0 +1,12 @@
+diff -up openssl-1.0.1c/crypto/modes/Makefile.aliasing openssl-1.0.1c/crypto/modes/Makefile
+--- openssl-1.0.1c/crypto/modes/Makefile.aliasing	2011-08-12 00:36:17.000000000 +0200
++++ openssl-1.0.1c/crypto/modes/Makefile	2012-07-13 11:32:10.767829077 +0200
+@@ -12,7 +12,7 @@ AR=		ar r
+ 
+ MODES_ASM_OBJ=
+ 
+-CFLAGS= $(INCLUDES) $(CFLAG)
++CFLAGS= $(INCLUDES) $(CFLAG) -fno-strict-aliasing
+ ASFLAGS= $(INCLUDES) $(ASFLAG)
+ AFLAGS= $(ASFLAGS)
+ 
diff --git a/SOURCES/openssl-1.0.1c-default-paths.patch b/SOURCES/openssl-1.0.1c-default-paths.patch
new file mode 100644
index 0000000..364128d
--- /dev/null
+++ b/SOURCES/openssl-1.0.1c-default-paths.patch
@@ -0,0 +1,100 @@
+diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
+--- openssl-1.0.1c/apps/s_client.c.default-paths	2012-03-18 19:16:05.000000000 +0100
++++ openssl-1.0.1c/apps/s_client.c	2012-12-06 18:24:06.425933203 +0100
+@@ -1166,12 +1166,19 @@ bad:
+ 	if (!set_cert_key_stuff(ctx,cert,key))
+ 		goto end;
+ 
+-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(ctx)))
++	if (CAfile == NULL && CApath == NULL)
+ 		{
+-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
+-		ERR_print_errors(bio_err);
+-		/* goto end; */
++		if (!SSL_CTX_set_default_verify_paths(ctx))
++			{
++			ERR_print_errors(bio_err);
++			}
++		}
++	else
++		{
++		if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
+ 		}
+ 
+ #ifndef OPENSSL_NO_TLSEXT
+diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
+--- openssl-1.0.1c/apps/s_server.c.default-paths	2012-03-18 19:16:05.000000000 +0100
++++ openssl-1.0.1c/apps/s_server.c	2012-12-06 18:25:11.199329611 +0100
+@@ -1565,13 +1565,21 @@ bad:
+ 		}
+ #endif
+ 
+-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(ctx)))
++	if (CAfile == NULL && CApath == NULL)
+ 		{
+-		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+-		ERR_print_errors(bio_err);
+-		/* goto end; */
++		if (!SSL_CTX_set_default_verify_paths(ctx))
++			{
++			ERR_print_errors(bio_err);
++			}
++		}
++	else
++		{
++		if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
+ 		}
++
+ 	if (vpm)
+ 		SSL_CTX_set1_param(ctx, vpm);
+ 
+@@ -1622,8 +1630,11 @@ bad:
+ 		else
+ 			SSL_CTX_sess_set_cache_size(ctx2,128);
+ 
+-		if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
+-			(!SSL_CTX_set_default_verify_paths(ctx2)))
++		if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
++		if (!SSL_CTX_set_default_verify_paths(ctx2))
+ 			{
+ 			ERR_print_errors(bio_err);
+ 			}
+diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
+--- openssl-1.0.1c/apps/s_time.c.default-paths	2006-04-17 14:22:13.000000000 +0200
++++ openssl-1.0.1c/apps/s_time.c	2012-12-06 18:27:41.694574044 +0100
+@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
+ 
+ 	SSL_load_error_strings();
+ 
+-	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
++	if (CAfile == NULL && CApath == NULL)
+ 		{
+-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
+-		ERR_print_errors(bio_err);
+-		/* goto end; */
++		if (!SSL_CTX_set_default_verify_paths(tm_ctx))
++			{
++			ERR_print_errors(bio_err);
++			}
++		}
++	else
++		{
++		if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
+ 		}
+ 
+ 	if (tm_cipher == NULL)
diff --git a/SOURCES/openssl-1.0.1c-dh-1024.patch b/SOURCES/openssl-1.0.1c-dh-1024.patch
new file mode 100644
index 0000000..89f0f04
--- /dev/null
+++ b/SOURCES/openssl-1.0.1c-dh-1024.patch
@@ -0,0 +1,61 @@
+diff -up openssl-1.0.1c/apps/s_server.c.dh1024 openssl-1.0.1c/apps/s_server.c
+--- openssl-1.0.1c/apps/s_server.c.dh1024	2012-11-14 20:27:50.000000000 +0100
++++ openssl-1.0.1c/apps/s_server.c	2012-11-15 20:56:15.247774465 +0100
+@@ -222,27 +222,31 @@ static void s_server_init(void);
+ #endif
+ 
+ #ifndef OPENSSL_NO_DH
+-static unsigned char dh512_p[]={
+-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+-	0x47,0x74,0xE8,0x33,
+-	};
+-static unsigned char dh512_g[]={
+-	0x02,
+-	};
+-
+-static DH *get_dh512(void)
++static DH *get_dh1024()
+ 	{
+-	DH *dh=NULL;
++	static unsigned char dh1024_p[]={
++		0x99,0x58,0xFA,0x90,0x53,0x2F,0xE0,0x61,0x83,0x9D,0x54,0x63,
++		0xBD,0x35,0x5A,0x31,0xF3,0xC6,0x79,0xE5,0xA0,0x0F,0x66,0x79,
++		0x3C,0xA0,0x7F,0xE8,0xA2,0x5F,0xDF,0x11,0x08,0xA3,0xF0,0x3C,
++		0xC3,0x3C,0x5D,0x50,0x2C,0xD5,0xD6,0x58,0x12,0xDB,0xC1,0xEF,
++		0xB4,0x47,0x4A,0x5A,0x39,0x8A,0x4E,0xEB,0x44,0xE2,0x07,0xFB,
++		0x3D,0xA3,0xC7,0x6E,0x52,0xF3,0x2B,0x7B,0x10,0xA5,0x98,0xE3,
++		0x38,0x2A,0xE2,0x7F,0xA4,0x8F,0x26,0x87,0x9B,0x66,0x7A,0xED,
++		0x2D,0x4C,0xE7,0x33,0x77,0x47,0x94,0x43,0xB6,0xAA,0x97,0x23,
++		0x8A,0xFC,0xA5,0xA6,0x64,0x09,0xC0,0x27,0xC0,0xEF,0xCB,0x05,
++		0x90,0x9D,0xD5,0x75,0xBA,0x00,0xE0,0xFB,0xA8,0x81,0x52,0xA4,
++		0xB2,0x83,0x22,0x5B,0xCB,0xD7,0x16,0x93,
++		};
++	static unsigned char dh1024_g[]={
++		0x02,
++		};
++	DH *dh;
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
+-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+ 	if ((dh->p == NULL) || (dh->g == NULL))
+-		return(NULL);
++		{ DH_free(dh); return(NULL); }
+ 	return(dh);
+ 	}
+ #endif
+@@ -1657,7 +1661,7 @@ bad:
+ 		else
+ 			{
+ 			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+-			dh=get_dh512();
++			dh=get_dh1024();
+ 			}
+ 		(void)BIO_flush(bio_s_out);
+ 
diff --git a/SOURCES/openssl-1.0.1c-ipv6-apps.patch b/SOURCES/openssl-1.0.1c-ipv6-apps.patch
new file mode 100644
index 0000000..41e0b36
--- /dev/null
+++ b/SOURCES/openssl-1.0.1c-ipv6-apps.patch
@@ -0,0 +1,516 @@
+diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
+--- openssl-1.0.1c/apps/s_apps.h.ipv6-apps	2012-07-11 22:46:02.409221206 +0200
++++ openssl-1.0.1c/apps/s_apps.h	2012-07-11 22:46:02.451222165 +0200
+@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
+ #define PORT_STR        "4433"
+ #define PROTOCOL        "tcp"
+ 
+-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
++int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, char *port, int type);
+ int should_retry(int i);
+-int extract_port(char *str, short *port_ptr);
+-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
++int extract_host_port(char *str,char **host_ptr,char **port_ptr);
+ 
+ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ 				   int argi, long argl, long ret);
+diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
+--- openssl-1.0.1c/apps/s_client.c.ipv6-apps	2012-07-11 22:46:02.433221754 +0200
++++ openssl-1.0.1c/apps/s_client.c	2012-07-11 22:46:02.452222187 +0200
+@@ -563,7 +563,7 @@ int MAIN(int argc, char **argv)
+ 	int cbuf_len,cbuf_off;
+ 	int sbuf_len,sbuf_off;
+ 	fd_set readfds,writefds;
+-	short port=PORT;
++	char *port_str = PORT_STR;
+ 	int full_log=1;
+ 	char *host=SSL_HOST_NAME;
+ 	char *cert_file=NULL,*key_file=NULL;
+@@ -664,13 +664,12 @@ int MAIN(int argc, char **argv)
+ 		else if	(strcmp(*argv,"-port") == 0)
+ 			{
+ 			if (--argc < 1) goto bad;
+-			port=atoi(*(++argv));
+-			if (port == 0) goto bad;
++			port_str= *(++argv);
+ 			}
+ 		else if (strcmp(*argv,"-connect") == 0)
+ 			{
+ 			if (--argc < 1) goto bad;
+-			if (!extract_host_port(*(++argv),&host,NULL,&port))
++			if (!extract_host_port(*(++argv),&host,&port_str))
+ 				goto bad;
+ 			}
+ 		else if	(strcmp(*argv,"-verify") == 0)
+@@ -1253,7 +1252,7 @@ bad:
+ 
+ re_start:
+ 
+-	if (init_client(&s,host,port,socket_type) == 0)
++	if (init_client(&s,host,port_str,socket_type) == 0)
+ 		{
+ 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+ 		SHUTDOWN(s);
+diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
+--- openssl-1.0.1c/apps/s_server.c.ipv6-apps	2012-07-11 22:46:02.434221777 +0200
++++ openssl-1.0.1c/apps/s_server.c	2012-07-11 22:46:02.453222210 +0200
+@@ -929,7 +929,7 @@ int MAIN(int argc, char *argv[])
+ 	{
+ 	X509_VERIFY_PARAM *vpm = NULL;
+ 	int badarg = 0;
+-	short port=PORT;
++	char *port_str = PORT_STR;
+ 	char *CApath=NULL,*CAfile=NULL;
+ 	unsigned char *context = NULL;
+ 	char *dhfile = NULL;
+@@ -1000,8 +1000,7 @@ int MAIN(int argc, char *argv[])
+ 			 (strcmp(*argv,"-accept") == 0))
+ 			{
+ 			if (--argc < 1) goto bad;
+-			if (!extract_port(*(++argv),&port))
+-				goto bad;
++			port_str= *(++argv);
+ 			}
+ 		else if	(strcmp(*argv,"-verify") == 0)
+ 			{
+@@ -1878,9 +1877,9 @@ bad:
+ 	BIO_printf(bio_s_out,"ACCEPT\n");
+ 	(void)BIO_flush(bio_s_out);
+ 	if (www)
+-		do_server(port,socket_type,&accept_socket,www_body, context);
++		do_server(port_str,socket_type,&accept_socket,www_body, context);
+ 	else
+-		do_server(port,socket_type,&accept_socket,sv_body, context);
++		do_server(port_str,socket_type,&accept_socket,sv_body, context);
+ 	print_stats(bio_s_out,ctx);
+ 	ret=0;
+ end:
+diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
+--- openssl-1.0.1c/apps/s_socket.c.ipv6-apps	2011-12-02 15:39:40.000000000 +0100
++++ openssl-1.0.1c/apps/s_socket.c	2012-07-11 22:49:05.411400450 +0200
+@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
+ static void ssl_sock_cleanup(void);
+ #endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port,char *ip, int type);
++static int init_server(int *sock, char *port, int type);
+ static int do_accept(int acc_sock, int *sock, char **host);
+ static int host_ip(char *str, unsigned char ip[4]);
+ 
+@@ -234,57 +232,70 @@ static int ssl_sock_init(void)
+ 	return(1);
+ 	}
+ 
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, char *port, int type)
+ 	{
+-	unsigned char ip[4];
+-
+-	memset(ip, '\0', sizeof ip);
+-	if (!host_ip(host,&(ip[0])))
+-		return 0;
+-	return init_client_ip(sock,ip,port,type);
+-	}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-	{
+-	unsigned long addr;
+-	struct sockaddr_in them;
+-	int s,i;
++	struct addrinfo *res, *res0, hints;
++	char * failed_call = NULL;
++	int s;
++	int e;
+ 
+ 	if (!ssl_sock_init()) return(0);
+ 
+-	memset((char *)&them,0,sizeof(them));
+-	them.sin_family=AF_INET;
+-	them.sin_port=htons((unsigned short)port);
+-	addr=(unsigned long)
+-		((unsigned long)ip[0]<<24L)|
+-		((unsigned long)ip[1]<<16L)|
+-		((unsigned long)ip[2]<< 8L)|
+-		((unsigned long)ip[3]);
+-	them.sin_addr.s_addr=htonl(addr);
+-
+-	if (type == SOCK_STREAM)
+-		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+-	else /* ( type == SOCK_DGRAM) */
+-		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
+-			
+-	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
++	memset(&hints, '\0', sizeof(hints));
++	hints.ai_socktype = type;
++	hints.ai_flags = AI_ADDRCONFIG;
++
++	e = getaddrinfo(host, port, &hints, &res);
++	if (e)
++	{
++		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++		if (e == EAI_SYSTEM)
++			perror("getaddrinfo");
++		return (0);
++		}
+ 
++	res0 = res;
++	while (res)
++		{
++		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++		if (s == INVALID_SOCKET)
++			{
++			failed_call = "socket";
++			goto nextres;
++			}
+ #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
+ 	if (type == SOCK_STREAM)
+ 		{
+-		i=0;
+-		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+-		if (i < 0) { perror("keepalive"); return(0); }
++			int i=0;
++			i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
++				(char *)&i,sizeof(i));
++			if (i < 0) {
++				failed_call = "keepalive";
++				goto nextres;
++				}
+ 		}
+ #endif
+-
+-	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+-		{ closesocket(s); perror("connect"); return(0); }
++		if (connect(s,(struct sockaddr *)res->ai_addr,
++			res->ai_addrlen) == 0)
++			{
++			freeaddrinfo(res0);
+ 	*sock=s;
+ 	return(1);
+ 	}
+ 
+-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
++		failed_call = "socket";
++nextres:
++		if (s != INVALID_SOCKET)
++			close(s);
++		res = res->ai_next;
++		}
++	freeaddrinfo(res0);
++
++	perror(failed_call);
++	return(0);
++	}
++
++int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ 	{
+ 	int sock;
+ 	char *name = NULL;
+@@ -322,33 +333,50 @@ int do_server(int port, int type, int *r
+ 		}
+ 	}
+ 
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server(int *sock, char *port, int type)
+ 	{
+-	int ret=0;
+-	struct sockaddr_in server;
+-	int s= -1;
++	struct addrinfo *res, *res0 = NULL, hints;
++	char * failed_call = NULL;
++	int s = INVALID_SOCKET;
++	int e;
+ 
+ 	if (!ssl_sock_init()) return(0);
+ 
+-	memset((char *)&server,0,sizeof(server));
+-	server.sin_family=AF_INET;
+-	server.sin_port=htons((unsigned short)port);
+-	if (ip == NULL)
+-		server.sin_addr.s_addr=INADDR_ANY;
+-	else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-#ifndef BIT_FIELD_LIMITS
+-		memcpy(&server.sin_addr.s_addr,ip,4);
+-#else
+-		memcpy(&server.sin_addr,ip,4);
+-#endif
++	memset(&hints, '\0', sizeof(hints));
++	hints.ai_family = AF_INET6;
++tryipv4:
++	hints.ai_socktype = type;
++	hints.ai_flags = AI_PASSIVE;
+ 	
+-		if (type == SOCK_STREAM)
+-			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+-		else /* type == SOCK_DGRAM */
+-			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
++	e = getaddrinfo(NULL, port, &hints, &res);
++	if (e)
++		{
++		if (hints.ai_family == AF_INET)
++			{
++			fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++			if (e == EAI_SYSTEM)
++				perror("getaddrinfo");
++			return (0);
++			}
++			else
++				res = NULL;
++		}
+ 
+-	if (s == INVALID_SOCKET) goto err;
++	res0 = res;
++	while (res)
++		{
++		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++		if (s == INVALID_SOCKET)
++			{
++			failed_call = "socket";
++			goto nextres;
++			}
++		if (hints.ai_family == AF_INET6)
++			{
++			int j = 0;
++			setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++				   (void *) &j, sizeof j);
++			}
+ #if defined SOL_SOCKET && defined SO_REUSEADDR
+ 		{
+ 		int j = 1;
+@@ -356,35 +384,49 @@ static int init_server_long(int *sock, i
+ 			   (void *) &j, sizeof j);
+ 		}
+ #endif
+-	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
++
++		if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
+ 		{
+-#ifndef OPENSSL_SYS_WINDOWS
+-		perror("bind");
+-#endif
+-		goto err;
++			failed_call = "bind";
++			goto nextres;
+ 		}
+-	/* Make it 128 for linux */
+-	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
+-	*sock=s;
+-	ret=1;
+-err:
+-	if ((ret == 0) && (s != -1))
++		if (type==SOCK_STREAM && listen(s,128) == -1)
+ 		{
+-		SHUTDOWN(s);
++			failed_call = "listen";
++			goto nextres;
+ 		}
+-	return(ret);
++
++		*sock=s;
++		return(1);
++
++nextres:
++		if (s != INVALID_SOCKET)
++			close(s);
++		res = res->ai_next;
+ 	}
++	if (res0)
++		freeaddrinfo(res0);
+ 
+-static int init_server(int *sock, int port, int type)
++	if (s == INVALID_SOCKET)
+ 	{
+-	return(init_server_long(sock, port, NULL, type));
++		if (hints.ai_family == AF_INET6)
++		{
++			hints.ai_family = AF_INET;
++			goto tryipv4;
++		}
++		perror("socket");
++		return(0);
++	}
++
++	perror(failed_call);
++	return(0);
+ 	}
+ 
+ static int do_accept(int acc_sock, int *sock, char **host)
+ 	{
++	static struct sockaddr_storage from;
++	char buffer[NI_MAXHOST];
+ 	int ret;
+-	struct hostent *h1,*h2;
+-	static struct sockaddr_in from;
+ 	int len;
+ /*	struct linger ling; */
+ 
+@@ -431,135 +473,58 @@ redoit:
+ */
+ 
+ 	if (host == NULL) goto end;
+-#ifndef BIT_FIELD_LIMITS
+-	/* I should use WSAAsyncGetHostByName() under windows */
+-	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+-		sizeof(from.sin_addr.s_addr),AF_INET);
+-#else
+-	h1=gethostbyaddr((char *)&from.sin_addr,
+-		sizeof(struct in_addr),AF_INET);
+-#endif
+-	if (h1 == NULL)
++
++	if (getnameinfo((struct sockaddr *)&from, sizeof(from),
++		buffer, sizeof(buffer),
++		NULL, 0, 0))
+ 		{
+-		BIO_printf(bio_err,"bad gethostbyaddr\n");
++		BIO_printf(bio_err,"getnameinfo failed\n");
+ 		*host=NULL;
+ 		/* return(0); */
+ 		}
+ 	else
+ 		{
+-		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
++		if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+ 			{
+ 			perror("OPENSSL_malloc");
+ 			return(0);
+ 			}
+-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+-
+-		h2=GetHostByName(*host);
+-		if (h2 == NULL)
+-			{
+-			BIO_printf(bio_err,"gethostbyname failure\n");
+-			return(0);
+-			}
+-		if (h2->h_addrtype != AF_INET)
+-			{
+-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+-			return(0);
+-			}
++		strcpy(*host, buffer);
+ 		}
+ end:
+ 	*sock=ret;
+ 	return(1);
+ 	}
+ 
+-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+-	     short *port_ptr)
++int extract_host_port(char *str, char **host_ptr, 
++	     char **port_ptr)
+ 	{
+-	char *h,*p;
++	char *h,*p,*x;
+ 
+-	h=str;
+-	p=strchr(str,':');
++	x=h=str;
++	if (*h == '[')
++		{
++		h++;
++		p=strchr(h,']');
+ 	if (p == NULL)
+ 		{
+-		BIO_printf(bio_err,"no port defined\n");
++			BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
+ 		return(0);
+ 		}
+ 	*(p++)='\0';
+-
+-	if ((ip != NULL) && !host_ip(str,ip))
+-		goto err;
+-	if (host_ptr != NULL) *host_ptr=h;
+-
+-	if (!extract_port(p,port_ptr))
+-		goto err;
+-	return(1);
+-err:
+-	return(0);
++		x = p;
+ 	}
+-
+-static int host_ip(char *str, unsigned char ip[4])
+-	{
+-	unsigned int in[4]; 
+-	int i;
+-
+-	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+-		{
+-		for (i=0; i<4; i++)
+-			if (in[i] > 255)
+-				{
+-				BIO_printf(bio_err,"invalid IP address\n");
+-				goto err;
+-				}
+-		ip[0]=in[0];
+-		ip[1]=in[1];
+-		ip[2]=in[2];
+-		ip[3]=in[3];
+-		}
+-	else
+-		{ /* do a gethostbyname */
+-		struct hostent *he;
+-
+-		if (!ssl_sock_init()) return(0);
+-
+-		he=GetHostByName(str);
+-		if (he == NULL)
+-			{
+-			BIO_printf(bio_err,"gethostbyname failure\n");
+-			goto err;
+-			}
+-		/* cast to short because of win16 winsock definition */
+-		if ((short)he->h_addrtype != AF_INET)
++	p=strchr(x,':');
++	if (p == NULL)
+ 			{
+-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+-			return(0);
+-			}
+-		ip[0]=he->h_addr_list[0][0];
+-		ip[1]=he->h_addr_list[0][1];
+-		ip[2]=he->h_addr_list[0][2];
+-		ip[3]=he->h_addr_list[0][3];
+-		}
+-	return(1);
+-err:
++		BIO_printf(bio_err,"no port defined\n");
+ 	return(0);
+ 	}
++	*(p++)='\0';
+ 
+-int extract_port(char *str, short *port_ptr)
+-	{
+-	int i;
+-	struct servent *s;
++	if (host_ptr != NULL) *host_ptr=h;
++	if (port_ptr != NULL) *port_ptr=p;
+ 
+-	i=atoi(str);
+-	if (i != 0)
+-		*port_ptr=(unsigned short)i;
+-	else
+-		{
+-		s=getservbyname(str,"tcp");
+-		if (s == NULL)
+-			{
+-			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+-			return(0);
+-			}
+-		*port_ptr=ntohs((unsigned short)s->s_port);
+-		}
+ 	return(1);
+ 	}
+ 
diff --git a/SOURCES/openssl-1.0.1c-perlfind.patch b/SOURCES/openssl-1.0.1c-perlfind.patch
new file mode 100644
index 0000000..956afd6
--- /dev/null
+++ b/SOURCES/openssl-1.0.1c-perlfind.patch
@@ -0,0 +1,16 @@
+diff -up openssl-1.0.1c/util/perlpath.pl.perlfind openssl-1.0.1c/util/perlpath.pl
+--- openssl-1.0.1c/util/perlpath.pl.perlfind	2012-07-11 22:57:33.000000000 +0200
++++ openssl-1.0.1c/util/perlpath.pl	2012-07-12 00:31:12.102156275 +0200
+@@ -4,10 +4,10 @@
+ # line in all scripts that rely on perl.
+ #
+ 
+-require "find.pl";
++use File::Find;
+ 
+ $#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+-&find(".");
++find(\&wanted, ".");
+ 
+ sub wanted
+ 	{
diff --git a/SOURCES/openssl-1.0.1e-arm-use-elf-auxv-caps.patch b/SOURCES/openssl-1.0.1e-arm-use-elf-auxv-caps.patch
new file mode 100644
index 0000000..94a8c42
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-arm-use-elf-auxv-caps.patch
@@ -0,0 +1,93 @@
+diff --git a/crypto/armcap.c b/crypto/armcap.c
+index 5258d2f..efb4009 100644
+--- a/crypto/armcap.c
++++ b/crypto/armcap.c
+@@ -9,11 +9,6 @@
+ 
+ unsigned int OPENSSL_armcap_P;
+ 
+-static sigset_t all_masked;
+-
+-static sigjmp_buf ill_jmp;
+-static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
+-
+ /*
+  * Following subroutines could have been inlined, but it's not all
+  * ARM compilers support inline assembler...
+@@ -29,24 +24,26 @@ unsigned int OPENSSL_rdtsc(void)
+ 		return 0;
+ 	}
+ 
+-#if defined(__GNUC__) && __GNUC__>=2
+-void OPENSSL_cpuid_setup(void) __attribute__((constructor));
+-#endif
+-void OPENSSL_cpuid_setup(void)
++#if defined(__GLIBC__) && __GLIBC__>=2 && __GLIBC_MINOR__>=16
++#include <sys/auxv.h>
++
++void OPENSSL_cpuid_find(void)
++	{
++		unsigned long hwcap = getauxval(AT_HWCAP);
++		char *plat = (char *)getauxval(AT_PLATFORM);
++
++		OPENSSL_armcap_P |= hwcap & HWCAP_ARM_NEON ? ARMV7_NEON : 0;
++		OPENSSL_armcap_P |= plat ? (plat[1] == '7' ? ARMV7_TICK : 0) : 0;
++	}
++#else
++static sigset_t all_masked;
++static sigjmp_buf ill_jmp;
++static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
++
++void OPENSSL_cpuid_find(void)
+ 	{
+-	char *e;
+ 	struct sigaction	ill_oact,ill_act;
+ 	sigset_t		oset;
+-	static int trigger=0;
+-
+-	if (trigger) return;
+-	trigger=1;
+- 
+-	if ((e=getenv("OPENSSL_armcap")))
+-		{
+-		OPENSSL_armcap_P=strtoul(e,NULL,0);
+-		return;
+-		}
+ 
+ 	sigfillset(&all_masked);
+ 	sigdelset(&all_masked,SIGILL);
+@@ -55,8 +52,6 @@ void OPENSSL_cpuid_setup(void)
+ 	sigdelset(&all_masked,SIGBUS);
+ 	sigdelset(&all_masked,SIGSEGV);
+ 
+-	OPENSSL_armcap_P = 0;
+-
+ 	memset(&ill_act,0,sizeof(ill_act));
+ 	ill_act.sa_handler = ill_handler;
+ 	ill_act.sa_mask    = all_masked;
+@@ -78,3 +73,25 @@ void OPENSSL_cpuid_setup(void)
+ 	sigaction (SIGILL,&ill_oact,NULL);
+ 	sigprocmask(SIG_SETMASK,&oset,NULL);
+ 	}
++#endif
++
++#if defined(__GNUC__) && __GNUC__>=2
++void OPENSSL_cpuid_setup(void) __attribute__((constructor));
++#endif
++void OPENSSL_cpuid_setup(void)
++	{
++	char *e;
++	static int trigger=0;
++
++	if (trigger) return;
++	trigger=1;
++
++	if ((e=getenv("OPENSSL_armcap")))
++		{
++		OPENSSL_armcap_P=strtoul(e,NULL,0);
++		return;
++		}
++
++	OPENSSL_armcap_P = 0;
++	OPENSSL_cpuid_find();
++	}
diff --git a/SOURCES/openssl-1.0.1e-backports.patch b/SOURCES/openssl-1.0.1e-backports.patch
new file mode 100644
index 0000000..5abe884
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-backports.patch
@@ -0,0 +1,325 @@
+diff -up openssl-1.0.1e/crypto/pem/pem_info.c.backports openssl-1.0.1e/crypto/pem/pem_info.c
+--- openssl-1.0.1e/crypto/pem/pem_info.c.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/pem/pem_info.c	2013-08-16 15:31:35.726003892 +0200
+@@ -167,6 +167,7 @@ start:
+ #ifndef OPENSSL_NO_RSA
+ 			if (strcmp(name,PEM_STRING_RSA) == 0)
+ 			{
++			d2i=(D2I_OF(void))d2i_RSAPrivateKey;
+ 			if (xi->x_pkey != NULL) 
+ 				{
+ 				if (!sk_X509_INFO_push(ret,xi)) goto err;
+diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
+--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.backports	2013-08-16 15:31:35.697003256 +0200
++++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c	2013-08-16 15:33:37.770673918 +0200
+@@ -582,6 +582,8 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CT
+ 			pm = RSA_NO_PADDING;
+ 		else if (!strcmp(value, "oeap"))
+ 			pm = RSA_PKCS1_OAEP_PADDING;
++		else if (!strcmp(value, "oaep"))
++			pm = RSA_PKCS1_OAEP_PADDING;
+ 		else if (!strcmp(value, "x931"))
+ 			pm = RSA_X931_PADDING;
+ 		else if (!strcmp(value, "pss"))
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.backports openssl-1.0.1e/crypto/x509/x509_vfy.c
+--- openssl-1.0.1e/crypto/x509/x509_vfy.c.backports	2013-08-16 15:31:35.721003782 +0200
++++ openssl-1.0.1e/crypto/x509/x509_vfy.c	2013-08-16 15:31:35.726003892 +0200
+@@ -696,6 +696,7 @@ static int check_cert(X509_STORE_CTX *ct
+ 	X509_CRL *crl = NULL, *dcrl = NULL;
+ 	X509 *x;
+ 	int ok, cnum;
++	unsigned int last_reasons;
+ 	cnum = ctx->error_depth;
+ 	x = sk_X509_value(ctx->chain, cnum);
+ 	ctx->current_cert = x;
+@@ -704,6 +705,7 @@ static int check_cert(X509_STORE_CTX *ct
+ 	ctx->current_reasons = 0;
+ 	while (ctx->current_reasons != CRLDP_ALL_REASONS)
+ 		{
++		last_reasons = ctx->current_reasons;
+ 		/* Try to retrieve relevant CRL */
+ 		if (ctx->get_crl)
+ 			ok = ctx->get_crl(ctx, &crl, x);
+@@ -747,6 +749,15 @@ static int check_cert(X509_STORE_CTX *ct
+ 		X509_CRL_free(dcrl);
+ 		crl = NULL;
+ 		dcrl = NULL;
++		/* If reasons not updated we wont get anywhere by
++		 * another iteration, so exit loop.
++		 */
++		if (last_reasons == ctx->current_reasons)
++			{
++			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
++			ok = ctx->verify_cb(0, ctx);
++			goto err;
++			}
+ 		}
+ 	err:
+ 	X509_CRL_free(crl);
+diff -up openssl-1.0.1e/crypto/x509/x_all.c.backports openssl-1.0.1e/crypto/x509/x_all.c
+--- openssl-1.0.1e/crypto/x509/x_all.c.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x_all.c	2013-08-16 15:33:25.247399940 +0200
+@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, c
+ 
+ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
+ 	{
++	x->cert_info->enc.modified = 1;
+ 	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+ 		x->cert_info->signature,
+ 		x->sig_alg, x->signature, x->cert_info, ctx);
+@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY
+ 
+ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
+ 	{
++	x->crl->enc.modified = 1;
+ 	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+ 		x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
+ 	}
+diff -up openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
+--- openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod	2013-08-16 15:31:35.727003914 +0200
+@@ -278,6 +278,8 @@ happen if extended CRL checking is enabl
+ an application specific error. This will never be returned unless explicitly
+ set by an application.
+ 
++=back
++
+ =head1 NOTES
+ 
+ The above functions should be used instead of directly referencing the fields
+diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports openssl-1.0.1e/doc/ssl/SSL_accept.pod
+--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.backports	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod	2013-08-16 15:31:35.727003914 +0200
+@@ -44,17 +44,17 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 1
+-
+-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+-established.
+-
+ =item 0
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
++=item 1
++
++The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
++established.
++
+ =item E<lt>0
+ 
+ The TLS/SSL handshake was not successful because a fatal error occurred either
+diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports openssl-1.0.1e/doc/ssl/SSL_connect.pod
+--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.backports	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod	2013-08-16 15:31:35.727003914 +0200
+@@ -41,17 +41,17 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 1
+-
+-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+-established.
+-
+ =item 0
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
++=item 1
++
++The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
++established.
++
+ =item E<lt>0
+ 
+ The TLS/SSL handshake was not successful, because a fatal error occurred either
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.backports	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod	2013-08-16 15:31:35.727003914 +0200
+@@ -66,16 +66,16 @@ values:
+ 
+ =over 4
+ 
+-=item 1
+-
+-The operation succeeded.
+-
+ =item 0
+ 
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+ 
++=item 1
++
++The operation succeeded.
++
+ =back
+ 
+ =head1 EXAMPLES
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2013-08-16 15:31:35.727003914 +0200
+@@ -81,6 +81,8 @@ SSL_CTX_use_psk_identity_hint() and SSL_
+ 
+ Return values from the server callback are interpreted as follows:
+ 
++=over 4
++
+ =item > 0
+ 
+ PSK identity was found and the server callback has provided the PSK
+@@ -99,4 +101,6 @@ completely.
+ PSK identity was not found. An "unknown_psk_identity" alert message
+ will be sent and the connection setup fails.
+ 
++=back
++
+ =cut
+diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
+--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.backports	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod	2013-08-16 15:31:35.727003914 +0200
+@@ -45,17 +45,17 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 1
+-
+-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+-established.
+-
+ =item 0
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
++=item 1
++
++The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
++established.
++
+ =item E<lt>0
+ 
+ The TLS/SSL handshake was not successful because a fatal error occurred either
+diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
+--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.backports	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod	2013-08-16 15:31:35.728003935 +0200
+@@ -92,11 +92,6 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 1
+-
+-The shutdown was successfully completed. The "close notify" alert was sent
+-and the peer's "close notify" alert was received.
+-
+ =item 0
+ 
+ The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be per
+ The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+ 
++=item 1
++
++The shutdown was successfully completed. The "close notify" alert was sent
++and the peer's "close notify" alert was received.
++
+ =item -1
+ 
+ The shutdown was not successful because a fatal error occurred either
+diff -up openssl-1.0.1e/ssl/d1_lib.c.backports openssl-1.0.1e/ssl/d1_lib.c
+--- openssl-1.0.1e/ssl/d1_lib.c.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_lib.c	2013-08-16 15:33:33.306576363 +0200
+@@ -196,6 +196,7 @@ void dtls1_free(SSL *s)
+ 	pqueue_free(s->d1->buffered_app_data.q);
+ 
+ 	OPENSSL_free(s->d1);
++	s->d1 = NULL;
+ 	}
+ 
+ void dtls1_clear(SSL *s)
+diff -up openssl-1.0.1e/ssl/d1_pkt.c.backports openssl-1.0.1e/ssl/d1_pkt.c
+--- openssl-1.0.1e/ssl/d1_pkt.c.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_pkt.c	2013-08-16 15:31:35.728003935 +0200
+@@ -847,6 +847,12 @@ start:
+ 			}
+ 		}
+ 
++	if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
++		{
++		rr->length = 0;
++		goto start;
++		}
++
+ 	/* we now have a packet which can be read and processed */
+ 
+ 	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+@@ -1051,6 +1057,7 @@ start:
+ 			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+ 			!s->s3->renegotiate)
+ 			{
++			s->d1->handshake_read_seq++;
+ 			s->new_session = 1;
+ 			ssl3_renegotiate(s);
+ 			if (ssl3_renegotiate_check(s))
+diff -up openssl-1.0.1e/ssl/d1_srvr.c.backports openssl-1.0.1e/ssl/d1_srvr.c
+--- openssl-1.0.1e/ssl/d1_srvr.c.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_srvr.c	2013-08-16 15:31:35.728003935 +0200
+@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
+ 		case SSL3_ST_SW_HELLO_REQ_B:
+ 
+ 			s->shutdown=0;
++			dtls1_clear_record_buffer(s);
+ 			dtls1_start_timer(s);
+ 			ret=dtls1_send_hello_request(s);
+ 			if (ret <= 0) goto end;
+-			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
++			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
+ 			s->state=SSL3_ST_SW_FLUSH;
+ 			s->init_num=0;
+ 
+diff -up openssl-1.0.1e/ssl/s3_cbc.c.backports openssl-1.0.1e/ssl/s3_cbc.c
+--- openssl-1.0.1e/ssl/s3_cbc.c.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s3_cbc.c	2013-08-16 15:31:35.729003956 +0200
+@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s
+ 	unsigned padding_length, good, to_check, i;
+ 	const unsigned overhead = 1 /* padding length byte */ + mac_size;
+ 	/* Check if version requires explicit IV */
+-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
++	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
+ 		{
+ 		/* These lengths are all public so we can test them in
+ 		 * non-constant time.
+diff -up openssl-1.0.1e/ssl/ssl_lib.c.backports openssl-1.0.1e/ssl/ssl_lib.c
+--- openssl-1.0.1e/ssl/ssl_lib.c.backports	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/ssl_lib.c	2013-08-16 15:31:35.729003956 +0200
+@@ -1797,7 +1797,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
+ 
+ 	ret->extra_certs=NULL;
+-	ret->comp_methods=SSL_COMP_get_compression_methods();
++	/* No compression for DTLS */
++	if (meth->version != DTLS1_VERSION)
++		ret->comp_methods=SSL_COMP_get_compression_methods();
+ 
+ 	ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+ 
+@@ -2792,9 +2794,7 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ 	{
+-	if (s->server)
+-		return(ssl_get_server_send_cert(s));
+-	else if (s->cert != NULL)
++	if (s->cert != NULL)
+ 		return(s->cert->key->x509);
+ 	else
+ 		return(NULL);
diff --git a/SOURCES/openssl-1.0.1e-bad-mac.patch b/SOURCES/openssl-1.0.1e-bad-mac.patch
new file mode 100644
index 0000000..06d284e
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-bad-mac.patch
@@ -0,0 +1,33 @@
+From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Mon, 18 Mar 2013 19:29:41 +0100
+Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI
+ plaforms.
+
+PR: 3002
+(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
+---
+ crypto/evp/e_aes_cbc_hmac_sha1.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
+index 483e04b..fb2c884 100644
+--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
+@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ 
+ 				if (res!=SHA_CBLOCK) continue;
+ 
+-				mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
++				/* j is not incremented yet */
++				mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
+ 				data->u[SHA_LBLOCK-1] |= bitlen&mask;
+ 				sha1_block_data_order(&key->md,data,1);
+-				mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
++				mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
+ 				pmac->u[0] |= key->md.h0 & mask;
+ 				pmac->u[1] |= key->md.h1 & mask;
+ 				pmac->u[2] |= key->md.h2 & mask;
+-- 
+1.7.9.5
+
diff --git a/SOURCES/openssl-1.0.1e-ecc-suiteb.patch b/SOURCES/openssl-1.0.1e-ecc-suiteb.patch
new file mode 100644
index 0000000..dc87b00
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-ecc-suiteb.patch
@@ -0,0 +1,124 @@
+diff -up openssl-1.0.1e/apps/speed.c.suiteb openssl-1.0.1e/apps/speed.c
+--- openssl-1.0.1e/apps/speed.c.suiteb	2013-11-08 18:02:53.815229706 +0100
++++ openssl-1.0.1e/apps/speed.c	2013-11-08 18:04:47.016724297 +0100
+@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
+ 		else
+ #endif
+ #ifndef OPENSSL_NO_ECDSA
+-		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
+-		else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
+-		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
+-		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
++		if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
+ 		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
+ 		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
+-		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
+-		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
+-		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
+-		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
+-		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
+-		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
+-		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
+-		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
+-		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
+-		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
+ 		else if (strcmp(*argv,"ecdsa") == 0)
+ 			{
+-			for (i=0; i < EC_NUM; i++)
++			for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 				ecdsa_doit[i]=1;
+ 			}
+ 		else
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+-		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
+-		else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
+-		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
+-		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
++		if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
+ 		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
+ 		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
+-		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
+-		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
+-		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
+-		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
+-		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
+-		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
+-		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
+-		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
+-		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
+-		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
+ 		else if (strcmp(*argv,"ecdh") == 0)
+ 			{
+-			for (i=0; i < EC_NUM; i++)
++			for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 				ecdh_doit[i]=1;
+ 			}
+ 		else
+@@ -1097,15 +1071,11 @@ int MAIN(int argc, char **argv)
+ 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
+ #endif
+ #ifndef OPENSSL_NO_ECDSA
+-			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+-			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+-			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
++			BIO_printf(bio_err,"ecdsap256 ecdsap384 ecdsap521\n");
+ 			BIO_printf(bio_err,"ecdsa\n");
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+-			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
+-			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
+-			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
++			BIO_printf(bio_err,"ecdhp256  ecdhp384 ecdhp521\n");
+ 			BIO_printf(bio_err,"ecdh\n");
+ #endif
+ 
+@@ -1184,11 +1154,11 @@ int MAIN(int argc, char **argv)
+ 		    if (!FIPS_mode() || i != R_DSA_512)
+ 			dsa_doit[i]=1;
+ #ifndef OPENSSL_NO_ECDSA
+-		for (i=0; i<EC_NUM; i++)
++		for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 			ecdsa_doit[i]=1;
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+-		for (i=0; i<EC_NUM; i++)
++		for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 			ecdh_doit[i]=1;
+ #endif
+ 		}
+diff -up openssl-1.0.1e/ssl/t1_lib.c.suiteb openssl-1.0.1e/ssl/t1_lib.c
+--- openssl-1.0.1e/ssl/t1_lib.c.suiteb	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/t1_lib.c	2013-11-08 18:05:27.551617554 +0100
+@@ -204,31 +204,9 @@ static int nid_list[] =
+ 
+ static int pref_list[] =
+ 	{
+-		NID_sect571r1, /* sect571r1 (14) */ 
+-		NID_sect571k1, /* sect571k1 (13) */ 
+ 		NID_secp521r1, /* secp521r1 (25) */	
+-		NID_sect409k1, /* sect409k1 (11) */ 
+-		NID_sect409r1, /* sect409r1 (12) */
+ 		NID_secp384r1, /* secp384r1 (24) */
+-		NID_sect283k1, /* sect283k1 (9) */
+-		NID_sect283r1, /* sect283r1 (10) */ 
+-		NID_secp256k1, /* secp256k1 (22) */ 
+ 		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+-		NID_sect239k1, /* sect239k1 (8) */ 
+-		NID_sect233k1, /* sect233k1 (6) */
+-		NID_sect233r1, /* sect233r1 (7) */ 
+-		NID_secp224k1, /* secp224k1 (20) */ 
+-		NID_secp224r1, /* secp224r1 (21) */
+-		NID_sect193r1, /* sect193r1 (4) */ 
+-		NID_sect193r2, /* sect193r2 (5) */ 
+-		NID_secp192k1, /* secp192k1 (18) */
+-		NID_X9_62_prime192v1, /* secp192r1 (19) */ 
+-		NID_sect163k1, /* sect163k1 (1) */
+-		NID_sect163r1, /* sect163r1 (2) */
+-		NID_sect163r2, /* sect163r2 (3) */
+-		NID_secp160k1, /* secp160k1 (15) */
+-		NID_secp160r1, /* secp160r1 (16) */ 
+-		NID_secp160r2, /* secp160r2 (17) */ 
+ 	};
+ 
+ int tls1_ec_curve_id2nid(int curve_id)
diff --git a/SOURCES/openssl-1.0.1e-env-zlib.patch b/SOURCES/openssl-1.0.1e-env-zlib.patch
new file mode 100644
index 0000000..b702acb
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-env-zlib.patch
@@ -0,0 +1,38 @@
+diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
+--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod	2013-02-19 16:32:51.000000000 +0100
+@@ -47,6 +47,13 @@ Once the identities of the compression m
+ been standardized, the compression API will most likely be changed. Using
+ it in the current state is not recommended.
+ 
++It is also not recommended to use compression if data transfered contain
++untrusted parts that can be manipulated by an attacker as he could then
++get information about the encrypted data. See the CRIME attack. For
++that reason the default loading of the zlib compression method is
++disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB>
++is present during the library initialization.
++
+ =head1 RETURN VALUES
+ 
+ SSL_COMP_add_compression_method() may return the following values:
+diff -up openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib openssl-1.0.1e/ssl/ssl_ciph.c
+--- openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/ssl_ciph.c	2013-02-19 16:37:36.163545085 +0100
+@@ -140,6 +140,8 @@
+  * OTHERWISE.
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <openssl/objects.h>
+ #ifndef OPENSSL_NO_COMP
+@@ -455,7 +457,7 @@ static void load_builtin_compressions(vo
+ 
+ 			MemCheck_off();
+ 			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+-			if (ssl_comp_methods != NULL)
++			if (ssl_comp_methods != NULL && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL)
+ 				{
+ 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+ 				if (comp != NULL)
diff --git a/SOURCES/openssl-1.0.1e-fips-ctor.patch b/SOURCES/openssl-1.0.1e-fips-ctor.patch
new file mode 100644
index 0000000..44576ef
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-fips-ctor.patch
@@ -0,0 +1,179 @@
+diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-ctor openssl-1.0.1e/crypto/fips/fips.c
+--- openssl-1.0.1e/crypto/fips/fips.c.fips-ctor	2013-09-26 13:52:30.767885457 +0200
++++ openssl-1.0.1e/crypto/fips/fips.c	2013-09-26 14:01:29.406010187 +0200
+@@ -60,6 +60,8 @@
+ #include <dlfcn.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <unistd.h>
++#include <errno.h>
+ #include "fips_locl.h"
+ 
+ #ifdef OPENSSL_FIPS
+@@ -198,8 +200,10 @@ bin2hex(void *buf, size_t len)
+ 	return hex;
+ }
+ 
+-#define HMAC_PREFIX "." 
+-#define HMAC_SUFFIX ".hmac" 
++#define HMAC_PREFIX "."
++#ifndef HMAC_SUFFIX
++#define HMAC_SUFFIX ".hmac"
++#endif
+ #define READ_BUFFER_LENGTH 16384
+ 
+ static char *
+@@ -279,19 +283,13 @@ end:
+ }
+ 
+ static int
+-FIPSCHECK_verify(const char *libname, const char *symbolname)
++FIPSCHECK_verify(const char *path)
+ {
+-	char path[PATH_MAX+1];
+-	int rv;
++	int rv = 0;
+ 	FILE *hf;
+ 	char *hmacpath, *p;
+ 	char *hmac = NULL;
+ 	size_t n;
+-	
+-	rv = get_library_path(libname, symbolname, path, sizeof(path));
+-
+-	if (rv < 0)
+-		return 0;
+ 
+ 	hmacpath = make_hmac_path(path);
+ 	if (hmacpath == NULL)
+@@ -341,6 +339,53 @@ end:
+ 	return 1;	
+ }
+ 
++static int
++verify_checksums(void)
++    {
++	int rv;
++	char path[PATH_MAX+1];
++	char *p;
++
++	/* we need to avoid dlopening libssl, assume both libcrypto and libssl
++	   are in the same directory */
++
++	rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
++	if (rv < 0)
++		return 0;
++
++	rv = FIPSCHECK_verify(path);
++	if (!rv)
++		return 0;
++
++	/* replace libcrypto with libssl */
++	while ((p = strstr(path, "libcrypto.so")) != NULL)
++	    {
++		p = stpcpy(p, "libssl");
++                memmove(p, p+3, strlen(p+2));
++	    }
++
++	rv = FIPSCHECK_verify(path);
++	if (!rv)
++		return 0;
++	return 1;
++    }
++
++#ifndef FIPS_MODULE_PATH
++#define FIPS_MODULE_PATH "/etc/system-fips"
++#endif
++
++int
++FIPS_module_installed(void)
++    {
++    int rv;
++    rv = access(FIPS_MODULE_PATH, F_OK);
++    if (rv < 0 && errno != ENOENT)
++	rv = 0;
++
++    /* Installed == true */
++    return !rv;
++    }
++
+ int FIPS_module_mode_set(int onoff, const char *auth)
+     {
+     int ret = 0;
+@@ -379,15 +424,7 @@ int FIPS_module_mode_set(int onoff, cons
+ 	}
+ #endif
+ 
+-	if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
+-	    {
+-	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+-	    fips_selftest_fail = 1;
+-	    ret = 0;
+-	    goto end;
+-	    }
+-
+-	if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
++	if(!verify_checksums())
+ 	    {
+ 	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ 	    fips_selftest_fail = 1;
+diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ctor openssl-1.0.1e/crypto/fips/fips.h
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ctor	2013-09-26 13:52:30.814886515 +0200
++++ openssl-1.0.1e/crypto/fips/fips.h	2013-09-26 13:52:30.816886560 +0200
+@@ -74,6 +74,7 @@ struct hmac_ctx_st;
+ 
+ int FIPS_module_mode_set(int onoff, const char *auth);
+ int FIPS_module_mode(void);
++int FIPS_module_installed(void);
+ const void *FIPS_rand_check(void);
+ int FIPS_selftest(void);
+ int FIPS_selftest_failed(void);
+diff -up openssl-1.0.1e/crypto/o_init.c.fips-ctor openssl-1.0.1e/crypto/o_init.c
+--- openssl-1.0.1e/crypto/o_init.c.fips-ctor	2013-09-26 13:52:30.807886357 +0200
++++ openssl-1.0.1e/crypto/o_init.c	2013-09-26 14:00:21.000000000 +0200
+@@ -71,6 +71,9 @@ static void init_fips_mode(void)
+ 	char buf[2] = "0";
+ 	int fd;
+ 	
++	/* Ensure the selftests always run */
++	FIPS_mode_set(1);
++
+ 	if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ 		{
+ 		buf[0] = '1';
+@@ -85,9 +88,15 @@ static void init_fips_mode(void)
+ 	 * otherwise. 
+ 	 */
+ 	
+-	if (buf[0] == '1')
++	if (buf[0] != '1')
++		{
++		/* drop down to non-FIPS mode if it is not requested */
++		FIPS_mode_set(0);
++		}
++	else
+ 		{
+-		FIPS_mode_set(1);
++		/* abort if selftest failed */
++		FIPS_selftest_check();
+ 		}
+ 	}
+ #endif
+@@ -96,13 +105,17 @@ static void init_fips_mode(void)
+  * Currently only sets FIPS callbacks
+  */
+ 
+-void OPENSSL_init_library(void)
++void __attribute__ ((constructor)) OPENSSL_init_library(void)
+ 	{
+ 	static int done = 0;
+ 	if (done)
+ 		return;
+ 	done = 1;
+ #ifdef OPENSSL_FIPS
++	if (!FIPS_module_installed())
++		{
++		return;
++		}
+ 	RAND_init_fips();
+ 	init_fips_mode();
+ 	if (!FIPS_mode())
diff --git a/SOURCES/openssl-1.0.1e-fips-ec.patch b/SOURCES/openssl-1.0.1e-fips-ec.patch
new file mode 100644
index 0000000..7287dae
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-fips-ec.patch
@@ -0,0 +1,2039 @@
+diff -up openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec openssl-1.0.1e/crypto/ecdh/ecdh.h
+--- openssl-1.0.1e/crypto/ecdh/ecdh.h.fips-ec	2013-11-08 17:59:42.755019363 +0100
++++ openssl-1.0.1e/crypto/ecdh/ecdh.h	2013-11-08 17:59:43.147028002 +0100
+@@ -85,6 +85,8 @@
+ extern "C" {
+ #endif
+ 
++#define EC_FLAG_COFACTOR_ECDH	0x1000
++
+ const ECDH_METHOD *ECDH_OpenSSL(void);
+ 
+ void	  ECDH_set_default_method(const ECDH_METHOD *);
+diff -up openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec openssl-1.0.1e/crypto/ecdh/ecdhtest.c
+--- openssl-1.0.1e/crypto/ecdh/ecdhtest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c	2013-11-08 17:59:54.712282862 +0100
+@@ -323,8 +323,10 @@ int main(int argc, char *argv[])
+ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+ 
+ 	/* NIST PRIME CURVES TESTS */
++#if 0
+ 	if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+ 	if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
++#endif
+ 	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+ 	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+ 	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+diff -up openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_lib.c
+--- openssl-1.0.1e/crypto/ecdh/ech_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdh/ech_lib.c	2013-11-08 17:59:43.148028024 +0100
+@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
+ 	{
+ 	if(!default_ECDH_method) 
+ 		{
+-#ifdef OPENSSL_FIPS
+-		if (FIPS_mode())
+-			return FIPS_ecdh_openssl();
+-		else
+-			return ECDH_OpenSSL();
+-#else
+ 		default_ECDH_method = ECDH_OpenSSL();
+-#endif
+ 		}
+ 	return default_ECDH_method;
+ 	}
+diff -up openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdh/ech_ossl.c
+--- openssl-1.0.1e/crypto/ecdh/ech_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c	2013-11-08 17:59:43.148028024 +0100
+@@ -79,6 +79,10 @@
+ #include <openssl/obj_mac.h>
+ #include <openssl/bn.h>
+ 
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+ static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+ 	EC_KEY *ecdh, 
+ 	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+@@ -90,7 +94,7 @@ static ECDH_METHOD openssl_ecdh_meth = {
+ 	NULL, /* init     */
+ 	NULL, /* finish   */
+ #endif
+-	0,    /* flags    */
++	ECDH_FLAG_FIPS_METHOD,    /* flags    */
+ 	NULL  /* app_data */
+ };
+ 
+@@ -118,6 +122,14 @@ static int ecdh_compute_key(void *out, s
+ 	size_t buflen, len;
+ 	unsigned char *buf=NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_ECDH_COMPUTE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
++		return -1;
++		}
++#endif
++
+ 	if (outlen > INT_MAX)
+ 		{
+ 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
+@@ -137,6 +149,18 @@ static int ecdh_compute_key(void *out, s
+ 		}
+ 
+ 	group = EC_KEY_get0_group(ecdh);
++
++	if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH)
++		{
++		if (!EC_GROUP_get_cofactor(group, x, ctx) ||
++			!BN_mul(x, x, priv_key, ctx))
++			{
++			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++			goto err;
++			}
++		priv_key = x;
++		}
++
+ 	if ((tmp=EC_POINT_new(group)) == NULL)
+ 		{
+ 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+diff -up openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
+--- openssl-1.0.1e/crypto/ecdsa/ecdsatest.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c	2013-11-08 17:59:43.148028024 +0100
+@@ -138,11 +138,14 @@ int restore_rand(void)
+ 	}
+ 
+ static int fbytes_counter = 0;
+-static const char *numbers[8] = {
++static const char *numbers[10] = {
++	"651056770906015076056810763456358567190100156695615665659",
+ 	"651056770906015076056810763456358567190100156695615665659",
+ 	"6140507067065001063065065565667405560006161556565665656654",
+ 	"8763001015071075675010661307616710783570106710677817767166"
+ 	"71676178726717",
++	"8763001015071075675010661307616710783570106710677817767166"
++	"71676178726717",
+ 	"7000000175690566466555057817571571075705015757757057795755"
+ 	"55657156756655",
+ 	"1275552191113212300012030439187146164646146646466749494799",
+@@ -157,7 +160,7 @@ int fbytes(unsigned char *buf, int num)
+ 	int	ret;
+ 	BIGNUM	*tmp = NULL;
+ 
+-	if (fbytes_counter >= 8)
++	if (fbytes_counter >= 10)
+ 		return 0;
+ 	tmp = BN_new();
+ 	if (!tmp)
+@@ -550,7 +553,9 @@ int main(void)
+ 	RAND_seed(rnd_seed, sizeof(rnd_seed));
+ 
+ 	/* the tests */
++#if 0
+ 	if (!x9_62_tests(out))  goto err;
++#endif
+ 	if (!test_builtin(out)) goto err;
+ 	
+ 	ret = 0;
+diff -up openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
+--- openssl-1.0.1e/crypto/ecdsa/ecs_lib.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c	2013-11-08 17:59:43.148028024 +0100
+@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
+ {
+ 	if(!default_ECDSA_method) 
+ 		{
+-#ifdef OPENSSL_FIPS
+-		if (FIPS_mode())
+-			return FIPS_ecdsa_openssl();
+-		else
+-			return ECDSA_OpenSSL();
+-#else
+ 		default_ECDSA_method = ECDSA_OpenSSL();
+-#endif
+ 		}
+ 	return default_ECDSA_method;
+ }
+diff -up openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
+--- openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c	2013-11-08 17:59:43.148028024 +0100
+@@ -60,6 +60,9 @@
+ #include <openssl/err.h>
+ #include <openssl/obj_mac.h>
+ #include <openssl/bn.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
+ 		const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
+@@ -77,7 +80,7 @@ static ECDSA_METHOD openssl_ecdsa_meth =
+ 	NULL, /* init     */
+ 	NULL, /* finish   */
+ #endif
+-	0,    /* flags    */
++	ECDSA_FLAG_FIPS_METHOD,    /* flags    */
+ 	NULL  /* app_data */
+ };
+ 
+@@ -231,6 +234,14 @@ static ECDSA_SIG *ecdsa_do_sign(const un
+ 	ECDSA_DATA *ecdsa;
+ 	const BIGNUM *priv_key;
+ 
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_ECDSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
++		return NULL;
++		}
++#endif
++
+ 	ecdsa    = ecdsa_check(eckey);
+ 	group    = EC_KEY_get0_group(eckey);
+ 	priv_key = EC_KEY_get0_private_key(eckey);
+@@ -360,6 +371,14 @@ static int ecdsa_do_verify(const unsigne
+ 	const EC_GROUP *group;
+ 	const EC_POINT *pub_key;
+ 
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_ECDSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
++		return -1;
++		}
++#endif
++
+ 	/* check input values */
+ 	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+ 	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
+diff -up openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec openssl-1.0.1e/crypto/ec/ec_key.c
+--- openssl-1.0.1e/crypto/ec/ec_key.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ec_key.c	2013-11-08 17:59:43.148028024 +0100
+@@ -64,9 +64,6 @@
+ #include <string.h>
+ #include "ec_lcl.h"
+ #include <openssl/err.h>
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+ 
+ EC_KEY *EC_KEY_new(void)
+ 	{
+@@ -234,6 +231,39 @@ int EC_KEY_up_ref(EC_KEY *r)
+ 	return ((i > 1) ? 1 : 0);
+ 	}
+ 
++#ifdef OPENSSL_FIPS
++
++#include <openssl/evp.h>
++#include <openssl/fips.h>
++#include <openssl/fips_rand.h>
++
++static int fips_check_ec(EC_KEY *key)
++	{
++	EVP_PKEY *pk;
++	unsigned char tbs[] = "ECDSA Pairwise Check Data";
++	int ret = 0;
++
++	if ((pk=EVP_PKEY_new()) == NULL)
++		goto err;
++
++	EVP_PKEY_set1_EC_KEY(pk, key);
++
++	if (fips_pkey_signature_test(pk, tbs, 0, NULL, 0, NULL, 0, NULL))
++		ret = 1;
++
++	err:
++	if (ret == 0)
++		{
++		FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
++		fips_set_selftest_fail();
++		}
++	if (pk)
++		EVP_PKEY_free(pk);
++	return ret;
++	}
++
++#endif
++
+ int EC_KEY_generate_key(EC_KEY *eckey)
+ 	{	
+ 	int	ok = 0;
+@@ -242,8 +272,11 @@ int EC_KEY_generate_key(EC_KEY *eckey)
+ 	EC_POINT *pub_key = NULL;
+ 
+ #ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return FIPS_ec_key_generate_key(eckey);
++	if(FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_EC_KEY_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
++		return 0;
++		}
+ #endif
+ 
+ 	if (!eckey || !eckey->group)
+@@ -287,6 +320,15 @@ int EC_KEY_generate_key(EC_KEY *eckey)
+ 	eckey->priv_key = priv_key;
+ 	eckey->pub_key  = pub_key;
+ 
++#ifdef OPENSSL_FIPS
++	if(!fips_check_ec(eckey))
++		{
++		eckey->priv_key = NULL;
++		eckey->pub_key  = NULL;
++	    	goto err;
++		}
++#endif
++
+ 	ok=1;
+ 
+ err:	
+@@ -429,10 +471,12 @@ int EC_KEY_set_public_key_affine_coordin
+ 								tx, ty, ctx))
+ 			goto err;
+ 		}
+-	/* Check if retrieved coordinates match originals: if not values
+-	 * are out of range.
++	/* Check if retrieved coordinates match originals and are less than
++	 * field order: if not values are out of range.
+ 	 */
+-	if (BN_cmp(x, tx) || BN_cmp(y, ty))
++	if (BN_cmp(x, tx) || BN_cmp(y, ty)
++		|| (BN_cmp(x, &key->group->field) >= 0)
++		|| (BN_cmp(y, &key->group->field) >= 0))
+ 		{
+ 		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+ 			EC_R_COORDINATES_OUT_OF_RANGE);
+diff -up openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_mont.c
+--- openssl-1.0.1e/crypto/ec/ecp_mont.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ecp_mont.c	2013-11-08 17:59:43.149028046 +0100
+@@ -63,18 +63,11 @@
+ 
+ #include <openssl/err.h>
+ 
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+-
+ #include "ec_lcl.h"
+ 
+ 
+ const EC_METHOD *EC_GFp_mont_method(void)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	return fips_ec_gfp_mont_method();
+-#else
+ 	static const EC_METHOD ret = {
+ 		EC_FLAGS_DEFAULT_OCT,
+ 		NID_X9_62_prime_field,
+@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void
+ 		ec_GFp_mont_field_set_to_one };
+ 
+ 	return &ret;
+-#endif
+ 	}
+ 
+ 
+diff -up openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_nist.c
+--- openssl-1.0.1e/crypto/ec/ecp_nist.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ecp_nist.c	2013-11-08 17:59:43.149028046 +0100
+@@ -67,15 +67,8 @@
+ #include <openssl/obj_mac.h>
+ #include "ec_lcl.h"
+ 
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+-
+ const EC_METHOD *EC_GFp_nist_method(void)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	return fips_ec_gfp_nist_method();
+-#else
+ 	static const EC_METHOD ret = {
+ 		EC_FLAGS_DEFAULT_OCT,
+ 		NID_X9_62_prime_field,
+@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void
+ 		0 /* field_set_to_one */ };
+ 
+ 	return &ret;
+-#endif
+ 	}
+ 
+ int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+diff -up openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec openssl-1.0.1e/crypto/ec/ecp_smpl.c
+--- openssl-1.0.1e/crypto/ec/ecp_smpl.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ec/ecp_smpl.c	2013-11-08 17:59:43.149028046 +0100
+@@ -65,17 +65,10 @@
+ #include <openssl/err.h>
+ #include <openssl/symhacks.h>
+ 
+-#ifdef OPENSSL_FIPS
+-#include <openssl/fips.h>
+-#endif
+-
+ #include "ec_lcl.h"
+ 
+ const EC_METHOD *EC_GFp_simple_method(void)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	return fips_ec_gfp_simple_method();
+-#else
+ 	static const EC_METHOD ret = {
+ 		EC_FLAGS_DEFAULT_OCT,
+ 		NID_X9_62_prime_field,
+@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_simple_method(vo
+ 		0 /* field_set_to_one */ };
+ 
+ 	return &ret;
+-#endif
+ 	}
+ 
+ 
+@@ -186,6 +178,12 @@ int ec_GFp_simple_group_set_curve(EC_GRO
+ 		return 0;
+ 		}
+ 
++	if (BN_num_bits(p) < 256)
++		{
++		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
++		return 0;
++		}
++
+ 	if (ctx == NULL)
+ 		{
+ 		ctx = new_ctx = BN_CTX_new();
+diff -up openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec openssl-1.0.1e/crypto/evp/m_ecdsa.c
+--- openssl-1.0.1e/crypto/evp/m_ecdsa.c.fips-ec	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_ecdsa.c	2013-11-08 17:59:43.149028046 +0100
+@@ -116,7 +116,6 @@
+ #include <openssl/x509.h>
+ 
+ #ifndef OPENSSL_NO_SHA
+-#ifndef OPENSSL_FIPS
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return SHA1_Init(ctx->md_data); }
+@@ -132,7 +131,7 @@ static const EVP_MD ecdsa_md=
+ 	NID_ecdsa_with_SHA1,
+ 	NID_ecdsa_with_SHA1,
+ 	SHA_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_DIGEST,
++	EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
+ 	init,
+ 	update,
+ 	final,
+@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
+ 	return(&ecdsa_md);
+ 	}
+ #endif
+-#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c.fips-ec	2013-11-08 17:59:43.149028046 +0100
++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c	2013-11-08 17:59:43.149028046 +0100
+@@ -0,0 +1,496 @@
++/* fips/ecdh/fips_ecdhvs.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++
++#define OPENSSL_FIPSAPI
++#include <openssl/opensslconf.h>
++
++#ifndef OPENSSL_FIPS
++#include <stdio.h>
++
++int main(int argc, char **argv)
++{
++    printf("No FIPS ECDH support\n");
++    return(0);
++}
++#else
++
++#include <openssl/crypto.h>
++#include <openssl/bn.h>
++#include <openssl/ecdh.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "fips_utl.h"
++
++static const EVP_MD *eparse_md(char *line)
++	{
++	char *p;
++	if (line[0] != '[' || line[1] != 'E')
++		return NULL;
++	p = strchr(line, '-');
++	if (!p)
++		return NULL;
++	line = p + 1;
++	p = strchr(line, ']');
++	if (!p)
++		return NULL;
++	*p = 0;
++	p = line;
++	while(isspace(*p))
++		p++;
++	if (!strcmp(p, "SHA1"))
++		return EVP_sha1();
++	else if (!strcmp(p, "SHA224"))
++		return EVP_sha224();
++	else if (!strcmp(p, "SHA256"))
++		return EVP_sha256();
++	else if (!strcmp(p, "SHA384"))
++		return EVP_sha384();
++	else if (!strcmp(p, "SHA512"))
++		return EVP_sha512();
++	else
++		return NULL;
++	}
++
++static int lookup_curve2(char *cname)
++	{
++	char *p;
++	p = strchr(cname, ']');
++	if (!p)
++		{
++		fprintf(stderr, "Parse error: missing ]\n");
++		return NID_undef;
++		}
++	*p = 0;
++
++	if (!strcmp(cname, "B-163"))
++		return NID_sect163r2;
++	if (!strcmp(cname, "B-233"))
++		return NID_sect233r1;
++	if (!strcmp(cname, "B-283"))
++		return NID_sect283r1;
++	if (!strcmp(cname, "B-409"))
++		return NID_sect409r1;
++	if (!strcmp(cname, "B-571"))
++		return NID_sect571r1;
++	if (!strcmp(cname, "K-163"))
++		return NID_sect163k1;
++	if (!strcmp(cname, "K-233"))
++		return NID_sect233k1;
++	if (!strcmp(cname, "K-283"))
++		return NID_sect283k1;
++	if (!strcmp(cname, "K-409"))
++		return NID_sect409k1;
++	if (!strcmp(cname, "K-571"))
++		return NID_sect571k1;
++	if (!strcmp(cname, "P-192"))
++		return NID_X9_62_prime192v1;
++	if (!strcmp(cname, "P-224"))
++		return NID_secp224r1;
++	if (!strcmp(cname, "P-256"))
++		return NID_X9_62_prime256v1;
++	if (!strcmp(cname, "P-384"))
++		return NID_secp384r1;
++	if (!strcmp(cname, "P-521"))
++		return NID_secp521r1;
++
++	fprintf(stderr, "Unknown Curve name %s\n", cname);
++	return NID_undef;
++	}
++
++static int lookup_curve(char *cname)
++	{
++	char *p;
++	p = strchr(cname, ':');
++	if (!p)
++		{
++		fprintf(stderr, "Parse error: missing :\n");
++		return NID_undef;
++		}
++	cname = p + 1;
++	while(isspace(*cname))
++		cname++;
++	return lookup_curve2(cname);
++	}
++
++static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
++	{
++	EC_POINT *peer;
++	int rv;
++	BN_CTX *c;
++	peer = EC_POINT_new(group);
++	if (!peer)
++		return NULL;
++	c = BN_CTX_new();
++	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
++		== NID_X9_62_prime_field)
++		rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
++	else
++#ifdef OPENSSL_NO_EC2M
++		{
++		fprintf(stderr, "ERROR: GF2m not supported\n");
++		exit(1);
++		}
++#else
++		rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
++#endif
++
++	BN_CTX_free(c);
++	if (rv)
++		return peer;
++	EC_POINT_free(peer);
++	return NULL;
++	}
++
++static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
++	{
++	const EC_POINT *pt;
++	const EC_GROUP *grp;
++	const EC_METHOD *meth;
++	int rv;
++	BIGNUM *tx, *ty;
++	const BIGNUM *d = NULL;
++	BN_CTX *ctx;
++	ctx = BN_CTX_new();
++	if (!ctx)
++		return 0;
++	tx = BN_CTX_get(ctx);
++	ty = BN_CTX_get(ctx);
++	if (!tx || !ty)
++		return 0;
++	grp = EC_KEY_get0_group(key);
++	pt = EC_KEY_get0_public_key(key);
++	if (exout)
++		d = EC_KEY_get0_private_key(key);
++	meth = EC_GROUP_method_of(grp);
++	if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
++		rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
++	else
++#ifdef OPENSSL_NO_EC2M
++		{
++		fprintf(stderr, "ERROR: GF2m not supported\n");
++		exit(1);
++		}
++#else
++		rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
++#endif
++
++	if (add_e)
++		{
++		do_bn_print_name(out, "QeIUTx", tx);
++		do_bn_print_name(out, "QeIUTy", ty);
++		if (d)
++			do_bn_print_name(out, "QeIUTd", d);
++		}
++	else
++		{
++		do_bn_print_name(out, "QIUTx", tx);
++		do_bn_print_name(out, "QIUTy", ty);
++		if (d)
++			do_bn_print_name(out, "QIUTd", d);
++		}
++
++	BN_CTX_free(ctx);
++
++	return rv;
++
++	}
++
++static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
++			BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
++			BIGNUM *cy, const EVP_MD *md,
++				unsigned char *rhash, size_t rhashlen)
++	{
++	EC_KEY *ec = NULL;
++	EC_POINT *peerkey = NULL;
++	unsigned char *Z;
++	unsigned char chash[EVP_MAX_MD_SIZE];
++	int Zlen;
++	ec = EC_KEY_new();
++	EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
++	EC_KEY_set_group(ec, group);
++	peerkey = make_peer(group, cx, cy);
++	if (rhash == NULL)
++		{
++		if (md)
++			rhashlen = M_EVP_MD_size(md);
++		EC_KEY_generate_key(ec);
++		ec_print_key(out, ec, md ? 1 : 0, exout);
++		}
++	else
++		{
++		EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
++		EC_KEY_set_private_key(ec, id);
++		}
++	Zlen = (EC_GROUP_get_degree(group) + 7)/8;
++	Z = OPENSSL_malloc(Zlen);
++	if (!Z)
++		exit(1);
++	ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
++	if (md)
++		{
++		if (exout)
++			OutputValue("Z", Z, Zlen, out, 0);
++		FIPS_digest(Z, Zlen, chash, NULL, md);
++		OutputValue(rhash ? "IUTHashZZ" : "HashZZ",
++						chash, rhashlen, out, 0);
++		if (rhash)
++			{
++			fprintf(out, "Result = %s\n",
++				memcmp(chash, rhash, rhashlen) ? "F" : "P");
++			}
++		}
++	else
++		OutputValue("ZIUT", Z, Zlen, out, 0);
++	OPENSSL_cleanse(Z, Zlen);
++	OPENSSL_free(Z);
++	EC_KEY_free(ec);
++	EC_POINT_free(peerkey);
++	}
++		
++#ifdef FIPS_ALGVS
++int fips_ecdhvs_main(int argc, char **argv)
++#else
++int main(int argc, char **argv)
++#endif
++	{
++	char **args = argv + 1;
++	int argn = argc - 1;
++	FILE *in, *out;
++	char buf[2048], lbuf[2048];
++	unsigned char *rhash = NULL;
++	long rhashlen;
++	BIGNUM *cx = NULL, *cy = NULL;
++	BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
++	const EVP_MD *md = NULL;
++	EC_GROUP *group = NULL;
++	char *keyword = NULL, *value = NULL;
++	int do_verify = -1, exout = 0;
++	int rv = 1;
++
++	int curve_nids[5] = {0,0,0,0,0};
++	int param_set = -1;
++
++	fips_algtest_init();
++
++	if (argn && !strcmp(*args, "ecdhver"))
++		{
++		do_verify = 1;
++		args++;
++		argn--;
++		}
++	else if (argn && !strcmp(*args, "ecdhgen"))
++		{
++		do_verify = 0;
++		args++;
++		argn--;
++		}
++
++	if (argn && !strcmp(*args, "-exout"))
++		{
++		exout = 1;
++		args++;
++		argn--;
++		}
++
++	if (do_verify == -1)
++		{
++		fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]);
++		exit(1);
++		}
++
++	if (argn == 2)
++		{
++		in = fopen(*args, "r");
++		if (!in)
++			{
++			fprintf(stderr, "Error opening input file\n");
++			exit(1);
++			}
++		out = fopen(args[1], "w");
++		if (!out)
++			{
++			fprintf(stderr, "Error opening output file\n");
++			exit(1);
++			}
++		}
++	else if (argn == 0)
++		{
++		in = stdin;
++		out = stdout;
++		}
++	else
++		{
++		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
++		exit(1);
++		}
++
++	while (fgets(buf, sizeof(buf), in) != NULL)
++		{
++		fputs(buf, out);
++		if (buf[0] == '[' && buf[1] == 'E')
++			{
++			int c = buf[2];
++			if (c < 'A' || c > 'E')
++				goto parse_error;
++			param_set = c - 'A';
++			/* If just [E?] then initial paramset */
++			if (buf[3] == ']')
++				continue;
++			if (group)
++				EC_GROUP_free(group);
++			group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
++			}
++		if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6))
++			{
++			int nid;
++			if (param_set == -1)
++				goto parse_error;
++			nid = lookup_curve(buf);
++			if (nid == NID_undef)
++				goto parse_error;
++			curve_nids[param_set] = nid;
++			}
++
++		if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-')
++			{
++			int nid = lookup_curve2(buf + 1);
++			if (nid == NID_undef)
++				goto parse_error;
++			if (group)
++				EC_GROUP_free(group);
++			group = EC_GROUP_new_by_curve_name(nid);
++			if (!group)
++				{
++				fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
++				return 1;
++				}
++			}
++
++		if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
++			{
++			md = eparse_md(buf);
++			if (md == NULL)
++				goto parse_error;
++			continue;
++			}
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++		if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx"))
++			{
++			if (!do_hex2bn(&cx, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy"))
++			{
++			if (!do_hex2bn(&cy, value))
++				goto parse_error;
++			if (do_verify == 0)
++				ec_output_Zhash(out, exout, group,
++						NULL, NULL, NULL,
++						cx, cy, md, rhash, rhashlen);
++			}
++		else if (!strcmp(keyword, "deIUT"))
++			{
++			if (!do_hex2bn(&id, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "QeIUTx"))
++			{
++			if (!do_hex2bn(&ix, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "QeIUTy"))
++			{
++			if (!do_hex2bn(&iy, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "CAVSHashZZ"))
++			{
++			if (!md)
++				goto parse_error;
++			rhash = hex2bin_m(value, &rhashlen);
++			if (!rhash || rhashlen != M_EVP_MD_size(md))
++				goto parse_error;
++			ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
++					md, rhash, rhashlen);
++			}
++		}
++	rv = 0;
++	parse_error:
++	if (id)
++		BN_free(id);
++	if (ix)
++		BN_free(ix);
++	if (iy)
++		BN_free(iy);
++	if (cx)
++		BN_free(cx);
++	if (cy)
++		BN_free(cy);
++	if (group)
++		EC_GROUP_free(group);
++	if (in && in != stdin)
++		fclose(in);
++	if (out && out != stdout)
++		fclose(out);
++	if (rv)
++		fprintf(stderr, "Error Parsing request file\n");
++	return rv;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c	2013-11-08 17:59:43.150028068 +0100
+@@ -0,0 +1,533 @@
++/* fips/ecdsa/fips_ecdsavs.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#define OPENSSL_FIPSAPI
++#include <openssl/opensslconf.h>
++#include <stdio.h>
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char **argv)
++{
++    printf("No FIPS ECDSA support\n");
++    return(0);
++}
++#else
++
++#include <string.h>
++#include <ctype.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/ecdsa.h>
++#include <openssl/evp.h>
++#include "fips_utl.h"
++
++#include <openssl/objects.h>
++
++
++static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
++	{
++	char *cname, *p;
++	/* Copy buffer as we will change it */
++	strcpy(curve_name, in);
++	cname = curve_name + 1;
++	p = strchr(cname, ']');
++	if (!p)
++		{
++		fprintf(stderr, "Parse error: missing ]\n");
++		return NID_undef;
++		}
++	*p = 0;
++	p = strchr(cname, ',');
++	if (p)
++		{
++		if (!pmd)
++			{
++			fprintf(stderr, "Parse error: unexpected digest\n");
++			return NID_undef;
++			}
++		*p = 0;
++		p++;
++
++		if (!strcmp(p, "SHA-1"))
++			*pmd = EVP_sha1();
++		else if (!strcmp(p, "SHA-224"))
++			*pmd = EVP_sha224();
++		else if (!strcmp(p, "SHA-256"))
++			*pmd = EVP_sha256();
++		else if (!strcmp(p, "SHA-384"))
++			*pmd = EVP_sha384();
++		else if (!strcmp(p, "SHA-512"))
++			*pmd = EVP_sha512();
++		else
++			{
++			fprintf(stderr, "Unknown digest %s\n", p);
++			return NID_undef;
++			}
++		}
++	else if(pmd)
++		*pmd = EVP_sha1();
++
++	if (!strcmp(cname, "B-163"))
++		return NID_sect163r2;
++	if (!strcmp(cname, "B-233"))
++		return NID_sect233r1;
++	if (!strcmp(cname, "B-283"))
++		return NID_sect283r1;
++	if (!strcmp(cname, "B-409"))
++		return NID_sect409r1;
++	if (!strcmp(cname, "B-571"))
++		return NID_sect571r1;
++	if (!strcmp(cname, "K-163"))
++		return NID_sect163k1;
++	if (!strcmp(cname, "K-233"))
++		return NID_sect233k1;
++	if (!strcmp(cname, "K-283"))
++		return NID_sect283k1;
++	if (!strcmp(cname, "K-409"))
++		return NID_sect409k1;
++	if (!strcmp(cname, "K-571"))
++		return NID_sect571k1;
++	if (!strcmp(cname, "P-192"))
++		return NID_X9_62_prime192v1;
++	if (!strcmp(cname, "P-224"))
++		return NID_secp224r1;
++	if (!strcmp(cname, "P-256"))
++		return NID_X9_62_prime256v1;
++	if (!strcmp(cname, "P-384"))
++		return NID_secp384r1;
++	if (!strcmp(cname, "P-521"))
++		return NID_secp521r1;
++
++	fprintf(stderr, "Unknown Curve name %s\n", cname);
++	return NID_undef;
++	}
++
++static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
++	{
++	const EC_POINT *pt;
++	const EC_GROUP *grp;
++	const EC_METHOD *meth;
++	int rv;
++	BN_CTX *ctx;
++	ctx = BN_CTX_new();
++	if (!ctx)
++		return 0;
++	grp = EC_KEY_get0_group(key);
++	pt = EC_KEY_get0_public_key(key);
++	meth = EC_GROUP_method_of(grp);
++	if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
++		rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
++	else
++#ifdef OPENSSL_NO_EC2M
++		{
++		fprintf(stderr, "ERROR: GF2m not supported\n");
++		exit(1);
++		}
++#else
++		rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
++#endif
++
++	BN_CTX_free(ctx);
++
++	return rv;
++
++	}
++
++static int KeyPair(FILE *in, FILE *out)
++	{
++	char buf[2048], lbuf[2048];
++	char *keyword, *value;
++	int curve_nid = NID_undef;
++	int i, count;
++	BIGNUM *Qx = NULL, *Qy = NULL;
++	const BIGNUM *d = NULL;
++	EC_KEY *key = NULL;
++	Qx = BN_new();
++	Qy = BN_new();
++	while(fgets(buf, sizeof buf, in) != NULL)
++		{
++		if (*buf == '[' && buf[2] == '-')
++			{
++			if (buf[2] == '-')
++			curve_nid = elookup_curve(buf, lbuf, NULL);
++			fputs(buf, out);
++			continue;
++			}
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			{
++			fputs(buf, out);
++			continue;
++			}
++		if (!strcmp(keyword, "N"))
++			{
++			count = atoi(value);
++
++			for (i = 0; i < count; i++)
++				{
++
++				key = EC_KEY_new_by_curve_name(curve_nid);
++				if (!EC_KEY_generate_key(key))
++					{
++					fprintf(stderr, "Error generating key\n");
++					return 0;
++					}
++
++				if (!ec_get_pubkey(key, Qx, Qy))
++					{
++					fprintf(stderr, "Error getting public key\n");
++					return 0;
++					}
++
++				d = EC_KEY_get0_private_key(key);
++
++				do_bn_print_name(out, "d", d);
++				do_bn_print_name(out, "Qx", Qx);
++				do_bn_print_name(out, "Qy", Qy);
++				fputs(RESP_EOL, out);
++				EC_KEY_free(key);
++
++				}
++
++			}
++
++		}
++	BN_free(Qx);
++	BN_free(Qy);
++	return 1;
++	}
++
++static int PKV(FILE *in, FILE *out)
++	{
++
++	char buf[2048], lbuf[2048];
++	char *keyword, *value;
++	int curve_nid = NID_undef;
++	BIGNUM *Qx = NULL, *Qy = NULL;
++	EC_KEY *key = NULL;
++	while(fgets(buf, sizeof buf, in) != NULL)
++		{
++		fputs(buf, out);
++		if (*buf == '[' && buf[2] == '-')
++			{
++			curve_nid = elookup_curve(buf, lbuf, NULL);
++			if (curve_nid == NID_undef)
++				return 0;
++				
++			}
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++		if (!strcmp(keyword, "Qx"))
++			{
++			if (!do_hex2bn(&Qx, value))
++				{
++				fprintf(stderr, "Invalid Qx value\n");
++				return 0;
++				}
++			}
++		if (!strcmp(keyword, "Qy"))
++			{
++			int rv;
++			if (!do_hex2bn(&Qy, value))
++				{
++				fprintf(stderr, "Invalid Qy value\n");
++				return 0;
++				}
++			key = EC_KEY_new_by_curve_name(curve_nid);
++			no_err = 1;
++			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
++			no_err = 0;
++			EC_KEY_free(key);
++			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
++			}
++
++		}
++	BN_free(Qx);
++	BN_free(Qy);
++	return 1;
++	}
++
++static int SigGen(FILE *in, FILE *out)
++	{
++	char buf[2048], lbuf[2048];
++	char *keyword, *value;
++	unsigned char *msg;
++	int curve_nid = NID_undef;
++	long mlen;
++	BIGNUM *Qx = NULL, *Qy = NULL;
++	EC_KEY *key = NULL;
++	ECDSA_SIG *sig = NULL;
++	const EVP_MD *digest = NULL;
++	Qx = BN_new();
++	Qy = BN_new();
++	while(fgets(buf, sizeof buf, in) != NULL)
++		{
++		fputs(buf, out);
++		if (*buf == '[')
++			{
++			curve_nid = elookup_curve(buf, lbuf, &digest);
++			if (curve_nid == NID_undef)
++				return 0;
++			}
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++		if (!strcmp(keyword, "Msg"))
++			{
++			msg = hex2bin_m(value, &mlen);
++			if (!msg)
++				{
++				fprintf(stderr, "Invalid Message\n");
++				return 0;
++				}
++
++			key = EC_KEY_new_by_curve_name(curve_nid);
++			if (!EC_KEY_generate_key(key))
++				{
++				fprintf(stderr, "Error generating key\n");
++				return 0;
++				}
++
++			if (!ec_get_pubkey(key, Qx, Qy))
++				{
++				fprintf(stderr, "Error getting public key\n");
++				return 0;
++				}
++
++	    		sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
++
++			if (!sig)
++				{
++				fprintf(stderr, "Error signing message\n");
++				return 0;
++				}
++
++			do_bn_print_name(out, "Qx", Qx);
++			do_bn_print_name(out, "Qy", Qy);
++			do_bn_print_name(out, "R", sig->r);
++			do_bn_print_name(out, "S", sig->s);
++
++			EC_KEY_free(key);
++			OPENSSL_free(msg);
++			FIPS_ecdsa_sig_free(sig);
++
++			}
++
++		}
++	BN_free(Qx);
++	BN_free(Qy);
++	return 1;
++	}
++
++static int SigVer(FILE *in, FILE *out)
++	{
++	char buf[2048], lbuf[2048];
++	char *keyword, *value;
++	unsigned char *msg = NULL;
++	int curve_nid = NID_undef;
++	long mlen;
++	BIGNUM *Qx = NULL, *Qy = NULL;
++	EC_KEY *key = NULL;
++	ECDSA_SIG sg, *sig = &sg;
++	const EVP_MD *digest = NULL;
++	sig->r = NULL;
++	sig->s = NULL;
++	while(fgets(buf, sizeof buf, in) != NULL)
++		{
++		fputs(buf, out);
++		if (*buf == '[')
++			{
++			curve_nid = elookup_curve(buf, lbuf, &digest);
++			if (curve_nid == NID_undef)
++				return 0;
++			}
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++		if (!strcmp(keyword, "Msg"))
++			{
++			msg = hex2bin_m(value, &mlen);
++			if (!msg)
++				{
++				fprintf(stderr, "Invalid Message\n");
++				return 0;
++				}
++			}
++			
++		if (!strcmp(keyword, "Qx"))
++			{
++			if (!do_hex2bn(&Qx, value))
++				{
++				fprintf(stderr, "Invalid Qx value\n");
++				return 0;
++				}
++			}
++		if (!strcmp(keyword, "Qy"))
++			{
++			if (!do_hex2bn(&Qy, value))
++				{
++				fprintf(stderr, "Invalid Qy value\n");
++				return 0;
++				}
++			}
++		if (!strcmp(keyword, "R"))
++			{
++			if (!do_hex2bn(&sig->r, value))
++				{
++				fprintf(stderr, "Invalid R value\n");
++				return 0;
++				}
++			}
++		if (!strcmp(keyword, "S"))
++			{
++			int rv;
++			if (!do_hex2bn(&sig->s, value))
++				{
++				fprintf(stderr, "Invalid S value\n");
++				return 0;
++				}
++			key = EC_KEY_new_by_curve_name(curve_nid);
++			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
++
++			if (rv != 1)
++				{
++				fprintf(stderr, "Error setting public key\n");
++				return 0;
++				}
++
++			no_err = 1;
++	    		rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
++			EC_KEY_free(key);
++			if (msg)
++				OPENSSL_free(msg);
++			no_err = 0;
++
++			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
++			}
++
++		}
++	if (sig->r)
++		BN_free(sig->r);
++	if (sig->s)
++		BN_free(sig->s);
++	if (Qx)
++		BN_free(Qx);
++	if (Qy)
++		BN_free(Qy);
++	return 1;
++	}
++#ifdef FIPS_ALGVS
++int fips_ecdsavs_main(int argc, char **argv)
++#else
++int main(int argc, char **argv)
++#endif
++	{
++	FILE *in = NULL, *out = NULL;
++	const char *cmd = argv[1];
++	int rv = 0;
++	fips_algtest_init();
++
++	if (argc == 4)
++		{
++		in = fopen(argv[2], "r");
++		if (!in)
++			{
++			fprintf(stderr, "Error opening input file\n");
++			exit(1);
++			}
++		out = fopen(argv[3], "w");
++		if (!out)
++			{
++			fprintf(stderr, "Error opening output file\n");
++			exit(1);
++			}
++		}
++	else if (argc == 2)
++		{
++		in = stdin;
++		out = stdout;
++		}
++
++	if (!cmd)
++		{
++		fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
++		return 1;
++		}
++	if (!strcmp(cmd, "KeyPair"))
++		rv = KeyPair(in, out);
++	else if (!strcmp(cmd, "PKV"))
++		rv = PKV(in, out);
++	else if (!strcmp(cmd, "SigVer"))
++		rv = SigVer(in, out);
++	else if (!strcmp(cmd, "SigGen"))
++		rv = SigGen(in, out);
++	else
++		{
++		fprintf(stderr, "Unknown command %s\n", cmd);
++		return 1;
++		}
++
++	if (argc == 4)
++		{
++		fclose(in);
++		fclose(out);
++		}
++
++	if (rv <= 0)
++		{
++		fprintf(stderr, "Error running %s\n", cmd);
++		return 1;
++		}
++
++	return 0;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c	2013-11-08 17:59:43.150028068 +0100
+@@ -0,0 +1,252 @@
++/* fips/ecdh/fips_ecdh_selftest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project 2011.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ */
++
++#define OPENSSL_FIPSAPI
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/ec.h>
++#include <openssl/ecdh.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++
++#ifdef OPENSSL_FIPS
++
++#include "fips_locl.h"
++
++static const unsigned char p256_qcavsx[] = {
++	0x52,0xc6,0xa5,0x75,0xf3,0x04,0x98,0xb3,0x29,0x66,0x0c,0x62,
++	0x18,0x60,0x55,0x41,0x59,0xd4,0x60,0x85,0x99,0xc1,0x51,0x13,
++	0x6f,0x97,0x85,0x93,0x33,0x34,0x07,0x50
++};
++static const unsigned char p256_qcavsy[] = {
++	0x6f,0x69,0x24,0xeb,0xe9,0x3b,0xa7,0xcc,0x47,0x17,0xaa,0x3f,
++	0x70,0xfc,0x10,0x73,0x0a,0xcd,0x21,0xee,0x29,0x19,0x1f,0xaf,
++	0xb4,0x1c,0x1e,0xc2,0x8e,0x97,0x81,0x6e
++};
++static const unsigned char p256_qiutx[] = {
++	0x71,0x46,0x88,0x08,0x92,0x21,0x1b,0x10,0x21,0x74,0xff,0x0c,
++	0x94,0xde,0x34,0x7c,0x86,0x74,0xbe,0x67,0x41,0x68,0xd4,0xc1,
++	0xe5,0x75,0x63,0x9c,0xa7,0x46,0x93,0x6f
++};
++static const unsigned char p256_qiuty[] = {
++	0x33,0x40,0xa9,0x6a,0xf5,0x20,0xb5,0x9e,0xfc,0x60,0x1a,0xae,
++	0x3d,0xf8,0x21,0xd2,0xa7,0xca,0x52,0x34,0xb9,0x5f,0x27,0x75,
++	0x6c,0x81,0xbe,0x32,0x4d,0xba,0xbb,0xf8
++};
++static const unsigned char p256_qiutd[] = {
++	0x1a,0x48,0x55,0x6b,0x11,0xbe,0x92,0xd4,0x1c,0xd7,0x45,0xc3,
++	0x82,0x81,0x51,0xf1,0x23,0x40,0xb7,0x83,0xfd,0x01,0x6d,0xbc,
++	0xa1,0x66,0xaf,0x0a,0x03,0x23,0xcd,0xc8
++};
++static const unsigned char p256_ziut[] = {
++	0x77,0x2a,0x1e,0x37,0xee,0xe6,0x51,0x02,0x71,0x40,0xf8,0x6a,
++	0x36,0xf8,0x65,0x61,0x2b,0x18,0x71,0x82,0x23,0xe6,0xf2,0x77,
++	0xce,0xec,0xb8,0x49,0xc7,0xbf,0x36,0x4f
++};
++
++
++typedef struct 
++	{
++	int curve;
++	const unsigned char *x1;
++	size_t x1len;
++	const unsigned char *y1;
++	size_t y1len;
++	const unsigned char *d1;
++	size_t d1len;
++	const unsigned char *x2;
++	size_t x2len;
++	const unsigned char *y2;
++	size_t y2len;
++	const unsigned char *z;
++	size_t zlen;
++	} ECDH_SELFTEST_DATA;
++
++#define make_ecdh_test(nid, pr) { nid, \
++				pr##_qiutx, sizeof(pr##_qiutx), \
++				pr##_qiuty, sizeof(pr##_qiuty), \
++				pr##_qiutd, sizeof(pr##_qiutd), \
++				pr##_qcavsx, sizeof(pr##_qcavsx), \
++				pr##_qcavsy, sizeof(pr##_qcavsy), \
++				pr##_ziut, sizeof(pr##_ziut) }
++
++static ECDH_SELFTEST_DATA test_ecdh_data[] = 
++	{
++	make_ecdh_test(NID_X9_62_prime256v1, p256),
++	};
++
++int FIPS_selftest_ecdh(void)
++	{
++	EC_KEY *ec1 = NULL, *ec2 = NULL;
++	const EC_POINT *ecp = NULL;
++	BIGNUM *x = NULL, *y = NULL, *d = NULL;
++	unsigned char *ztmp = NULL;
++	int rv = 1;
++	size_t i;
++
++	for (i = 0; i < sizeof(test_ecdh_data)/sizeof(ECDH_SELFTEST_DATA); i++)
++		{
++		ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
++		if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
++			continue;
++		ztmp = OPENSSL_malloc(ecd->zlen);
++
++		x = BN_bin2bn(ecd->x1, ecd->x1len, x);
++		y = BN_bin2bn(ecd->y1, ecd->y1len, y);
++		d = BN_bin2bn(ecd->d1, ecd->d1len, d);
++
++		if (!x || !y || !d || !ztmp)
++			{
++			rv = -1;
++			goto err;
++			}
++
++		ec1 = EC_KEY_new_by_curve_name(ecd->curve);
++		if (!ec1)
++			{
++			rv = -1;
++			goto err;
++			}
++		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
++
++		if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
++			{
++			rv = -1;
++			goto err;
++			}
++
++		if (!EC_KEY_set_private_key(ec1, d))
++			{
++			rv = -1;
++			goto err;
++			}
++
++		x = BN_bin2bn(ecd->x2, ecd->x2len, x);
++		y = BN_bin2bn(ecd->y2, ecd->y2len, y);
++
++		if (!x || !y)
++			{
++			rv = -1;
++			goto err;
++			}
++
++		ec2 = EC_KEY_new_by_curve_name(ecd->curve);
++		if (!ec2)
++			{
++			rv = -1;
++			goto err;
++			}
++		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
++
++		if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
++			{
++			rv = -1;
++			goto err;
++			}
++
++		ecp = EC_KEY_get0_public_key(ec2);
++		if (!ecp)
++			{
++			rv = -1;
++			goto err;
++			}
++
++		if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0))
++			{
++			rv = -1;
++			goto err;
++			}
++
++		if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
++			ztmp[0] ^= 0x1;
++
++		if (memcmp(ztmp, ecd->z, ecd->zlen))
++			{
++			fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
++			rv = 0;
++			}
++		else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
++			goto err;
++
++		EC_KEY_free(ec1);
++		ec1 = NULL;
++		EC_KEY_free(ec2);
++		ec2 = NULL;
++		OPENSSL_free(ztmp);
++		ztmp = NULL;
++		}
++
++	err:
++
++	if (x)
++		BN_clear_free(x);
++	if (y)
++		BN_clear_free(y);
++	if (d)
++		BN_clear_free(d);
++	if (ec1)
++		EC_KEY_free(ec1);
++	if (ec2)
++		EC_KEY_free(ec2);
++	if (ztmp)
++		OPENSSL_free(ztmp);
++
++	return rv;
++
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c.fips-ec	2013-11-08 17:59:43.150028068 +0100
++++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c	2013-11-08 17:59:43.150028068 +0100
+@@ -0,0 +1,167 @@
++/* fips/ecdsa/fips_ecdsa_selftest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project 2011.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ */
++
++#define OPENSSL_FIPSAPI
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/ec.h>
++#include <openssl/ecdsa.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++
++#ifdef OPENSSL_FIPS
++
++static const char P_256_name[] = "ECDSA P-256";
++
++static const unsigned char P_256_d[] = {
++	0x51,0xbd,0x06,0xa1,0x1c,0xda,0xe2,0x12,0x99,0xc9,0x52,0x3f,
++	0xea,0xa4,0xd2,0xd1,0xf4,0x7f,0xd4,0x3e,0xbd,0xf8,0xfc,0x87,
++	0xdc,0x82,0x53,0x21,0xee,0xa0,0xdc,0x64
++};
++static const unsigned char P_256_qx[] = {
++	0x23,0x89,0xe0,0xf4,0x69,0xe0,0x49,0xe5,0xc7,0xe5,0x40,0x6e,
++	0x8f,0x25,0xdd,0xad,0x11,0x16,0x14,0x9b,0xab,0x44,0x06,0x31,
++	0xbf,0x5e,0xa6,0x44,0xac,0x86,0x00,0x07
++};
++static const unsigned char P_256_qy[] = {
++	0xb3,0x05,0x0d,0xd0,0xdc,0xf7,0x40,0xe6,0xf9,0xd8,0x6d,0x7b,
++	0x63,0xca,0x97,0xe6,0x12,0xf9,0xd4,0x18,0x59,0xbe,0xb2,0x5e,
++	0x4a,0x6a,0x77,0x23,0xf4,0x11,0x9d,0xeb
++};
++
++typedef struct 
++	{
++	int curve;
++	const char *name;
++	const unsigned char *x;
++	size_t xlen;
++	const unsigned char *y;
++	size_t ylen;
++	const unsigned char *d;
++	size_t dlen;
++	} EC_SELFTEST_DATA;
++
++#define make_ecdsa_test(nid, pr) { nid, pr##_name, \
++				pr##_qx, sizeof(pr##_qx), \
++				pr##_qy, sizeof(pr##_qy), \
++				pr##_d, sizeof(pr##_d)}
++
++static EC_SELFTEST_DATA test_ec_data[] = 
++	{
++	make_ecdsa_test(NID_X9_62_prime256v1, P_256),
++	};
++
++int FIPS_selftest_ecdsa()
++	{
++	EC_KEY *ec = NULL;
++	BIGNUM *x = NULL, *y = NULL, *d = NULL;
++	EVP_PKEY *pk = NULL;
++	int rv = 0;
++	size_t i;
++
++	for (i = 0; i < sizeof(test_ec_data)/sizeof(EC_SELFTEST_DATA); i++)
++		{
++		EC_SELFTEST_DATA *ecd = test_ec_data + i;
++
++		x = BN_bin2bn(ecd->x, ecd->xlen, x);
++		y = BN_bin2bn(ecd->y, ecd->ylen, y);
++		d = BN_bin2bn(ecd->d, ecd->dlen, d);
++
++		if (!x || !y || !d)
++			goto err;
++
++		ec = EC_KEY_new_by_curve_name(ecd->curve);
++		if (!ec)
++			goto err;
++
++		if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
++			goto err;
++
++		if (!EC_KEY_set_private_key(ec, d))
++			goto err;
++
++		if ((pk=EVP_PKEY_new()) == NULL)
++			goto err;
++
++		EVP_PKEY_assign_EC_KEY(pk, ec);
++
++		if (!fips_pkey_signature_test(pk, NULL, 0,
++						NULL, 0, EVP_sha256(), 0,
++						ecd->name))
++			goto err;
++		}
++
++	rv = 1;
++
++	err:
++
++	if (x)
++		BN_clear_free(x);
++	if (y)
++		BN_clear_free(y);
++	if (d)
++		BN_clear_free(d);
++	if (pk)
++		EVP_PKEY_free(pk);
++	else if (ec)
++		EC_KEY_free(ec);
++
++	return rv;
++
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ec openssl-1.0.1e/crypto/fips/fips.h
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ec	2013-11-08 17:59:43.116027318 +0100
++++ openssl-1.0.1e/crypto/fips/fips.h	2013-11-08 17:59:43.150028068 +0100
+@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
+ void FIPS_corrupt_dsa(void);
+ void FIPS_corrupt_dsa_keygen(void);
+ int FIPS_selftest_dsa(void);
++int FIPS_selftest_ecdsa(void);
++int FIPS_selftest_ecdh(void);
+ void FIPS_corrupt_rng(void);
+ void FIPS_rng_stick(void);
+ void FIPS_x931_stick(int onoff);
+diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec openssl-1.0.1e/crypto/fips/fips_post.c
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips-ec	2013-11-08 17:59:43.117027340 +0100
++++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-11-08 17:59:43.150028068 +0100
+@@ -95,8 +95,12 @@ int FIPS_selftest(void)
+ 		rv = 0;
+ 	if (!FIPS_selftest_rsa())
+ 		rv = 0;
++	if (!FIPS_selftest_ecdsa())
++		rv = 0;
+ 	if (!FIPS_selftest_dsa())
+ 		rv = 0;
++	if (!FIPS_selftest_ecdh())
++		rv = 0;
+ 	return rv;
+ 	}
+ 
+diff -up openssl-1.0.1e/crypto/fips/Makefile.fips-ec openssl-1.0.1e/crypto/fips/Makefile
+--- openssl-1.0.1e/crypto/fips/Makefile.fips-ec	2013-11-08 17:59:43.119027384 +0100
++++ openssl-1.0.1e/crypto/fips/Makefile	2013-11-08 17:59:43.151028090 +0100
+@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
+     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
+     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
+     fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
+-    fips_cmac_selftest.c fips_enc.c fips_md.c
++    fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
+ 
+ LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
+     fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o  fips_rand.o \
+     fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
+     fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
+-    fips_cmac_selftest.o fips_enc.o fips_md.o
++    fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
+ 
+ LIBCRYPTO=-L.. -lcrypto
+ 
+@@ -118,6 +118,21 @@ fips_aes_selftest.o: ../../include/opens
+ fips_aes_selftest.o: ../../include/openssl/safestack.h
+ fips_aes_selftest.o: ../../include/openssl/stack.h
+ fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
++fips_cmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_cmac_selftest.o: ../../include/openssl/cmac.h
++fips_cmac_selftest.o: ../../include/openssl/crypto.h
++fips_cmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_cmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_cmac_selftest.o: ../../include/openssl/lhash.h
++fips_cmac_selftest.o: ../../include/openssl/obj_mac.h
++fips_cmac_selftest.o: ../../include/openssl/objects.h
++fips_cmac_selftest.o: ../../include/openssl/opensslconf.h
++fips_cmac_selftest.o: ../../include/openssl/opensslv.h
++fips_cmac_selftest.o: ../../include/openssl/ossl_typ.h
++fips_cmac_selftest.o: ../../include/openssl/safestack.h
++fips_cmac_selftest.o: ../../include/openssl/stack.h
++fips_cmac_selftest.o: ../../include/openssl/symhacks.h fips_cmac_selftest.c
++fips_cmac_selftest.o: fips_locl.h
+ fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ fips_des_selftest.o: ../../include/openssl/crypto.h
+ fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+@@ -231,6 +246,46 @@ fips_dsa_selftest.o: ../../include/opens
+ fips_dsa_selftest.o: ../../include/openssl/stack.h
+ fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
+ fips_dsa_selftest.o: fips_locl.h
++fips_ecdh_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_ecdh_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++fips_ecdh_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++fips_ecdh_selftest.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
++fips_ecdh_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_ecdh_selftest.o: ../../include/openssl/lhash.h
++fips_ecdh_selftest.o: ../../include/openssl/obj_mac.h
++fips_ecdh_selftest.o: ../../include/openssl/objects.h
++fips_ecdh_selftest.o: ../../include/openssl/opensslconf.h
++fips_ecdh_selftest.o: ../../include/openssl/opensslv.h
++fips_ecdh_selftest.o: ../../include/openssl/ossl_typ.h
++fips_ecdh_selftest.o: ../../include/openssl/safestack.h
++fips_ecdh_selftest.o: ../../include/openssl/stack.h
++fips_ecdh_selftest.o: ../../include/openssl/symhacks.h fips_ecdh_selftest.c
++fips_ecdh_selftest.o: fips_locl.h
++fips_ecdsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_ecdsa_selftest.o: ../../include/openssl/bn.h
++fips_ecdsa_selftest.o: ../../include/openssl/crypto.h
++fips_ecdsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++fips_ecdsa_selftest.o: ../../include/openssl/ecdsa.h
++fips_ecdsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_ecdsa_selftest.o: ../../include/openssl/fips.h
++fips_ecdsa_selftest.o: ../../include/openssl/lhash.h
++fips_ecdsa_selftest.o: ../../include/openssl/obj_mac.h
++fips_ecdsa_selftest.o: ../../include/openssl/objects.h
++fips_ecdsa_selftest.o: ../../include/openssl/opensslconf.h
++fips_ecdsa_selftest.o: ../../include/openssl/opensslv.h
++fips_ecdsa_selftest.o: ../../include/openssl/ossl_typ.h
++fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
++fips_ecdsa_selftest.o: ../../include/openssl/stack.h
++fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
++fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
++fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
++fips_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++fips_enc.o: ../../include/openssl/opensslconf.h
++fips_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++fips_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++fips_enc.o: ../../include/openssl/symhacks.h fips_enc.c
+ fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ fips_hmac_selftest.o: ../../include/openssl/crypto.h
+ fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+@@ -245,6 +300,15 @@ fips_hmac_selftest.o: ../../include/open
+ fips_hmac_selftest.o: ../../include/openssl/safestack.h
+ fips_hmac_selftest.o: ../../include/openssl/stack.h
+ fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
++fips_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
++fips_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_md.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
++fips_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++fips_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++fips_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
++fips_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++fips_md.o: fips_md.c
+ fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+diff -up openssl-1.0.1e/version.map.fips-ec openssl-1.0.1e/version.map
+--- openssl-1.0.1e/version.map.fips-ec	2013-11-08 17:59:43.131027649 +0100
++++ openssl-1.0.1e/version.map	2013-11-08 17:59:43.151028090 +0100
+@@ -6,3 +6,7 @@ OPENSSL_1.0.1 {
+ 	    _original*;
+ 	    _current*;
+ };
++OPENSSL_1.0.1_EC {
++    global:
++	    EC*;
++};
diff --git a/SOURCES/openssl-1.0.1e-fips.patch b/SOURCES/openssl-1.0.1e-fips.patch
new file mode 100644
index 0000000..e6942b1
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-fips.patch
@@ -0,0 +1,20363 @@
+diff -up openssl-1.0.1e/apps/pkcs12.c.fips openssl-1.0.1e/apps/pkcs12.c
+--- openssl-1.0.1e/apps/pkcs12.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/pkcs12.c	2013-10-04 11:48:04.172693955 +0200
+@@ -67,6 +67,9 @@
+ #include <openssl/err.h>
+ #include <openssl/pem.h>
+ #include <openssl/pkcs12.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+ #define PROG pkcs12_main
+ 
+@@ -130,6 +133,11 @@ int MAIN(int argc, char **argv)
+ 
+     apps_startup();
+ 
++#ifdef OPENSSL_FIPS
++    if (FIPS_mode())
++	cert_pbe = key_pbe; /* cannot use RC2 in the FIPS mode */
++#endif
++
+     enc = EVP_des_ede3_cbc();
+     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+ 
+diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
+--- openssl-1.0.1e/apps/speed.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/speed.c	2013-10-04 11:49:56.384227859 +0200
+@@ -195,7 +195,6 @@
+ #ifdef OPENSSL_DOING_MAKEDEPEND
+ #undef AES_set_encrypt_key
+ #undef AES_set_decrypt_key
+-#undef DES_set_key_unchecked
+ #endif
+ #define BF_set_key	private_BF_set_key
+ #define CAST_set_key	private_CAST_set_key
+@@ -203,7 +202,6 @@
+ #define SEED_set_key	private_SEED_set_key
+ #define RC2_set_key	private_RC2_set_key
+ #define RC4_set_key	private_RC4_set_key
+-#define DES_set_key_unchecked	private_DES_set_key_unchecked
+ #define AES_set_encrypt_key	private_AES_set_encrypt_key
+ #define AES_set_decrypt_key	private_AES_set_decrypt_key
+ #define Camellia_set_key	private_Camellia_set_key
+@@ -941,7 +939,12 @@ int MAIN(int argc, char **argv)
+ #ifndef OPENSSL_NO_RSA
+ 			if (strcmp(*argv,"rsa") == 0)
+ 			{
++#ifdef OPENSSL_FIPS
++				if (!FIPS_mode())
++#endif
++				{
+ 			rsa_doit[R_RSA_512]=1;
++				}
+ 			rsa_doit[R_RSA_1024]=1;
+ 			rsa_doit[R_RSA_2048]=1;
+ 			rsa_doit[R_RSA_4096]=1;
+@@ -951,7 +954,12 @@ int MAIN(int argc, char **argv)
+ #ifndef OPENSSL_NO_DSA
+ 			if (strcmp(*argv,"dsa") == 0)
+ 			{
++#ifdef OPENSSL_FIPS
++				if (!FIPS_mode())
++#endif
++				{
+ 			dsa_doit[R_DSA_512]=1;
++				}
+ 			dsa_doit[R_DSA_1024]=1;
+ 			dsa_doit[R_DSA_2048]=1;
+ 			}
+@@ -1162,12 +1170,18 @@ int MAIN(int argc, char **argv)
+ 		{
+ 		for (i=0; i<ALGOR_NUM; i++)
+ 			{
+-			if (i != D_EVP)
++			if (i != D_EVP &&
++			    (!FIPS_mode() || (i != D_WHIRLPOOL &&
++				i != D_MD2 && i != D_MD4 &&
++				i != D_MD5 && i != D_MDC2 &&
++				i != D_RMD160)))
+ 				doit[i]=1;
+ 			}
+ 		for (i=0; i<RSA_NUM; i++)
++		    if (!FIPS_mode() || i != R_RSA_512)
+ 			rsa_doit[i]=1;
+ 		for (i=0; i<DSA_NUM; i++)
++		    if (!FIPS_mode() || i != R_DSA_512)
+ 			dsa_doit[i]=1;
+ #ifndef OPENSSL_NO_ECDSA
+ 		for (i=0; i<EC_NUM; i++)
+@@ -1226,30 +1240,54 @@ int MAIN(int argc, char **argv)
+ 	AES_set_encrypt_key(key32,256,&aes_ks3);
+ #endif
+ #ifndef OPENSSL_NO_CAMELLIA
++	if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML])
++	    {
+ 	Camellia_set_key(key16,128,&camellia_ks1);
+ 	Camellia_set_key(ckey24,192,&camellia_ks2);
+ 	Camellia_set_key(ckey32,256,&camellia_ks3);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_IDEA
++	if (doit[D_CBC_IDEA])
++	    {
+ 	idea_set_encrypt_key(key16,&idea_ks);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_SEED
++	if (doit[D_CBC_SEED])
++	    {
+ 	SEED_set_key(key16,&seed_ks);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_RC4
++	if (doit[D_RC4])
++	    {
+ 	RC4_set_key(&rc4_ks,16,key16);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_RC2
++	if (doit[D_CBC_RC2])
++	    {
+ 	RC2_set_key(&rc2_ks,16,key16,128);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_RC5
++	if (doit[D_CBC_RC5])
++	    {
+ 	RC5_32_set_key(&rc5_ks,16,key16,12);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_BF
++	if (doit[D_CBC_BF])
++	    {
+ 	BF_set_key(&bf_ks,16,key16);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_CAST
++	if (doit[D_CBC_CAST])
++	    {
+ 	CAST_set_key(&cast_ks,16,key16);
++	    }
+ #endif
+ #ifndef OPENSSL_NO_RSA
+ 	memset(rsa_c,0,sizeof(rsa_c));
+@@ -1564,6 +1602,7 @@ int MAIN(int argc, char **argv)
+ 		HMAC_CTX hctx;
+ 
+ 		HMAC_CTX_init(&hctx);
++		HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+ 			16,EVP_md5(), NULL);
+ 
+diff -up openssl-1.0.1e/Configure.fips openssl-1.0.1e/Configure
+--- openssl-1.0.1e/Configure.fips	2013-10-04 11:48:04.153693526 +0200
++++ openssl-1.0.1e/Configure	2013-10-04 11:48:04.173693978 +0200
+@@ -995,11 +995,6 @@ if (defined($disabled{"md5"}) || defined
+ 	$disabled{"ssl2"} = "forced";
+ 	}
+ 
+-if ($fips && $fipslibdir eq "")
+-	{
+-	$fipslibdir = $fipsdir . "/lib/";
+-	}
+-
+ # RSAX ENGINE sets default non-FIPS RSA method.
+ if ($fips)
+ 	{
+@@ -1474,7 +1469,6 @@ $cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($b
+ if ($fips)
+ 	{
+ 	$openssl_other_defines.="#define OPENSSL_FIPS\n";
+-	$cflags .= " -I\$(FIPSDIR)/include";
+ 	}
+ 
+ $cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
+@@ -1661,9 +1655,12 @@ while (<IN>)
+ 
+ 	s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
+ 	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
+-	s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
+ 	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
+ 
++	if ($fips)
++		{
++		s/^FIPS=.*/FIPS=yes/;
++		}
+ 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+ 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+ 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+diff -up openssl-1.0.1e/crypto/aes/aes_misc.c.fips openssl-1.0.1e/crypto/aes/aes_misc.c
+--- openssl-1.0.1e/crypto/aes/aes_misc.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/aes/aes_misc.c	2013-10-04 11:48:04.173693978 +0200
+@@ -69,17 +69,11 @@ const char *AES_options(void) {
+ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ 			AES_KEY *key)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	fips_cipher_abort(AES);
+-#endif
+ 	return private_AES_set_encrypt_key(userKey, bits, key);
+ 	}
+ 
+ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ 			AES_KEY *key)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	fips_cipher_abort(AES);
+-#endif
+ 	return private_AES_set_decrypt_key(userKey, bits, key);
+ 	}
+diff -up openssl-1.0.1e/crypto/cmac/cmac.c.fips openssl-1.0.1e/crypto/cmac/cmac.c
+--- openssl-1.0.1e/crypto/cmac/cmac.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/cmac/cmac.c	2013-10-04 11:48:04.173693978 +0200
+@@ -107,13 +107,6 @@ CMAC_CTX *CMAC_CTX_new(void)
+ 
+ void CMAC_CTX_cleanup(CMAC_CTX *ctx)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !ctx->cctx.engine)
+-		{
+-		FIPS_cmac_ctx_cleanup(ctx);
+-		return;
+-		}
+-#endif
+ 	EVP_CIPHER_CTX_cleanup(&ctx->cctx);
+ 	OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
+ 	OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
+@@ -164,11 +157,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void
+ 			EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
+ 			return 0;
+ 			}
+-		/* Other algorithm blocking will be done in FIPS_cmac_init,
+-		 * via FIPS_cipherinit().
+-		 */
+-		if (!impl && !ctx->cctx.engine)
+-			return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
+ 		}
+ #endif
+ 	/* All zeros means restart */
+@@ -216,10 +204,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
+ 	{
+ 	const unsigned char *data = in;
+ 	size_t bl;
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !ctx->cctx.engine)
+-		return FIPS_cmac_update(ctx, in, dlen);
+-#endif
+ 	if (ctx->nlast_block == -1)
+ 		return 0;
+ 	if (dlen == 0)
+@@ -261,10 +245,6 @@ int CMAC_Update(CMAC_CTX *ctx, const voi
+ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
+ 	{
+ 	int i, bl, lb;
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !ctx->cctx.engine)
+-		return FIPS_cmac_final(ctx, out, poutlen);
+-#endif
+ 	if (ctx->nlast_block == -1)
+ 		return 0;
+ 	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+diff -up openssl-1.0.1e/crypto/crypto.h.fips openssl-1.0.1e/crypto/crypto.h
+--- openssl-1.0.1e/crypto/crypto.h.fips	2013-10-04 11:48:04.058691381 +0200
++++ openssl-1.0.1e/crypto/crypto.h	2013-10-04 11:48:04.173693978 +0200
+@@ -553,24 +553,29 @@ int FIPS_mode_set(int r);
+ void OPENSSL_init(void);
+ 
+ #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
++#define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg)
++#define fips_md_init_ctx(alg, cx) \
++	int alg##_Init(cx##_CTX *c)
+ 
+ #ifdef OPENSSL_FIPS
+-#define fips_md_init_ctx(alg, cx) \
++#define nonfips_md_init_ctx(alg, cx) \
+ 	int alg##_Init(cx##_CTX *c) \
+ 	{ \
+ 	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+-		"Low level API call to digest " #alg " forbidden in FIPS mode!"); \
++		"Digest " #alg " forbidden in FIPS mode!"); \
+ 	return private_##alg##_Init(c); \
+ 	} \
+ 	int private_##alg##_Init(cx##_CTX *c)
+ 
+ #define fips_cipher_abort(alg) \
+ 	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+-		"Low level API call to cipher " #alg " forbidden in FIPS mode!")
++		"Cipher " #alg " forbidden in FIPS mode!")
++
++/* die if FIPS selftest failed */
++void FIPS_selftest_check(void);
+ 
+ #else
+-#define fips_md_init_ctx(alg, cx) \
+-	int alg##_Init(cx##_CTX *c)
++#define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx)
+ #define fips_cipher_abort(alg) while(0)
+ #endif
+ 
+@@ -587,6 +592,9 @@ int CRYPTO_memcmp(const void *a, const v
+  */
+ void ERR_load_CRYPTO_strings(void);
+ 
++#define OPENSSL_HAVE_INIT	1
++void OPENSSL_init_library(void);
++
+ /* Error codes for the CRYPTO functions. */
+ 
+ /* Function codes. */
+diff -up openssl-1.0.1e/crypto/des/des.h.fips openssl-1.0.1e/crypto/des/des.h
+--- openssl-1.0.1e/crypto/des/des.h.fips	2013-10-04 11:48:04.088692058 +0200
++++ openssl-1.0.1e/crypto/des/des.h	2013-10-04 11:48:04.173693978 +0200
+@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DE
+ int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
+ int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
+ void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+-#ifdef OPENSSL_FIPS
+-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+-#endif
+ void DES_string_to_key(const char *str,DES_cblock *key);
+ void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
+ void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+diff -up openssl-1.0.1e/crypto/des/set_key.c.fips openssl-1.0.1e/crypto/des/set_key.c
+--- openssl-1.0.1e/crypto/des/set_key.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/des/set_key.c	2013-10-04 11:48:04.174694001 +0200
+@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock
+ 	}
+ 
+ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+-#ifdef OPENSSL_FIPS
+-	{
+-	fips_cipher_abort(DES);
+-	private_DES_set_key_unchecked(key, schedule);
+-	}
+-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+-#endif
+ 	{
+ 	static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
+ 	register DES_LONG c,d,t,s,t2;
+diff -up openssl-1.0.1e/crypto/dh/dh_gen.c.fips openssl-1.0.1e/crypto/dh/dh_gen.c
+--- openssl-1.0.1e/crypto/dh/dh_gen.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dh/dh_gen.c	2013-10-04 11:48:04.174694001 +0200
+@@ -84,11 +84,6 @@ int DH_generate_parameters_ex(DH *ret, i
+ #endif
+ 	if(ret->meth->generate_params)
+ 		return ret->meth->generate_params(ret, prime_len, generator, cb);
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return FIPS_dh_generate_parameters_ex(ret, prime_len,
+-							generator, cb);
+-#endif
+ 	return dh_builtin_genparams(ret, prime_len, generator, cb);
+ 	}
+ 
+@@ -123,6 +118,20 @@ static int dh_builtin_genparams(DH *ret,
+ 	int g,ok= -1;
+ 	BN_CTX *ctx=NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
++		return 0;
++		}
++
++	if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
++		{
++		DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
++		goto err;
++		}
++#endif
++
+ 	ctx=BN_CTX_new();
+ 	if (ctx == NULL) goto err;
+ 	BN_CTX_start(ctx);
+diff -up openssl-1.0.1e/crypto/dh/dh.h.fips openssl-1.0.1e/crypto/dh/dh.h
+--- openssl-1.0.1e/crypto/dh/dh.h.fips	2013-10-04 11:48:04.032690794 +0200
++++ openssl-1.0.1e/crypto/dh/dh.h	2013-10-04 11:48:04.174694001 +0200
+@@ -77,6 +77,8 @@
+ # define OPENSSL_DH_MAX_MODULUS_BITS	10000
+ #endif
+ 
++#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
++
+ #define DH_FLAG_CACHE_MONT_P     0x01
+ #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+                                        * implementation now uses constant time
+diff -up openssl-1.0.1e/crypto/dh/dh_key.c.fips openssl-1.0.1e/crypto/dh/dh_key.c
+--- openssl-1.0.1e/crypto/dh/dh_key.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dh/dh_key.c	2013-10-04 11:48:04.174694001 +0200
+@@ -61,6 +61,9 @@
+ #include <openssl/bn.h>
+ #include <openssl/rand.h>
+ #include <openssl/dh.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+ static int generate_key(DH *dh);
+ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+@@ -104,7 +107,7 @@ compute_key,
+ dh_bn_mod_exp,
+ dh_init,
+ dh_finish,
+-0,
++DH_FLAG_FIPS_METHOD,
+ NULL,
+ NULL
+ };
+@@ -123,6 +126,14 @@ static int generate_key(DH *dh)
+ 	BN_MONT_CTX *mont=NULL;
+ 	BIGNUM *pub_key=NULL,*priv_key=NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
++		{
++		DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
++		return 0;
++		}
++#endif
++
+ 	ctx = BN_CTX_new();
+ 	if (ctx == NULL) goto err;
+ 
+@@ -213,6 +224,13 @@ static int compute_key(unsigned char *ke
+ 		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+ 		goto err;
+ 		}
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
++		{
++		DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
++		goto err;
++		}
++#endif
+ 
+ 	ctx = BN_CTX_new();
+ 	if (ctx == NULL) goto err;
+@@ -280,6 +298,9 @@ static int dh_bn_mod_exp(const DH *dh, B
+ 
+ static int dh_init(DH *dh)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	dh->flags |= DH_FLAG_CACHE_MONT_P;
+ 	return(1);
+ 	}
+diff -up openssl-1.0.1e/crypto/dh/dh_lib.c.fips openssl-1.0.1e/crypto/dh/dh_lib.c
+--- openssl-1.0.1e/crypto/dh/dh_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dh/dh_lib.c	2013-10-04 11:48:04.174694001 +0200
+@@ -81,14 +81,7 @@ const DH_METHOD *DH_get_default_method(v
+ 	{
+ 	if(!default_DH_method)
+ 		{
+-#ifdef OPENSSL_FIPS
+-		if (FIPS_mode())
+-			return FIPS_dh_openssl();
+-		else
+-			return DH_OpenSSL();
+-#else
+ 		default_DH_method = DH_OpenSSL();
+-#endif
+ 		}
+ 	return default_DH_method;
+ 	}
+diff -up openssl-1.0.1e/crypto/dsa/dsa_err.c.fips openssl-1.0.1e/crypto/dsa/dsa_err.c
+--- openssl-1.0.1e/crypto/dsa/dsa_err.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_err.c	2013-10-04 11:48:04.174694001 +0200
+@@ -74,6 +74,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
+ {ERR_FUNC(DSA_F_DO_DSA_PRINT),	"DO_DSA_PRINT"},
+ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},
+ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},
++{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),	"dsa_builtin_keygen"},
++{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),	"dsa_builtin_paramgen"},
+ {ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},
+ {ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},
+ {ERR_FUNC(DSA_F_DSA_GENERATE_KEY),	"DSA_generate_key"},
+@@ -106,6 +108,8 @@ static ERR_STRING_DATA DSA_str_reasons[]
+ {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+ {ERR_REASON(DSA_R_DECODE_ERROR)          ,"decode error"},
+ {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE)   ,"invalid digest type"},
++{ERR_REASON(DSA_R_KEY_SIZE_INVALID)      ,"key size invalid"},
++{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
+ {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
+ {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
+ {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
+diff -up openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips openssl-1.0.1e/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1e/crypto/dsa/dsa_gen.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_gen.c	2013-10-04 11:48:04.175694023 +0200
+@@ -85,6 +85,14 @@
+ #include <openssl/fips.h>
+ #endif
+ 
++#ifndef OPENSSL_FIPS
++static int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
++		const EVP_MD *evpmd, unsigned char *seed, int seed_len,
++		BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
++static int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
++		BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
++#endif
++
+ int DSA_generate_parameters_ex(DSA *ret, int bits,
+ 		const unsigned char *seed_in, int seed_len,
+ 		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+@@ -100,14 +108,6 @@ int DSA_generate_parameters_ex(DSA *ret,
+ 	if(ret->meth->dsa_paramgen)
+ 		return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+ 				counter_ret, h_ret, cb);
+-#ifdef OPENSSL_FIPS
+-	else if (FIPS_mode())
+-		{
+-		return FIPS_dsa_generate_parameters_ex(ret, bits, 
+-							seed_in, seed_len,
+-							counter_ret, h_ret, cb);
+-		}
+-#endif
+ 	else
+ 		{
+ 		const EVP_MD *evpmd;
+@@ -125,27 +125,119 @@ int DSA_generate_parameters_ex(DSA *ret,
+ 			}
+ 
+ 		return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+-			seed_in, seed_len, NULL, counter_ret, h_ret, cb);
++				seed_in, seed_len, counter_ret, h_ret, cb);
+ 		}
+ 	}
+ 
++#ifdef OPENSSL_FIPS
++int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
++	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
++	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
++	{
++	return dsa_builtin_paramgen(ret, bits, qbits,
++		evpmd, seed_in, seed_len,
++		counter_ret, h_ret, cb);
++	}
++#endif
++
+ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+ 	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+-	unsigned char *seed_out,
+ 	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+ 	{
+ 	int ok=0;
+ 	unsigned char seed[SHA256_DIGEST_LENGTH];
++	BIGNUM *g=NULL,*q=NULL,*p=NULL;
++	size_t qsize = qbits >> 3;
++	BN_CTX *ctx=NULL;
++
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++	    {
++	    FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
++		    FIPS_R_FIPS_SELFTEST_FAILED);
++	    goto err;
++	    }
++
++	if (FIPS_module_mode() &&
++	    (bits != 1024 || qbits != 160) &&
++	    (bits != 2048 || qbits != 224) &&
++	    (bits != 2048 || qbits != 256) &&
++	    (bits != 3072 || qbits != 256))
++		{
++		DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_INVALID);
++		goto err;
++		}
++#endif
++	if (seed_len && (seed_len < (size_t)qsize))
++		seed_in = NULL;		/* seed buffer too small -- ignore */
++	if (seed_len > sizeof(seed)) 
++		seed_len = sizeof(seed);	/* App. 2.2 of FIPS PUB 186 allows larger SEED,
++						 * but our internal buffers are restricted to 256 bits*/
++	if (seed_in != NULL)
++		memcpy(seed, seed_in, seed_len);
++	else
++		seed_len = 0;
++
++	if ((ctx=BN_CTX_new()) == NULL)
++		goto err;
++
++	BN_CTX_start(ctx);
++
++	if (!FIPS_dsa_generate_pq(ctx, bits, qbits, evpmd,
++		seed, seed_len, &p, &q, counter_ret, cb))
++		goto err;
++
++	if (!FIPS_dsa_generate_g(ctx, p, q, &g, h_ret, cb))
++		goto err;
++
++	ok=1;
++err:
++	if (ok)
++		{
++		if(ret->p)
++			{
++			BN_free(ret->p);
++			ret->p = NULL;
++			}
++		if(ret->q)
++			{
++			BN_free(ret->q);
++			ret->q = NULL;
++			}
++		if(ret->g)
++			{
++			BN_free(ret->g);
++			ret->g = NULL;
++			}
++		ret->p=BN_dup(p);
++		ret->q=BN_dup(q);
++		ret->g=BN_dup(g);
++		if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
++			ok=0;
++		}
++	if(ctx)
++		{
++		BN_CTX_end(ctx);
++		BN_CTX_free(ctx);
++		}
++	return ok;
++	}
++
++#ifndef OPENSSL_FIPS
++static
++#endif
++int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
++		const EVP_MD *evpmd, unsigned char *seed, int seed_len,
++		BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb)
++	{
++	int ok=0;
+ 	unsigned char md[SHA256_DIGEST_LENGTH];
+-	unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
++	unsigned char buf[SHA256_DIGEST_LENGTH];
+ 	BIGNUM *r0,*W,*X,*c,*test;
+-	BIGNUM *g=NULL,*q=NULL,*p=NULL;
+-	BN_MONT_CTX *mont=NULL;
+-	int i, k, n=0, m=0, qsize = qbits >> 3;
++	BIGNUM *q=NULL,*p=NULL;
++	int i, k, b, n=0, m=0, qsize = qbits >> 3;
+ 	int counter=0;
+ 	int r=0;
+-	BN_CTX *ctx=NULL;
+-	unsigned int h=2;
+ 
+ 	if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
+ 	    qsize != SHA256_DIGEST_LENGTH)
+@@ -153,51 +245,43 @@ int dsa_builtin_paramgen(DSA *ret, size_
+ 		return 0;
+ 
+ 	if (evpmd == NULL)
+-		/* use SHA1 as default */
+-		evpmd = EVP_sha1();
++	    {
++		if (qbits <= 160)
++			evpmd = EVP_sha1();
++		else if (qbits <= 224)
++			evpmd = EVP_sha224();
++		else
++			evpmd = EVP_sha256();
++	    }
+ 
+ 	if (bits < 512)
+ 		bits = 512;
+ 
+ 	bits = (bits+63)/64*64;
+ 
+-	/* NB: seed_len == 0 is special case: copy generated seed to
+- 	 * seed_in if it is not NULL.
+- 	 */
+-	if (seed_len && (seed_len < (size_t)qsize))
+-		seed_in = NULL;		/* seed buffer too small -- ignore */
+-	if (seed_len > (size_t)qsize) 
+-		seed_len = qsize;	/* App. 2.2 of FIPS PUB 186 allows larger SEED,
+-					 * but our internal buffers are restricted to 160 bits*/
+-	if (seed_in != NULL)
+-		memcpy(seed, seed_in, seed_len);
+-
+-	if ((ctx=BN_CTX_new()) == NULL)
+-		goto err;
+-
+-	if ((mont=BN_MONT_CTX_new()) == NULL)
+-		goto err;
+-
+-	BN_CTX_start(ctx);
+ 	r0 = BN_CTX_get(ctx);
+-	g = BN_CTX_get(ctx);
+ 	W = BN_CTX_get(ctx);
+-	q = BN_CTX_get(ctx);
++	*q_ret = q = BN_CTX_get(ctx);
+ 	X = BN_CTX_get(ctx);
+ 	c = BN_CTX_get(ctx);
+-	p = BN_CTX_get(ctx);
++	*p_ret = p = BN_CTX_get(ctx);
+ 	test = BN_CTX_get(ctx);
+ 
+ 	if (!BN_lshift(test,BN_value_one(),bits-1))
+ 		goto err;
+ 
++	/* step 3 n = \lceil bits / qbits \rceil - 1 */
++	n = (bits+qbits-1)/qbits - 1;
++	/* step 4 b = bits - 1 - n * qbits */
++	b = bits - 1 - n*qbits;
++
+ 	for (;;)
+ 		{
+ 		for (;;) /* find q */
+ 			{
+ 			int seed_is_random;
+ 
+-			/* step 1 */
++			/* step 5 generate seed */
+ 			if(!BN_GENCB_call(cb, 0, m++))
+ 				goto err;
+ 
+@@ -212,30 +296,18 @@ int dsa_builtin_paramgen(DSA *ret, size_
+ 				seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
+ 				}
+ 			memcpy(buf , seed, qsize);
+-			memcpy(buf2, seed, qsize);
+-			/* precompute "SEED + 1" for step 7: */
+-			for (i = qsize-1; i >= 0; i--)
+-				{
+-				buf[i]++;
+-				if (buf[i] != 0)
+-					break;
+-				}
+ 
+-			/* step 2 */
++			/* step 6 U = hash(seed) */
+ 			if (!EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL))
+ 				goto err;
+-			if (!EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL))
+-				goto err;
+-			for (i = 0; i < qsize; i++)
+-				md[i]^=buf2[i];
+ 
+-			/* step 3 */
++			/* step 7 q = 2^(qbits-1) + U + 1 - (U mod 2) */
+ 			md[0] |= 0x80;
+ 			md[qsize-1] |= 0x01;
+ 			if (!BN_bin2bn(md, qsize, q))
+ 				goto err;
+ 
+-			/* step 4 */
++			/* step 8 test for prime (64 round of Rabin-Miller) */
+ 			r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+ 					seed_is_random, cb);
+ 			if (r > 0)
+@@ -243,27 +315,22 @@ int dsa_builtin_paramgen(DSA *ret, size_
+ 			if (r != 0)
+ 				goto err;
+ 
+-			/* do a callback call */
+-			/* step 5 */
+ 			}
+ 
+ 		if(!BN_GENCB_call(cb, 2, 0)) goto err;
+ 		if(!BN_GENCB_call(cb, 3, 0)) goto err;
+ 
+-		/* step 6 */
++		/* step 11 */
+ 		counter=0;
+-		/* "offset = 2" */
+-
+-		n=(bits-1)/160;
++		/* "offset = 1" */
+ 
+ 		for (;;)
+ 			{
+ 			if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+ 				goto err;
+ 
+-			/* step 7 */
++			/* step 11.1, 11.2 obtain W */
+ 			BN_zero(W);
+-			/* now 'buf' contains "SEED + offset - 1" */
+ 			for (k=0; k<=n; k++)
+ 				{
+ 				/* obtain "SEED + offset + k" by incrementing: */
+@@ -278,28 +345,30 @@ int dsa_builtin_paramgen(DSA *ret, size_
+ 									NULL))
+ 					goto err;
+ 
+-				/* step 8 */
+ 				if (!BN_bin2bn(md, qsize, r0))
+ 					goto err;
+-				if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
++				if (k == n)
++					BN_mask_bits(r0,b);
++				if (!BN_lshift(r0,r0,qbits*k)) goto err;
+ 				if (!BN_add(W,W,r0)) goto err;
+ 				}
+ 
+-			/* more of step 8 */
+-			if (!BN_mask_bits(W,bits-1)) goto err;
++			/* step 11.3 X = W + 2^(L-1) */
+ 			if (!BN_copy(X,W)) goto err;
+ 			if (!BN_add(X,X,test)) goto err;
+ 
+-			/* step 9 */
++			/* step 11.4 c = X mod 2*q */
+ 			if (!BN_lshift1(r0,q)) goto err;
+ 			if (!BN_mod(c,X,r0,ctx)) goto err;
++
++			/* step 11.5 p = X - (c - 1) */
+ 			if (!BN_sub(r0,c,BN_value_one())) goto err;
+ 			if (!BN_sub(p,X,r0)) goto err;
+ 
+-			/* step 10 */
++			/* step 11.6 */
+ 			if (BN_cmp(p,test) >= 0)
+ 				{
+-				/* step 11 */
++				/* step 11.7 */
+ 				r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
+ 						ctx, 1, cb);
+ 				if (r > 0)
+@@ -308,19 +377,45 @@ int dsa_builtin_paramgen(DSA *ret, size_
+ 					goto err;
+ 				}
+ 
+-			/* step 13 */
++			/* step 11.9 */
+ 			counter++;
+ 			/* "offset = offset + n + 1" */
+ 
+-			/* step 14 */
+-			if (counter >= 4096) break;
++			/* step 12 */
++			if (counter >= 4*bits) break;
+ 			}
+ 		}
+ end:
+ 	if(!BN_GENCB_call(cb, 2, 1))
+ 		goto err;
+ 
+-	/* We now need to generate g */
++	ok=1;
++err:
++	if (ok)
++		{
++		if (counter_ret != NULL) *counter_ret=counter;
++		}
++	return ok;
++	}
++
++#ifndef OPENSSL_FIPS
++static
++#endif
++int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
++		BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb)
++	{
++	int ok=0;
++	BIGNUM *r0, *test, *g = NULL;
++	BN_MONT_CTX *mont;
++	unsigned int h=2;
++
++	if ((mont=BN_MONT_CTX_new()) == NULL)
++		goto err;
++
++	r0 = BN_CTX_get(ctx);
++	*g_ret = g = BN_CTX_get(ctx);
++	test = BN_CTX_get(ctx);
++
+ 	/* Set r0=(p-1)/q */
+ 	if (!BN_sub(test,p,BN_value_one())) goto err;
+ 	if (!BN_div(r0,NULL,test,q,ctx)) goto err;
+@@ -344,26 +439,7 @@ end:
+ err:
+ 	if (ok)
+ 		{
+-		if(ret->p) BN_free(ret->p);
+-		if(ret->q) BN_free(ret->q);
+-		if(ret->g) BN_free(ret->g);
+-		ret->p=BN_dup(p);
+-		ret->q=BN_dup(q);
+-		ret->g=BN_dup(g);
+-		if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
+-			{
+-			ok=0;
+-			goto err;
+-			}
+-		if (counter_ret != NULL) *counter_ret=counter;
+ 		if (h_ret != NULL) *h_ret=h;
+-		if (seed_out)
+-			memcpy(seed_out, seed, qsize);
+-		}
+-	if(ctx)
+-		{
+-		BN_CTX_end(ctx);
+-		BN_CTX_free(ctx);
+ 		}
+ 	if (mont != NULL) BN_MONT_CTX_free(mont);
+ 	return ok;
+diff -up openssl-1.0.1e/crypto/dsa/dsa.h.fips openssl-1.0.1e/crypto/dsa/dsa.h
+--- openssl-1.0.1e/crypto/dsa/dsa.h.fips	2013-10-04 11:48:03.956689078 +0200
++++ openssl-1.0.1e/crypto/dsa/dsa.h	2013-10-04 11:48:04.175694023 +0200
+@@ -88,6 +88,8 @@
+ # define OPENSSL_DSA_MAX_MODULUS_BITS	10000
+ #endif
+ 
++#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
++
+ #define DSA_FLAG_CACHE_MONT_P	0x01
+ #define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
+                                               * implementation now uses constant time
+@@ -264,6 +266,17 @@ int	DSA_print_fp(FILE *bp, const DSA *x,
+ DH *DSA_dup_DH(const DSA *r);
+ #endif
+ 
++#ifdef OPENSSL_FIPS
++int FIPS_dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
++	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
++	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
++int FIPS_dsa_generate_pq(BN_CTX *ctx, size_t bits, size_t qbits,
++		const EVP_MD *evpmd, unsigned char *seed, int seed_len,
++		BIGNUM **p_ret, BIGNUM **q_ret, int *counter_ret, BN_GENCB *cb);
++int FIPS_dsa_generate_g(BN_CTX *ctx, BIGNUM *p, BIGNUM *q,
++		BIGNUM **g_ret, unsigned long *h_ret, BN_GENCB *cb);
++#endif
++
+ #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
+ 	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+ 				EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+@@ -285,10 +298,13 @@ void ERR_load_DSA_strings(void);
+ #define DSA_F_DO_DSA_PRINT				 104
+ #define DSA_F_DSAPARAMS_PRINT				 100
+ #define DSA_F_DSAPARAMS_PRINT_FP			 101
++#define DSA_F_DSA_BUILTIN_KEYGEN			 124
++#define DSA_F_DSA_BUILTIN_PARAMGEN			 123
+ #define DSA_F_DSA_DO_SIGN				 112
+ #define DSA_F_DSA_DO_VERIFY				 113
+-#define DSA_F_DSA_GENERATE_KEY				 124
+-#define DSA_F_DSA_GENERATE_PARAMETERS_EX		 123
++#define DSA_F_DSA_GENERATE_KEY				 126
++#define DSA_F_DSA_GENERATE_PARAMETERS_EX		 127
++#define DSA_F_DSA_GENERATE_PARAMETERS	/* unused */	 125
+ #define DSA_F_DSA_NEW_METHOD				 103
+ #define DSA_F_DSA_PARAM_DECODE				 119
+ #define DSA_F_DSA_PRINT_FP				 105
+@@ -314,11 +330,15 @@ void ERR_load_DSA_strings(void);
+ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
+ #define DSA_R_DECODE_ERROR				 104
+ #define DSA_R_INVALID_DIGEST_TYPE			 106
++#define DSA_R_KEY_SIZE_INVALID				 113
++#define DSA_R_KEY_SIZE_TOO_SMALL			 110
+ #define DSA_R_MISSING_PARAMETERS			 101
+ #define DSA_R_MODULUS_TOO_LARGE				 103
+-#define DSA_R_NEED_NEW_SETUP_VALUES			 110
++#define DSA_R_NEED_NEW_SETUP_VALUES			 112
+ #define DSA_R_NON_FIPS_DSA_METHOD			 111
++#define DSA_R_NON_FIPS_METHOD				 111
+ #define DSA_R_NO_PARAMETERS_SET				 107
++#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE /* unused */ 112
+ #define DSA_R_PARAMETER_ENCODING_ERROR			 105
+ 
+ #ifdef  __cplusplus
+diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.fips openssl-1.0.1e/crypto/dsa/dsa_key.c
+--- openssl-1.0.1e/crypto/dsa/dsa_key.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_key.c	2013-10-04 11:48:04.175694023 +0200
+@@ -66,6 +66,35 @@
+ 
+ #ifdef OPENSSL_FIPS
+ #include <openssl/fips.h>
++#include <openssl/evp.h>
++
++static int fips_check_dsa(DSA *dsa)
++	{
++	EVP_PKEY *pk;
++	unsigned char tbs[] = "DSA Pairwise Check Data";
++	int ret = 0;
++
++	if ((pk=EVP_PKEY_new()) == NULL)
++		goto err;
++
++	EVP_PKEY_set1_DSA(pk, dsa);
++
++	if (fips_pkey_signature_test(pk, tbs, 0, NULL, 0, NULL, 0, NULL))
++		ret = 1;
++
++	err:
++	if (ret == 0)
++		{
++		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
++		fips_set_selftest_fail();
++		}
++
++	if (pk)
++		EVP_PKEY_free(pk);
++
++	return ret;
++	}
++
+ #endif
+ 
+ static int dsa_builtin_keygen(DSA *dsa);
+@@ -82,10 +111,6 @@ int DSA_generate_key(DSA *dsa)
+ #endif
+ 	if(dsa->meth->dsa_keygen)
+ 		return dsa->meth->dsa_keygen(dsa);
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return FIPS_dsa_generate_key(dsa);
+-#endif
+ 	return dsa_builtin_keygen(dsa);
+ 	}
+ 
+@@ -95,6 +120,15 @@ static int dsa_builtin_keygen(DSA *dsa)
+ 	BN_CTX *ctx=NULL;
+ 	BIGNUM *pub_key=NULL,*priv_key=NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
++		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
++		{
++		DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
++		goto err;
++		}
++#endif
++
+ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+ 
+ 	if (dsa->priv_key == NULL)
+@@ -133,6 +167,14 @@ static int dsa_builtin_keygen(DSA *dsa)
+ 
+ 	dsa->priv_key=priv_key;
+ 	dsa->pub_key=pub_key;
++#ifdef OPENSSL_FIPS
++	if(FIPS_mode() && !fips_check_dsa(dsa))
++		{
++		dsa->pub_key = NULL;
++		dsa->priv_key = NULL;
++	    	goto err;
++		}
++#endif
+ 	ok=1;
+ 
+ err:
+diff -up openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips openssl-1.0.1e/crypto/dsa/dsa_lib.c
+--- openssl-1.0.1e/crypto/dsa/dsa_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_lib.c	2013-10-04 11:48:04.175694023 +0200
+@@ -87,14 +87,7 @@ const DSA_METHOD *DSA_get_default_method
+ 	{
+ 	if(!default_DSA_method)
+ 		{
+-#ifdef OPENSSL_FIPS
+-		if (FIPS_mode())
+-			return FIPS_dsa_openssl();
+-		else
+-			return DSA_OpenSSL();
+-#else
+ 		default_DSA_method = DSA_OpenSSL();
+-#endif
+ 		}
+ 	return default_DSA_method;
+ 	}
+diff -up openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips openssl-1.0.1e/crypto/dsa/dsa_locl.h
+--- openssl-1.0.1e/crypto/dsa/dsa_locl.h.fips	2013-10-04 11:48:03.958689123 +0200
++++ openssl-1.0.1e/crypto/dsa/dsa_locl.h	2013-10-04 11:48:04.175694023 +0200
+@@ -56,5 +56,4 @@
+ 
+ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+ 	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+-	unsigned char *seed_out,
+ 	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+diff -up openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips openssl-1.0.1e/crypto/dsa/dsa_ossl.c
+--- openssl-1.0.1e/crypto/dsa/dsa_ossl.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_ossl.c	2013-10-04 11:48:04.175694023 +0200
+@@ -65,6 +65,9 @@
+ #include <openssl/dsa.h>
+ #include <openssl/rand.h>
+ #include <openssl/asn1.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+@@ -82,7 +85,7 @@ NULL, /* dsa_mod_exp, */
+ NULL, /* dsa_bn_mod_exp, */
+ dsa_init,
+ dsa_finish,
+-0,
++DSA_FLAG_FIPS_METHOD,
+ NULL,
+ NULL,
+ NULL
+@@ -138,6 +141,21 @@ static DSA_SIG *dsa_do_sign(const unsign
+ 	DSA_SIG *ret=NULL;
+ 	int noredo = 0;
+ 
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++	    {
++	    FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
++	    return NULL;
++	    }
++
++	if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 
++		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
++		{
++		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
++		return NULL;
++		}
++#endif
++
+ 	BN_init(&m);
+ 	BN_init(&xr);
+ 
+@@ -325,6 +343,21 @@ static int dsa_do_verify(const unsigned
+ 		return -1;
+ 		}
+ 
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++	    {
++	    FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
++	    return -1;
++	    }
++
++	if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 
++		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
++		{
++		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
++		return -1;
++		}
++#endif
++
+ 	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+ 		{
+ 		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+@@ -399,6 +432,9 @@ static int dsa_do_verify(const unsigned
+ 
+ static int dsa_init(DSA *dsa)
+ {
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+ 	return(1);
+ }
+diff -up openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips openssl-1.0.1e/crypto/dsa/dsa_pmeth.c
+--- openssl-1.0.1e/crypto/dsa/dsa_pmeth.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_pmeth.c	2013-10-04 11:48:04.175694023 +0200
+@@ -255,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
+ 	if (!dsa)
+ 		return 0;
+ 	ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+-	                           NULL, 0, NULL, NULL, NULL, pcb);
++	                           NULL, 0, NULL, NULL, pcb);
+ 	if (ret)
+ 		EVP_PKEY_assign_DSA(pkey, dsa);
+ 	else
+diff -up openssl-1.0.1e/crypto/dsa/dsatest.c.fips openssl-1.0.1e/crypto/dsa/dsatest.c
+--- openssl-1.0.1e/crypto/dsa/dsatest.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsatest.c	2013-10-04 11:48:04.176694045 +0200
+@@ -96,36 +96,41 @@ static int MS_CALLBACK dsa_cb(int p, int
+ /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+  * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
+ static unsigned char seed[20]={
+-	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+-	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
++	0x02,0x47,0x11,0x92,0x11,0x88,0xC8,0xFB,0xAF,0x48,0x4C,0x62,
++	0xDF,0xA5,0xBE,0xA0,0xA4,0x3C,0x56,0xE3,
+ 	};
+ 
+ static unsigned char out_p[]={
+-	0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+-	0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+-	0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+-	0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+-	0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+-	0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+-	0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+-	0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
++	0xAC,0xCB,0x1E,0x63,0x60,0x69,0x0C,0xFB,0x06,0x19,0x68,0x3E,
++	0xA5,0x01,0x5A,0xA2,0x15,0x5C,0xE2,0x99,0x2D,0xD5,0x30,0x99,
++	0x7E,0x5F,0x8D,0xE2,0xF7,0xC6,0x2E,0x8D,0xA3,0x9F,0x58,0xAD,
++	0xD6,0xA9,0x7D,0x0E,0x0D,0x95,0x53,0xA6,0x71,0x3A,0xDE,0xAB,
++	0xAC,0xE9,0xF4,0x36,0x55,0x9E,0xB9,0xD6,0x93,0xBF,0xF3,0x18,
++	0x1C,0x14,0x7B,0xA5,0x42,0x2E,0xCD,0x00,0xEB,0x35,0x3B,0x1B,
++	0xA8,0x51,0xBB,0xE1,0x58,0x42,0x85,0x84,0x22,0xA7,0x97,0x5E,
++	0x99,0x6F,0x38,0x20,0xBD,0x9D,0xB6,0xD9,0x33,0x37,0x2A,0xFD,
++	0xBB,0xD4,0xBC,0x0C,0x2A,0x67,0xCB,0x9F,0xBB,0xDF,0xF9,0x93,
++	0xAA,0xD6,0xF0,0xD6,0x95,0x0B,0x5D,0x65,0x14,0xD0,0x18,0x9D,
++	0xC6,0xAF,0xF0,0xC6,0x37,0x7C,0xF3,0x5F,
+ 	};
+ 
+ static unsigned char out_q[]={
+-	0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+-	0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+-	0xda,0xce,0x91,0x5f,
++	0xE3,0x8E,0x5E,0x6D,0xBF,0x2B,0x79,0xF8,0xC5,0x4B,0x89,0x8B,
++	0xBA,0x2D,0x91,0xC3,0x6C,0x80,0xAC,0x87,
+ 	};
+ 
+ static unsigned char out_g[]={
+-	0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+-	0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+-	0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+-	0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+-	0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+-	0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+-	0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+-	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
++	0x42,0x4A,0x04,0x4E,0x79,0xB4,0x99,0x7F,0xFD,0x58,0x36,0x2C,
++	0x1B,0x5F,0x18,0x7E,0x0D,0xCC,0xAB,0x81,0xC9,0x5D,0x10,0xCE,
++	0x4E,0x80,0x7E,0x58,0xB4,0x34,0x3F,0xA7,0x45,0xC7,0xAA,0x36,
++	0x24,0x42,0xA9,0x3B,0xE8,0x0E,0x04,0x02,0x2D,0xFB,0xA6,0x13,
++	0xB9,0xB5,0x15,0xA5,0x56,0x07,0x35,0xE4,0x03,0xB6,0x79,0x7C,
++	0x62,0xDD,0xDF,0x3F,0x71,0x3A,0x9D,0x8B,0xC4,0xF6,0xE7,0x1D,
++	0x52,0xA8,0xA9,0x43,0x1D,0x33,0x51,0x88,0x39,0xBD,0x73,0xE9,
++	0x5F,0xBE,0x82,0x49,0x27,0xE6,0xB5,0x53,0xC1,0x38,0xAC,0x2F,
++	0x6D,0x97,0x6C,0xEB,0x67,0xC1,0x5F,0x67,0xF8,0x35,0x05,0x5E,
++	0xD5,0x68,0x80,0xAA,0x96,0xCA,0x0B,0x8A,0xE6,0xF1,0xB1,0x41,
++	0xC6,0x75,0x94,0x0A,0x0A,0x2A,0xFA,0x29,
+ 	};
+ 
+ static const unsigned char str1[]="12345678901234567890";
+@@ -157,7 +162,7 @@ int main(int argc, char **argv)
+ 	BIO_printf(bio_err,"test generation of DSA parameters\n");
+ 
+ 	BN_GENCB_set(&cb, dsa_cb, bio_err);
+-	if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
++	if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024,
+ 				seed, 20, &counter, &h, &cb))
+ 		goto end;
+ 
+@@ -170,9 +175,9 @@ int main(int argc, char **argv)
+ 	BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
+ 		
+ 	DSA_print(bio_err,dsa,0);
+-	if (counter != 105) 
++	if (counter != 239) 
+ 		{
+-		BIO_printf(bio_err,"counter should be 105\n");
++		BIO_printf(bio_err,"counter should be 239\n");
+ 		goto end;
+ 		}
+ 	if (h != 2)
+diff -up openssl-1.0.1e/crypto/engine/eng_all.c.fips openssl-1.0.1e/crypto/engine/eng_all.c
+--- openssl-1.0.1e/crypto/engine/eng_all.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/engine/eng_all.c	2013-10-04 11:48:04.176694045 +0200
+@@ -58,11 +58,25 @@
+ 
+ #include "cryptlib.h"
+ #include "eng_int.h"
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+ void ENGINE_load_builtin_engines(void)
+ 	{
+ 	/* Some ENGINEs need this */
+ 	OPENSSL_cpuid_setup();
++#ifdef OPENSSL_FIPS
++	OPENSSL_init_library();
++	if (FIPS_mode()) {
++		/* We allow loading dynamic engine as a third party
++		   engine might be FIPS validated.
++		   User is disallowed to load non-validated engines
++		   by security policy. */
++		ENGINE_load_dynamic();
++		return;
++	}
++#endif
+ #if 0
+ 	/* There's no longer any need for an "openssl" ENGINE unless, one day,
+ 	 * it is the *only* way for standard builtin implementations to be be
+diff -up openssl-1.0.1e/crypto/evp/c_allc.c.fips openssl-1.0.1e/crypto/evp/c_allc.c
+--- openssl-1.0.1e/crypto/evp/c_allc.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/c_allc.c	2013-10-04 11:48:04.176694045 +0200
+@@ -65,6 +65,11 @@
+ void OpenSSL_add_all_ciphers(void)
+ 	{
+ 
++#ifdef OPENSSL_FIPS
++	OPENSSL_init_library();
++	if(!FIPS_mode()) 
++		{
++#endif
+ #ifndef OPENSSL_NO_DES
+ 	EVP_add_cipher(EVP_des_cfb());
+ 	EVP_add_cipher(EVP_des_cfb1());
+@@ -227,4 +232,60 @@ void OpenSSL_add_all_ciphers(void)
+ 	EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
+ 	EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
+ #endif
++#ifdef OPENSSL_FIPS
++		}
++	else
++		{
++#ifndef OPENSSL_NO_DES
++	EVP_add_cipher(EVP_des_ede_cfb());
++	EVP_add_cipher(EVP_des_ede3_cfb());
++
++	EVP_add_cipher(EVP_des_ede_ofb());
++	EVP_add_cipher(EVP_des_ede3_ofb());
++
++	EVP_add_cipher(EVP_des_ede_cbc());
++	EVP_add_cipher(EVP_des_ede3_cbc());
++	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
++	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
++
++	EVP_add_cipher(EVP_des_ede());
++	EVP_add_cipher(EVP_des_ede3());
++#endif
++
++#ifndef OPENSSL_NO_AES
++	EVP_add_cipher(EVP_aes_128_ecb());
++	EVP_add_cipher(EVP_aes_128_cbc());
++	EVP_add_cipher(EVP_aes_128_cfb());
++	EVP_add_cipher(EVP_aes_128_cfb1());
++	EVP_add_cipher(EVP_aes_128_cfb8());
++	EVP_add_cipher(EVP_aes_128_ofb());
++	EVP_add_cipher(EVP_aes_128_ctr());
++	EVP_add_cipher(EVP_aes_128_gcm());
++	EVP_add_cipher(EVP_aes_128_xts());
++	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
++	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
++	EVP_add_cipher(EVP_aes_192_ecb());
++	EVP_add_cipher(EVP_aes_192_cbc());
++	EVP_add_cipher(EVP_aes_192_cfb());
++	EVP_add_cipher(EVP_aes_192_cfb1());
++	EVP_add_cipher(EVP_aes_192_cfb8());
++	EVP_add_cipher(EVP_aes_192_ofb());
++	EVP_add_cipher(EVP_aes_192_ctr());
++	EVP_add_cipher(EVP_aes_192_gcm());
++	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
++	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
++	EVP_add_cipher(EVP_aes_256_ecb());
++	EVP_add_cipher(EVP_aes_256_cbc());
++	EVP_add_cipher(EVP_aes_256_cfb());
++	EVP_add_cipher(EVP_aes_256_cfb1());
++	EVP_add_cipher(EVP_aes_256_cfb8());
++	EVP_add_cipher(EVP_aes_256_ofb());
++	EVP_add_cipher(EVP_aes_256_ctr());
++	EVP_add_cipher(EVP_aes_256_gcm());
++	EVP_add_cipher(EVP_aes_256_xts());
++	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
++	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
++#endif
++		}
++#endif
+ 	}
+diff -up openssl-1.0.1e/crypto/evp/c_alld.c.fips openssl-1.0.1e/crypto/evp/c_alld.c
+--- openssl-1.0.1e/crypto/evp/c_alld.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/c_alld.c	2013-10-04 11:48:04.176694045 +0200
+@@ -64,6 +64,11 @@
+ 
+ void OpenSSL_add_all_digests(void)
+ 	{
++#ifdef OPENSSL_FIPS
++	OPENSSL_init_library();
++	if (!FIPS_mode())
++		{
++#endif
+ #ifndef OPENSSL_NO_MD4
+ 	EVP_add_digest(EVP_md4());
+ #endif
+@@ -111,4 +116,32 @@ void OpenSSL_add_all_digests(void)
+ #ifndef OPENSSL_NO_WHIRLPOOL
+ 	EVP_add_digest(EVP_whirlpool());
+ #endif
++#ifdef OPENSSL_FIPS
++		}
++	else
++		{
++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
++	EVP_add_digest(EVP_sha1());
++	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
++	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
++#ifndef OPENSSL_NO_DSA
++	EVP_add_digest(EVP_dss1());
++	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
++	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
++	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
++#endif
++#ifndef OPENSSL_NO_ECDSA
++	EVP_add_digest(EVP_ecdsa());
++#endif
++#endif
++#ifndef OPENSSL_NO_SHA256
++	EVP_add_digest(EVP_sha224());
++	EVP_add_digest(EVP_sha256());
++#endif
++#ifndef OPENSSL_NO_SHA512
++	EVP_add_digest(EVP_sha384());
++	EVP_add_digest(EVP_sha512());
++#endif
++		}
++#endif
+ 	}
+diff -up openssl-1.0.1e/crypto/evp/digest.c.fips openssl-1.0.1e/crypto/evp/digest.c
+--- openssl-1.0.1e/crypto/evp/digest.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/digest.c	2013-10-04 11:48:04.176694045 +0200
+@@ -142,9 +142,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
+ 	return EVP_DigestInit_ex(ctx, type, NULL);
+ 	}
+ 
++#ifdef OPENSSL_FIPS
++
++/* The purpose of these is to trap programs that attempt to use non FIPS
++ * algorithms in FIPS mode and ignore the errors.
++ */
++
++static int bad_init(EVP_MD_CTX *ctx)
++	{ FIPS_ERROR_IGNORED("Digest init"); return 0;}
++
++static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
++	{ FIPS_ERROR_IGNORED("Digest update"); return 0;}
++
++static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
++	{ FIPS_ERROR_IGNORED("Digest Final"); return 0;}
++
++static const EVP_MD bad_md =
++	{
++	0,
++	0,
++	0,
++	0,
++	bad_init,
++	bad_update,
++	bad_final,
++	NULL,
++	NULL,
++	NULL,
++	0,
++	{0,0,0,0},
++	};
++
++#endif
++
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+ 	{
+ 	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
++		ctx->digest = &bad_md;
++		return 0;
++		}
++#endif
+ #ifndef OPENSSL_NO_ENGINE
+ 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+ 	 * so this context may already have an ENGINE! Try to avoid releasing
+@@ -201,6 +242,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+ #endif
+ 	if (ctx->digest != type)
+ 		{
++#ifdef OPENSSL_FIPS
++		if (FIPS_mode())
++			{
++			if (!(type->flags & EVP_MD_FLAG_FIPS) 
++			 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
++				{
++				EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
++				ctx->digest = &bad_md;
++				return 0;
++				}
++			}
++#endif
+ 		if (ctx->digest && ctx->digest->ctx_size)
+ 			OPENSSL_free(ctx->md_data);
+ 		ctx->digest=type;
+@@ -229,26 +282,15 @@ skip_to_init:
+ 		}
+ 	if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+ 		return 1;
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		{
+-		if (FIPS_digestinit(ctx, type))
+-			return 1;
+-		OPENSSL_free(ctx->md_data);
+-		ctx->md_data = NULL;
+-		return 0;
+-		}
+-#endif
+ 	return ctx->digest->init(ctx);
+ 	}
+ 
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+ 	{
+ #ifdef OPENSSL_FIPS
+-	return FIPS_digestupdate(ctx, data, count);
+-#else
+-	return ctx->update(ctx,data,count);
++	FIPS_selftest_check();
+ #endif
++	return ctx->update(ctx,data,count);
+ 	}
+ 
+ /* The caller can assume that this removes any secret data from the context */
+@@ -263,11 +305,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
+ /* The caller can assume that this removes any secret data from the context */
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	return FIPS_digestfinal(ctx, md, size);
+-#else
+ 	int ret;
+ 
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+ 	ret=ctx->digest->final(ctx,md);
+ 	if (size != NULL)
+@@ -279,7 +321,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
+ 		}
+ 	memset(ctx->md_data,0,ctx->digest->ctx_size);
+ 	return ret;
+-#endif
+ 	}
+ 
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+@@ -373,7 +414,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+ /* This call frees resources associated with the context */
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+ 	{
+-#ifndef OPENSSL_FIPS
+ 	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
+ 	 * because sometimes only copies of the context are ever finalised.
+ 	 */
+@@ -386,7 +426,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+ 		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
+ 		OPENSSL_free(ctx->md_data);
+ 		}
+-#endif
+ 	if (ctx->pctx)
+ 		EVP_PKEY_CTX_free(ctx->pctx);
+ #ifndef OPENSSL_NO_ENGINE
+@@ -395,9 +434,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+ 		 * functional reference we held for this reason. */
+ 		ENGINE_finish(ctx->engine);
+ #endif
+-#ifdef OPENSSL_FIPS
+-	FIPS_md_ctx_cleanup(ctx);
+-#endif
+ 	memset(ctx,'\0',sizeof *ctx);
+ 
+ 	return 1;
+diff -up openssl-1.0.1e/crypto/evp/e_aes.c.fips openssl-1.0.1e/crypto/evp/e_aes.c
+--- openssl-1.0.1e/crypto/evp/e_aes.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/e_aes.c	2013-10-04 11:48:04.177694068 +0200
+@@ -56,7 +56,6 @@
+ #include <assert.h>
+ #include <openssl/aes.h>
+ #include "evp_locl.h"
+-#ifndef OPENSSL_FIPS
+ #include "modes_lcl.h"
+ #include <openssl/rand.h>
+ 
+@@ -716,7 +715,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
+ 		if (arg <= 0)
+ 			return 0;
+ #ifdef OPENSSL_FIPS
+-		if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
++		if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
+ 						 && arg < 12)
+ 			return 0;
+ #endif
+@@ -1128,7 +1127,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
+ 		return 0;
+ #ifdef OPENSSL_FIPS
+ 	/* Requirement of SP800-38E */
+-	if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
++	if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
+ 			(len > (1UL<<20)*16))
+ 		{
+ 		EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
+@@ -1311,4 +1310,3 @@ BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm
+ BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
+ 
+ #endif
+-#endif
+diff -up openssl-1.0.1e/crypto/evp/e_des3.c.fips openssl-1.0.1e/crypto/evp/e_des3.c
+--- openssl-1.0.1e/crypto/evp/e_des3.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/e_des3.c	2013-10-04 11:48:04.177694068 +0200
+@@ -65,8 +65,6 @@
+ #include <openssl/des.h>
+ #include <openssl/rand.h>
+ 
+-#ifndef OPENSSL_FIPS
+-
+ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ 			    const unsigned char *iv,int enc);
+ 
+@@ -208,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
+     }
+ 
+ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+-			EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 
+-			EVP_CIPHER_set_asn1_iv,
+-			EVP_CIPHER_get_asn1_iv,
++		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++			des_ede_init_key,
++			NULL, NULL, NULL,
+ 			des3_ctrl)
+ 
+ #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+@@ -219,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
+ #define des_ede3_ecb_cipher des_ede_ecb_cipher
+ 
+ BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+-			EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 
+-			EVP_CIPHER_set_asn1_iv,
+-			EVP_CIPHER_get_asn1_iv,
++		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++			des_ede3_init_key,
++			NULL, NULL, NULL,
+ 			des3_ctrl)
+ 
+ BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
+-		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
+-		     EVP_CIPHER_set_asn1_iv,
+-		     EVP_CIPHER_get_asn1_iv,
++		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++		     des_ede3_init_key,
++		     NULL, NULL, NULL,
+ 		     des3_ctrl)
+ 
+ BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
+-		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
+-		     EVP_CIPHER_set_asn1_iv,
+-		     EVP_CIPHER_get_asn1_iv,
++		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
++		     des_ede3_init_key,
++		     NULL, NULL, NULL,
+ 		     des3_ctrl)
+ 
+ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+@@ -313,4 +311,3 @@ const EVP_CIPHER *EVP_des_ede3(void)
+ 	return &des_ede3_ecb;
+ }
+ #endif
+-#endif
+diff -up openssl-1.0.1e/crypto/evp/e_null.c.fips openssl-1.0.1e/crypto/evp/e_null.c
+--- openssl-1.0.1e/crypto/evp/e_null.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/e_null.c	2013-10-04 11:48:04.177694068 +0200
+@@ -61,8 +61,6 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ 
+-#ifndef OPENSSL_FIPS
+-
+ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ 	const unsigned char *iv,int enc);
+ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+@@ -71,7 +69,7 @@ static const EVP_CIPHER n_cipher=
+ 	{
+ 	NID_undef,
+ 	1,0,0,
+-	0,
++	EVP_CIPH_FLAG_FIPS,
+ 	null_init_key,
+ 	null_cipher,
+ 	NULL,
+@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *c
+ 		memcpy((char *)out,(const char *)in,inl);
+ 	return 1;
+ 	}
+-#endif
+diff -up openssl-1.0.1e/crypto/evp/evp_enc.c.fips openssl-1.0.1e/crypto/evp/evp_enc.c
+--- openssl-1.0.1e/crypto/evp/evp_enc.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/evp_enc.c	2013-10-04 11:48:04.177694068 +0200
+@@ -69,17 +69,58 @@
+ #endif
+ #include "evp_locl.h"
+ 
+-#ifdef OPENSSL_FIPS
+-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
+-#else
+ #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
+-#endif
+ 
+ 
+ const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
+ 
++#ifdef OPENSSL_FIPS
++
++/* The purpose of these is to trap programs that attempt to use non FIPS
++ * algorithms in FIPS mode and ignore the errors.
++ */
++
++static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
++		    const unsigned char *iv, int enc)
++	{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
++
++static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
++			 const unsigned char *in, unsigned int inl)
++	{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
++
++/* NB: no cleanup because it is allowed after failed init */
++
++static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
++	{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
++static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
++	{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
++static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
++	{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
++
++static const EVP_CIPHER bad_cipher =
++	{
++	0,
++	0,
++	0,
++	0,
++	0,
++	bad_init,
++	bad_do_cipher,
++	NULL,
++	0,
++	bad_set_asn1,
++	bad_get_asn1,
++	bad_ctrl,
++	NULL
++	};
++
++#endif
++
+ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+ 	/* ctx->cipher=NULL; */
+ 	}
+@@ -111,6 +152,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+ 			enc = 1;
+ 		ctx->encrypt = enc;
+ 		}
++#ifdef OPENSSL_FIPS
++	if(FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
++		ctx->cipher = &bad_cipher;
++		return 0;
++		}
++#endif
+ #ifndef OPENSSL_NO_ENGINE
+ 	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+ 	 * so this context may already have an ENGINE! Try to avoid releasing
+@@ -169,10 +218,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+ 			ctx->engine = NULL;
+ #endif
+ 
+-#ifdef OPENSSL_FIPS
+-		if (FIPS_mode())
+-			return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+-#endif
+ 		ctx->cipher=cipher;
+ 		if (ctx->cipher->ctx_size)
+ 			{
+@@ -206,10 +251,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
+ #ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+ #endif
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+-#endif
+ 	/* we assume block size is a power of 2 in *cryptUpdate */
+ 	OPENSSL_assert(ctx->cipher->block_size == 1
+ 	    || ctx->cipher->block_size == 8
+@@ -249,6 +290,22 @@ skip_to_init:
+ 		}
+ 	}
+ 
++#ifdef OPENSSL_FIPS
++	/* After 'key' is set no further parameters changes are permissible.
++	 * So only check for non FIPS enabling at this point.
++	 */
++	if (key && FIPS_mode())
++		{
++		if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
++			& !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
++			{
++			EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
++			ctx->cipher = &bad_cipher;
++			return 0;
++			}
++		}
++#endif
++
+ 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+ 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+ 	}
+@@ -568,7 +625,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX
+ 
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+ 	{
+-#ifndef OPENSSL_FIPS
+ 	if (c->cipher != NULL)
+ 		{
+ 		if(c->cipher->cleanup && !c->cipher->cleanup(c))
+@@ -579,16 +635,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CT
+ 		}
+ 	if (c->cipher_data)
+ 		OPENSSL_free(c->cipher_data);
+-#endif
+ #ifndef OPENSSL_NO_ENGINE
+ 	if (c->engine)
+ 		/* The EVP_CIPHER we used belongs to an ENGINE, release the
+ 		 * functional reference we held for this reason. */
+ 		ENGINE_finish(c->engine);
+ #endif
+-#ifdef OPENSSL_FIPS
+-	FIPS_cipher_ctx_cleanup(c);
+-#endif
+ 	memset(c,0,sizeof(EVP_CIPHER_CTX));
+ 	return 1;
+ 	}
+diff -up openssl-1.0.1e/crypto/evp/evp.h.fips openssl-1.0.1e/crypto/evp/evp.h
+--- openssl-1.0.1e/crypto/evp/evp.h.fips	2013-10-04 11:48:04.071691675 +0200
++++ openssl-1.0.1e/crypto/evp/evp.h	2013-10-04 11:48:04.177694068 +0200
+@@ -75,6 +75,10 @@
+ #include <openssl/bio.h>
+ #endif
+ 
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+ /*
+ #define EVP_RC2_KEY_SIZE		16
+ #define EVP_RC4_KEY_SIZE		16
+@@ -282,10 +286,6 @@ struct env_md_ctx_st
+ 						* cleaned */
+ #define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data
+ 						* in EVP_MD_CTX_cleanup */
+-/* FIPS and pad options are ignored in 1.0.0, definitions are here
+- * so we don't accidentally reuse the values for other purposes.
+- */
+-
+ #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	0x0008	/* Allow use of non FIPS digest
+ 						 * in FIPS mode */
+ 
+@@ -297,6 +297,10 @@ struct env_md_ctx_st
+ #define EVP_MD_CTX_FLAG_PAD_PKCS1	0x00	/* PKCS#1 v1.5 mode */
+ #define EVP_MD_CTX_FLAG_PAD_X931	0x10	/* X9.31 mode */
+ #define EVP_MD_CTX_FLAG_PAD_PSS		0x20	/* PSS mode */
++#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
++		((ctx->flags>>16) &0xFFFF) /* seed length */
++#define EVP_MD_CTX_FLAG_PSS_MDLEN	0xFFFF	/* salt len same as digest */
++#define EVP_MD_CTX_FLAG_PSS_MREC	0xFFFE	/* salt max or auto recovered */
+ 
+ #define EVP_MD_CTX_FLAG_NO_INIT		0x0100 /* Don't initialize md_data */
+ 
+@@ -348,15 +352,15 @@ struct evp_cipher_st
+ /* cipher handles random key generation */
+ #define 	EVP_CIPH_RAND_KEY		0x200
+ /* cipher has its own additional copying logic */
+-#define 	EVP_CIPH_CUSTOM_COPY		0x400
++#define 	EVP_CIPH_CUSTOM_COPY		0x4000
+ /* Allow use default ASN1 get/set iv */
+ #define		EVP_CIPH_FLAG_DEFAULT_ASN1	0x1000
+ /* Buffer length in bits not bytes: CFB1 mode only */
+ #define		EVP_CIPH_FLAG_LENGTH_BITS	0x2000
+ /* Note if suitable for use in FIPS mode */
+-#define		EVP_CIPH_FLAG_FIPS		0x4000
++#define		EVP_CIPH_FLAG_FIPS		0x400
+ /* Allow non FIPS cipher in FIPS mode */
+-#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x8000
++#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x800
+ /* Cipher handles any and all padding logic as well
+  * as finalisation.
+  */
+diff -up openssl-1.0.1e/crypto/evp/evp_lib.c.fips openssl-1.0.1e/crypto/evp/evp_lib.c
+--- openssl-1.0.1e/crypto/evp/evp_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/evp_lib.c	2013-10-04 11:48:04.177694068 +0200
+@@ -190,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
+ 
+ int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	return ctx->cipher->do_cipher(ctx,out,in,inl);
+ 	}
+ 
+diff -up openssl-1.0.1e/crypto/evp/evp_locl.h.fips openssl-1.0.1e/crypto/evp/evp_locl.h
+--- openssl-1.0.1e/crypto/evp/evp_locl.h.fips	2013-10-04 11:48:04.067691584 +0200
++++ openssl-1.0.1e/crypto/evp/evp_locl.h	2013-10-04 11:48:04.178694091 +0200
+@@ -258,10 +258,9 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
+ 	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+ 	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+ 			     NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+-			     0, cipher##_init_key, NULL, \
+-			     EVP_CIPHER_set_asn1_iv, \
+-			     EVP_CIPHER_get_asn1_iv, \
+-			     NULL)
++			     EVP_CIPH_FLAG_DEFAULT_ASN1, \
++			     cipher##_init_key, NULL, NULL, NULL, NULL)
++
+ 
+ struct evp_pkey_ctx_st
+ 	{
+@@ -367,11 +366,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
+ #define MD2_Init	private_MD2_Init
+ #define MDC2_Init	private_MDC2_Init
+ #define SHA_Init	private_SHA_Init
+-#define SHA1_Init	private_SHA1_Init
+-#define SHA224_Init	private_SHA224_Init
+-#define SHA256_Init	private_SHA256_Init
+-#define SHA384_Init	private_SHA384_Init
+-#define SHA512_Init	private_SHA512_Init
+ 
+ #define BF_set_key	private_BF_set_key
+ #define CAST_set_key	private_CAST_set_key
+@@ -379,7 +373,6 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_
+ #define SEED_set_key	private_SEED_set_key
+ #define RC2_set_key	private_RC2_set_key
+ #define RC4_set_key	private_RC4_set_key
+-#define DES_set_key_unchecked	private_DES_set_key_unchecked
+ #define Camellia_set_key	private_Camellia_set_key
+ 
+ #endif
+diff -up openssl-1.0.1e/crypto/evp/Makefile.fips openssl-1.0.1e/crypto/evp/Makefile
+--- openssl-1.0.1e/crypto/evp/Makefile.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/Makefile	2013-10-04 11:48:04.178694091 +0200
+@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
+ 	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+ 	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+ 	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
+-	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c	\
++	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
+ 	e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
+ 
+ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
+@@ -41,7 +41,7 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_
+ 	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+ 	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+ 	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
+-	e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
++	e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
+ 	e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
+ 
+ SRC= $(LIBSRC)
+diff -up openssl-1.0.1e/crypto/evp/m_dss.c.fips openssl-1.0.1e/crypto/evp/m_dss.c
+--- openssl-1.0.1e/crypto/evp/m_dss.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_dss.c	2013-10-04 11:48:04.178694091 +0200
+@@ -66,7 +66,6 @@
+ #endif
+ 
+ #ifndef OPENSSL_NO_SHA
+-#ifndef OPENSSL_FIPS
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return SHA1_Init(ctx->md_data); }
+@@ -82,7 +81,7 @@ static const EVP_MD dsa_md=
+ 	NID_dsaWithSHA,
+ 	NID_dsaWithSHA,
+ 	SHA_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_DIGEST,
++	EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
+ 	init,
+ 	update,
+ 	final,
+@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
+ 	return(&dsa_md);
+ 	}
+ #endif
+-#endif
+diff -up openssl-1.0.1e/crypto/evp/m_dss1.c.fips openssl-1.0.1e/crypto/evp/m_dss1.c
+--- openssl-1.0.1e/crypto/evp/m_dss1.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_dss1.c	2013-10-04 11:48:04.178694091 +0200
+@@ -68,8 +68,6 @@
+ #include <openssl/dsa.h>
+ #endif
+ 
+-#ifndef OPENSSL_FIPS 
+-
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return SHA1_Init(ctx->md_data); }
+ 
+@@ -84,7 +82,7 @@ static const EVP_MD dss1_md=
+ 	NID_dsa,
+ 	NID_dsaWithSHA1,
+ 	SHA_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_DIGEST,
++	EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS,
+ 	init,
+ 	update,
+ 	final,
+@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
+ 	return(&dss1_md);
+ 	}
+ #endif
+-#endif
+diff -up openssl-1.0.1e/crypto/evp/m_md2.c.fips openssl-1.0.1e/crypto/evp/m_md2.c
+--- openssl-1.0.1e/crypto/evp/m_md2.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_md2.c	2013-10-04 11:48:04.178694091 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return MD2_Init(ctx->md_data); }
+diff -up openssl-1.0.1e/crypto/evp/m_sha1.c.fips openssl-1.0.1e/crypto/evp/m_sha1.c
+--- openssl-1.0.1e/crypto/evp/m_sha1.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/m_sha1.c	2013-10-04 11:48:04.178694091 +0200
+@@ -59,8 +59,6 @@
+ #include <stdio.h>
+ #include "cryptlib.h"
+ 
+-#ifndef OPENSSL_FIPS
+-
+ #ifndef OPENSSL_NO_SHA
+ 
+ #include <openssl/evp.h>
+@@ -85,7 +83,8 @@ static const EVP_MD sha1_md=
+ 	NID_sha1,
+ 	NID_sha1WithRSAEncryption,
+ 	SHA_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
++		EVP_MD_FLAG_FIPS,
+ 	init,
+ 	update,
+ 	final,
+@@ -122,7 +121,8 @@ static const EVP_MD sha224_md=
+ 	NID_sha224,
+ 	NID_sha224WithRSAEncryption,
+ 	SHA224_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
++		EVP_MD_FLAG_FIPS,
+ 	init224,
+ 	update256,
+ 	final256,
+@@ -141,7 +141,8 @@ static const EVP_MD sha256_md=
+ 	NID_sha256,
+ 	NID_sha256WithRSAEncryption,
+ 	SHA256_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
++		EVP_MD_FLAG_FIPS,
+ 	init256,
+ 	update256,
+ 	final256,
+@@ -172,7 +173,8 @@ static const EVP_MD sha384_md=
+ 	NID_sha384,
+ 	NID_sha384WithRSAEncryption,
+ 	SHA384_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
++		EVP_MD_FLAG_FIPS,
+ 	init384,
+ 	update512,
+ 	final512,
+@@ -191,7 +193,8 @@ static const EVP_MD sha512_md=
+ 	NID_sha512,
+ 	NID_sha512WithRSAEncryption,
+ 	SHA512_DIGEST_LENGTH,
+-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
++	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|
++		EVP_MD_FLAG_FIPS,
+ 	init512,
+ 	update512,
+ 	final512,
+@@ -206,4 +209,3 @@ const EVP_MD *EVP_sha512(void)
+ 	{ return(&sha512_md); }
+ #endif	/* ifndef OPENSSL_NO_SHA512 */
+ 
+-#endif
+diff -up openssl-1.0.1e/crypto/evp/p_sign.c.fips openssl-1.0.1e/crypto/evp/p_sign.c
+--- openssl-1.0.1e/crypto/evp/p_sign.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/p_sign.c	2013-10-04 11:48:04.179694114 +0200
+@@ -61,6 +61,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
++#include <openssl/rsa.h>
+ 
+ #ifdef undef
+ void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+@@ -103,6 +104,22 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsig
+ 			goto err;
+ 		if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+ 			goto err;
++		if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
++			if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
++				goto err;
++		if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
++			{
++			int saltlen;
++			if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
++				goto err;
++			saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
++			if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
++				saltlen = -1;
++			else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
++				saltlen = -2;
++			if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
++				goto err;
++			}
+ 		if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+ 			goto err;
+ 		*siglen = sltmp;
+diff -up openssl-1.0.1e/crypto/evp/p_verify.c.fips openssl-1.0.1e/crypto/evp/p_verify.c
+--- openssl-1.0.1e/crypto/evp/p_verify.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/p_verify.c	2013-10-04 11:48:04.179694114 +0200
+@@ -61,6 +61,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
++#include <openssl/rsa.h>
+ 
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+ 	     unsigned int siglen, EVP_PKEY *pkey)
+@@ -88,6 +89,22 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, con
+ 			goto err;
+ 		if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
+ 			goto err;
++		if (ctx->flags & EVP_MD_CTX_FLAG_PAD_X931)
++			if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_X931_PADDING) <= 0)
++				goto err;
++		if (ctx->flags & EVP_MD_CTX_FLAG_PAD_PSS)
++			{
++			int saltlen;
++			if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
++				goto err;
++			saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(ctx);
++			if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
++				saltlen = -1;
++			else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
++				saltlen = -2;
++			if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
++				goto err;
++			}
+ 		i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+ 		err:
+ 		EVP_PKEY_CTX_free(pkctx);
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c.fips	2013-10-04 11:48:04.179694114 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_aesavs.c	2013-10-04 11:48:04.179694114 +0200
+@@ -0,0 +1,939 @@
++/* ====================================================================
++ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++/*---------------------------------------------
++  NIST AES Algorithm Validation Suite
++  Test Program
++
++  Donated to OpenSSL by:
++  V-ONE Corporation
++  20250 Century Blvd, Suite 300
++  Germantown, MD 20874
++  U.S.A.
++  ----------------------------------------------*/
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <errno.h>
++#include <assert.h>
++#include <ctype.h>
++#include <openssl/aes.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++
++#include <openssl/err.h>
++#include "e_os.h"
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char *argv[])
++{
++    printf("No FIPS AES support\n");
++    return(0);
++}
++
++#else
++
++#include <openssl/fips.h>
++#include "fips_utl.h"
++
++#define AES_BLOCK_SIZE 16
++
++#define VERBOSE 0
++
++/*-----------------------------------------------*/
++
++int AESTest(EVP_CIPHER_CTX *ctx,
++	    char *amode, int akeysz, unsigned char *aKey, 
++	    unsigned char *iVec, 
++	    int dir,  /* 0 = decrypt, 1 = encrypt */
++	    unsigned char *plaintext, unsigned char *ciphertext, int len)
++    {
++    const EVP_CIPHER *cipher = NULL;
++
++    if (strcasecmp(amode, "CBC") == 0)
++	{
++	switch (akeysz)
++		{
++		case 128:
++		cipher = EVP_aes_128_cbc();
++		break;
++
++		case 192:
++		cipher = EVP_aes_192_cbc();
++		break;
++
++		case 256:
++		cipher = EVP_aes_256_cbc();
++		break;
++		}
++
++	}
++    else if (strcasecmp(amode, "ECB") == 0)
++	{
++	switch (akeysz)
++		{
++		case 128:
++		cipher = EVP_aes_128_ecb();
++		break;
++
++		case 192:
++		cipher = EVP_aes_192_ecb();
++		break;
++
++		case 256:
++		cipher = EVP_aes_256_ecb();
++		break;
++		}
++	}
++    else if (strcasecmp(amode, "CFB128") == 0)
++	{
++	switch (akeysz)
++		{
++		case 128:
++		cipher = EVP_aes_128_cfb128();
++		break;
++
++		case 192:
++		cipher = EVP_aes_192_cfb128();
++		break;
++
++		case 256:
++		cipher = EVP_aes_256_cfb128();
++		break;
++		}
++
++	}
++    else if (strncasecmp(amode, "OFB", 3) == 0)
++	{
++	switch (akeysz)
++		{
++		case 128:
++		cipher = EVP_aes_128_ofb();
++		break;
++
++		case 192:
++		cipher = EVP_aes_192_ofb();
++		break;
++
++		case 256:
++		cipher = EVP_aes_256_ofb();
++		break;
++		}
++	}
++    else if(!strcasecmp(amode,"CFB1"))
++	{
++	switch (akeysz)
++		{
++		case 128:
++		cipher = EVP_aes_128_cfb1();
++		break;
++
++		case 192:
++		cipher = EVP_aes_192_cfb1();
++		break;
++
++		case 256:
++		cipher = EVP_aes_256_cfb1();
++		break;
++		}
++	}
++    else if(!strcasecmp(amode,"CFB8"))
++	{
++	switch (akeysz)
++		{
++		case 128:
++		cipher = EVP_aes_128_cfb8();
++		break;
++
++		case 192:
++		cipher = EVP_aes_192_cfb8();
++		break;
++
++		case 256:
++		cipher = EVP_aes_256_cfb8();
++		break;
++		}
++	}
++    else
++	{
++	printf("Unknown mode: %s\n", amode);
++	return 0;
++	}
++    if (!cipher)
++	{
++	printf("Invalid key size: %d\n", akeysz);
++	return 0; 
++	}
++    if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
++	return 0;
++    if(!strcasecmp(amode,"CFB1"))
++	M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
++    if (dir)
++		EVP_Cipher(ctx, ciphertext, plaintext, len);
++	else
++		EVP_Cipher(ctx, plaintext, ciphertext, len);
++    return 1;
++    }
++
++/*-----------------------------------------------*/
++char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
++char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
++enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
++enum XCrypt {XDECRYPT, XENCRYPT};
++
++/*=============================*/
++/*  Monte Carlo Tests          */
++/*-----------------------------*/
++
++/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
++/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
++
++#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
++#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
++
++int do_mct(char *amode, 
++	   int akeysz, unsigned char *aKey,unsigned char *iVec,
++	   int dir, unsigned char *text, int len,
++	   FILE *rfp)
++    {
++    int ret = 0;
++    unsigned char key[101][32];
++    unsigned char iv[101][AES_BLOCK_SIZE];
++    unsigned char ptext[1001][32];
++    unsigned char ctext[1001][32];
++    unsigned char ciphertext[64+4];
++    int i, j, n, n1, n2;
++    int imode = 0, nkeysz = akeysz/8;
++    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX_init(&ctx);
++
++    if (len > 32)
++	{
++	printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", 
++	       amode, akeysz);
++	return -1;
++	}
++    for (imode = 0; imode < 6; ++imode)
++	if (strcmp(amode, t_mode[imode]) == 0)
++	    break;
++    if (imode == 6)
++	{ 
++	printf("Unrecognized mode: %s\n", amode);
++	return -1;
++	}
++
++    memcpy(key[0], aKey, nkeysz);
++    if (iVec)
++	memcpy(iv[0], iVec, AES_BLOCK_SIZE);
++    if (dir == XENCRYPT)
++	memcpy(ptext[0], text, len);
++    else
++	memcpy(ctext[0], text, len);
++    for (i = 0; i < 100; ++i)
++	{
++	/* printf("Iteration %d\n", i); */
++	if (i > 0)
++	    {
++	    fprintf(rfp,"COUNT = %d\n",i);
++	    OutputValue("KEY",key[i],nkeysz,rfp,0);
++	    if (imode != ECB)  /* ECB */
++		OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
++	    /* Output Ciphertext | Plaintext */
++	    OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
++			imode == CFB1);
++	    }
++	for (j = 0; j < 1000; ++j)
++	    {
++	    switch (imode)
++		{
++	    case ECB:
++		if (j == 0)
++		    { /* set up encryption */
++		    ret = AESTest(&ctx, amode, akeysz, key[i], NULL, 
++				  dir,  /* 0 = decrypt, 1 = encrypt */
++				  ptext[j], ctext[j], len);
++		    if (dir == XENCRYPT)
++			memcpy(ptext[j+1], ctext[j], len);
++		    else
++			memcpy(ctext[j+1], ptext[j], len);
++		    }
++		else
++		    {
++		    if (dir == XENCRYPT)
++			{
++			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
++			memcpy(ptext[j+1], ctext[j], len);
++			}
++		    else
++			{
++			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
++			memcpy(ctext[j+1], ptext[j], len);
++			}
++		    }
++		break;
++
++	    case CBC:
++	    case OFB:  
++	    case CFB128:
++		if (j == 0)
++		    {
++		    ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
++				  dir,  /* 0 = decrypt, 1 = encrypt */
++				  ptext[j], ctext[j], len);
++		    if (dir == XENCRYPT)
++			memcpy(ptext[j+1], iv[i], len);
++		    else
++			memcpy(ctext[j+1], iv[i], len);
++		    }
++		else
++		    {
++		    if (dir == XENCRYPT)
++			{
++			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
++			memcpy(ptext[j+1], ctext[j-1], len);
++			}
++		    else
++			{
++			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
++			memcpy(ctext[j+1], ptext[j-1], len);
++			}
++		    }
++		break;
++
++	    case CFB8:
++		if (j == 0)
++		    {
++		    ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
++				  dir,  /* 0 = decrypt, 1 = encrypt */
++				  ptext[j], ctext[j], len);
++		    }
++		else
++		    {
++		    if (dir == XENCRYPT)
++			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
++		    else
++			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
++		    }
++		if (dir == XENCRYPT)
++		    {
++		    if (j < 16)
++			memcpy(ptext[j+1], &iv[i][j], len);
++		    else
++			memcpy(ptext[j+1], ctext[j-16], len);
++		    }
++		else
++		    {
++		    if (j < 16)
++			memcpy(ctext[j+1], &iv[i][j], len);
++		    else
++			memcpy(ctext[j+1], ptext[j-16], len);
++		    }
++		break;
++
++	    case CFB1:
++		if(j == 0)
++		    {
++#if 0
++		    /* compensate for wrong endianness of input file */
++		    if(i == 0)
++			ptext[0][0]<<=7;
++#endif
++		    ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
++				ptext[j], ctext[j], len);
++		    }
++		else
++		    {
++		    if (dir == XENCRYPT)
++			EVP_Cipher(&ctx, ctext[j], ptext[j], len);
++		    else
++			EVP_Cipher(&ctx, ptext[j], ctext[j], len);
++
++		    }
++		if(dir == XENCRYPT)
++		    {
++		    if(j < 128)
++			sb(ptext[j+1],0,gb(iv[i],j));
++		    else
++			sb(ptext[j+1],0,gb(ctext[j-128],0));
++		    }
++		else
++		    {
++		    if(j < 128)
++			sb(ctext[j+1],0,gb(iv[i],j));
++		    else
++			sb(ctext[j+1],0,gb(ptext[j-128],0));
++		    }
++		break;
++		}
++	    }
++	--j; /* reset to last of range */
++	/* Output Ciphertext | Plaintext */
++	OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
++		    imode == CFB1);
++	fprintf(rfp, "\n");  /* add separator */
++
++	/* Compute next KEY */
++	if (dir == XENCRYPT)
++	    {
++	    if (imode == CFB8)
++		{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
++		for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
++		    ciphertext[n1] = ctext[j-n2][0];
++		}
++	    else if(imode == CFB1)
++		{
++		for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
++		    sb(ciphertext,n1,gb(ctext[j-n2],0));
++		}
++	    else
++		switch (akeysz)
++		    {
++		case 128:
++		    memcpy(ciphertext, ctext[j], 16);
++		    break;
++		case 192:
++		    memcpy(ciphertext, ctext[j-1]+8, 8);
++		    memcpy(ciphertext+8, ctext[j], 16);
++		    break;
++		case 256:
++		    memcpy(ciphertext, ctext[j-1], 16);
++		    memcpy(ciphertext+16, ctext[j], 16);
++		    break;
++		    }
++	    }
++	else
++	    {
++	    if (imode == CFB8)
++		{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
++		for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
++		    ciphertext[n1] = ptext[j-n2][0];
++		}
++	    else if(imode == CFB1)
++		{
++		for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
++		    sb(ciphertext,n1,gb(ptext[j-n2],0));
++		}
++	    else
++		switch (akeysz)
++		    {
++		case 128:
++		    memcpy(ciphertext, ptext[j], 16);
++		    break;
++		case 192:
++		    memcpy(ciphertext, ptext[j-1]+8, 8);
++		    memcpy(ciphertext+8, ptext[j], 16);
++		    break;
++		case 256:
++		    memcpy(ciphertext, ptext[j-1], 16);
++		    memcpy(ciphertext+16, ptext[j], 16);
++		    break;
++		    }
++	    }
++	/* Compute next key: Key[i+1] = Key[i] xor ct */
++	for (n = 0; n < nkeysz; ++n)
++	    key[i+1][n] = key[i][n] ^ ciphertext[n];
++	
++	/* Compute next IV and text */
++	if (dir == XENCRYPT)
++	    {
++	    switch (imode)
++		{
++	    case ECB:
++		memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
++		break;
++	    case CBC:
++	    case OFB:
++	    case CFB128:
++		memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
++		memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
++		break;
++	    case CFB8:
++		/* IV[i+1] = ct */
++		for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
++		    iv[i+1][n1] = ctext[j-n2][0];
++		ptext[0][0] = ctext[j-16][0];
++		break;
++	    case CFB1:
++		for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
++		    sb(iv[i+1],n1,gb(ctext[j-n2],0));
++		ptext[0][0]=ctext[j-128][0]&0x80;
++		break;
++		}
++	    }
++	else
++	    {
++	    switch (imode)
++		{
++	    case ECB:
++		memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
++		break;
++	    case CBC:
++	    case OFB:
++	    case CFB128:
++		memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
++		memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
++		break;
++	    case CFB8:
++		for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
++		    iv[i+1][n1] = ptext[j-n2][0];
++		ctext[0][0] = ptext[j-16][0];
++		break;
++	    case CFB1:
++		for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
++		    sb(iv[i+1],n1,gb(ptext[j-n2],0));
++		ctext[0][0]=ptext[j-128][0]&0x80;
++		break;
++		}
++	    }
++	}
++    
++    return ret;
++    }
++
++/*================================================*/
++/*----------------------------
++  # Config info for v-one
++  # AESVS MMT test data for ECB
++  # State : Encrypt and Decrypt
++  # Key Length : 256
++  # Fri Aug 30 04:07:22 PM
++  ----------------------------*/
++
++int proc_file(char *rqfile, char *rspfile)
++    {
++    char afn[256], rfn[256];
++    FILE *afp = NULL, *rfp = NULL;
++    char ibuf[2048];
++    char tbuf[2048];
++    int ilen, len, ret = 0;
++    char algo[8] = "";
++    char amode[8] = "";
++    char atest[8] = "";
++    int akeysz = 0;
++    unsigned char iVec[20], aKey[40];
++    int dir = -1, err = 0, step = 0;
++    unsigned char plaintext[2048];
++    unsigned char ciphertext[2048];
++    char *rp;
++    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX_init(&ctx);
++
++    if (!rqfile || !(*rqfile))
++	{
++	printf("No req file\n");
++	return -1;
++	}
++    strcpy(afn, rqfile);
++
++    if ((afp = fopen(afn, "r")) == NULL)
++	{
++	printf("Cannot open file: %s, %s\n", 
++	       afn, strerror(errno));
++	return -1;
++	}
++    if (!rspfile)
++	{
++	strcpy(rfn,afn);
++	rp=strstr(rfn,"req/");
++#ifdef OPENSSL_SYS_WIN32
++	if (!rp)
++	    rp=strstr(rfn,"req\\");
++#endif
++	assert(rp);
++	memcpy(rp,"rsp",3);
++	rp = strstr(rfn, ".req");
++	memcpy(rp, ".rsp", 4);
++	rspfile = rfn;
++	}
++    if ((rfp = fopen(rspfile, "w")) == NULL)
++	{
++	printf("Cannot open file: %s, %s\n", 
++	       rfn, strerror(errno));
++	fclose(afp);
++	afp = NULL;
++	return -1;
++	}
++    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
++	{
++	tidy_line(tbuf, ibuf);
++	ilen = strlen(ibuf);
++	/*      printf("step=%d ibuf=%s",step,ibuf); */
++	switch (step)
++	    {
++	case 0:  /* read preamble */
++	    if (ibuf[0] == '\n')
++		{ /* end of preamble */
++		if ((*algo == '\0') ||
++		    (*amode == '\0') ||
++		    (akeysz == 0))
++		    {
++		    printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
++			   algo,amode,akeysz);
++		    err = 1;
++		    }
++		else
++		    {
++		    fputs(ibuf, rfp);
++		    ++ step;
++		    }
++		}
++	    else if (ibuf[0] != '#')
++		{
++		printf("Invalid preamble item: %s\n", ibuf);
++		err = 1;
++		}
++	    else
++		{ /* process preamble */
++		char *xp, *pp = ibuf+2;
++		int n;
++		if (akeysz)
++		    { /* insert current time & date */
++		    time_t rtim = time(0);
++		    fprintf(rfp, "# %s", ctime(&rtim));
++		    }
++		else
++		    {
++		    fputs(ibuf, rfp);
++		    if (strncmp(pp, "AESVS ", 6) == 0)
++			{
++			strcpy(algo, "AES");
++			/* get test type */
++			pp += 6;
++			xp = strchr(pp, ' ');
++			n = xp-pp;
++			strncpy(atest, pp, n);
++			atest[n] = '\0';
++			/* get mode */
++			xp = strrchr(pp, ' '); /* get mode" */
++			n = strlen(xp+1)-1;
++			strncpy(amode, xp+1, n);
++			amode[n] = '\0';
++			/* amode[3] = '\0'; */
++			if (VERBOSE)
++				printf("Test = %s, Mode = %s\n", atest, amode);
++			}
++		    else if (strncasecmp(pp, "Key Length : ", 13) == 0)
++			{
++			akeysz = atoi(pp+13);
++			if (VERBOSE)
++				printf("Key size = %d\n", akeysz);
++			}
++		    }
++		}
++	    break;
++
++	case 1:  /* [ENCRYPT] | [DECRYPT] */
++	    if (ibuf[0] == '[')
++		{
++		fputs(ibuf, rfp);
++		++step;
++		if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
++		    dir = 1;
++		else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
++		    dir = 0;
++		else
++		    {
++		    printf("Invalid keyword: %s\n", ibuf);
++		    err = 1;
++		    }
++		break;
++		}
++	    else if (dir == -1)
++		{
++		err = 1;
++		printf("Missing ENCRYPT/DECRYPT keyword\n");
++		break;
++		}
++	    else 
++		step = 2;
++
++	case 2: /* KEY = xxxx */
++	    fputs(ibuf, rfp);
++	    if(*ibuf == '\n')
++		break;
++	    if(!strncasecmp(ibuf,"COUNT = ",8))
++		break;
++
++	    if (strncasecmp(ibuf, "KEY = ", 6) != 0)
++		{
++		printf("Missing KEY\n");
++		err = 1;
++		}
++	    else
++		{
++		len = hex2bin((char*)ibuf+6, aKey);
++		if (len < 0)
++		    {
++		    printf("Invalid KEY\n");
++		    err =1;
++		    break;
++		    }
++		PrintValue("KEY", aKey, len);
++		if (strcmp(amode, "ECB") == 0)
++		    {
++		    memset(iVec, 0, sizeof(iVec));
++		    step = (dir)? 4: 5;  /* no ivec for ECB */
++		    }
++		else
++		    ++step;
++		}
++	    break;
++
++	case 3: /* IV = xxxx */
++	    fputs(ibuf, rfp);
++	    if (strncasecmp(ibuf, "IV = ", 5) != 0)
++		{
++		printf("Missing IV\n");
++		err = 1;
++		}
++	    else
++		{
++		len = hex2bin((char*)ibuf+5, iVec);
++		if (len < 0)
++		    {
++		    printf("Invalid IV\n");
++		    err =1;
++		    break;
++		    }
++		PrintValue("IV", iVec, len);
++		step = (dir)? 4: 5;
++		}
++	    break;
++
++	case 4: /* PLAINTEXT = xxxx */
++	    fputs(ibuf, rfp);
++	    if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
++		{
++		printf("Missing PLAINTEXT\n");
++		err = 1;
++		}
++	    else
++		{
++		int nn = strlen(ibuf+12);
++		if(!strcmp(amode,"CFB1"))
++		    len=bint2bin(ibuf+12,nn-1,plaintext);
++		else
++		    len=hex2bin(ibuf+12, plaintext);
++		if (len < 0)
++		    {
++		    printf("Invalid PLAINTEXT: %s", ibuf+12);
++		    err =1;
++		    break;
++		    }
++		if (len >= sizeof(plaintext))
++		    {
++		    printf("Buffer overflow\n");
++		    }
++		PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
++		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
++		    {
++		    if(do_mct(amode, akeysz, aKey, iVec, 
++			      dir, (unsigned char*)plaintext, len, 
++			      rfp) < 0)
++			EXIT(1);
++		    }
++		else
++		    {
++		    ret = AESTest(&ctx, amode, akeysz, aKey, iVec, 
++				  dir,  /* 0 = decrypt, 1 = encrypt */
++				  plaintext, ciphertext, len);
++		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
++				!strcmp(amode,"CFB1"));
++		    }
++		step = 6;
++		}
++	    break;
++
++	case 5: /* CIPHERTEXT = xxxx */
++	    fputs(ibuf, rfp);
++	    if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
++		{
++		printf("Missing KEY\n");
++		err = 1;
++		}
++	    else
++		{
++		if(!strcmp(amode,"CFB1"))
++		    len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
++		else
++		    len = hex2bin(ibuf+13,ciphertext);
++		if (len < 0)
++		    {
++		    printf("Invalid CIPHERTEXT\n");
++		    err =1;
++		    break;
++		    }
++
++		PrintValue("CIPHERTEXT", ciphertext, len);
++		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
++		    {
++		    do_mct(amode, akeysz, aKey, iVec, 
++			   dir, ciphertext, len, rfp);
++		    }
++		else
++		    {
++		    ret = AESTest(&ctx, amode, akeysz, aKey, iVec, 
++				  dir,  /* 0 = decrypt, 1 = encrypt */
++				  plaintext, ciphertext, len);
++		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
++				!strcmp(amode,"CFB1"));
++		    }
++		step = 6;
++		}
++	    break;
++
++	case 6:
++	    if (ibuf[0] != '\n')
++		{
++		err = 1;
++		printf("Missing terminator\n");
++		}
++	    else if (strcmp(atest, "MCT") != 0)
++		{ /* MCT already added terminating nl */
++		fputs(ibuf, rfp);
++		}
++	    step = 1;
++	    break;
++	    }
++	}
++    if (rfp)
++	fclose(rfp);
++    if (afp)
++	fclose(afp);
++    return err;
++    }
++
++/*--------------------------------------------------
++  Processes either a single file or 
++  a set of files whose names are passed in a file.
++  A single file is specified as:
++    aes_test -f xxx.req
++  A set of files is specified as:
++    aes_test -d xxxxx.xxx
++  The default is: -d req.txt
++--------------------------------------------------*/
++int main(int argc, char **argv)
++    {
++    char *rqlist = "req.txt", *rspfile = NULL;
++    FILE *fp = NULL;
++    char fn[250] = "", rfn[256] = "";
++    int f_opt = 0, d_opt = 1;
++
++#ifdef OPENSSL_FIPS
++    if(!FIPS_mode_set(1))
++	{
++	do_print_errors();
++	EXIT(1);
++	}
++#endif
++    if (argc > 1)
++	{
++	if (strcasecmp(argv[1], "-d") == 0)
++	    {
++	    d_opt = 1;
++	    }
++	else if (strcasecmp(argv[1], "-f") == 0)
++	    {
++	    f_opt = 1;
++	    d_opt = 0;
++	    }
++	else
++	    {
++	    printf("Invalid parameter: %s\n", argv[1]);
++	    return 0;
++	    }
++	if (argc < 3)
++	    {
++	    printf("Missing parameter\n");
++	    return 0;
++	    }
++	if (d_opt)
++	    rqlist = argv[2];
++	else
++	    {
++	    strcpy(fn, argv[2]);
++	    rspfile = argv[3];
++	    }
++	}
++    if (d_opt)
++	{ /* list of files (directory) */
++	if (!(fp = fopen(rqlist, "r")))
++	    {
++	    printf("Cannot open req list file\n");
++	    return -1;
++	    }
++	while (fgets(fn, sizeof(fn), fp))
++	    {
++	    strtok(fn, "\r\n");
++	    strcpy(rfn, fn);
++	    if (VERBOSE)
++		printf("Processing: %s\n", rfn);
++	    if (proc_file(rfn, rspfile))
++		{
++		printf(">>> Processing failed for: %s <<<\n", rfn);
++		EXIT(1);
++		}
++	    }
++	fclose(fp);
++	}
++    else /* single file */
++	{
++	if (VERBOSE)
++	    printf("Processing: %s\n", fn);
++	if (proc_file(fn, rspfile))
++	    {
++	    printf(">>> Processing failed for: %s <<<\n", fn);
++	    }
++	}
++    EXIT(0);
++    return 0;
++    }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c.fips	2013-10-04 11:48:04.179694114 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_cmactest.c	2013-10-04 11:48:04.179694114 +0200
+@@ -0,0 +1,517 @@
++/* fips_cmactest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project 2005.
++ */
++/* ====================================================================
++ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#define OPENSSL_FIPSAPI
++
++#include <stdio.h>
++#include <ctype.h>
++#include <string.h>
++#include <openssl/bio.h>
++#include <openssl/evp.h>
++#include <openssl/cmac.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char *argv[])
++{
++    printf("No FIPS CMAC support\n");
++    return(0);
++}
++
++#else
++
++#include <openssl/fips.h>
++#include "fips_utl.h"
++
++static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
++	int mode, int Klen_counts_keys, int known_keylen);
++static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
++		unsigned char *Key, int Klen,
++		unsigned char *Msg, int Msglen,
++		int Tlen);
++static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
++		unsigned char *Key, int Klen,
++		unsigned char *Msg, int Msglen,
++		unsigned char *Mac, int Maclen,
++		int Tlen);
++
++#ifdef FIPS_ALGVS
++int fips_cmactest_main(int argc, char **argv)
++#else
++int main(int argc, char **argv)
++#endif
++	{
++	FILE *in = NULL, *out = NULL;
++	int mode = 0;		/* 0 => Generate, 1 => Verify */
++	int Klen_counts_keys = 0; /* 0 => Klen is size of one key
++				     1 => Klen is amount of keys
++				  */
++	int known_keylen = 0;	/* Only set when Klen_counts_keys = 1 */
++	const EVP_CIPHER *cipher = 0;
++	int ret = 1;
++	fips_algtest_init();
++
++	while (argc > 1 && argv[1][0] == '-')
++		{
++		switch (argv[1][1])
++			{
++		case 'a':
++			{
++			char *p = &argv[1][2];
++			if (*p == '\0')
++				{
++				if (argc <= 2)
++					{
++					fprintf(stderr, "Option %s needs a value\n", argv[1]);
++					goto end;
++					}
++				argv++;
++				argc--;
++				p = &argv[1][0];
++				}
++			if (!strcmp(p, "aes128"))
++				cipher = EVP_aes_128_cbc();
++			else if (!strcmp(p, "aes192"))
++				cipher = EVP_aes_192_cbc();
++			else if (!strcmp(p, "aes256"))
++				cipher = EVP_aes_256_cbc();
++			else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
++				{
++				cipher = EVP_des_ede3_cbc();
++				Klen_counts_keys = 1;
++				known_keylen = 8;
++				}
++			else
++				{
++				fprintf(stderr, "Unknown algorithm %s\n", p);
++				goto end;
++				}
++			}
++			break;
++		case 'g':
++			mode = 0;
++			break;
++		case 'v':
++			mode = 1;
++			break;
++		default:
++			fprintf(stderr, "Unknown option %s\n", argv[1]);
++			goto end;
++			}
++		argv++;
++		argc--;
++		}
++	if (argc == 1)
++		in = stdin;
++	else
++		in = fopen(argv[1], "r");
++
++	if (argc < 2)
++		out = stdout;
++	else
++		out = fopen(argv[2], "w");
++
++	if (!in)
++		{
++		fprintf(stderr, "FATAL input initialization error\n");
++		goto end;
++		}
++
++	if (!out)
++		{
++		fprintf(stderr, "FATAL output initialization error\n");
++		goto end;
++		}
++
++	if (!cmac_test(cipher, out, in, mode,
++			Klen_counts_keys, known_keylen))
++		{
++		fprintf(stderr, "FATAL cmac file processing error\n");
++		goto end;
++		}
++	else
++		ret = 0;
++
++	end:
++
++	if (in && (in != stdin))
++		fclose(in);
++	if (out && (out != stdout))
++		fclose(out);
++
++	return ret;
++
++	}
++
++#define CMAC_TEST_MAXLINELEN	150000
++
++int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
++	int mode, int Klen_counts_keys, int known_keylen)
++	{
++	char *linebuf, *olinebuf, *p, *q;
++	char *keyword, *value;
++	unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
++	unsigned char *Key = NULL;
++	int Count, Klen, Mlen, Tlen;
++	long Keylen, Msglen, Maclen;
++	int ret = 0;
++	int lnum = 0;
++
++	olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
++	linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
++
++	if (!linebuf || !olinebuf)
++		goto error;
++
++	Count = -1;
++	Klen = -1;
++	Mlen = -1;
++	Tlen = -1;
++
++	while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
++		{
++		lnum++;
++		strcpy(linebuf, olinebuf);
++		keyword = linebuf;
++		/* Skip leading space */
++		while (isspace((unsigned char)*keyword))
++			keyword++;
++
++		/* Skip comments */
++		if (keyword[0] == '#')
++			{
++			if (fputs(olinebuf, out) < 0)
++				goto error;
++			continue;
++			}
++
++		/* Look for = sign */
++		p = strchr(linebuf, '=');
++
++		/* If no = or starts with [ (for [L=20] line) just copy */
++		if (!p)
++			{
++			if (fputs(olinebuf, out) < 0)
++				goto error;
++			continue;
++			}
++
++		q = p - 1;
++
++		/* Remove trailing space */
++		while (isspace((unsigned char)*q))
++			*q-- = 0;
++
++		*p = 0;
++		value = p + 1;
++
++		/* Remove leading space from value */
++		while (isspace((unsigned char)*value))
++			value++;
++
++		/* Remove trailing space from value */
++		p = value + strlen(value) - 1;
++
++		while (*p == '\n' || isspace((unsigned char)*p))
++			*p-- = 0;
++
++		if (!strcmp(keyword, "Count"))
++			{
++			if (Count != -1)
++				goto parse_error;
++			Count = atoi(value);
++			if (Count < 0)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Klen"))
++			{
++			if (Klen != -1)
++				goto parse_error;
++			Klen = atoi(value);
++			if (Klen < 0)
++				goto parse_error;
++			if (Klen_counts_keys)
++				{
++				Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
++				memset(Keys, '\0', sizeof(*Keys) * Klen);
++				}
++			else
++				{
++				Keys = OPENSSL_malloc(sizeof(*Keys));
++				memset(Keys, '\0', sizeof(*Keys));
++				}
++			}
++		else if (!strcmp(keyword, "Mlen"))
++			{
++			if (Mlen != -1)
++				goto parse_error;
++			Mlen = atoi(value);
++			if (Mlen < 0)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Tlen"))
++			{
++			if (Tlen != -1)
++				goto parse_error;
++			Tlen = atoi(value);
++			if (Tlen < 0)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
++			{
++			if (Keys[0])
++				goto parse_error;
++			Keys[0] = hex2bin_m(value, &Keylen);
++			if (!Keys[0])
++				goto parse_error;
++			}
++		else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
++			{
++			int keynum = atoi(keyword + 3);
++			if (!keynum || keynum > Klen || Keys[keynum-1])
++				goto parse_error;
++			Keys[keynum-1] = hex2bin_m(value, &Keylen);
++			if (!Keys[keynum-1])
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Msg"))
++			{
++			if (Msg)
++				goto parse_error;
++			Msg = hex2bin_m(value, &Msglen);
++			if (!Msg)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Mac"))
++			{
++			if (mode == 0)
++				continue;
++			if (Mac)
++				goto parse_error;
++			Mac = hex2bin_m(value, &Maclen);
++			if (!Mac)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Result"))
++			{
++			if (mode == 1)
++				continue;
++			goto parse_error;
++			}
++		else
++			goto parse_error;
++
++		fputs(olinebuf, out);
++
++		if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
++			{
++			if (Klen_counts_keys)
++				{
++				int x;
++				Key = OPENSSL_malloc(Klen * known_keylen);
++				for (x = 0; x < Klen; x++)
++					{
++					memcpy(Key + x * known_keylen,
++						Keys[x], known_keylen);
++					OPENSSL_free(Keys[x]);
++					}
++				Klen *= known_keylen;
++				}
++			else
++				{
++				Key = OPENSSL_malloc(Klen);
++				memcpy(Key, Keys[0], Klen);
++				OPENSSL_free(Keys[0]);
++				}
++			OPENSSL_free(Keys);
++
++			switch(mode)
++				{
++			case 0:
++				if (!print_cmac_gen(cipher, out,
++						Key, Klen,
++						Msg, Mlen,
++						Tlen))
++					goto error;
++				break;
++			case 1:
++				if (!print_cmac_ver(cipher, out,
++						Key, Klen,
++						Msg, Mlen,
++						Mac, Maclen,
++						Tlen))
++					goto error;
++				break;
++				}
++
++			OPENSSL_free(Key);
++			Key = NULL;
++			OPENSSL_free(Msg);
++			Msg = NULL;
++			OPENSSL_free(Mac);
++			Mac = NULL;
++			Klen = -1;
++			Mlen = -1;
++			Tlen = -1;
++			Count = -1;
++			}
++		}
++
++
++	ret = 1;
++
++
++	error:
++
++	if (olinebuf)
++		OPENSSL_free(olinebuf);
++	if (linebuf)
++		OPENSSL_free(linebuf);
++	if (Key)
++		OPENSSL_free(Key);
++	if (Msg)
++		OPENSSL_free(Msg);
++	if (Mac)
++		OPENSSL_free(Mac);
++
++	return ret;
++
++	parse_error:
++
++	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
++
++	goto error;
++
++	}
++
++static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
++		unsigned char *Key, int Klen,
++		unsigned char *Msg, int Mlen,
++		int Tlen)
++	{
++	int rc, i;
++	size_t reslen;
++	unsigned char res[128];
++	CMAC_CTX *cmac_ctx = CMAC_CTX_new();
++
++	CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
++	CMAC_Update(cmac_ctx, Msg, Mlen);
++	if (!CMAC_Final(cmac_ctx, res, &reslen))
++		{
++		fputs("Error calculating CMAC\n", stderr);
++		rc = 0;
++		}
++	else if (Tlen > (int)reslen)
++		{
++		fputs("Parameter error, Tlen > CMAC length\n", stderr);
++		rc = 0;
++		}
++	else
++		{
++		fputs("Mac = ", out);
++		for (i = 0; i < Tlen; i++)
++			fprintf(out, "%02x", res[i]);
++		fputs(RESP_EOL, out);
++		rc = 1;
++		}
++	CMAC_CTX_free(cmac_ctx);
++	return rc;
++	}
++
++static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
++		unsigned char *Key, int Klen,
++		unsigned char *Msg, int Mlen,
++		unsigned char *Mac, int Maclen,
++		int Tlen)
++	{
++	int rc = 1;
++	size_t reslen;
++	unsigned char res[128];
++	CMAC_CTX *cmac_ctx = CMAC_CTX_new();
++
++	CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
++	CMAC_Update(cmac_ctx, Msg, Mlen);
++	if (!CMAC_Final(cmac_ctx, res, &reslen))
++		{
++		fputs("Error calculating CMAC\n", stderr);
++		rc = 0;
++		}
++	else if (Tlen > (int)reslen)
++		{
++		fputs("Parameter error, Tlen > CMAC length\n", stderr);
++		rc = 0;
++		}
++	else if (Tlen != Maclen)
++		{
++		fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
++		rc = 0;
++		}
++	else
++		{
++		if (!memcmp(Mac, res, Maclen))
++			fputs("Result = P" RESP_EOL, out);
++		else
++			fputs("Result = F" RESP_EOL, out);
++		}
++	CMAC_CTX_free(cmac_ctx);
++	return rc;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c.fips	2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_desmovs.c	2013-10-04 11:48:04.180694136 +0200
+@@ -0,0 +1,702 @@
++/* ====================================================================
++ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++/*---------------------------------------------
++  NIST DES Modes of Operation Validation System
++  Test Program
++
++  Based on the AES Validation Suite, which was:
++  Donated to OpenSSL by:
++  V-ONE Corporation
++  20250 Century Blvd, Suite 300
++  Germantown, MD 20874
++  U.S.A.
++  ----------------------------------------------*/
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <errno.h>
++#include <assert.h>
++#include <ctype.h>
++#include <openssl/des.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++
++#include <openssl/err.h>
++#include "e_os.h"
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char *argv[])
++{
++    printf("No FIPS DES support\n");
++    return(0);
++}
++
++#else
++
++#include <openssl/fips.h>
++#include "fips_utl.h"
++
++#define DES_BLOCK_SIZE 8
++
++#define VERBOSE 0
++
++int DESTest(EVP_CIPHER_CTX *ctx,
++	    char *amode, int akeysz, unsigned char *aKey, 
++	    unsigned char *iVec, 
++	    int dir,  /* 0 = decrypt, 1 = encrypt */
++	    unsigned char *out, unsigned char *in, int len)
++    {
++    const EVP_CIPHER *cipher = NULL;
++
++    if (akeysz != 192)
++	{
++	printf("Invalid key size: %d\n", akeysz);
++	EXIT(1);
++	}
++
++    if (strcasecmp(amode, "CBC") == 0)
++	cipher = EVP_des_ede3_cbc();
++    else if (strcasecmp(amode, "ECB") == 0)
++	cipher = EVP_des_ede3_ecb();
++    else if (strcasecmp(amode, "CFB64") == 0)
++	cipher = EVP_des_ede3_cfb64();
++    else if (strncasecmp(amode, "OFB", 3) == 0)
++	cipher = EVP_des_ede3_ofb();
++    else if(!strcasecmp(amode,"CFB8"))
++	cipher = EVP_des_ede3_cfb8();
++    else if(!strcasecmp(amode,"CFB1"))
++	cipher = EVP_des_ede3_cfb1();
++    else
++	{
++	printf("Unknown mode: %s\n", amode);
++	EXIT(1);
++	}
++
++    if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
++	return 0;
++    if(!strcasecmp(amode,"CFB1"))
++	M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
++    EVP_Cipher(ctx, out, in, len);
++
++    return 1;
++    }
++
++void DebugValue(char *tag, unsigned char *val, int len)
++    {
++    char obuf[2048];
++    int olen;
++    olen = bin2hex(val, len, obuf);
++    printf("%s = %.*s\n", tag, olen, obuf);
++    }
++
++void shiftin(unsigned char *dst,unsigned char *src,int nbits)
++    {
++    int n;
++
++    /* move the bytes... */
++    memmove(dst,dst+nbits/8,3*8-nbits/8);
++    /* append new data */
++    memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
++    /* left shift the bits */
++    if(nbits%8)
++	for(n=0 ; n < 3*8 ; ++n)
++	    dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
++    }	
++
++/*-----------------------------------------------*/
++char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
++char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
++enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
++int Sizes[6]={64,64,64,1,8,64};
++
++void do_mct(char *amode, 
++	    int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
++	    int dir, unsigned char *text, int len,
++	    FILE *rfp)
++    {
++    int i,imode;
++    unsigned char nk[4*8]; /* longest key+8 */
++    unsigned char text0[8];
++
++    for (imode=0 ; imode < 6 ; ++imode)
++	if(!strcmp(amode,t_mode[imode]))
++	    break;
++    if (imode == 6)
++	{ 
++	printf("Unrecognized mode: %s\n", amode);
++	EXIT(1);
++	}
++
++    for(i=0 ; i < 400 ; ++i)
++	{
++	int j;
++	int n;
++	int kp=akeysz/64;
++	unsigned char old_iv[8];
++	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX_init(&ctx);
++
++	fprintf(rfp,"\nCOUNT = %d\n",i);
++	if(kp == 1)
++	    OutputValue("KEY",akey,8,rfp,0);
++	else
++	    for(n=0 ; n < kp ; ++n)
++		{
++		fprintf(rfp,"KEY%d",n+1);
++		OutputValue("",akey+n*8,8,rfp,0);
++		}
++
++	if(imode != ECB)
++	    OutputValue("IV",ivec,8,rfp,0);
++	OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
++#if 0
++	/* compensate for endianness */
++	if(imode == CFB1)
++	    text[0]<<=7;
++#endif
++	memcpy(text0,text,8);
++
++	for(j=0 ; j < 10000 ; ++j)
++	    {
++	    unsigned char old_text[8];
++
++	    memcpy(old_text,text,8);
++	    if(j == 0)
++		{
++		memcpy(old_iv,ivec,8);
++		DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
++		}
++	    else
++		{
++		memcpy(old_iv,ctx.iv,8);
++		EVP_Cipher(&ctx,text,text,len);
++		}
++	    if(j == 9999)
++		{
++		OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
++		/*		memcpy(ivec,text,8); */
++		}
++	    /*	    DebugValue("iv",ctx.iv,8); */
++	    /* accumulate material for the next key */
++	    shiftin(nk,text,Sizes[imode]);
++	    /*	    DebugValue("nk",nk,24);*/
++	    if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
++			|| imode == CBC)) || imode == OFB)
++		memcpy(text,old_iv,8);
++
++	    if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
++		{
++		/* the test specifies using the output of the raw DES operation
++		   which we don't have, so reconstruct it... */
++		for(n=0 ; n < 8 ; ++n)
++		    text[n]^=old_text[n];
++		}
++	    }
++	for(n=0 ; n < 8 ; ++n)
++	    akey[n]^=nk[16+n];
++	for(n=0 ; n < 8 ; ++n)
++	    akey[8+n]^=nk[8+n];
++	for(n=0 ; n < 8 ; ++n)
++	    akey[16+n]^=nk[n];
++	if(numkeys < 3)
++	    memcpy(&akey[2*8],akey,8);
++	if(numkeys < 2)
++	    memcpy(&akey[8],akey,8);
++	DES_set_odd_parity((DES_cblock *)akey);
++	DES_set_odd_parity((DES_cblock *)(akey+8));
++	DES_set_odd_parity((DES_cblock *)(akey+16));
++	memcpy(ivec,ctx.iv,8);
++
++	/* pointless exercise - the final text doesn't depend on the
++	   initial text in OFB mode, so who cares what it is? (Who
++	   designed these tests?) */
++	if(imode == OFB)
++	    for(n=0 ; n < 8 ; ++n)
++		text[n]=text0[n]^old_iv[n];
++	}
++    }
++    
++int proc_file(char *rqfile, char *rspfile)
++    {
++    char afn[256], rfn[256];
++    FILE *afp = NULL, *rfp = NULL;
++    char ibuf[2048], tbuf[2048];
++    int ilen, len, ret = 0;
++    char amode[8] = "";
++    char atest[100] = "";
++    int akeysz=0;
++    unsigned char iVec[20], aKey[40];
++    int dir = -1, err = 0, step = 0;
++    unsigned char plaintext[2048];
++    unsigned char ciphertext[2048];
++    char *rp;
++    EVP_CIPHER_CTX ctx;
++    int numkeys=1;
++    EVP_CIPHER_CTX_init(&ctx);
++
++    if (!rqfile || !(*rqfile))
++	{
++	printf("No req file\n");
++	return -1;
++	}
++    strcpy(afn, rqfile);
++
++    if ((afp = fopen(afn, "r")) == NULL)
++	{
++	printf("Cannot open file: %s, %s\n", 
++	       afn, strerror(errno));
++	return -1;
++	}
++    if (!rspfile)
++	{
++	strcpy(rfn,afn);
++	rp=strstr(rfn,"req/");
++#ifdef OPENSSL_SYS_WIN32
++	if (!rp)
++	    rp=strstr(rfn,"req\\");
++#endif
++	assert(rp);
++	memcpy(rp,"rsp",3);
++	rp = strstr(rfn, ".req");
++	memcpy(rp, ".rsp", 4);
++	rspfile = rfn;
++	}
++    if ((rfp = fopen(rspfile, "w")) == NULL)
++	{
++	printf("Cannot open file: %s, %s\n", 
++	       rfn, strerror(errno));
++	fclose(afp);
++	afp = NULL;
++	return -1;
++	}
++    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
++	{
++	tidy_line(tbuf, ibuf);
++	ilen = strlen(ibuf);
++	/*	printf("step=%d ibuf=%s",step,ibuf);*/
++	if(step == 3 && !strcmp(amode,"ECB"))
++	    {
++	    memset(iVec, 0, sizeof(iVec));
++	    step = (dir)? 4: 5;  /* no ivec for ECB */
++	    }
++	switch (step)
++	    {
++	case 0:  /* read preamble */
++	    if (ibuf[0] == '\n')
++		{ /* end of preamble */
++		if (*amode == '\0')
++		    {
++		    printf("Missing Mode\n");
++		    err = 1;
++		    }
++		else
++		    {
++		    fputs(ibuf, rfp);
++		    ++ step;
++		    }
++		}
++	    else if (ibuf[0] != '#')
++		{
++		printf("Invalid preamble item: %s\n", ibuf);
++		err = 1;
++		}
++	    else
++		{ /* process preamble */
++		char *xp, *pp = ibuf+2;
++		int n;
++		if(*amode)
++		    { /* insert current time & date */
++		    time_t rtim = time(0);
++		    fprintf(rfp, "# %s", ctime(&rtim));
++		    }
++		else
++		    {
++		    fputs(ibuf, rfp);
++		    if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
++		       || !strncmp(pp,"TDES ",5)
++		       || !strncmp(pp,"PERMUTATION ",12)
++		       || !strncmp(pp,"SUBSTITUTION ",13)
++		       || !strncmp(pp,"VARIABLE ",9))
++			{
++			/* get test type */
++			if(!strncmp(pp,"DES ",4))
++			    pp+=4;
++			else if(!strncmp(pp,"TDES ",5))
++			    pp+=5;
++			xp = strchr(pp, ' ');
++			n = xp-pp;
++			strncpy(atest, pp, n);
++			atest[n] = '\0';
++			/* get mode */
++			xp = strrchr(pp, ' '); /* get mode" */
++			n = strlen(xp+1)-1;
++			strncpy(amode, xp+1, n);
++			amode[n] = '\0';
++			/* amode[3] = '\0'; */
++			if (VERBOSE)
++				printf("Test=%s, Mode=%s\n",atest,amode);
++			}
++		    }
++		}
++	    break;
++
++	case 1:  /* [ENCRYPT] | [DECRYPT] */
++	    if(ibuf[0] == '\n')
++		break;
++	    if (ibuf[0] == '[')
++		{
++		fputs(ibuf, rfp);
++		++step;
++		if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
++		    dir = 1;
++		else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
++		    dir = 0;
++		else
++		    {
++		    printf("Invalid keyword: %s\n", ibuf);
++		    err = 1;
++		    }
++		break;
++		}
++	    else if (dir == -1)
++		{
++		err = 1;
++		printf("Missing ENCRYPT/DECRYPT keyword\n");
++		break;
++		}
++	    else 
++		step = 2;
++
++	case 2: /* KEY = xxxx */
++	    if(*ibuf == '\n')
++		{
++	        fputs(ibuf, rfp);
++		break;
++                }
++	    if(!strncasecmp(ibuf,"COUNT = ",8))
++		{
++	        fputs(ibuf, rfp);
++		break;
++                }
++	    if(!strncasecmp(ibuf,"COUNT=",6))
++		{
++	        fputs(ibuf, rfp);
++		break;
++                }
++	    if(!strncasecmp(ibuf,"NumKeys = ",10))
++		{
++		numkeys=atoi(ibuf+10);
++		break;
++		}
++	  
++	    fputs(ibuf, rfp);
++	    if(!strncasecmp(ibuf,"KEY = ",6))
++		{
++		akeysz=64;
++		len = hex2bin((char*)ibuf+6, aKey);
++		if (len < 0)
++		    {
++		    printf("Invalid KEY\n");
++		    err=1;
++		    break;
++		    }
++		PrintValue("KEY", aKey, len);
++		++step;
++		}
++	    else if(!strncasecmp(ibuf,"KEYs = ",7))
++		{
++		akeysz=64*3;
++		len=hex2bin(ibuf+7,aKey);
++		if(len != 8)
++		    {
++		    printf("Invalid KEY\n");
++		    err=1;
++		    break;
++		    }
++		memcpy(aKey+8,aKey,8);
++		memcpy(aKey+16,aKey,8);
++		ibuf[4]='\0';
++		PrintValue("KEYs",aKey,len);
++		++step;
++		}
++	    else if(!strncasecmp(ibuf,"KEY",3))
++		{
++		int n=ibuf[3]-'1';
++
++		akeysz=64*3;
++		len=hex2bin(ibuf+7,aKey+n*8);
++		if(len != 8)
++		    {
++		    printf("Invalid KEY\n");
++		    err=1;
++		    break;
++		    }
++		ibuf[4]='\0';
++		PrintValue(ibuf,aKey,len);
++		if(n == 2)
++		    ++step;
++		}
++	    else
++		{
++		printf("Missing KEY\n");
++		err = 1;
++		}
++	    break;
++
++	case 3: /* IV = xxxx */
++	    fputs(ibuf, rfp);
++	    if (strncasecmp(ibuf, "IV = ", 5) != 0)
++		{
++		printf("Missing IV\n");
++		err = 1;
++		}
++	    else
++		{
++		len = hex2bin((char*)ibuf+5, iVec);
++		if (len < 0)
++		    {
++		    printf("Invalid IV\n");
++		    err =1;
++		    break;
++		    }
++		PrintValue("IV", iVec, len);
++		step = (dir)? 4: 5;
++		}
++	    break;
++
++	case 4: /* PLAINTEXT = xxxx */
++	    fputs(ibuf, rfp);
++	    if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
++		{
++		printf("Missing PLAINTEXT\n");
++		err = 1;
++		}
++	    else
++		{
++		int nn = strlen(ibuf+12);
++		if(!strcmp(amode,"CFB1"))
++		    len=bint2bin(ibuf+12,nn-1,plaintext);
++		else
++		    len=hex2bin(ibuf+12, plaintext);
++		if (len < 0)
++		    {
++		    printf("Invalid PLAINTEXT: %s", ibuf+12);
++		    err =1;
++		    break;
++		    }
++		if (len >= sizeof(plaintext))
++		    {
++		    printf("Buffer overflow\n");
++		    }
++		PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
++		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
++		    {
++		    do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
++		    }
++		else
++		    {
++		    assert(dir == 1);
++		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
++				  dir,  /* 0 = decrypt, 1 = encrypt */
++				  ciphertext, plaintext, len);
++		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
++				!strcmp(amode,"CFB1"));
++		    }
++		step = 6;
++		}
++	    break;
++
++	case 5: /* CIPHERTEXT = xxxx */
++	    fputs(ibuf, rfp);
++	    if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
++		{
++		printf("Missing KEY\n");
++		err = 1;
++		}
++	    else
++		{
++		if(!strcmp(amode,"CFB1"))
++		    len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
++		else
++		    len = hex2bin(ibuf+13,ciphertext);
++		if (len < 0)
++		    {
++		    printf("Invalid CIPHERTEXT\n");
++		    err =1;
++		    break;
++		    }
++		
++		PrintValue("CIPHERTEXT", ciphertext, len);
++		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
++		    {
++		    do_mct(amode, akeysz, numkeys, aKey, iVec, 
++			   dir, ciphertext, len, rfp);
++		    }
++		else
++		    {
++		    assert(dir == 0);
++		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
++				  dir,  /* 0 = decrypt, 1 = encrypt */
++				  plaintext, ciphertext, len);
++		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
++				!strcmp(amode,"CFB1"));
++		    }
++		step = 6;
++		}
++	    break;
++
++	case 6:
++	    if (ibuf[0] != '\n')
++		{
++		err = 1;
++		printf("Missing terminator\n");
++		}
++	    else if (strcmp(atest, "MCT") != 0)
++		{ /* MCT already added terminating nl */
++		fputs(ibuf, rfp);
++		}
++	    step = 1;
++	    break;
++	    }
++	}
++    if (rfp)
++	fclose(rfp);
++    if (afp)
++	fclose(afp);
++    return err;
++    }
++
++/*--------------------------------------------------
++  Processes either a single file or 
++  a set of files whose names are passed in a file.
++  A single file is specified as:
++    aes_test -f xxx.req
++  A set of files is specified as:
++    aes_test -d xxxxx.xxx
++  The default is: -d req.txt
++--------------------------------------------------*/
++int main(int argc, char **argv)
++    {
++    char *rqlist = "req.txt", *rspfile = NULL;
++    FILE *fp = NULL;
++    char fn[250] = "", rfn[256] = "";
++    int f_opt = 0, d_opt = 1;
++
++#ifdef OPENSSL_FIPS
++    if(!FIPS_mode_set(1))
++	{
++	do_print_errors();
++	EXIT(1);
++	}
++#endif
++    if (argc > 1)
++	{
++	if (strcasecmp(argv[1], "-d") == 0)
++	    {
++	    d_opt = 1;
++	    }
++	else if (strcasecmp(argv[1], "-f") == 0)
++	    {
++	    f_opt = 1;
++	    d_opt = 0;
++	    }
++	else
++	    {
++	    printf("Invalid parameter: %s\n", argv[1]);
++	    return 0;
++	    }
++	if (argc < 3)
++	    {
++	    printf("Missing parameter\n");
++	    return 0;
++	    }
++	if (d_opt)
++	    rqlist = argv[2];
++	else
++	    {
++	    strcpy(fn, argv[2]);
++	    rspfile = argv[3];
++	    }
++	}
++    if (d_opt)
++	{ /* list of files (directory) */
++	if (!(fp = fopen(rqlist, "r")))
++	    {
++	    printf("Cannot open req list file\n");
++	    return -1;
++	    }
++	while (fgets(fn, sizeof(fn), fp))
++	    {
++	    strtok(fn, "\r\n");
++	    strcpy(rfn, fn);
++	    printf("Processing: %s\n", rfn);
++	    if (proc_file(rfn, rspfile))
++		{
++		printf(">>> Processing failed for: %s <<<\n", rfn);
++		EXIT(1);
++		}
++	    }
++	fclose(fp);
++	}
++    else /* single file */
++	{
++	if (VERBOSE)
++		printf("Processing: %s\n", fn);
++	if (proc_file(fn, rspfile))
++	    {
++	    printf(">>> Processing failed for: %s <<<\n", fn);
++	    }
++	}
++    EXIT(0);
++    return 0;
++    }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c.fips	2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_dhvs.c	2013-10-04 11:48:04.180694136 +0200
+@@ -0,0 +1,292 @@
++/* fips/dh/fips_dhvs.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++
++#define OPENSSL_FIPSAPI
++#include <openssl/opensslconf.h>
++
++#ifndef OPENSSL_FIPS
++#include <stdio.h>
++
++int main(int argc, char **argv)
++{
++    printf("No FIPS DH support\n");
++    return(0);
++}
++#else
++
++#include <openssl/crypto.h>
++#include <openssl/bn.h>
++#include <openssl/dh.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "fips_utl.h"
++
++static const EVP_MD *parse_md(char *line)
++	{
++	char *p;
++	if (line[0] != '[' || line[1] != 'F')
++		return NULL;
++	p = strchr(line, '-');
++	if (!p)
++		return NULL;
++	line = p + 1;
++	p = strchr(line, ']');
++	if (!p)
++		return NULL;
++	*p = 0;
++	p = line;
++	while(isspace(*p))
++		p++;
++	if (!strcmp(p, "SHA1"))
++		return EVP_sha1();
++	else if (!strcmp(p, "SHA224"))
++		return EVP_sha224();
++	else if (!strcmp(p, "SHA256"))
++		return EVP_sha256();
++	else if (!strcmp(p, "SHA384"))
++		return EVP_sha384();
++	else if (!strcmp(p, "SHA512"))
++		return EVP_sha512();
++	else
++		return NULL;
++	}
++
++static void output_Zhash(FILE *out, int exout,
++				DH *dh, BIGNUM *peerkey, const EVP_MD *md,
++				unsigned char *rhash, size_t rhashlen)
++	{
++	unsigned char *Z;
++	unsigned char chash[EVP_MAX_MD_SIZE];
++	int Zlen;
++	if (rhash == NULL)
++		{
++		rhashlen = M_EVP_MD_size(md);
++		if (!DH_generate_key(dh))
++			exit (1);
++		do_bn_print_name(out, "YephemIUT", dh->pub_key);
++		if (exout)
++			do_bn_print_name(out, "XephemIUT", dh->priv_key);
++		}
++	Z = OPENSSL_malloc(BN_num_bytes(dh->p));
++	if (!Z)
++		exit(1);
++	Zlen = DH_compute_key_padded(Z, peerkey, dh);
++	if (exout)
++		OutputValue("Z", Z, Zlen, out, 0);
++	FIPS_digest(Z, Zlen, chash, NULL, md);
++	OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
++	if (rhash)
++		{
++		fprintf(out, "Result = %s\n",
++				memcmp(chash, rhash, rhashlen) ? "F" : "P");
++		}
++	else
++		{
++		BN_clear_free(dh->priv_key);
++		BN_clear_free(dh->pub_key);
++		dh->priv_key = NULL;
++		dh->pub_key = NULL;
++		}
++	OPENSSL_cleanse(Z, Zlen);
++	OPENSSL_free(Z);
++	}
++
++#ifdef FIPS_ALGVS
++int fips_dhvs_main(int argc, char **argv)
++#else
++int main(int argc, char **argv)
++#endif
++	{
++	char **args = argv + 1;
++	int argn = argc - 1;
++	FILE *in, *out;
++	char buf[2048], lbuf[2048];
++	unsigned char *rhash;
++	long rhashlen;
++	DH *dh = NULL;
++	const EVP_MD *md = NULL;
++	BIGNUM *peerkey = NULL;
++	char *keyword = NULL, *value = NULL;
++	int do_verify = -1, exout = 0;
++
++	fips_algtest_init();
++
++	if (argn && !strcmp(*args, "dhver"))
++		{
++		do_verify = 1;
++		args++;
++		argn--;
++		}
++	else if (argn && !strcmp(*args, "dhgen"))
++		{
++		do_verify = 0;
++		args++;
++		argn--;
++		}
++
++	if (argn && !strcmp(*args, "-exout"))
++		{
++		exout = 1;
++		args++;
++		argn--;
++		}
++
++	if (do_verify == -1)
++		{
++		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
++		exit(1);
++		}
++
++	if (argn == 2)
++		{
++		in = fopen(*args, "r");
++		if (!in)
++			{
++			fprintf(stderr, "Error opening input file\n");
++			exit(1);
++			}
++		out = fopen(args[1], "w");
++		if (!out)
++			{
++			fprintf(stderr, "Error opening output file\n");
++			exit(1);
++			}
++		}
++	else if (argn == 0)
++		{
++		in = stdin;
++		out = stdout;
++		}
++	else
++		{
++		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
++		exit(1);
++		}
++
++	dh = FIPS_dh_new();
++
++	while (fgets(buf, sizeof(buf), in) != NULL)
++		{
++		fputs(buf, out);
++		if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
++			{
++			md = parse_md(buf);
++			if (md == NULL)
++				goto parse_error;
++			if (dh)
++				FIPS_dh_free(dh);
++			dh = FIPS_dh_new();
++			continue;
++			}
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++		if (!strcmp(keyword, "P"))
++			{
++			if (!do_hex2bn(&dh->p, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Q"))
++			{
++			if (!do_hex2bn(&dh->q, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "G"))
++			{
++			if (!do_hex2bn(&dh->g, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "XephemIUT"))
++			{
++			if (!do_hex2bn(&dh->priv_key, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "YephemIUT"))
++			{
++			if (!do_hex2bn(&dh->pub_key, value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "YephemCAVS"))
++			{
++			if (!do_hex2bn(&peerkey, value))
++				goto parse_error;
++			if (do_verify == 0)
++				output_Zhash(out, exout, dh, peerkey, md,
++							NULL, 0);
++			}
++		else if (!strcmp(keyword, "CAVSHashZZ"))
++			{
++			if (!md)
++				goto parse_error;
++			rhash = hex2bin_m(value, &rhashlen);
++			if (!rhash || rhashlen != M_EVP_MD_size(md))
++				goto parse_error;
++			output_Zhash(out, exout, dh, peerkey, md,
++							rhash, rhashlen);
++			}
++		}
++	if (in && in != stdin)
++		fclose(in);
++	if (out && out != stdout)
++		fclose(out);
++	return 0;
++	parse_error:
++	fprintf(stderr, "Error Parsing request file\n");
++	exit(1);
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c.fips	2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_drbgvs.c	2013-10-04 11:48:04.180694136 +0200
+@@ -0,0 +1,416 @@
++/* fips/rand/fips_drbgvs.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++
++#define OPENSSL_FIPSAPI
++#include <openssl/opensslconf.h>
++
++#ifndef OPENSSL_FIPS
++#include <stdio.h>
++
++int main(int argc, char **argv)
++{
++    printf("No FIPS DRBG support\n");
++    return(0);
++}
++#else
++
++#include <openssl/bn.h>
++#include <openssl/dsa.h>
++#include <openssl/fips.h>
++#include <openssl/fips_rand.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "fips_utl.h"
++
++static int dparse_md(char *str)
++	{
++	switch(atoi(str + 5))
++		{
++		case 1:
++		return NID_sha1;
++
++		case 224:
++		return NID_sha224;
++
++		case 256:
++		return NID_sha256;
++
++		case 384:
++		return NID_sha384;
++
++		case 512:
++		return NID_sha512;
++
++		}
++
++	return NID_undef;
++	}
++
++static int parse_ec(char *str)
++	{
++	int curve_nid, md_nid;
++	char *md;
++	md = strchr(str, ' ');
++	if (!md)
++		return NID_undef;
++	if (!strncmp(str, "[P-256", 6))
++		curve_nid = NID_X9_62_prime256v1;
++	else if (!strncmp(str, "[P-384", 6))
++		curve_nid = NID_secp384r1;
++	else if (!strncmp(str, "[P-521", 6))
++		curve_nid = NID_secp521r1;
++	else
++		return NID_undef;
++	md_nid = dparse_md(md);
++	if (md_nid == NID_undef)
++		return NID_undef;
++	return (curve_nid << 16) | md_nid;
++	}
++
++static int parse_aes(char *str, int *pdf)
++	{
++
++	if (!strncmp(str + 9, "no", 2))
++		*pdf = 0;
++	else
++		*pdf = DRBG_FLAG_CTR_USE_DF;
++
++	switch(atoi(str + 5))
++		{
++		case 128:
++		return NID_aes_128_ctr;
++
++		case 192:
++		return NID_aes_192_ctr;
++
++		case 256:
++		return NID_aes_256_ctr;
++
++		default:
++		return NID_undef;
++
++		}
++	}
++
++typedef struct 
++	{
++	unsigned char *ent;
++	size_t entlen;
++	unsigned char *nonce;
++	size_t noncelen;
++	} TEST_ENT;
++
++static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
++                                int entropy, size_t min_len, size_t max_len)
++	{
++	TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
++	*pout = (unsigned char *)t->ent;
++	return t->entlen;
++	}
++
++static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
++                                int entropy, size_t min_len, size_t max_len)
++	{
++	TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
++	*pout = (unsigned char *)t->nonce;
++	return t->noncelen;
++	}
++
++#ifdef FIPS_ALGVS
++int fips_drbgvs_main(int argc,char **argv)
++#else
++int main(int argc,char **argv)
++#endif
++	{
++	FILE *in = NULL, *out = NULL;
++	DRBG_CTX *dctx = NULL;
++	TEST_ENT t;
++	int r, nid = 0;
++	int pr = 0;
++	char buf[2048], lbuf[2048];
++	unsigned char randout[2048];
++	char *keyword = NULL, *value = NULL;
++
++	unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
++	long entlen, noncelen, perslen, adinlen;
++	int df = 0;
++
++	enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
++		drbg_type = DRBG_NONE;
++
++	int randoutlen = 0;
++
++	int gen = 0;
++
++	fips_algtest_init();
++
++	if (argc == 3)
++		{
++		in = fopen(argv[1], "r");
++		if (!in)
++			{
++			fprintf(stderr, "Error opening input file\n");
++			exit(1);
++			}
++		out = fopen(argv[2], "w");
++		if (!out)
++			{
++			fprintf(stderr, "Error opening output file\n");
++			exit(1);
++			}
++		}
++	else if (argc == 1)
++		{
++		in = stdin;
++		out = stdout;
++		}
++	else
++		{
++		fprintf(stderr,"%s (infile outfile)\n",argv[0]);
++		exit(1);
++		}
++
++	while (fgets(buf, sizeof(buf), in) != NULL)
++		{
++		fputs(buf, out);
++		if (drbg_type == DRBG_NONE)
++			{
++			if (strstr(buf, "CTR_DRBG"))
++				drbg_type = DRBG_CTR;
++			else if (strstr(buf, "Hash_DRBG"))
++				drbg_type = DRBG_HASH;
++			else if (strstr(buf, "HMAC_DRBG"))
++				drbg_type = DRBG_HMAC;
++			else if (strstr(buf, "Dual_EC_DRBG"))
++				drbg_type = DRBG_DUAL_EC;
++			else
++				continue;
++			}
++		if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
++			{
++			nid = dparse_md(buf);
++			if (nid == NID_undef)
++				exit(1);
++			if (drbg_type == DRBG_HMAC)
++				{
++				switch (nid)
++					{
++					case NID_sha1:
++					nid = NID_hmacWithSHA1;
++					break;
++
++					case NID_sha224:
++					nid = NID_hmacWithSHA224;
++					break;
++
++					case NID_sha256:
++					nid = NID_hmacWithSHA256;
++					break;
++
++					case NID_sha384:
++					nid = NID_hmacWithSHA384;
++					break;
++
++					case NID_sha512:
++					nid = NID_hmacWithSHA512;
++					break;
++
++					default:
++					exit(1);
++					}
++				}
++			}
++		if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
++			{
++			nid = parse_aes(buf, &df);
++			if (nid == NID_undef)
++				exit(1);
++			}
++		if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
++			{
++			nid = parse_ec(buf);
++			if (nid == NID_undef)
++				exit(1);
++			}
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++
++		if (!strcmp(keyword, "[PredictionResistance"))
++			{
++			if (!strcmp(value, "True]"))
++				pr = 1;
++			else if (!strcmp(value, "False]"))
++				pr = 0;
++			else
++				exit(1);
++			}
++
++		if (!strcmp(keyword, "EntropyInput"))
++			{
++			ent = hex2bin_m(value, &entlen);
++			t.ent = ent;
++			t.entlen = entlen;
++			}
++
++		if (!strcmp(keyword, "Nonce"))
++			{
++			nonce = hex2bin_m(value, &noncelen);
++			t.nonce = nonce;
++			t.noncelen = noncelen;
++			}
++
++		if (!strcmp(keyword, "PersonalizationString"))
++			{
++			pers = hex2bin_m(value, &perslen);
++			if (nid == 0)
++				{
++				fprintf(stderr, "DRBG type not recognised!\n");
++				exit (1);
++				}
++			dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
++			if (!dctx)
++				exit (1);
++			FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
++							test_nonce, 0);
++			FIPS_drbg_set_app_data(dctx, &t);
++			randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
++			r = FIPS_drbg_instantiate(dctx, pers, perslen);
++			if (!r)
++				{
++				fprintf(stderr, "Error instantiating DRBG\n");
++				exit(1);
++				}
++			OPENSSL_free(pers);
++			OPENSSL_free(ent);
++			OPENSSL_free(nonce);
++			ent = nonce = pers = NULL;
++			gen = 0;
++			}
++
++		if (!strcmp(keyword, "AdditionalInput"))
++			{
++			adin = hex2bin_m(value, &adinlen);
++			if (pr)
++				continue;
++			r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
++								adin, adinlen);
++			if (!r)
++				{
++				fprintf(stderr, "Error generating DRBG bits\n");
++				exit(1);
++				}
++			if (!r)
++				exit(1);
++			OPENSSL_free(adin);
++			adin = NULL;
++			gen++;
++			}
++
++		if (pr)
++			{
++			if (!strcmp(keyword, "EntropyInputPR"))
++				{
++				ent = hex2bin_m(value, &entlen);
++				t.ent = ent;
++				t.entlen = entlen;
++				r = FIPS_drbg_generate(dctx,
++							randout, randoutlen,
++							1, adin, adinlen);
++				if (!r)
++					{
++					fprintf(stderr,
++						"Error generating DRBG bits\n");
++					exit(1);
++					}
++				OPENSSL_free(adin);
++				OPENSSL_free(ent);
++				adin = ent = NULL;
++				gen++;
++				}
++			}
++		if (!strcmp(keyword, "EntropyInputReseed"))
++			{
++			ent = hex2bin_m(value, &entlen);
++			t.ent = ent;
++			t.entlen = entlen;
++			}
++		if (!strcmp(keyword, "AdditionalInputReseed"))
++			{
++			adin = hex2bin_m(value, &adinlen);
++			FIPS_drbg_reseed(dctx, adin, adinlen);
++			OPENSSL_free(ent);
++			OPENSSL_free(adin);
++			ent = adin = NULL;
++			}
++		if (gen == 2)
++			{
++			OutputValue("ReturnedBits", randout, randoutlen,
++									out, 0);
++			FIPS_drbg_free(dctx);
++			dctx = NULL;
++			gen = 0;
++			}
++
++		}
++	if (in && in != stdin)
++		fclose(in);
++	if (out && out != stdout)
++		fclose(out);
++	return 0;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c.fips	2013-10-04 11:48:04.180694136 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_dssvs.c	2013-10-04 11:48:04.180694136 +0200
+@@ -0,0 +1,537 @@
++#include <openssl/opensslconf.h>
++
++#ifndef OPENSSL_FIPS
++#include <stdio.h>
++
++int main(int argc, char **argv)
++{
++    printf("No FIPS DSA support\n");
++    return(0);
++}
++#else
++
++#include <openssl/bn.h>
++#include <openssl/dsa.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "fips_utl.h"
++
++static void pbn(const char *name, BIGNUM *bn)
++	{
++	int len, i;
++	unsigned char *tmp;
++	len = BN_num_bytes(bn);
++	tmp = OPENSSL_malloc(len);
++	if (!tmp)
++		{
++		fprintf(stderr, "Memory allocation error\n");
++		return;
++		}
++	BN_bn2bin(bn, tmp);
++	printf("%s = ", name);
++	for (i = 0; i < len; i++)
++		printf("%02X", tmp[i]);
++	fputs("\n", stdout);
++	OPENSSL_free(tmp);
++	return;
++	}
++
++void primes()
++    {
++    char buf[10240];
++    char lbuf[10240];
++    char *keyword, *value;
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	fputs(buf,stdout);
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		continue;
++	if(!strcmp(keyword,"Prime"))
++	    {
++	    BIGNUM *pp;
++
++	    pp=BN_new();
++	    do_hex2bn(&pp,value);
++	    printf("result= %c\n",
++		   BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
++	    }	    
++	}
++    }
++
++void pqg()
++    {
++    char buf[1024];
++    char lbuf[1024];
++    char *keyword, *value;
++    int nmod=0;
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		{
++		fputs(buf,stdout);
++		continue;
++		}
++	if(!strcmp(keyword,"[mod"))
++	    nmod=atoi(value);
++	else if(!strcmp(keyword,"N"))
++	    {
++	    int n=atoi(value);
++
++	    printf("[mod = %d]\n\n",nmod);
++
++	    while(n--)
++		{
++		unsigned char seed[20];
++		DSA *dsa;
++		int counter;
++		unsigned long h;
++		dsa = FIPS_dsa_new();
++
++		if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
++			{
++			do_print_errors();
++			exit(1);
++			}
++		pbn("P",dsa->p);
++		pbn("Q",dsa->q);
++		pbn("G",dsa->g);
++		pv("Seed",seed,20);
++		printf("c = %d\n",counter);
++		printf("H = %lx\n",h);
++		putc('\n',stdout);
++		}
++	    }
++	else
++	    fputs(buf,stdout);
++	}
++    }
++
++void pqgver()
++    {
++    char buf[1024];
++    char lbuf[1024];
++    char *keyword, *value;
++    BIGNUM *p = NULL, *q = NULL, *g = NULL;
++    int counter, counter2;
++    unsigned long h, h2;
++    DSA *dsa=NULL;
++    int nmod=0;
++    unsigned char seed[1024];
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		{
++		fputs(buf,stdout);
++		continue;
++		}
++	fputs(buf, stdout);
++	if(!strcmp(keyword,"[mod"))
++	    nmod=atoi(value);
++	else if(!strcmp(keyword,"P"))
++	    p=hex2bn(value);
++	else if(!strcmp(keyword,"Q"))
++	    q=hex2bn(value);
++	else if(!strcmp(keyword,"G"))
++	    g=hex2bn(value);
++	else if(!strcmp(keyword,"Seed"))
++	    {
++	    int slen = hex2bin(value, seed);
++	    if (slen != 20)
++		{
++		fprintf(stderr, "Seed parse length error\n");
++		exit (1);
++		}
++	    }
++	else if(!strcmp(keyword,"c"))
++	    counter =atoi(buf+4);
++	else if(!strcmp(keyword,"H"))
++	    {
++	    h = atoi(value);
++	    if (!p || !q || !g)
++		{
++		fprintf(stderr, "Parse Error\n");
++		exit (1);
++		}
++	    dsa = FIPS_dsa_new();
++	    if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
++			{
++			do_print_errors();
++			exit(1);
++			}
++            if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
++		|| (counter != counter2) || (h != h2))
++	    	printf("Result = F\n");
++	    else
++	    	printf("Result = P\n");
++	    BN_free(p);
++	    BN_free(q);
++	    BN_free(g);
++	    p = NULL;
++	    q = NULL;
++	    g = NULL;
++	    FIPS_dsa_free(dsa);
++	    dsa = NULL;
++	    }
++	}
++    }
++
++/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
++ * algorithm tests. It is an additional test to perform sanity checks on the
++ * output of the KeyPair test.
++ */
++
++static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
++							BN_CTX *ctx)
++    {
++    BIGNUM *rem = NULL;
++    if (BN_num_bits(p) != nmod)
++	return 0;
++    if (BN_num_bits(q) != 160)
++	return 0;
++    if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
++	return 0;
++    if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
++	return 0;
++    rem = BN_new();
++    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
++    	|| (BN_cmp(g, BN_value_one()) <= 0)
++	|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
++	{
++	BN_free(rem);
++	return 0;
++	}
++    /* Todo: check g */
++    BN_free(rem);
++    return 1;
++    }
++
++void keyver()
++    {
++    char buf[1024];
++    char lbuf[1024];
++    char *keyword, *value;
++    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
++    BIGNUM *Y2;
++    BN_CTX *ctx = NULL;
++    int nmod=0, paramcheck = 0;
++
++    ctx = BN_CTX_new();
++    Y2 = BN_new();
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		{
++		fputs(buf,stdout);
++		continue;
++		}
++	if(!strcmp(keyword,"[mod"))
++	    {
++	    if (p)
++		BN_free(p);
++	    p = NULL;
++	    if (q)
++		BN_free(q);
++	    q = NULL;
++	    if (g)
++		BN_free(g);
++	    g = NULL;
++	    paramcheck = 0;
++	    nmod=atoi(value);
++	    }
++	else if(!strcmp(keyword,"P"))
++	    p=hex2bn(value);
++	else if(!strcmp(keyword,"Q"))
++	    q=hex2bn(value);
++	else if(!strcmp(keyword,"G"))
++	    g=hex2bn(value);
++	else if(!strcmp(keyword,"X"))
++	    X=hex2bn(value);
++	else if(!strcmp(keyword,"Y"))
++	    {
++	    Y=hex2bn(value);
++	    if (!p || !q || !g || !X || !Y)
++		{
++		fprintf(stderr, "Parse Error\n");
++		exit (1);
++		}
++	    pbn("P",p);
++	    pbn("Q",q);
++	    pbn("G",g);
++	    pbn("X",X);
++	    pbn("Y",Y);
++	    if (!paramcheck)
++		{
++		if (dss_paramcheck(nmod, p, q, g, ctx))
++			paramcheck = 1;
++		else
++			paramcheck = -1;
++		}
++	    if (paramcheck != 1)
++	   	printf("Result = F\n");
++	    else
++		{
++		if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
++	    		printf("Result = F\n");
++	        else
++	    		printf("Result = P\n");
++		}
++	    BN_free(X);
++	    BN_free(Y);
++	    X = NULL;
++	    Y = NULL;
++	    }
++	}
++	if (p)
++	    BN_free(p);
++	if (q)
++	    BN_free(q);
++	if (g)
++	    BN_free(g);
++	if (Y2)
++	    BN_free(Y2);
++    }
++
++void keypair()
++    {
++    char buf[1024];
++    char lbuf[1024];
++    char *keyword, *value;
++    int nmod=0;
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		{
++		fputs(buf,stdout);
++		continue;
++		}
++	if(!strcmp(keyword,"[mod"))
++	    nmod=atoi(value);
++	else if(!strcmp(keyword,"N"))
++	    {
++	    DSA *dsa;
++	    int n=atoi(value);
++
++	    printf("[mod = %d]\n\n",nmod);
++	    dsa = FIPS_dsa_new();
++	    if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
++		{
++		do_print_errors();
++		exit(1);
++		}
++	    pbn("P",dsa->p);
++	    pbn("Q",dsa->q);
++	    pbn("G",dsa->g);
++	    putc('\n',stdout);
++
++	    while(n--)
++		{
++		if (!DSA_generate_key(dsa))
++			{
++			do_print_errors();
++			exit(1);
++			}
++
++		pbn("X",dsa->priv_key);
++		pbn("Y",dsa->pub_key);
++		putc('\n',stdout);
++		}
++	    }
++	}
++    }
++
++void siggen()
++    {
++    char buf[1024];
++    char lbuf[1024];
++    char *keyword, *value;
++    int nmod=0;
++    DSA *dsa=NULL;
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		{
++		fputs(buf,stdout);
++		continue;
++		}
++	if(!strcmp(keyword,"[mod"))
++	    {
++	    nmod=atoi(value);
++	    printf("[mod = %d]\n\n",nmod);
++	    if (dsa)
++		FIPS_dsa_free(dsa);
++	    dsa = FIPS_dsa_new();
++	    if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
++		{
++		do_print_errors();
++		exit(1);
++		}
++	    pbn("P",dsa->p);
++	    pbn("Q",dsa->q);
++	    pbn("G",dsa->g);
++	    putc('\n',stdout);
++	    }
++	else if(!strcmp(keyword,"Msg"))
++	    {
++	    unsigned char msg[1024];
++	    unsigned char sbuf[60];
++	    unsigned int slen;
++	    int n;
++	    EVP_PKEY pk;
++	    EVP_MD_CTX mctx;
++	    DSA_SIG *sig;
++	    EVP_MD_CTX_init(&mctx);
++
++	    n=hex2bin(value,msg);
++	    pv("Msg",msg,n);
++
++	    if (!DSA_generate_key(dsa))
++		{
++		do_print_errors();
++		exit(1);
++		}
++	    pk.type = EVP_PKEY_DSA;
++	    pk.pkey.dsa = dsa;
++	    pbn("Y",dsa->pub_key);
++
++	    EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
++	    EVP_SignUpdate(&mctx, msg, n);
++	    EVP_SignFinal(&mctx, sbuf, &slen, &pk);
++
++	    sig = DSA_SIG_new();
++	    FIPS_dsa_sig_decode(sig, sbuf, slen);
++
++	    pbn("R",sig->r);
++	    pbn("S",sig->s);
++	    putc('\n',stdout);
++	    DSA_SIG_free(sig);
++	    EVP_MD_CTX_cleanup(&mctx);
++	    }
++	}
++	if (dsa)
++		FIPS_dsa_free(dsa);
++    }
++
++void sigver()
++    {
++    DSA *dsa=NULL;
++    char buf[1024];
++    char lbuf[1024];
++    unsigned char msg[1024];
++    char *keyword, *value;
++    int nmod=0, n=0;
++    DSA_SIG sg, *sig = &sg;
++
++    sig->r = NULL;
++    sig->s = NULL;
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		{
++		fputs(buf,stdout);
++		continue;
++		}
++	if(!strcmp(keyword,"[mod"))
++	    {
++	    nmod=atoi(value);
++	    if(dsa)
++		FIPS_dsa_free(dsa);
++	    dsa=FIPS_dsa_new();
++	    }
++	else if(!strcmp(keyword,"P"))
++	    dsa->p=hex2bn(value);
++	else if(!strcmp(keyword,"Q"))
++	    dsa->q=hex2bn(value);
++	else if(!strcmp(keyword,"G"))
++	    {
++	    dsa->g=hex2bn(value);
++
++	    printf("[mod = %d]\n\n",nmod);
++	    pbn("P",dsa->p);
++	    pbn("Q",dsa->q);
++	    pbn("G",dsa->g);
++	    putc('\n',stdout);
++	    }
++	else if(!strcmp(keyword,"Msg"))
++	    {
++	    n=hex2bin(value,msg);
++	    pv("Msg",msg,n);
++	    }
++	else if(!strcmp(keyword,"Y"))
++	    dsa->pub_key=hex2bn(value);
++	else if(!strcmp(keyword,"R"))
++	    sig->r=hex2bn(value);
++	else if(!strcmp(keyword,"S"))
++	    {
++	    EVP_MD_CTX mctx;
++	    EVP_PKEY pk;
++	    unsigned char sigbuf[60];
++	    unsigned int slen;
++	    int r;
++	    EVP_MD_CTX_init(&mctx);
++	    pk.type = EVP_PKEY_DSA;
++	    pk.pkey.dsa = dsa;
++	    sig->s=hex2bn(value);
++	
++	    pbn("Y",dsa->pub_key);
++	    pbn("R",sig->r);
++	    pbn("S",sig->s);
++
++	    slen = FIPS_dsa_sig_encode(sigbuf, sig);
++	    EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
++	    EVP_VerifyUpdate(&mctx, msg, n);
++	    r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
++	    EVP_MD_CTX_cleanup(&mctx);
++	
++	    printf("Result = %c\n", r == 1 ? 'P' : 'F');
++	    putc('\n',stdout);
++	    }
++	}
++    }
++
++int main(int argc,char **argv)
++    {
++    if(argc != 2)
++	{
++	fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
++	exit(1);
++	}
++    if(!FIPS_mode_set(1))
++	{
++	do_print_errors();
++	exit(1);
++	}
++    if(!strcmp(argv[1],"prime"))
++	primes();
++    else if(!strcmp(argv[1],"pqg"))
++	pqg();
++    else if(!strcmp(argv[1],"pqgver"))
++	pqgver();
++    else if(!strcmp(argv[1],"keypair"))
++	keypair();
++    else if(!strcmp(argv[1],"keyver"))
++	keyver();
++    else if(!strcmp(argv[1],"siggen"))
++	siggen();
++    else if(!strcmp(argv[1],"sigver"))
++	sigver();
++    else
++	{
++	fprintf(stderr,"Don't know how to %s.\n",argv[1]);
++	exit(1);
++	}
++
++    return 0;
++    }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c.fips	2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_gcmtest.c	2013-10-04 11:48:04.181694158 +0200
+@@ -0,0 +1,571 @@
++/* fips/aes/fips_gcmtest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++
++#define OPENSSL_FIPSAPI
++#include <openssl/opensslconf.h>
++
++#ifndef OPENSSL_FIPS
++#include <stdio.h>
++
++int main(int argc, char **argv)
++{
++    printf("No FIPS GCM support\n");
++    return(0);
++}
++#else
++
++#include <openssl/bn.h>
++#include <openssl/dsa.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "fips_utl.h"
++
++static void gcmtest(FILE *in, FILE *out, int encrypt)
++	{
++	char buf[2048];
++	char lbuf[2048];
++	char *keyword, *value;
++	int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
++	int rv;
++	long l;
++	unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
++	unsigned char *ct = NULL, *pt = NULL;
++	EVP_CIPHER_CTX ctx;
++	const EVP_CIPHER *gcm = NULL;
++	FIPS_cipher_ctx_init(&ctx);
++
++	while(fgets(buf,sizeof buf,in) != NULL)
++		{
++		fputs(buf,out);
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++		if(!strcmp(keyword,"[Keylen"))
++			{
++			keylen = atoi(value);
++			if (keylen == 128)
++				gcm = EVP_aes_128_gcm();
++			else if (keylen == 192)
++				gcm = EVP_aes_192_gcm();
++			else if (keylen == 256)
++				gcm = EVP_aes_256_gcm();
++			else 
++				{
++				fprintf(stderr, "Unsupported keylen %d\n",
++							keylen);
++				}
++			keylen >>= 3;
++			}
++		else if (!strcmp(keyword, "[IVlen"))
++			ivlen = atoi(value) >> 3;
++		else if (!strcmp(keyword, "[AADlen"))
++			aadlen = atoi(value) >> 3;
++		else if (!strcmp(keyword, "[Taglen"))
++			taglen = atoi(value) >> 3;
++		else if (!strcmp(keyword, "[PTlen"))
++			ptlen = atoi(value) >> 3;
++		else if(!strcmp(keyword,"Key"))
++			{
++			key = hex2bin_m(value, &l);
++			if (l != keylen)
++				{
++				fprintf(stderr, "Inconsistent Key length\n");
++				exit(1);
++				}
++			}
++		else if(!strcmp(keyword,"IV"))
++			{
++			iv = hex2bin_m(value, &l);
++			if (l != ivlen)
++				{
++				fprintf(stderr, "Inconsistent IV length\n");
++				exit(1);
++				}
++			}
++		else if(!strcmp(keyword,"PT"))
++			{
++			pt = hex2bin_m(value, &l);
++			if (l != ptlen)
++				{
++				fprintf(stderr, "Inconsistent PT length\n");
++				exit(1);
++				}
++			}
++		else if(!strcmp(keyword,"CT"))
++			{
++			ct = hex2bin_m(value, &l);
++			if (l != ptlen)
++				{
++				fprintf(stderr, "Inconsistent CT length\n");
++				exit(1);
++				}
++			}
++		else if(!strcmp(keyword,"AAD"))
++			{
++			aad = hex2bin_m(value, &l);
++			if (l != aadlen)
++				{
++				fprintf(stderr, "Inconsistent AAD length\n");
++				exit(1);
++				}
++			}
++		else if(!strcmp(keyword,"Tag"))
++			{
++			tag = hex2bin_m(value, &l);
++			if (l != taglen)
++				{
++				fprintf(stderr, "Inconsistent Tag length\n");
++				exit(1);
++				}
++			}
++		if (encrypt && pt && aad && (iv || encrypt==1))
++			{
++			tag = OPENSSL_malloc(taglen);
++			FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
++			/* Relax FIPS constraints for testing */
++			M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
++			if (encrypt == 1)
++				{
++				static unsigned char iv_fixed[4] = {1,2,3,4};
++				if (!iv)
++					iv = OPENSSL_malloc(ivlen);
++				FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
++				FIPS_cipher_ctx_ctrl(&ctx,
++						EVP_CTRL_GCM_SET_IV_FIXED,
++						4, iv_fixed);
++				if (!FIPS_cipher_ctx_ctrl(&ctx,
++					EVP_CTRL_GCM_IV_GEN, 0, iv))
++					{
++					fprintf(stderr, "IV gen error\n");
++					exit(1);
++					}
++				OutputValue("IV", iv, ivlen, out, 0);
++				}
++			else
++				FIPS_cipherinit(&ctx, NULL, key, iv, 1);
++
++
++			if (aadlen)
++				FIPS_cipher(&ctx, NULL, aad, aadlen);
++			if (ptlen)
++				{
++				ct = OPENSSL_malloc(ptlen);
++				rv = FIPS_cipher(&ctx, ct, pt, ptlen);
++				}
++			FIPS_cipher(&ctx, NULL, NULL, 0);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
++								taglen, tag);	
++			OutputValue("CT", ct, ptlen, out, 0);
++			OutputValue("Tag", tag, taglen, out, 0);
++			if (iv)
++				OPENSSL_free(iv);
++			if (aad)
++				OPENSSL_free(aad);
++			if (ct)
++				OPENSSL_free(ct);
++			if (pt)
++				OPENSSL_free(pt);
++			if (key)
++				OPENSSL_free(key);
++			if (tag)
++				OPENSSL_free(tag);
++			iv = aad = ct = pt = key = tag = NULL;
++			}	
++		if (!encrypt && tag)
++			{
++			FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
++			/* Relax FIPS constraints for testing */
++			M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
++			FIPS_cipherinit(&ctx, NULL, key, iv, 0);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
++			if (aadlen)
++				FIPS_cipher(&ctx, NULL, aad, aadlen);
++			if (ptlen)
++				{
++				pt = OPENSSL_malloc(ptlen);
++				rv = FIPS_cipher(&ctx, pt, ct, ptlen);
++				}
++			rv = FIPS_cipher(&ctx, NULL, NULL, 0);
++			if (rv < 0)
++				fprintf(out, "FAIL" RESP_EOL);
++			else
++				OutputValue("PT", pt, ptlen, out, 0);
++			if (iv)
++				OPENSSL_free(iv);
++			if (aad)
++				OPENSSL_free(aad);
++			if (ct)
++				OPENSSL_free(ct);
++			if (pt)
++				OPENSSL_free(pt);
++			if (key)
++				OPENSSL_free(key);
++			if (tag)
++				OPENSSL_free(tag);
++			iv = aad = ct = pt = key = tag = NULL;
++			}
++		}
++	FIPS_cipher_ctx_cleanup(&ctx);	
++	}
++
++static void xtstest(FILE *in, FILE *out)
++	{
++	char buf[204800];
++	char lbuf[204800];
++	char *keyword, *value;
++	int inlen = 0;
++	int encrypt = 0;
++	long l;
++	unsigned char *key = NULL, *iv = NULL;
++	unsigned char *inbuf = NULL, *outbuf = NULL;
++	EVP_CIPHER_CTX ctx;
++	const EVP_CIPHER *xts = NULL;
++	FIPS_cipher_ctx_init(&ctx);
++
++	while(fgets(buf,sizeof buf,in) != NULL)
++		{
++		fputs(buf,out);
++		if (buf[0] == '[' && strlen(buf) >= 9)
++			{
++			if(!strncmp(buf,"[ENCRYPT]", 9))
++				encrypt = 1;
++			else if(!strncmp(buf,"[DECRYPT]", 9))
++				encrypt = 0;
++			}
++		if  (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++		else if(!strcmp(keyword,"Key"))
++			{
++			key = hex2bin_m(value, &l);
++			if (l == 32)
++				xts = EVP_aes_128_xts();
++			else if (l == 64)
++				xts = EVP_aes_256_xts();
++			else
++				{
++				fprintf(stderr, "Inconsistent Key length\n");
++				exit(1);
++				}
++			}
++		else if(!strcmp(keyword,"i"))
++			{
++			iv = hex2bin_m(value, &l);
++			if (l != 16)
++				{
++				fprintf(stderr, "Inconsistent i length\n");
++				exit(1);
++				}
++			}
++		else if(encrypt && !strcmp(keyword,"PT"))
++			{
++			inbuf = hex2bin_m(value, &l);
++			inlen = l;
++			}
++		else if(!encrypt && !strcmp(keyword,"CT"))
++			{
++			inbuf = hex2bin_m(value, &l);
++			inlen = l;
++			}
++		if (inbuf)
++			{
++			FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
++			outbuf = OPENSSL_malloc(inlen);
++			FIPS_cipher(&ctx, outbuf, inbuf, inlen);
++			OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
++			OPENSSL_free(inbuf);
++			OPENSSL_free(outbuf);
++			OPENSSL_free(key);
++			OPENSSL_free(iv);
++			iv = key = inbuf = outbuf = NULL;
++			}	
++		}
++	FIPS_cipher_ctx_cleanup(&ctx);	
++	}
++
++static void ccmtest(FILE *in, FILE *out)
++	{
++	char buf[200048];
++	char lbuf[200048];
++	char *keyword, *value;
++	long l;
++	unsigned char *Key = NULL, *Nonce = NULL;
++	unsigned char *Adata = NULL, *Payload = NULL;
++	unsigned char *CT = NULL;
++	int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
++	int decr = 0;
++	EVP_CIPHER_CTX ctx;
++	const EVP_CIPHER *ccm = NULL;
++	FIPS_cipher_ctx_init(&ctx);
++
++	while(fgets(buf,sizeof buf,in) != NULL)
++		{
++		char *p;
++		fputs(buf,out);
++		redo:
++		if (!parse_line(&keyword, &value, lbuf, buf))
++			continue;
++
++		/* If surrounded by square brackets zap them */
++		if (keyword[0] == '[')
++			{
++			keyword++;
++			p = strchr(value, ']');
++			if (p)
++				*p = 0;
++			}
++		/* See if we have a comma separated list of parameters
++		 * if so copy rest of line back to buffer and redo later.
++		 */
++		p = strchr(value, ',');
++		if (p)
++			{
++			*p = 0;
++			strcpy(buf, p + 1);
++			strcat(buf, "\n");
++			decr = 1;
++			}
++		if (!strcmp(keyword,"Plen"))
++			Plen = atoi(value);
++		else if (!strcmp(keyword,"Nlen"))
++			Nlen = atoi(value);
++		else if (!strcmp(keyword,"Tlen"))
++			Tlen = atoi(value);
++		else if (!strcmp(keyword,"Alen"))
++			Alen = atoi(value);
++		if (p)
++			goto redo;
++		if (!strcmp(keyword,"Key"))
++			{
++			if (Key)
++				OPENSSL_free(Key);
++			Key = hex2bin_m(value, &l);
++			if (l == 16)
++				ccm = EVP_aes_128_ccm();
++			else if (l == 24)
++				ccm = EVP_aes_192_ccm();
++			else if (l == 32)
++				ccm = EVP_aes_256_ccm();
++			else
++				{
++				fprintf(stderr, "Inconsistent Key length\n");
++				exit(1);
++				}
++			}
++		else if (!strcmp(keyword,"Nonce"))
++			{
++			if (Nonce)
++				OPENSSL_free(Nonce);
++			Nonce = hex2bin_m(value, &l);
++			if (l != Nlen)
++				{
++				fprintf(stderr, "Inconsistent nonce length\n");
++				exit(1);
++				}
++			}
++		else if (!strcmp(keyword,"Payload") && !decr)
++			{
++			Payload = hex2bin_m(value, &l);
++			if (Plen && l != Plen)
++				{
++				fprintf(stderr, "Inconsistent Payload length\n");
++				exit(1);
++				}
++			}
++		else if (!strcmp(keyword,"Adata"))
++			{
++			if (Adata)
++				OPENSSL_free(Adata);
++			Adata = hex2bin_m(value, &l);
++			if (Alen && l != Alen)
++				{
++				fprintf(stderr, "Inconsistent Payload length\n");
++				exit(1);
++				}
++			}
++		else if (!strcmp(keyword,"CT") && decr)
++			{
++			CT = hex2bin_m(value, &l);
++			if (l != (Plen + Tlen))
++				{
++				fprintf(stderr, "Inconsistent CT length\n");
++				exit(1);
++				}
++			}
++		if (Payload)
++			{
++			FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
++			FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
++
++			FIPS_cipher(&ctx, NULL, NULL, Plen);
++			FIPS_cipher(&ctx, NULL, Adata, Alen);
++			CT = OPENSSL_malloc(Plen + Tlen);
++			FIPS_cipher(&ctx, CT, Payload, Plen);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
++						CT + Plen);
++			OutputValue("CT", CT, Plen + Tlen, out, 0);
++			OPENSSL_free(CT);
++			OPENSSL_free(Payload);
++			CT = Payload = NULL;
++			}
++		if (CT)
++			{
++			int rv;
++			int len = Plen == 0 ? 1: Plen;
++			FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
++			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
++						Tlen, CT + Plen);
++			FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
++			FIPS_cipher(&ctx, NULL, NULL, Plen);
++			FIPS_cipher(&ctx, NULL, Adata, Alen);
++			Payload = OPENSSL_malloc(len);
++			rv = FIPS_cipher(&ctx, Payload, CT, Plen);
++			if (rv >= 0)
++				{
++				if (rv == 0)
++					Payload[0] = 0;
++				fputs("Result = Pass" RESP_EOL, out);
++				OutputValue("Payload", Payload, len, out, 0);
++				}
++			else
++				fputs("Result = Fail" RESP_EOL, out);
++			OPENSSL_free(CT);
++			OPENSSL_free(Payload);
++			CT = Payload = NULL;
++			}
++		}
++	if (Key)
++		OPENSSL_free(Key);
++	if (Nonce)
++		OPENSSL_free(Nonce);
++	if (Adata)
++		OPENSSL_free(Adata);
++	FIPS_cipher_ctx_cleanup(&ctx);
++	}
++
++#ifdef FIPS_ALGVS
++int fips_gcmtest_main(int argc, char **argv)
++#else
++int main(int argc, char **argv)
++#endif
++	{
++	int encrypt;
++	int xts = 0, ccm = 0;
++	FILE *in, *out;
++	if (argc == 4)
++		{
++		in = fopen(argv[2], "r");
++		if (!in)
++			{
++			fprintf(stderr, "Error opening input file\n");
++			exit(1);
++			}
++		out = fopen(argv[3], "w");
++		if (!out)
++			{
++			fprintf(stderr, "Error opening output file\n");
++			exit(1);
++			}
++		}
++	else if (argc == 2)
++		{
++		in = stdin;
++		out = stdout;
++		}
++	else
++		{
++		fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
++		exit(1);
++		}
++	fips_algtest_init();
++	if(!strcmp(argv[1],"-encrypt"))
++		encrypt = 1;
++	else if(!strcmp(argv[1],"-encryptIVext"))
++		encrypt = 2;
++	else if(!strcmp(argv[1],"-decrypt"))
++		encrypt = 0;
++	else if(!strcmp(argv[1],"-ccm"))
++		ccm = 1;
++	else if(!strcmp(argv[1],"-xts"))
++		xts = 1;
++	else
++		{
++		fprintf(stderr,"Don't know how to %s.\n",argv[1]);
++		exit(1);
++		}
++
++	if (ccm)
++		ccmtest(in, out);
++	else if (xts)
++		xtstest(in, out);
++	else
++		gcmtest(in, out, encrypt);
++
++	if (argc == 4)
++		{
++		fclose(in);
++		fclose(out);
++		}
++
++	return 0;
++}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c.fips	2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rngvs.c	2013-10-04 11:48:04.181694158 +0200
+@@ -0,0 +1,230 @@
++/*
++ * Crude test driver for processing the VST and MCT testvector files
++ * generated by the CMVP RNGVS product.
++ *
++ * Note the input files are assumed to have a _very_ specific format
++ * as described in the NIST document "The Random Number Generator
++ * Validation System (RNGVS)", May 25, 2004.
++ *
++ */
++#include <openssl/opensslconf.h>
++
++#ifndef OPENSSL_FIPS
++#include <stdio.h>
++
++int main(int argc, char **argv)
++{
++    printf("No FIPS RNG support\n");
++    return 0;
++}
++#else
++
++#include <openssl/bn.h>
++#include <openssl/dsa.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/rand.h>
++#include <openssl/fips_rand.h>
++#include <openssl/x509v3.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "fips_utl.h"
++
++void vst()
++    {
++    unsigned char *key = NULL;
++    unsigned char *v = NULL;
++    unsigned char *dt = NULL;
++    unsigned char ret[16];
++    char buf[1024];
++    char lbuf[1024];
++    char *keyword, *value;
++    long i, keylen;
++
++    keylen = 0;
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	fputs(buf,stdout);
++	if(!strncmp(buf,"[AES 128-Key]", 13))
++		keylen = 16;
++	else if(!strncmp(buf,"[AES 192-Key]", 13))
++		keylen = 24;
++	else if(!strncmp(buf,"[AES 256-Key]", 13))
++		keylen = 32;
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		continue;
++	if(!strcmp(keyword,"Key"))
++	    {
++	    key=hex2bin_m(value,&i);
++	    if (i != keylen)
++		{
++		fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
++		return;
++		}
++	    }
++	else if(!strcmp(keyword,"DT"))
++	    {
++	    dt=hex2bin_m(value,&i);
++	    if (i != 16)
++		{
++		fprintf(stderr, "Invalid DT length\n");
++		return;
++		}
++	    }
++	else if(!strcmp(keyword,"V"))
++	    {
++	    v=hex2bin_m(value,&i);
++	    if (i != 16)
++		{
++		fprintf(stderr, "Invalid V length\n");
++		return;
++		}
++
++	    if (!key || !dt)
++		{
++		fprintf(stderr, "Missing key or DT\n");
++		return;
++		}
++
++	    FIPS_x931_set_key(key, keylen);
++	    FIPS_x931_seed(v,16);
++	    FIPS_x931_set_dt(dt);
++	    if (FIPS_x931_bytes(ret,16) <= 0)
++		{
++		fprintf(stderr, "Error getting PRNG value\n");
++	        return;
++	        }
++
++	    pv("R",ret,16);
++	    OPENSSL_free(key);
++	    key = NULL;
++	    OPENSSL_free(dt);
++	    dt = NULL;
++	    OPENSSL_free(v);
++	    v = NULL;
++	    }
++	}
++    }
++
++void mct()
++    {
++    unsigned char *key = NULL;
++    unsigned char *v = NULL;
++    unsigned char *dt = NULL;
++    unsigned char ret[16];
++    char buf[1024];
++    char lbuf[1024];
++    char *keyword, *value;
++    long i, keylen;
++    int j;
++
++    keylen = 0;
++
++    while(fgets(buf,sizeof buf,stdin) != NULL)
++	{
++	fputs(buf,stdout);
++	if(!strncmp(buf,"[AES 128-Key]", 13))
++		keylen = 16;
++	else if(!strncmp(buf,"[AES 192-Key]", 13))
++		keylen = 24;
++	else if(!strncmp(buf,"[AES 256-Key]", 13))
++		keylen = 32;
++	if (!parse_line(&keyword, &value, lbuf, buf))
++		continue;
++	if(!strcmp(keyword,"Key"))
++	    {
++	    key=hex2bin_m(value,&i);
++	    if (i != keylen)
++		{
++		fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
++		return;
++		}
++	    }
++	else if(!strcmp(keyword,"DT"))
++	    {
++	    dt=hex2bin_m(value,&i);
++	    if (i != 16)
++		{
++		fprintf(stderr, "Invalid DT length\n");
++		return;
++		}
++	    }
++	else if(!strcmp(keyword,"V"))
++	    {
++	    v=hex2bin_m(value,&i);
++	    if (i != 16)
++		{
++		fprintf(stderr, "Invalid V length\n");
++		return;
++		}
++
++	    if (!key || !dt)
++		{
++		fprintf(stderr, "Missing key or DT\n");
++		return;
++		}
++
++	    FIPS_x931_set_key(key, keylen);
++	    FIPS_x931_seed(v,16);
++	    for (i = 0; i < 10000; i++)
++		{
++		    FIPS_x931_set_dt(dt);
++		    if (FIPS_x931_bytes(ret,16) <= 0)
++			{
++			fprintf(stderr, "Error getting PRNG value\n");
++		        return;
++		        }
++		    /* Increment DT */
++		    for (j = 15; j >= 0; j--)
++			{
++			dt[j]++;
++			if (dt[j])
++				break;
++			}
++		}
++
++	    pv("R",ret,16);
++	    OPENSSL_free(key);
++	    key = NULL;
++	    OPENSSL_free(dt);
++	    dt = NULL;
++	    OPENSSL_free(v);
++	    v = NULL;
++	    }
++	}
++    }
++
++int main(int argc,char **argv)
++    {
++    if(argc != 2)
++	{
++	fprintf(stderr,"%s [mct|vst]\n",argv[0]);
++	exit(1);
++	}
++    if(!FIPS_mode_set(1))
++	{
++	do_print_errors();
++	exit(1);
++	}
++    FIPS_x931_reset();
++    if (!FIPS_x931_test_mode())
++	{
++	fprintf(stderr, "Error setting PRNG test mode\n");
++	do_print_errors();
++	exit(1);
++	}
++    if(!strcmp(argv[1],"mct"))
++	mct();
++    else if(!strcmp(argv[1],"vst"))
++	vst();
++    else
++	{
++	fprintf(stderr,"Don't know how to %s.\n",argv[1]);
++	exit(1);
++	}
++
++    return 0;
++    }
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c.fips	2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsagtest.c	2013-10-04 11:48:04.181694158 +0200
+@@ -0,0 +1,390 @@
++/* fips_rsagtest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project 2005.
++ */
++/* ====================================================================
++ * Copyright (c) 2005,2007 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <ctype.h>
++#include <string.h>
++#include <openssl/bio.h>
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++#include <openssl/err.h>
++#include <openssl/rsa.h>
++#include <openssl/bn.h>
++#include <openssl/x509v3.h>
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char *argv[])
++{
++    printf("No FIPS RSA support\n");
++    return(0);
++}
++
++#else
++
++#include "fips_utl.h"
++
++int rsa_test(FILE *out, FILE *in);
++static int rsa_printkey1(FILE *out, RSA *rsa,
++		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
++		BIGNUM *e);
++static int rsa_printkey2(FILE *out, RSA *rsa,
++		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
++
++int main(int argc, char **argv)
++	{
++	FILE *in = NULL, *out = NULL;
++
++	int ret = 1;
++
++	if(!FIPS_mode_set(1))
++		{
++		do_print_errors();
++		goto end;
++		}
++
++	if (argc == 1)
++		in = stdin;
++	else
++		in = fopen(argv[1], "r");
++
++	if (argc < 2)
++		out = stdout;
++	else
++		out = fopen(argv[2], "w");
++
++	if (!in)
++		{
++		fprintf(stderr, "FATAL input initialization error\n");
++		goto end;
++		}
++
++	if (!out)
++		{
++		fprintf(stderr, "FATAL output initialization error\n");
++		goto end;
++		}
++
++	if (!rsa_test(out, in))
++		{
++		fprintf(stderr, "FATAL RSAGTEST file processing error\n");
++		goto end;
++		}
++	else
++		ret = 0;
++
++	end:
++
++	if (ret)
++		do_print_errors();
++
++	if (in && (in != stdin))
++		fclose(in);
++	if (out && (out != stdout))
++		fclose(out);
++
++	return ret;
++
++	}
++
++#define RSA_TEST_MAXLINELEN	10240
++
++int rsa_test(FILE *out, FILE *in)
++	{
++	char *linebuf, *olinebuf, *p, *q;
++	char *keyword, *value;
++	RSA *rsa = NULL;
++	BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
++	BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
++	BIGNUM *e = NULL;
++	int ret = 0;
++	int lnum = 0;
++
++	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
++	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
++
++	if (!linebuf || !olinebuf)
++		goto error;
++
++	while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
++		{
++		lnum++;
++		strcpy(linebuf, olinebuf);
++		keyword = linebuf;
++		/* Skip leading space */
++		while (isspace((unsigned char)*keyword))
++			keyword++;
++
++		/* Look for = sign */
++		p = strchr(linebuf, '=');
++
++		/* If no = or starts with [ (for [foo = bar] line) just copy */
++		if (!p || *keyword=='[')
++			{
++			if (fputs(olinebuf, out) < 0)
++				goto error;
++			continue;
++			}
++
++		q = p - 1;
++
++		/* Remove trailing space */
++		while (isspace((unsigned char)*q))
++			*q-- = 0;
++
++		*p = 0;
++		value = p + 1;
++
++		/* Remove leading space from value */
++		while (isspace((unsigned char)*value))
++			value++;
++
++		/* Remove trailing space from value */
++		p = value + strlen(value) - 1;
++
++		while (*p == '\n' || isspace((unsigned char)*p))
++			*p-- = 0;
++
++		if (!strcmp(keyword, "xp1"))
++			{
++			if (Xp1 || !do_hex2bn(&Xp1,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "xp2"))
++			{
++			if (Xp2 || !do_hex2bn(&Xp2,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Xp"))
++			{
++			if (Xp || !do_hex2bn(&Xp,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "xq1"))
++			{
++			if (Xq1 || !do_hex2bn(&Xq1,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "xq2"))
++			{
++			if (Xq2 || !do_hex2bn(&Xq2,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Xq"))
++			{
++			if (Xq || !do_hex2bn(&Xq,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "e"))
++			{
++			if (e || !do_hex2bn(&e,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "p1"))
++			continue;
++		else if (!strcmp(keyword, "p2"))
++			continue;
++		else if (!strcmp(keyword, "p"))
++			continue;
++		else if (!strcmp(keyword, "q1"))
++			continue;
++		else if (!strcmp(keyword, "q2"))
++			continue;
++		else if (!strcmp(keyword, "q"))
++			continue;
++		else if (!strcmp(keyword, "n"))
++			continue;
++		else if (!strcmp(keyword, "d"))
++			continue;
++		else
++			goto parse_error;
++
++		fputs(olinebuf, out);
++
++		if (e && Xp1 && Xp2 && Xp)
++			{
++			rsa = FIPS_rsa_new();
++			if (!rsa)
++				goto error;
++			if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
++				goto error;
++			BN_free(Xp1);
++			Xp1 = NULL;
++			BN_free(Xp2);
++			Xp2 = NULL;
++			BN_free(Xp);
++			Xp = NULL;
++			BN_free(e);
++			e = NULL;
++			}
++
++		if (rsa && Xq1 && Xq2 && Xq)
++			{
++			if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
++				goto error;
++			BN_free(Xq1);
++			Xq1 = NULL;
++			BN_free(Xq2);
++			Xq2 = NULL;
++			BN_free(Xq);
++			Xq = NULL;
++			FIPS_rsa_free(rsa);
++			rsa = NULL;
++			}
++		}
++
++	ret = 1;
++
++	error:
++
++	if (olinebuf)
++		OPENSSL_free(olinebuf);
++	if (linebuf)
++		OPENSSL_free(linebuf);
++
++	if (Xp1)
++		BN_free(Xp1);
++	if (Xp2)
++		BN_free(Xp2);
++	if (Xp)
++		BN_free(Xp);
++	if (Xq1)
++		BN_free(Xq1);
++	if (Xq1)
++		BN_free(Xq1);
++	if (Xq2)
++		BN_free(Xq2);
++	if (Xq)
++		BN_free(Xq);
++	if (e)
++		BN_free(e);
++	if (rsa)
++		FIPS_rsa_free(rsa);
++
++	return ret;
++
++	parse_error:
++
++	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
++
++	goto error;
++
++	}
++
++static int rsa_printkey1(FILE *out, RSA *rsa,
++		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
++		BIGNUM *e)
++	{
++	int ret = 0;
++	BIGNUM *p1 = NULL, *p2 = NULL;
++	p1 = BN_new();
++	p2 = BN_new();
++	if (!p1 || !p2)
++		goto error;
++
++	if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
++						NULL, NULL, NULL, e, NULL))
++		goto error;
++
++	do_bn_print_name(out, "p1", p1);
++	do_bn_print_name(out, "p2", p2);
++	do_bn_print_name(out, "p", rsa->p);
++
++	ret = 1;
++
++	error:
++	if (p1)
++		BN_free(p1);
++	if (p2)
++		BN_free(p2);
++
++	return ret;
++	}
++
++static int rsa_printkey2(FILE *out, RSA *rsa,
++		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
++	{
++	int ret = 0;
++	BIGNUM *q1 = NULL, *q2 = NULL;
++	q1 = BN_new();
++	q2 = BN_new();
++	if (!q1 || !q2)
++		goto error;
++
++	if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
++						Xq1, Xq2, Xq, NULL, NULL))
++		goto error;
++
++	do_bn_print_name(out, "q1", q1);
++	do_bn_print_name(out, "q2", q2);
++	do_bn_print_name(out, "q", rsa->q);
++	do_bn_print_name(out, "n", rsa->n);
++	do_bn_print_name(out, "d", rsa->d);
++
++	ret = 1;
++
++	error:
++	if (q1)
++		BN_free(q1);
++	if (q2)
++		BN_free(q2);
++
++	return ret;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c.fips	2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsastest.c	2013-10-04 11:48:04.181694158 +0200
+@@ -0,0 +1,370 @@
++/* fips_rsastest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project 2005.
++ */
++/* ====================================================================
++ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <ctype.h>
++#include <string.h>
++#include <openssl/bio.h>
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++#include <openssl/err.h>
++#include <openssl/rsa.h>
++#include <openssl/bn.h>
++#include <openssl/x509v3.h>
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char *argv[])
++{
++    printf("No FIPS RSA support\n");
++    return(0);
++}
++
++#else
++
++#include "fips_utl.h"
++
++static int rsa_stest(FILE *out, FILE *in, int Saltlen);
++static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
++		unsigned char *Msg, long Msglen, int Saltlen);
++
++int main(int argc, char **argv)
++	{
++	FILE *in = NULL, *out = NULL;
++
++	int ret = 1, Saltlen = -1;
++
++	if(!FIPS_mode_set(1))
++		{
++		do_print_errors();
++		goto end;
++		}
++
++	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
++		{
++		Saltlen = atoi(argv[2]);
++		if (Saltlen < 0)
++			{
++			fprintf(stderr, "FATAL: Invalid salt length\n");
++			goto end;
++			}
++		argc -= 2;
++		argv += 2;
++		}
++	else if ((argc > 1) && !strcmp("-x931", argv[1]))
++		{
++		Saltlen = -2;
++		argc--;
++		argv++;
++		}
++
++	if (argc == 1)
++		in = stdin;
++	else
++		in = fopen(argv[1], "r");
++
++	if (argc < 2)
++		out = stdout;
++	else
++		out = fopen(argv[2], "w");
++
++	if (!in)
++		{
++		fprintf(stderr, "FATAL input initialization error\n");
++		goto end;
++		}
++
++	if (!out)
++		{
++		fprintf(stderr, "FATAL output initialization error\n");
++		goto end;
++		}
++
++	if (!rsa_stest(out, in, Saltlen))
++		{
++		fprintf(stderr, "FATAL RSASTEST file processing error\n");
++		goto end;
++		}
++	else
++		ret = 0;
++
++	end:
++
++	if (ret)
++		do_print_errors();
++
++	if (in && (in != stdin))
++		fclose(in);
++	if (out && (out != stdout))
++		fclose(out);
++
++	return ret;
++
++	}
++
++#define RSA_TEST_MAXLINELEN	10240
++
++int rsa_stest(FILE *out, FILE *in, int Saltlen)
++	{
++	char *linebuf, *olinebuf, *p, *q;
++	char *keyword, *value;
++	RSA *rsa = NULL;
++	const EVP_MD *dgst = NULL;
++	unsigned char *Msg = NULL;
++	long Msglen = -1;
++	int keylen = -1, current_keylen = -1;
++	int ret = 0;
++	int lnum = 0;
++
++	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
++	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
++
++	if (!linebuf || !olinebuf)
++		goto error;
++
++	while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
++		{
++		lnum++;
++		strcpy(linebuf, olinebuf);
++		keyword = linebuf;
++		/* Skip leading space */
++		while (isspace((unsigned char)*keyword))
++			keyword++;
++
++		/* Look for = sign */
++		p = strchr(linebuf, '=');
++
++		/* If no = just copy */
++		if (!p)
++			{
++			if (fputs(olinebuf, out) < 0)
++				goto error;
++			continue;
++			}
++
++		q = p - 1;
++
++		/* Remove trailing space */
++		while (isspace((unsigned char)*q))
++			*q-- = 0;
++
++		*p = 0;
++		value = p + 1;
++
++		/* Remove leading space from value */
++		while (isspace((unsigned char)*value))
++			value++;
++
++		/* Remove trailing space from value */
++		p = value + strlen(value) - 1;
++
++		while (*p == '\n' || isspace((unsigned char)*p))
++			*p-- = 0;
++
++		/* Look for [mod = XXX] for key length */
++
++		if (!strcmp(keyword, "[mod"))
++			{
++			p = value + strlen(value) - 1;
++			if (*p != ']')
++				goto parse_error;
++			*p = 0;
++			keylen = atoi(value);
++			if (keylen < 0)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "SHAAlg"))
++			{
++			if (!strcmp(value, "SHA1"))
++				dgst = EVP_sha1();
++			else if (!strcmp(value, "SHA224"))
++				dgst = EVP_sha224();
++			else if (!strcmp(value, "SHA256"))
++				dgst = EVP_sha256();
++			else if (!strcmp(value, "SHA384"))
++				dgst = EVP_sha384();
++			else if (!strcmp(value, "SHA512"))
++				dgst = EVP_sha512();
++			else
++				{
++				fprintf(stderr,
++					"FATAL: unsupported algorithm \"%s\"\n",
++								value);
++				goto parse_error;
++				}
++			}
++		else if (!strcmp(keyword, "Msg"))
++			{
++			if (Msg)
++				goto parse_error;
++			if (strlen(value) & 1)
++				*(--value) = '0';
++			Msg = hex2bin_m(value, &Msglen);
++			if (!Msg)
++				goto parse_error;
++			}
++
++		fputs(olinebuf, out);
++
++		/* If key length has changed, generate and output public
++		 * key components of new RSA private key.
++		 */
++
++		if (keylen != current_keylen)
++			{
++			BIGNUM *bn_e;
++			if (rsa)
++				FIPS_rsa_free(rsa);
++			rsa = FIPS_rsa_new();
++			if (!rsa)
++				goto error;
++			bn_e = BN_new();
++			if (!bn_e || !BN_set_word(bn_e, 0x1001))
++				goto error;
++			if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
++				goto error;
++			BN_free(bn_e);
++			fputs("n = ", out);
++			do_bn_print(out, rsa->n);
++			fputs("\ne = ", out);
++			do_bn_print(out, rsa->e);
++			fputs("\n", out);
++			current_keylen = keylen;
++			}
++
++		if (Msg && dgst)
++			{
++			if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
++								Saltlen))
++				goto error;
++			OPENSSL_free(Msg);
++			Msg = NULL;
++			}
++
++		}
++
++	ret = 1;
++
++	error:
++
++	if (olinebuf)
++		OPENSSL_free(olinebuf);
++	if (linebuf)
++		OPENSSL_free(linebuf);
++	if (rsa)
++		FIPS_rsa_free(rsa);
++
++	return ret;
++
++	parse_error:
++
++	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
++
++	goto error;
++
++	}
++
++static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
++		unsigned char *Msg, long Msglen, int Saltlen)
++	{
++	int ret = 0;
++	unsigned char *sigbuf = NULL;
++	int i, siglen;
++	/* EVP_PKEY structure */
++	EVP_PKEY pk;
++	EVP_MD_CTX ctx;
++	pk.type = EVP_PKEY_RSA;
++	pk.pkey.rsa = rsa;
++
++	siglen = RSA_size(rsa);
++	sigbuf = OPENSSL_malloc(siglen);
++	if (!sigbuf)
++		goto error;
++
++	EVP_MD_CTX_init(&ctx);
++
++	if (Saltlen >= 0)
++		{
++		M_EVP_MD_CTX_set_flags(&ctx,
++			EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
++		}
++	else if (Saltlen == -2)
++		M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
++	if (!EVP_SignInit_ex(&ctx, dgst, NULL))
++		goto error;
++	if (!EVP_SignUpdate(&ctx, Msg, Msglen))
++		goto error;
++	if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
++		goto error;
++
++	EVP_MD_CTX_cleanup(&ctx);
++
++	fputs("S = ", out);
++
++	for (i = 0; i < siglen; i++)
++		fprintf(out, "%02X", sigbuf[i]);
++
++	fputs("\n", out);
++
++	ret = 1;
++
++	error:
++
++	return ret;
++	}
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c.fips	2013-10-04 11:48:04.181694158 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_rsavtest.c	2013-10-04 11:48:04.181694158 +0200
+@@ -0,0 +1,377 @@
++/* fips_rsavtest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project 2005.
++ */
++/* ====================================================================
++ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <ctype.h>
++#include <string.h>
++#include <openssl/bio.h>
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++#include <openssl/err.h>
++#include <openssl/x509v3.h>
++#include <openssl/bn.h>
++#include <openssl/rsa.h>
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char *argv[])
++{
++    printf("No FIPS RSA support\n");
++    return(0);
++}
++
++#else
++
++#include "fips_utl.h"
++
++int rsa_test(FILE *out, FILE *in, int saltlen);
++static int rsa_printver(FILE *out,
++		BIGNUM *n, BIGNUM *e,
++		const EVP_MD *dgst,
++		unsigned char *Msg, long Msglen,
++		unsigned char *S, long Slen, int Saltlen);
++
++int main(int argc, char **argv)
++	{
++	FILE *in = NULL, *out = NULL;
++
++	int ret = 1;
++	int Saltlen = -1;
++
++	if(!FIPS_mode_set(1))
++		{
++		do_print_errors();
++		goto end;
++		}
++
++	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
++		{
++		Saltlen = atoi(argv[2]);
++		if (Saltlen < 0)
++			{
++			fprintf(stderr, "FATAL: Invalid salt length\n");
++			goto end;
++			}
++		argc -= 2;
++		argv += 2;
++		}
++	else if ((argc > 1) && !strcmp("-x931", argv[1]))
++		{
++		Saltlen = -2;
++		argc--;
++		argv++;
++		}
++
++	if (argc == 1)
++		in = stdin;
++	else
++		in = fopen(argv[1], "r");
++
++	if (argc < 2)
++		out = stdout;
++	else
++		out = fopen(argv[2], "w");
++
++	if (!in)
++		{
++		fprintf(stderr, "FATAL input initialization error\n");
++		goto end;
++		}
++
++	if (!out)
++		{
++		fprintf(stderr, "FATAL output initialization error\n");
++		goto end;
++		}
++
++	if (!rsa_test(out, in, Saltlen))
++		{
++		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
++		goto end;
++		}
++	else
++		ret = 0;
++
++	end:
++
++	if (ret)
++		do_print_errors();
++
++	if (in && (in != stdin))
++		fclose(in);
++	if (out && (out != stdout))
++		fclose(out);
++
++	return ret;
++
++	}
++
++#define RSA_TEST_MAXLINELEN	10240
++
++int rsa_test(FILE *out, FILE *in, int Saltlen)
++	{
++	char *linebuf, *olinebuf, *p, *q;
++	char *keyword, *value;
++	const EVP_MD *dgst = NULL;
++	BIGNUM *n = NULL, *e = NULL;
++	unsigned char *Msg = NULL, *S = NULL;
++	long Msglen, Slen;
++	int ret = 0;
++	int lnum = 0;
++
++	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
++	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
++
++	if (!linebuf || !olinebuf)
++		goto error;
++
++	while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
++		{
++		lnum++;
++		strcpy(linebuf, olinebuf);
++		keyword = linebuf;
++		/* Skip leading space */
++		while (isspace((unsigned char)*keyword))
++			keyword++;
++
++		/* Look for = sign */
++		p = strchr(linebuf, '=');
++
++		/* If no = or starts with [ (for [foo = bar] line) just copy */
++		if (!p || *keyword=='[')
++			{
++			if (fputs(olinebuf, out) < 0)
++				goto error;
++			continue;
++			}
++
++		q = p - 1;
++
++		/* Remove trailing space */
++		while (isspace((unsigned char)*q))
++			*q-- = 0;
++
++		*p = 0;
++		value = p + 1;
++
++		/* Remove leading space from value */
++		while (isspace((unsigned char)*value))
++			value++;
++
++		/* Remove trailing space from value */
++		p = value + strlen(value) - 1;
++
++		while (*p == '\n' || isspace((unsigned char)*p))
++			*p-- = 0;
++
++		if (!strcmp(keyword, "n"))
++			{
++			if (!do_hex2bn(&n,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "e"))
++			{
++			if (!do_hex2bn(&e,value))
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "SHAAlg"))
++			{
++			if (!strcmp(value, "SHA1"))
++				dgst = EVP_sha1();
++			else if (!strcmp(value, "SHA224"))
++				dgst = EVP_sha224();
++			else if (!strcmp(value, "SHA256"))
++				dgst = EVP_sha256();
++			else if (!strcmp(value, "SHA384"))
++				dgst = EVP_sha384();
++			else if (!strcmp(value, "SHA512"))
++				dgst = EVP_sha512();
++			else
++				{
++				fprintf(stderr,
++					"FATAL: unsupported algorithm \"%s\"\n",
++								value);
++				goto parse_error;
++				}
++			}
++		else if (!strcmp(keyword, "Msg"))
++			{
++			if (Msg)
++				goto parse_error;
++			if (strlen(value) & 1)
++				*(--value) = '0';
++			Msg = hex2bin_m(value, &Msglen);
++			if (!Msg)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "S"))
++			{
++			if (S)
++				goto parse_error;
++			if (strlen(value) & 1)
++				*(--value) = '0';
++			S = hex2bin_m(value, &Slen);
++			if (!S)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Result"))
++			continue;
++		else
++			goto parse_error;
++
++		fputs(olinebuf, out);
++
++		if (n && e && Msg && S && dgst)
++			{
++			if (!rsa_printver(out, n, e, dgst,
++					Msg, Msglen, S, Slen, Saltlen))
++				goto error;
++			OPENSSL_free(Msg);
++			Msg = NULL;
++			OPENSSL_free(S);
++			S = NULL;
++			}
++
++		}
++
++
++	ret = 1;
++
++
++	error:
++
++	if (olinebuf)
++		OPENSSL_free(olinebuf);
++	if (linebuf)
++		OPENSSL_free(linebuf);
++	if (n)
++		BN_free(n);
++	if (e)
++		BN_free(e);
++
++	return ret;
++
++	parse_error:
++
++	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
++
++	goto error;
++
++	}
++
++static int rsa_printver(FILE *out,
++		BIGNUM *n, BIGNUM *e,
++		const EVP_MD *dgst,
++		unsigned char *Msg, long Msglen,
++		unsigned char *S, long Slen, int Saltlen)
++	{
++	int ret = 0, r;
++	/* Setup RSA and EVP_PKEY structures */
++	RSA *rsa_pubkey = NULL;
++	EVP_PKEY pk;
++	EVP_MD_CTX ctx;
++	unsigned char *buf = NULL;
++	rsa_pubkey = FIPS_rsa_new();
++	if (!rsa_pubkey)
++		goto error;
++	rsa_pubkey->n = BN_dup(n);
++	rsa_pubkey->e = BN_dup(e);
++	if (!rsa_pubkey->n || !rsa_pubkey->e)
++		goto error;
++	pk.type = EVP_PKEY_RSA;
++	pk.pkey.rsa = rsa_pubkey;
++
++	EVP_MD_CTX_init(&ctx);
++
++	if (Saltlen >= 0)
++		{
++		M_EVP_MD_CTX_set_flags(&ctx,
++			EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
++		}
++	else if (Saltlen == -2)
++		M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
++	if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
++		goto error;
++	if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
++		goto error;
++
++	r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
++
++
++	EVP_MD_CTX_cleanup(&ctx);
++
++	if (r < 0)
++		goto error;
++	ERR_clear_error();
++
++	if (r == 0)
++		fputs("Result = F\n", out);
++	else
++		fputs("Result = P\n", out);
++
++	ret = 1;
++
++	error:
++	if (rsa_pubkey)
++		FIPS_rsa_free(rsa_pubkey);
++	if (buf)
++		OPENSSL_free(buf);
++
++	return ret;
++	}
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c
+--- openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c.fips	2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_shatest.c	2013-10-04 11:48:04.182694181 +0200
+@@ -0,0 +1,388 @@
++/* fips_shatest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project 2005.
++ */
++/* ====================================================================
++ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++#include <stdio.h>
++#include <ctype.h>
++#include <string.h>
++#include <openssl/bio.h>
++#include <openssl/evp.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/x509v3.h>
++
++#ifndef OPENSSL_FIPS
++
++int main(int argc, char *argv[])
++{
++    printf("No FIPS SHAXXX support\n");
++    return(0);
++}
++
++#else
++
++#include "fips_utl.h"
++
++static int dgst_test(FILE *out, FILE *in);
++static int print_dgst(const EVP_MD *md, FILE *out,
++		unsigned char *Msg, int Msglen);
++static int print_monte(const EVP_MD *md, FILE *out,
++		unsigned char *Seed, int SeedLen);
++
++int main(int argc, char **argv)
++	{
++	FILE *in = NULL, *out = NULL;
++
++	int ret = 1;
++
++	if(!FIPS_mode_set(1))
++		{
++		do_print_errors();
++		goto end;
++		}
++
++	if (argc == 1)
++		in = stdin;
++	else
++		in = fopen(argv[1], "r");
++
++	if (argc < 2)
++		out = stdout;
++	else
++		out = fopen(argv[2], "w");
++
++	if (!in)
++		{
++		fprintf(stderr, "FATAL input initialization error\n");
++		goto end;
++		}
++
++	if (!out)
++		{
++		fprintf(stderr, "FATAL output initialization error\n");
++		goto end;
++		}
++
++	if (!dgst_test(out, in))
++		{
++		fprintf(stderr, "FATAL digest file processing error\n");
++		goto end;
++		}
++	else
++		ret = 0;
++
++	end:
++
++	if (ret)
++		do_print_errors();
++
++	if (in && (in != stdin))
++		fclose(in);
++	if (out && (out != stdout))
++		fclose(out);
++
++	return ret;
++
++	}
++
++#define SHA_TEST_MAX_BITS	102400
++#define SHA_TEST_MAXLINELEN	(((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
++
++int dgst_test(FILE *out, FILE *in)
++	{
++	const EVP_MD *md = NULL;
++	char *linebuf, *olinebuf, *p, *q;
++	char *keyword, *value;
++	unsigned char *Msg = NULL, *Seed = NULL;
++	long MsgLen = -1, Len = -1, SeedLen = -1;
++	int ret = 0;
++	int lnum = 0;
++
++	olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
++	linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
++
++	if (!linebuf || !olinebuf)
++		goto error;
++
++
++	while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
++		{
++		lnum++;
++		strcpy(linebuf, olinebuf);
++		keyword = linebuf;
++		/* Skip leading space */
++		while (isspace((unsigned char)*keyword))
++			keyword++;
++
++		/* Look for = sign */
++		p = strchr(linebuf, '=');
++
++		/* If no = or starts with [ (for [L=20] line) just copy */
++		if (!p)
++			{
++			fputs(olinebuf, out);
++			continue;
++			}
++
++		q = p - 1;
++
++		/* Remove trailing space */
++		while (isspace((unsigned char)*q))
++			*q-- = 0;
++
++		*p = 0;
++		value = p + 1;
++
++		/* Remove leading space from value */
++		while (isspace((unsigned char)*value))
++			value++;
++
++		/* Remove trailing space from value */
++		p = value + strlen(value) - 1;
++		while (*p == '\n' || isspace((unsigned char)*p))
++			*p-- = 0;
++
++		if (!strcmp(keyword,"[L") && *p==']')
++			{
++			switch (atoi(value))
++				{
++				case 20: md=EVP_sha1();   break;
++				case 28: md=EVP_sha224(); break;
++				case 32: md=EVP_sha256(); break;
++				case 48: md=EVP_sha384(); break;
++				case 64: md=EVP_sha512(); break;
++				default: goto parse_error;
++				}
++			}
++		else if (!strcmp(keyword, "Len"))
++			{
++			if (Len != -1)
++				goto parse_error;
++			Len = atoi(value);
++			if (Len < 0)
++				goto parse_error;
++			/* Only handle multiples of 8 bits */
++			if (Len & 0x7)
++				goto parse_error;
++			if (Len > SHA_TEST_MAX_BITS)
++				goto parse_error;
++			MsgLen = Len >> 3;
++			}
++
++		else if (!strcmp(keyword, "Msg"))
++			{
++			long tmplen;
++			if (strlen(value) & 1)
++				*(--value) = '0';
++			if (Msg)
++				goto parse_error;
++			Msg = hex2bin_m(value, &tmplen);
++			if (!Msg)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "Seed"))
++			{
++			if (strlen(value) & 1)
++				*(--value) = '0';
++			if (Seed)
++				goto parse_error;
++			Seed = hex2bin_m(value, &SeedLen);
++			if (!Seed)
++				goto parse_error;
++			}
++		else if (!strcmp(keyword, "MD"))
++			continue;
++		else
++			goto parse_error;
++
++		fputs(olinebuf, out);
++
++		if (md && Msg && (MsgLen >= 0))
++			{
++			if (!print_dgst(md, out, Msg, MsgLen))
++				goto error;
++			OPENSSL_free(Msg);
++			Msg = NULL;
++			MsgLen = -1;
++			Len = -1;
++			}
++		else if (md && Seed && (SeedLen > 0))
++			{
++			if (!print_monte(md, out, Seed, SeedLen))
++				goto error;
++			OPENSSL_free(Seed);
++			Seed = NULL;
++			SeedLen = -1;
++			}
++	
++
++		}
++
++
++	ret = 1;
++
++
++	error:
++
++	if (olinebuf)
++		OPENSSL_free(olinebuf);
++	if (linebuf)
++		OPENSSL_free(linebuf);
++	if (Msg)
++		OPENSSL_free(Msg);
++	if (Seed)
++		OPENSSL_free(Seed);
++
++	return ret;
++
++	parse_error:
++
++	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
++
++	goto error;
++
++	}
++
++static int print_dgst(const EVP_MD *emd, FILE *out,
++		unsigned char *Msg, int Msglen)
++	{
++	int i, mdlen;
++	unsigned char md[EVP_MAX_MD_SIZE];
++	if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
++		{
++		fputs("Error calculating HASH\n", stderr);
++		return 0;
++		}
++	fputs("MD = ", out);
++	for (i = 0; i < mdlen; i++)
++		fprintf(out, "%02x", md[i]);
++	fputs("\n", out);
++	return 1;
++	}
++
++static int print_monte(const EVP_MD *md, FILE *out,
++		unsigned char *Seed, int SeedLen)
++	{
++	unsigned int i, j, k;
++	int ret = 0;
++	EVP_MD_CTX ctx;
++	unsigned char *m1, *m2, *m3, *p;
++	unsigned int mlen, m1len, m2len, m3len;
++
++	EVP_MD_CTX_init(&ctx);
++
++	if (SeedLen > EVP_MAX_MD_SIZE)
++		mlen = SeedLen;
++	else
++		mlen = EVP_MAX_MD_SIZE;
++
++	m1 = OPENSSL_malloc(mlen);
++	m2 = OPENSSL_malloc(mlen);
++	m3 = OPENSSL_malloc(mlen);
++
++	if (!m1 || !m2 || !m3)
++		goto mc_error;
++
++	m1len = m2len = m3len = SeedLen;
++	memcpy(m1, Seed, SeedLen);
++	memcpy(m2, Seed, SeedLen);
++	memcpy(m3, Seed, SeedLen);
++
++	fputs("\n", out);
++
++	for (j = 0; j < 100; j++)
++		{
++		for (i = 0; i < 1000; i++)
++			{
++			EVP_DigestInit_ex(&ctx, md, NULL);
++			EVP_DigestUpdate(&ctx, m1, m1len);
++			EVP_DigestUpdate(&ctx, m2, m2len);
++			EVP_DigestUpdate(&ctx, m3, m3len);
++			p = m1;
++			m1 = m2;
++			m1len = m2len;
++			m2 = m3;
++			m2len = m3len;
++			m3 = p;
++			EVP_DigestFinal_ex(&ctx, m3, &m3len);
++			}
++		fprintf(out, "COUNT = %d\n", j);
++		fputs("MD = ", out);
++		for (k = 0; k < m3len; k++)
++			fprintf(out, "%02x", m3[k]);
++		fputs("\n\n", out);
++		memcpy(m1, m3, m3len);
++		memcpy(m2, m3, m3len);
++		m1len = m2len = m3len;
++		}
++
++	ret = 1;
++
++	mc_error:
++	if (m1)
++		OPENSSL_free(m1);
++	if (m2)
++		OPENSSL_free(m2);
++	if (m3)
++		OPENSSL_free(m3);
++
++	EVP_MD_CTX_cleanup(&ctx);
++
++	return ret;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.1e/crypto/fips/cavs/fips_utl.h
+--- openssl-1.0.1e/crypto/fips/cavs/fips_utl.h.fips	2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/cavs/fips_utl.h	2013-10-04 11:48:04.182694181 +0200
+@@ -0,0 +1,343 @@
++/* ====================================================================
++ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++void do_print_errors(void)
++	{
++	const char *file, *data;
++	int line, flags;
++	unsigned long l;
++	while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)))
++		{
++		fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
++				":file=%s:line=%d:%s\n",
++			l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
++			file, line, flags & ERR_TXT_STRING ? data : "");
++		}
++	}
++
++int hex2bin(const char *in, unsigned char *out)
++    {
++    int n1, n2;
++    unsigned char ch;
++
++    for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
++	{ /* first byte */
++	if ((in[n1] >= '0') && (in[n1] <= '9'))
++	    ch = in[n1++] - '0';
++	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
++	    ch = in[n1++] - 'A' + 10;
++	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
++	    ch = in[n1++] - 'a' + 10;
++	else
++	    return -1;
++	if(!in[n1])
++	    {
++	    out[n2++]=ch;
++	    break;
++	    }
++	out[n2] = ch << 4;
++	/* second byte */
++	if ((in[n1] >= '0') && (in[n1] <= '9'))
++	    ch = in[n1++] - '0';
++	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
++	    ch = in[n1++] - 'A' + 10;
++	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
++	    ch = in[n1++] - 'a' + 10;
++	else
++	    return -1;
++	out[n2++] |= ch;
++	}
++    return n2;
++    }
++
++unsigned char *hex2bin_m(const char *in, long *plen)
++	{
++	unsigned char *p;
++	p = OPENSSL_malloc((strlen(in) + 1)/2);
++	*plen = hex2bin(in, p);
++	return p;
++	}
++
++int do_hex2bn(BIGNUM **pr, const char *in)
++	{
++	unsigned char *p;
++	long plen;
++	int r = 0;
++	p = hex2bin_m(in, &plen);
++	if (!p)
++		return 0;
++	if (!*pr)
++		*pr = BN_new();
++	if (!*pr)
++		return 0;
++	if (BN_bin2bn(p, plen, *pr))
++		r = 1;
++	OPENSSL_free(p);
++	return r;
++	}
++
++int do_bn_print(FILE *out, BIGNUM *bn)
++	{
++	int len, i;
++	unsigned char *tmp;
++	len = BN_num_bytes(bn);
++	if (len == 0)
++		{
++		fputs("00", out);
++		return 1;
++		}
++
++	tmp = OPENSSL_malloc(len);
++	if (!tmp)
++		{
++		fprintf(stderr, "Memory allocation error\n");
++		return 0;
++		}
++	BN_bn2bin(bn, tmp);
++	for (i = 0; i < len; i++)
++		fprintf(out, "%02x", tmp[i]);
++	OPENSSL_free(tmp);
++	return 1;
++	}
++
++int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn)
++	{
++	int r;
++	fprintf(out, "%s = ", name);
++	r = do_bn_print(out, bn);
++	if (!r)
++		return 0;
++	fputs("\n", out);
++	return 1;
++	}
++
++int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
++	{
++	char *keyword, *value, *p, *q;
++	strcpy(linebuf, olinebuf);
++	keyword = linebuf;
++	/* Skip leading space */
++	while (isspace((unsigned char)*keyword))
++		keyword++;
++
++	/* Look for = sign */
++	p = strchr(linebuf, '=');
++
++	/* If no '=' exit */
++	if (!p)
++		return 0;
++
++	q = p - 1;
++
++	/* Remove trailing space */
++	while (isspace((unsigned char)*q))
++		*q-- = 0;
++
++	*p = 0;
++	value = p + 1;
++
++	/* Remove leading space from value */
++	while (isspace((unsigned char)*value))
++		value++;
++
++	/* Remove trailing space from value */
++	p = value + strlen(value) - 1;
++
++	while (*p == '\n' || isspace((unsigned char)*p))
++		*p-- = 0;
++
++	*pkw = keyword;
++	*pval = value;
++	return 1;
++	}
++
++BIGNUM *hex2bn(const char *in)
++    {
++    BIGNUM *p=NULL;
++
++    if (!do_hex2bn(&p, in))
++	return NULL;
++
++    return p;
++    }
++
++int bin2hex(const unsigned char *in,int len,char *out)
++    {
++    int n1, n2;
++    unsigned char ch;
++
++    for (n1=0,n2=0 ; n1 < len ; ++n1)
++	{
++	ch=in[n1] >> 4;
++	if (ch <= 0x09)
++	    out[n2++]=ch+'0';
++	else
++	    out[n2++]=ch-10+'a';
++	ch=in[n1] & 0x0f;
++	if(ch <= 0x09)
++	    out[n2++]=ch+'0';
++	else
++	    out[n2++]=ch-10+'a';
++	}
++    out[n2]='\0';
++    return n2;
++    }
++
++void pv(const char *tag,const unsigned char *val,int len)
++    {
++    char obuf[2048];
++
++    bin2hex(val,len,obuf);
++    printf("%s = %s\n",tag,obuf);
++    }
++
++/* To avoid extensive changes to test program at this stage just convert
++ * the input line into an acceptable form. Keyword lines converted to form
++ * "keyword = value\n" no matter what white space present, all other lines
++ * just have leading and trailing space removed.
++ */
++
++int tidy_line(char *linebuf, char *olinebuf)
++	{
++	char *keyword, *value, *p, *q;
++	strcpy(linebuf, olinebuf);
++	keyword = linebuf;
++	/* Skip leading space */
++	while (isspace((unsigned char)*keyword))
++		keyword++;
++	/* Look for = sign */
++	p = strchr(linebuf, '=');
++
++	/* If no '=' just chop leading, trailing ws */
++	if (!p)
++		{
++		p = keyword + strlen(keyword) - 1;
++		while (*p == '\n' || isspace((unsigned char)*p))
++			*p-- = 0;
++		strcpy(olinebuf, keyword);
++		strcat(olinebuf, "\n");
++		return 1;
++		}
++
++	q = p - 1;
++
++	/* Remove trailing space */
++	while (isspace((unsigned char)*q))
++		*q-- = 0;
++
++	*p = 0;
++	value = p + 1;
++
++	/* Remove leading space from value */
++	while (isspace((unsigned char)*value))
++		value++;
++
++	/* Remove trailing space from value */
++	p = value + strlen(value) - 1;
++
++	while (*p == '\n' || isspace((unsigned char)*p))
++		*p-- = 0;
++
++	strcpy(olinebuf, keyword);
++	strcat(olinebuf, " = ");
++	strcat(olinebuf, value);
++	strcat(olinebuf, "\n");
++
++	return 1;
++	}
++
++/* NB: this return the number of _bits_ read */
++int bint2bin(const char *in, int len, unsigned char *out)
++    {
++    int n;
++
++    memset(out,0,len);
++    for(n=0 ; n < len ; ++n)
++	if(in[n] == '1')
++	    out[n/8]|=(0x80 >> (n%8));
++    return len;
++    }
++
++int bin2bint(const unsigned char *in,int len,char *out)
++    {
++    int n;
++
++    for(n=0 ; n < len ; ++n)
++	out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
++    return n;
++    }
++
++/*-----------------------------------------------*/
++
++void PrintValue(char *tag, unsigned char *val, int len)
++{
++#if VERBOSE
++  char obuf[2048];
++  int olen;
++  olen = bin2hex(val, len, obuf);
++  printf("%s = %.*s\n", tag, olen, obuf);
++#endif
++}
++
++void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
++    {
++    char obuf[2048];
++    int olen;
++
++    if(bitmode)
++	olen=bin2bint(val,len,obuf);
++    else
++	olen=bin2hex(val,len,obuf);
++
++    fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
++#if VERBOSE
++    printf("%s = %.*s\n", tag, olen, obuf);
++#endif
++    }
++
+diff -up openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_aes_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_aes_selftest.c.fips	2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/fips_aes_selftest.c	2013-10-04 11:48:04.182694181 +0200
+@@ -0,0 +1,359 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++#include <openssl/evp.h>
++
++#ifdef OPENSSL_FIPS
++static const struct
++    {
++    const unsigned char key[16];
++    const unsigned char plaintext[16];
++    const unsigned char ciphertext[16];
++    } tests[]=
++	{
++	{
++	{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
++	  0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
++	{ 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
++	  0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
++	{ 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
++	  0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
++	},
++	};
++
++static int corrupt_aes;
++
++void FIPS_corrupt_aes()
++    {
++    corrupt_aes = 1;
++    }
++
++int FIPS_selftest_aes()
++    {
++    int n;
++    int ret = 0;
++    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX_init(&ctx);
++
++    for(n=0 ; n < 1 ; ++n)
++	{
++	unsigned char key[16];
++
++	memcpy(key, tests[n].key, sizeof(key));
++	if (corrupt_aes)
++		key[0]++;
++	if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
++				key, NULL,
++				tests[n].plaintext,
++				tests[n].ciphertext,
++				16) <= 0)
++		goto err;
++	}
++    ret = 1;
++    err:
++    EVP_CIPHER_CTX_cleanup(&ctx);
++    if (ret == 0)
++	    FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
++    return ret;
++    }
++
++/* AES-CCM test data from NIST public test vectors */
++
++static const unsigned char ccm_key[] = {
++	0xce,0xb0,0x09,0xae,0xa4,0x45,0x44,0x51,0xfe,0xad,0xf0,0xe6,
++	0xb3,0x6f,0x45,0x55,0x5d,0xd0,0x47,0x23,0xba,0xa4,0x48,0xe8
++};
++static const unsigned char ccm_nonce[] = {
++	0x76,0x40,0x43,0xc4,0x94,0x60,0xb7
++};
++static const unsigned char ccm_adata[] = {
++	0x6e,0x80,0xdd,0x7f,0x1b,0xad,0xf3,0xa1,0xc9,0xab,0x25,0xc7,
++	0x5f,0x10,0xbd,0xe7,0x8c,0x23,0xfa,0x0e,0xb8,0xf9,0xaa,0xa5,
++	0x3a,0xde,0xfb,0xf4,0xcb,0xf7,0x8f,0xe4
++};
++static const unsigned char ccm_pt[] = {
++	0xc8,0xd2,0x75,0xf9,0x19,0xe1,0x7d,0x7f,0xe6,0x9c,0x2a,0x1f,
++	0x58,0x93,0x9d,0xfe,0x4d,0x40,0x37,0x91,0xb5,0xdf,0x13,0x10
++};
++static const unsigned char ccm_ct[] = {
++	0x8a,0x0f,0x3d,0x82,0x29,0xe4,0x8e,0x74,0x87,0xfd,0x95,0xa2,
++	0x8a,0xd3,0x92,0xc8,0x0b,0x36,0x81,0xd4,0xfb,0xc7,0xbb,0xfd
++};
++static const unsigned char ccm_tag[] = {
++	0x2d,0xd6,0xef,0x1c,0x45,0xd4,0xcc,0xb7,0x23,0xdc,0x07,0x44,
++	0x14,0xdb,0x50,0x6d
++};
++
++int FIPS_selftest_aes_ccm(void)
++	{
++	int ret = 0;
++	unsigned char out[128], tag[16];
++	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX_init(&ctx);
++	memset(out, 0, sizeof(out));
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(),NULL, NULL, NULL, 1))
++		goto err;
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
++					sizeof(ccm_nonce), NULL))
++		goto err;
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
++					sizeof(ccm_tag), NULL))
++		goto err;
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 1))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
++		goto err;
++	if (EVP_Cipher(&ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
++		goto err;
++
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
++		goto err;
++	if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
++		|| memcmp(out, ccm_ct, sizeof(ccm_ct)))
++		goto err;
++
++	memset(out, 0, sizeof(out));
++
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0))
++		goto err;
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN,
++					sizeof(ccm_nonce), NULL))
++		goto err;
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
++		goto err;
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, ccm_key, ccm_nonce, 0))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
++		goto err;
++	if (EVP_Cipher(&ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
++		goto err;
++
++	if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
++		goto err;
++
++	ret = 1;
++
++	err:
++	EVP_CIPHER_CTX_cleanup(&ctx);
++
++	if (ret == 0)
++		{
++		FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM,FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++	else
++		return ret;
++
++	}
++
++/* AES-GCM test data from NIST public test vectors */
++
++static const unsigned char gcm_key[] = {
++	0xee,0xbc,0x1f,0x57,0x48,0x7f,0x51,0x92,0x1c,0x04,0x65,0x66,
++	0x5f,0x8a,0xe6,0xd1,0x65,0x8b,0xb2,0x6d,0xe6,0xf8,0xa0,0x69,
++	0xa3,0x52,0x02,0x93,0xa5,0x72,0x07,0x8f
++};
++static const unsigned char gcm_iv[] = {
++	0x99,0xaa,0x3e,0x68,0xed,0x81,0x73,0xa0,0xee,0xd0,0x66,0x84
++};
++static const unsigned char gcm_pt[] = {
++	0xf5,0x6e,0x87,0x05,0x5b,0xc3,0x2d,0x0e,0xeb,0x31,0xb2,0xea,
++	0xcc,0x2b,0xf2,0xa5
++};
++static const unsigned char gcm_aad[] = {
++	0x4d,0x23,0xc3,0xce,0xc3,0x34,0xb4,0x9b,0xdb,0x37,0x0c,0x43,
++	0x7f,0xec,0x78,0xde
++};
++static const unsigned char gcm_ct[] = {
++	0xf7,0x26,0x44,0x13,0xa8,0x4c,0x0e,0x7c,0xd5,0x36,0x86,0x7e,
++	0xb9,0xf2,0x17,0x36
++};
++static const unsigned char gcm_tag[] = {
++	0x67,0xba,0x05,0x10,0x26,0x2a,0xe4,0x87,0xd7,0x37,0xee,0x62,
++	0x98,0xf7,0x7e,0x0c
++};
++
++int FIPS_selftest_aes_gcm(void)
++	{
++	int ret = 0;
++	unsigned char out[128], tag[16];
++	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX_init(&ctx);
++	memset(out, 0, sizeof(out));
++	memset(tag, 0, sizeof(tag));
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1))
++		goto err;
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
++					sizeof(gcm_iv), NULL))
++		goto err;
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 1))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
++		goto err;
++	if (EVP_Cipher(&ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
++		goto err;
++
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
++		goto err;
++
++	if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
++		goto err;
++
++	memset(out, 0, sizeof(out));
++
++	if (!EVP_CipherInit_ex(&ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0))
++		goto err;
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
++					sizeof(gcm_iv), NULL))
++		goto err;
++	if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
++		goto err;
++	if (!EVP_CipherInit_ex(&ctx, NULL, NULL, gcm_key, gcm_iv, 0))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
++		goto err;
++	if (EVP_Cipher(&ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
++		goto err;
++	if (EVP_Cipher(&ctx, NULL, NULL, 0) < 0)
++		goto err;
++
++	if (memcmp(out, gcm_pt, 16))
++		goto err;
++
++	ret = 1;
++
++	err:
++	EVP_CIPHER_CTX_cleanup(&ctx);
++
++	if (ret == 0)
++		{
++		FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++	else
++		return ret;
++
++	}
++
++
++static const unsigned char XTS_128_key[] = {
++	0xa1,0xb9,0x0c,0xba,0x3f,0x06,0xac,0x35,0x3b,0x2c,0x34,0x38,
++	0x76,0x08,0x17,0x62,0x09,0x09,0x23,0x02,0x6e,0x91,0x77,0x18,
++	0x15,0xf2,0x9d,0xab,0x01,0x93,0x2f,0x2f
++};
++static const unsigned char XTS_128_i[] = {
++	0x4f,0xae,0xf7,0x11,0x7c,0xda,0x59,0xc6,0x6e,0x4b,0x92,0x01,
++	0x3e,0x76,0x8a,0xd5
++};
++static const unsigned char XTS_128_pt[] = {
++	0xeb,0xab,0xce,0x95,0xb1,0x4d,0x3c,0x8d,0x6f,0xb3,0x50,0x39,
++	0x07,0x90,0x31,0x1c
++};
++static const unsigned char XTS_128_ct[] = {
++	0x77,0x8a,0xe8,0xb4,0x3c,0xb9,0x8d,0x5a,0x82,0x50,0x81,0xd5,
++	0xbe,0x47,0x1c,0x63
++};
++
++static const unsigned char XTS_256_key[] = {
++	0x1e,0xa6,0x61,0xc5,0x8d,0x94,0x3a,0x0e,0x48,0x01,0xe4,0x2f,
++	0x4b,0x09,0x47,0x14,0x9e,0x7f,0x9f,0x8e,0x3e,0x68,0xd0,0xc7,
++	0x50,0x52,0x10,0xbd,0x31,0x1a,0x0e,0x7c,0xd6,0xe1,0x3f,0xfd,
++	0xf2,0x41,0x8d,0x8d,0x19,0x11,0xc0,0x04,0xcd,0xa5,0x8d,0xa3,
++	0xd6,0x19,0xb7,0xe2,0xb9,0x14,0x1e,0x58,0x31,0x8e,0xea,0x39,
++	0x2c,0xf4,0x1b,0x08
++};
++static const unsigned char XTS_256_i[] = {
++	0xad,0xf8,0xd9,0x26,0x27,0x46,0x4a,0xd2,0xf0,0x42,0x8e,0x84,
++	0xa9,0xf8,0x75,0x64
++};
++static const unsigned char XTS_256_pt[] = {
++	0x2e,0xed,0xea,0x52,0xcd,0x82,0x15,0xe1,0xac,0xc6,0x47,0xe8,
++	0x10,0xbb,0xc3,0x64,0x2e,0x87,0x28,0x7f,0x8d,0x2e,0x57,0xe3,
++	0x6c,0x0a,0x24,0xfb,0xc1,0x2a,0x20,0x2e
++};
++static const unsigned char XTS_256_ct[] = {
++	0xcb,0xaa,0xd0,0xe2,0xf6,0xce,0xa3,0xf5,0x0b,0x37,0xf9,0x34,
++	0xd4,0x6a,0x9b,0x13,0x0b,0x9d,0x54,0xf0,0x7e,0x34,0xf3,0x6a,
++	0xf7,0x93,0xe8,0x6f,0x73,0xc6,0xd7,0xdb
++};
++
++int FIPS_selftest_aes_xts()
++	{
++	int ret = 1;
++	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX_init(&ctx);
++
++	if (fips_cipher_test(&ctx, EVP_aes_128_xts(),
++				XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
++				sizeof(XTS_128_pt)) <= 0)
++		ret = 0;
++
++	if (fips_cipher_test(&ctx, EVP_aes_256_xts(),
++				XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
++				sizeof(XTS_256_pt)) <= 0)
++		ret = 0;
++
++	EVP_CIPHER_CTX_cleanup(&ctx);
++	if (ret == 0)
++		FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS,FIPS_R_SELFTEST_FAILED);
++	return ret;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips.c.fips openssl-1.0.1e/crypto/fips/fips.c
+--- openssl-1.0.1e/crypto/fips/fips.c.fips	2013-10-04 11:48:04.182694181 +0200
++++ openssl-1.0.1e/crypto/fips/fips.c	2013-10-04 11:48:04.182694181 +0200
+@@ -0,0 +1,489 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#define _GNU_SOURCE
++
++#include <openssl/rand.h>
++#include <openssl/fips_rand.h>
++#include <openssl/err.h>
++#include <openssl/bio.h>
++#include <openssl/hmac.h>
++#include <openssl/rsa.h>
++#include <string.h>
++#include <limits.h>
++#include <dlfcn.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include "fips_locl.h"
++
++#ifdef OPENSSL_FIPS
++
++#include <openssl/fips.h>
++
++#ifndef PATH_MAX
++#define PATH_MAX 1024
++#endif
++
++static int fips_selftest_fail = 0;
++static int fips_mode = 0;
++static int fips_started = 0;
++
++static int fips_is_owning_thread(void);
++static int fips_set_owning_thread(void);
++static int fips_clear_owning_thread(void);
++
++#define fips_w_lock()	CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
++#define fips_w_unlock()	CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
++#define fips_r_lock()	CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
++#define fips_r_unlock()	CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
++
++static void fips_set_mode(int onoff)
++	{
++	int owning_thread = fips_is_owning_thread();
++
++	if (fips_started)
++		{
++		if (!owning_thread) fips_w_lock();
++		fips_mode = onoff;
++		if (!owning_thread) fips_w_unlock();
++		}
++	}
++
++int FIPS_module_mode(void)
++	{
++	int ret = 0;
++	int owning_thread = fips_is_owning_thread();
++
++	if (fips_started)
++		{
++		if (!owning_thread) fips_r_lock();
++		ret = fips_mode;
++		if (!owning_thread) fips_r_unlock();
++		}
++	return ret;
++	}
++
++int FIPS_selftest_failed(void)
++    {
++    int ret = 0;
++    if (fips_started)
++	{
++	int owning_thread = fips_is_owning_thread();
++
++	if (!owning_thread) fips_r_lock();
++	ret = fips_selftest_fail;
++	if (!owning_thread) fips_r_unlock();
++	}
++    return ret;
++    }
++
++/* Selftest failure fatal exit routine. This will be called
++ * during *any* cryptographic operation. It has the minimum
++ * overhead possible to avoid too big a performance hit.
++ */
++
++void FIPS_selftest_check(void)
++    {
++    if (fips_selftest_fail)
++	{
++	OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
++	}
++    }
++
++void fips_set_selftest_fail(void)
++    {
++    fips_selftest_fail = 1;
++    }
++
++/* we implement what libfipscheck does ourselves */
++
++static int
++get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
++{
++	Dl_info info;
++	void *dl, *sym;
++	int rv = -1;
++
++        dl = dlopen(libname, RTLD_LAZY);
++        if (dl == NULL) {
++	        return -1;
++        }       
++
++	sym = dlsym(dl, symbolname);
++
++	if (sym != NULL && dladdr(sym, &info)) {
++		strncpy(path, info.dli_fname, pathlen-1);
++		path[pathlen-1] = '\0';
++		rv = 0;
++	}
++
++	dlclose(dl);	
++	
++	return rv;
++}
++
++static const char conv[] = "0123456789abcdef";
++
++static char *
++bin2hex(void *buf, size_t len)
++{
++	char *hex, *p;
++	unsigned char *src = buf;
++	
++	hex = malloc(len * 2 + 1);
++	if (hex == NULL)
++		return NULL;
++
++	p = hex;
++
++	while (len > 0) {
++		unsigned c;
++
++		c = *src;
++		src++;
++
++		*p = conv[c >> 4];
++		++p;
++		*p = conv[c & 0x0f];
++		++p;
++		--len;
++	}
++	*p = '\0';
++	return hex;
++}
++
++#define HMAC_PREFIX "." 
++#define HMAC_SUFFIX ".hmac" 
++#define READ_BUFFER_LENGTH 16384
++
++static char *
++make_hmac_path(const char *origpath)
++{
++	char *path, *p;
++	const char *fn;
++
++	path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
++	if(path == NULL) {
++		return NULL;
++	}
++
++	fn = strrchr(origpath, '/');
++	if (fn == NULL) {
++		fn = origpath;
++	} else {
++		++fn;
++	}
++
++	strncpy(path, origpath, fn-origpath);
++	p = path + (fn - origpath);
++	p = stpcpy(p, HMAC_PREFIX);
++	p = stpcpy(p, fn);
++	p = stpcpy(p, HMAC_SUFFIX);
++
++	return path;
++}
++
++static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
++
++static int
++compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
++{
++	FILE *f = NULL;
++	int rv = -1;
++	unsigned char rbuf[READ_BUFFER_LENGTH];
++	size_t len;
++	unsigned int hlen;
++	HMAC_CTX c;
++
++	HMAC_CTX_init(&c);
++
++	f = fopen(path, "r");
++
++	if (f == NULL) {
++		goto end;
++	}
++
++	HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
++
++	while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
++		HMAC_Update(&c, rbuf, len);
++	}
++
++	len = sizeof(rbuf);
++	/* reuse rbuf for hmac */
++	HMAC_Final(&c, rbuf, &hlen);
++
++	*buf = malloc(hlen);
++	if (*buf == NULL) {
++		goto end;
++	}
++
++	*hmaclen = hlen;
++
++	memcpy(*buf, rbuf, hlen);
++
++	rv = 0;
++end:
++	HMAC_CTX_cleanup(&c);
++
++	if (f)
++		fclose(f);
++
++	return rv;
++}
++
++static int
++FIPSCHECK_verify(const char *libname, const char *symbolname)
++{
++	char path[PATH_MAX+1];
++	int rv;
++	FILE *hf;
++	char *hmacpath, *p;
++	char *hmac = NULL;
++	size_t n;
++	
++	rv = get_library_path(libname, symbolname, path, sizeof(path));
++
++	if (rv < 0)
++		return 0;
++
++	hmacpath = make_hmac_path(path);
++	if (hmacpath == NULL)
++		return 0;
++
++	hf = fopen(hmacpath, "r");
++	if (hf == NULL) {
++		free(hmacpath);
++		return 0;
++	}
++
++	if (getline(&hmac, &n, hf) > 0) {
++		void *buf;
++		size_t hmaclen;
++		char *hex;
++
++		if ((p=strchr(hmac, '\n')) != NULL)
++			*p = '\0';
++
++		if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
++			rv = -4;
++			goto end;
++		}
++
++		if ((hex=bin2hex(buf, hmaclen)) == NULL) {
++			free(buf);
++			rv = -5;
++			goto end;
++		}
++
++		if (strcmp(hex, hmac) != 0) {
++			rv = -1;
++		}
++		free(buf);
++		free(hex);
++	}
++
++end:
++	free(hmac);
++	free(hmacpath);
++	fclose(hf);
++
++	if (rv < 0)
++		return 0;
++
++	/* check successful */
++	return 1;	
++}
++
++int FIPS_module_mode_set(int onoff, const char *auth)
++    {
++    int ret = 0;
++
++    fips_w_lock();
++    fips_started = 1;
++    fips_set_owning_thread();
++
++    if(onoff)
++	{
++
++	fips_selftest_fail = 0;
++
++	/* Don't go into FIPS mode twice, just so we can do automagic
++	   seeding */
++	if(FIPS_module_mode())
++	    {
++	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
++	    fips_selftest_fail = 1;
++	    ret = 0;
++	    goto end;
++	    }
++
++#ifdef OPENSSL_IA32_SSE2
++	{
++	extern unsigned int OPENSSL_ia32cap_P[2];
++	if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
++	    {
++	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
++	    fips_selftest_fail = 1;
++	    ret = 0;
++	    goto end;
++	    }
++	OPENSSL_ia32cap_P[0] |= (1<<28);	/* set "shared cache"	*/
++	OPENSSL_ia32cap_P[1] &= ~(1<<(60-32));	/* clear AVX		*/
++	}
++#endif
++
++	if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
++	    {
++	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
++	    fips_selftest_fail = 1;
++	    ret = 0;
++	    goto end;
++	    }
++
++	if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
++	    {
++	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
++	    fips_selftest_fail = 1;
++	    ret = 0;
++	    goto end;
++	    }
++
++	if(FIPS_selftest())
++	    fips_set_mode(onoff);
++	else
++	    {
++	    fips_selftest_fail = 1;
++	    ret = 0;
++	    goto end;
++	    }
++	ret = 1;
++	goto end;
++	}
++    fips_set_mode(0);
++    fips_selftest_fail = 0;
++    ret = 1;
++end:
++    fips_clear_owning_thread();
++    fips_w_unlock();
++    return ret;
++    }
++
++static CRYPTO_THREADID fips_thread;
++static int fips_thread_set = 0;
++
++static int fips_is_owning_thread(void)
++	{
++	int ret = 0;
++
++	if (fips_started)
++		{
++		CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
++		if (fips_thread_set)
++			{
++			CRYPTO_THREADID cur;
++			CRYPTO_THREADID_current(&cur);
++			if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
++				ret = 1;
++			}
++		CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
++		}
++	return ret;
++	}
++
++int fips_set_owning_thread(void)
++	{
++	int ret = 0;
++
++	if (fips_started)
++		{
++		CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
++		if (!fips_thread_set)
++			{
++			CRYPTO_THREADID_current(&fips_thread);
++			ret = 1;
++			fips_thread_set = 1;
++			}
++		CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
++		}
++	return ret;
++	}
++
++int fips_clear_owning_thread(void)
++	{
++	int ret = 0;
++
++	if (fips_started)
++		{
++		CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
++		if (fips_thread_set)
++			{
++			CRYPTO_THREADID cur;
++			CRYPTO_THREADID_current(&cur);
++			if (!CRYPTO_THREADID_cmp(&cur, &fips_thread))
++				fips_thread_set = 0;
++			}
++		CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
++		}
++	return ret;
++	}
++
++
++#if 0
++/* The purpose of this is to ensure the error code exists and the function
++ * name is to keep the error checking script quiet
++ */
++void hash_final(void)
++	{
++	FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
++	}
++#endif
++
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c.fips	2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_cmac_selftest.c	2013-10-04 11:48:04.183694204 +0200
+@@ -0,0 +1,161 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/err.h>
++#include <openssl/fips.h>
++#include <openssl/cmac.h>
++#include "fips_locl.h"
++
++#ifdef OPENSSL_FIPS
++typedef struct {
++	int nid;
++	const unsigned char key[EVP_MAX_KEY_LENGTH]; size_t keysize;
++	const unsigned char msg[64]; size_t msgsize;
++	const unsigned char mac[32]; size_t macsize;
++} CMAC_KAT;
++
++/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
++static const CMAC_KAT vector[] = {
++    {	NID_aes_128_cbc,	/* Count = 32 from CMACGenAES128.txt */
++	{ 0x77,0xa7,0x7f,0xaf, 0x29,0x0c,0x1f,0xa3,
++	  0x0c,0x68,0x3d,0xf1, 0x6b,0xa7,0xa7,0x7b, }, 128,
++	{ 0x02,0x06,0x83,0xe1, 0xf0,0x39,0x2f,0x4c,
++	  0xac,0x54,0x31,0x8b, 0x60,0x29,0x25,0x9e,
++	  0x9c,0x55,0x3d,0xbc, 0x4b,0x6a,0xd9,0x98,
++	  0xe6,0x4d,0x58,0xe4, 0xe7,0xdc,0x2e,0x13, }, 256,
++	{ 0xfb,0xfe,0xa4,0x1b, }, 32
++    },
++    {	NID_aes_192_cbc,	/* Count = 23 from CMACGenAES192.txt */
++	{ 0x7b,0x32,0x39,0x13, 0x69,0xaa,0x4c,0xa9,
++	  0x75,0x58,0x09,0x5b, 0xe3,0xc3,0xec,0x86,
++	  0x2b,0xd0,0x57,0xce, 0xf1,0xe3,0x2d,0x62, }, 192,
++	{ 0x0 }, 0,
++	{ 0xe4,0xd9,0x34,0x0b, 0x03,0xe6,0x7d,0xef,
++	  0xd4,0x96,0x9c,0xc1, 0xed,0x37,0x35,0xe6, }, 128,
++    },
++    {	NID_aes_256_cbc,	/* Count = 33 from CMACGenAES256.txt */
++	{ 0x0b,0x12,0x2a,0xc8, 0xf3,0x4e,0xd1,0xfe,
++	  0x08,0x2a,0x36,0x25, 0xd1,0x57,0x56,0x14,
++	  0x54,0x16,0x7a,0xc1, 0x45,0xa1,0x0b,0xbf,
++	  0x77,0xc6,0xa7,0x05, 0x96,0xd5,0x74,0xf1, }, 256,
++	{ 0x49,0x8b,0x53,0xfd, 0xec,0x87,0xed,0xcb,
++	  0xf0,0x70,0x97,0xdc, 0xcd,0xe9,0x3a,0x08,
++	  0x4b,0xad,0x75,0x01, 0xa2,0x24,0xe3,0x88,
++	  0xdf,0x34,0x9c,0xe1, 0x89,0x59,0xfe,0x84,
++	  0x85,0xf8,0xad,0x15, 0x37,0xf0,0xd8,0x96,
++	  0xea,0x73,0xbe,0xdc, 0x72,0x14,0x71,0x3f, }, 384,
++	{ 0xf6,0x2c,0x46,0x32, 0x9b, }, 40,
++    },
++    {	NID_des_ede3_cbc,	/* Count = 41 from CMACGenTDES3.req */
++	{ 0x89,0xbc,0xd9,0x52, 0xa8,0xc8,0xab,0x37,
++	  0x1a,0xf4,0x8a,0xc7, 0xd0,0x70,0x85,0xd5,
++	  0xef,0xf7,0x02,0xe6, 0xd6,0x2c,0xdc,0x23, }, 192,
++	{ 0xfa,0x62,0x0c,0x1b, 0xbe,0x97,0x31,0x9e,
++	  0x9a,0x0c,0xf0,0x49, 0x21,0x21,0xf7,0xa2,
++	  0x0e,0xb0,0x8a,0x6a, 0x70,0x9d,0xcb,0xd0,
++	  0x0a,0xaf,0x38,0xe4, 0xf9,0x9e,0x75,0x4e, }, 256,
++	{ 0x8f,0x49,0xa1,0xb7, 0xd6,0xaa,0x22,0x58, }, 64,
++    },
++};
++
++int FIPS_selftest_cmac()
++	{
++	size_t n, outlen;
++	unsigned char    out[32];
++	const EVP_CIPHER *cipher;
++	CMAC_CTX *ctx = CMAC_CTX_new();
++	const CMAC_KAT *t;
++	int rv = 1;
++
++	for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
++		{
++		cipher = FIPS_get_cipherbynid(t->nid);
++		if (!cipher)
++			{
++			rv = -1;
++			goto err;
++			}
++		if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
++			{
++			rv = -1;
++			goto err;
++			}
++		if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
++			{
++			rv = -1;
++			goto err;
++			}
++			
++		if (!CMAC_Final(ctx, out, &outlen))
++			{
++			rv = -1;
++			goto err;
++			}
++		CMAC_CTX_cleanup(ctx);
++
++		if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
++			{
++		    	rv = 0;
++		    	}
++		}
++
++	err:
++	CMAC_CTX_free(ctx);
++
++	if (rv == -1)
++		{
++		rv = 0;
++		}
++	if (!rv)
++		   FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
++
++	return rv;
++	}
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_des_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_des_selftest.c.fips	2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_des_selftest.c	2013-10-04 11:48:04.183694204 +0200
+@@ -0,0 +1,147 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++#include <openssl/evp.h>
++#include <openssl/opensslconf.h>
++
++#ifdef OPENSSL_FIPS
++
++static const struct
++    {
++    const unsigned char key[16];
++    const unsigned char plaintext[8];
++    const unsigned char ciphertext[8];
++    } tests2[]=
++	{
++	{
++	{ 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec,
++	  0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
++	{ 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
++	{ 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
++	},
++	{
++	{ 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34,
++	  0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
++	{ 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
++	{ 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
++	}
++	};
++
++static const struct
++    {
++    const unsigned char key[24];
++    const unsigned char plaintext[8];
++    const unsigned char ciphertext[8];
++    } tests3[]=
++	{
++	{
++	{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++	  0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
++	  0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
++	{ 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
++	{ 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
++	},
++	{
++	{ 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
++	  0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
++	  0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
++	{ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
++	{ 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
++	},
++	};
++
++
++static int corrupt_des;
++
++void FIPS_corrupt_des()
++    {
++    corrupt_des = 1;
++    }
++
++int FIPS_selftest_des()
++    {
++    int n, ret = 0;
++    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX_init(&ctx);
++    /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
++    for(n=0 ; n < 2 ; ++n)
++	{
++	unsigned char plaintext[8];
++
++	memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext));
++	if (corrupt_des)
++		plaintext[0]++;
++	if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
++				tests2[n].key, NULL,
++				plaintext, tests2[n].ciphertext, 8))
++		goto err;
++	}
++
++    /* Encrypt/decrypt with 3DES and compare to known answers */
++    for(n=0 ; n < 2 ; ++n)
++	{
++	if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
++				tests3[n].key, NULL,
++				tests3[n].plaintext, tests3[n].ciphertext, 8))
++		goto err;
++	}
++    ret = 1;
++    err:
++    EVP_CIPHER_CTX_cleanup(&ctx);
++    if (ret == 0)
++	    FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
++
++    return ret;
++    }
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c
+--- openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c.fips	2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_ctr.c	2013-10-04 11:48:04.183694204 +0200
+@@ -0,0 +1,436 @@
++/* fips/rand/fips_drbg_ctr.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#include <stdlib.h>
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/fips.h>
++#include <openssl/fips_rand.h>
++#include "fips_rand_lcl.h"
++
++static void inc_128(DRBG_CTR_CTX *cctx)
++	{
++	int i;
++	unsigned char c;
++	unsigned char *p = cctx->V + 15;
++	for (i = 0; i < 16; i++)
++		{
++		c = *p;
++		c++;
++		*p = c;
++		if (c)
++			return;
++		p--;
++		}
++	}
++
++static void ctr_XOR(DRBG_CTR_CTX *cctx, const unsigned char *in, size_t inlen)
++	{
++	size_t i, n;
++	/* Any zero padding will have no effect on the result as we
++	 * are XORing. So just process however much input we have.
++	 */
++
++	if (!in || !inlen)
++		return;
++
++	if (inlen < cctx->keylen)
++		n = inlen;
++	else
++		n = cctx->keylen;
++
++	for (i = 0; i < n; i++)
++		cctx->K[i] ^= in[i];
++	if (inlen <= cctx->keylen)
++		return;
++
++	n = inlen - cctx->keylen;
++	/* Should never happen */
++	if (n > 16)
++		n = 16;
++	for (i = 0; i < 16; i++)
++		cctx->V[i] ^= in[i + cctx->keylen];
++	}
++
++/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
++
++static void ctr_BCC_block(DRBG_CTR_CTX *cctx, unsigned char *out,
++				const unsigned char *in)
++	{
++	int i;
++	for (i = 0; i < 16; i++)
++		out[i] ^= in[i];
++	AES_encrypt(out, out, &cctx->df_ks);
++#if 0
++fprintf(stderr, "BCC in+out\n");
++BIO_dump_fp(stderr, in, 16);
++BIO_dump_fp(stderr, out, 16);
++#endif
++	}
++
++/* Handle several BCC operations for as much data as we need for K and X */
++static void ctr_BCC_blocks(DRBG_CTR_CTX *cctx, const unsigned char *in)
++	{
++	ctr_BCC_block(cctx, cctx->KX, in);
++	ctr_BCC_block(cctx, cctx->KX + 16, in);
++	if (cctx->keylen != 16)
++		ctr_BCC_block(cctx, cctx->KX + 32, in);
++	}
++/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
++ * see 10.4.2 stage 7.
++ */
++static void ctr_BCC_init(DRBG_CTR_CTX *cctx)
++	{
++	memset(cctx->KX, 0, 48);
++	memset(cctx->bltmp, 0, 16);
++	ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
++	cctx->bltmp[3] = 1;
++	ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
++	if (cctx->keylen != 16)
++		{
++		cctx->bltmp[3] = 2;
++		ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
++		}
++	}
++
++/* Process several blocks into BCC algorithm, some possibly partial */
++static void ctr_BCC_update(DRBG_CTR_CTX *cctx,
++				const unsigned char *in, size_t inlen)
++	{
++	if (!in || !inlen)
++		return;
++	/* If we have partial block handle it first */
++	if (cctx->bltmp_pos)
++		{
++		size_t left = 16 - cctx->bltmp_pos;
++		/* If we now have a complete block process it */
++		if (inlen >= left)
++			{
++			memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
++			ctr_BCC_blocks(cctx, cctx->bltmp);
++			cctx->bltmp_pos = 0;
++			inlen -= left;
++			in += left;
++			}
++		}
++	/* Process zero or more complete blocks */
++	while (inlen >= 16)
++		{
++		ctr_BCC_blocks(cctx, in);
++		in += 16;
++		inlen -= 16;
++		}
++	/* Copy any remaining partial block to the temporary buffer */
++	if (inlen > 0)
++		{
++		memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
++		cctx->bltmp_pos += inlen;
++		}
++	}
++
++static void ctr_BCC_final(DRBG_CTR_CTX *cctx)
++	{
++	if (cctx->bltmp_pos)
++		{
++		memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
++		ctr_BCC_blocks(cctx, cctx->bltmp);
++		}
++	}
++
++static void ctr_df(DRBG_CTR_CTX *cctx,
++			const unsigned char *in1, size_t in1len,
++			const unsigned char *in2, size_t in2len,
++			const unsigned char *in3, size_t in3len)
++	{
++	size_t inlen;
++	unsigned char *p = cctx->bltmp;
++	static unsigned char c80 = 0x80;
++
++	ctr_BCC_init(cctx);
++	if (!in1)
++		in1len = 0;
++	if (!in2)
++		in2len = 0;
++	if (!in3)
++		in3len = 0;
++	inlen = in1len + in2len + in3len;
++	/* Initialise L||N in temporary block */
++	*p++ = (inlen >> 24) & 0xff;
++	*p++ = (inlen >> 16) & 0xff;
++	*p++ = (inlen >> 8) & 0xff;
++	*p++ = inlen & 0xff;
++	/* NB keylen is at most 32 bytes */
++	*p++ = 0;
++	*p++ = 0;
++	*p++ = 0;
++	*p = (unsigned char)((cctx->keylen + 16) & 0xff);
++	cctx->bltmp_pos = 8;
++	ctr_BCC_update(cctx, in1, in1len);
++	ctr_BCC_update(cctx, in2, in2len);
++	ctr_BCC_update(cctx, in3, in3len);
++	ctr_BCC_update(cctx, &c80, 1);
++	ctr_BCC_final(cctx);
++	/* Set up key K */
++	AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
++	/* X follows key K */
++	AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
++	AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
++	if (cctx->keylen != 16)
++		AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
++#if 0
++fprintf(stderr, "Output of ctr_df:\n");
++BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
++#endif
++	}
++
++/* NB the no-df  Update in SP800-90 specifies a constant input length
++ * of seedlen, however other uses of this algorithm pad the input with
++ * zeroes if necessary and have up to two parameters XORed together,
++ * handle both cases in this function instead.
++ */
++
++static void ctr_Update(DRBG_CTX *dctx,
++		const unsigned char *in1, size_t in1len,
++		const unsigned char *in2, size_t in2len,
++		const unsigned char *nonce, size_t noncelen)
++	{
++	DRBG_CTR_CTX *cctx = &dctx->d.ctr;
++	/* ks is already setup for correct key */
++	inc_128(cctx);
++	AES_encrypt(cctx->V, cctx->K, &cctx->ks);
++	/* If keylen longer than 128 bits need extra encrypt */
++	if (cctx->keylen != 16)
++		{
++		inc_128(cctx);
++		AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
++		}
++	inc_128(cctx);
++	AES_encrypt(cctx->V, cctx->V, &cctx->ks);
++	/* If 192 bit key part of V is on end of K */
++	if (cctx->keylen == 24)
++		{
++		memcpy(cctx->V + 8, cctx->V, 8);
++		memcpy(cctx->V, cctx->K + 24, 8);
++		}
++
++	if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
++		{
++		/* If no input reuse existing derived value */
++		if (in1 || nonce || in2)
++			ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
++		/* If this a reuse input in1len != 0 */
++		if (in1len)
++			ctr_XOR(cctx, cctx->KX, dctx->seedlen);
++		}
++	else
++		{
++		ctr_XOR(cctx, in1, in1len);
++		ctr_XOR(cctx, in2, in2len);
++		}
++
++	AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
++#if 0
++fprintf(stderr, "K+V after update is:\n");
++BIO_dump_fp(stderr, cctx->K, cctx->keylen);
++BIO_dump_fp(stderr, cctx->V, 16);
++#endif
++	}
++
++static int drbg_ctr_instantiate(DRBG_CTX *dctx,
++			const unsigned char *ent, size_t entlen,
++			const unsigned char *nonce, size_t noncelen,
++			const unsigned char *pers, size_t perslen)
++	{
++	DRBG_CTR_CTX *cctx = &dctx->d.ctr;
++	memset(cctx->K, 0, sizeof(cctx->K));
++	memset(cctx->V, 0, sizeof(cctx->V));
++	AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
++	ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
++	return 1;
++	}
++
++static int drbg_ctr_reseed(DRBG_CTX *dctx, 
++			const unsigned char *ent, size_t entlen,
++			const unsigned char *adin, size_t adinlen)
++	{
++	ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
++	return 1;
++	}
++
++static int drbg_ctr_generate(DRBG_CTX *dctx,
++			unsigned char *out, size_t outlen,
++			const unsigned char *adin, size_t adinlen)
++	{
++	DRBG_CTR_CTX *cctx = &dctx->d.ctr;
++	if (adin && adinlen)
++		{
++		ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
++		/* This means we reuse derived value */
++		if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
++			{
++			adin = NULL;
++			adinlen = 1;
++			}
++		}
++	else
++		adinlen = 0;
++
++	for (;;)
++		{
++		inc_128(cctx);
++		if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
++			{
++			AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
++			dctx->lb_valid = 1;
++			continue;
++			}
++		if (outlen < 16)
++			{
++			/* Use K as temp space as it will be updated */
++			AES_encrypt(cctx->V, cctx->K, &cctx->ks);
++			if (!fips_drbg_cprng_test(dctx, cctx->K))
++				return 0;
++			memcpy(out, cctx->K, outlen);
++			break;
++			}
++		AES_encrypt(cctx->V, out, &cctx->ks);
++		if (!fips_drbg_cprng_test(dctx, out))
++			return 0;
++		out += 16;
++		outlen -= 16;
++		if (outlen == 0)
++			break;
++		}
++
++	ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
++
++	return 1;
++
++	}
++
++static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
++	{
++	memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
++	return 1;
++	}
++
++int fips_drbg_ctr_init(DRBG_CTX *dctx)
++	{
++	DRBG_CTR_CTX *cctx = &dctx->d.ctr;
++
++	size_t keylen;
++
++	switch (dctx->type)
++		{
++		case NID_aes_128_ctr:
++		keylen = 16;
++		break;
++
++		case NID_aes_192_ctr:
++		keylen = 24;
++		break;
++
++		case NID_aes_256_ctr:
++		keylen = 32;
++		break;
++
++		default:
++		return -2;
++		}
++
++	dctx->instantiate = drbg_ctr_instantiate;
++	dctx->reseed = drbg_ctr_reseed;
++	dctx->generate = drbg_ctr_generate;
++	dctx->uninstantiate = drbg_ctr_uninstantiate;
++
++	cctx->keylen = keylen;
++	dctx->strength = keylen * 8;
++	dctx->blocklength = 16;
++	dctx->seedlen = keylen + 16;
++
++	if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
++		{
++		/* df initialisation */
++		static unsigned char df_key[32] =
++			{
++			0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
++			0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
++			0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
++			0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f 
++			};
++		/* Set key schedule for df_key */
++		AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
++
++		dctx->min_entropy = cctx->keylen;
++		dctx->max_entropy = DRBG_MAX_LENGTH;
++		dctx->min_nonce = dctx->min_entropy / 2;
++		dctx->max_nonce = DRBG_MAX_LENGTH;
++		dctx->max_pers = DRBG_MAX_LENGTH;
++		dctx->max_adin = DRBG_MAX_LENGTH;
++		}
++	else
++		{
++		dctx->min_entropy = dctx->seedlen;
++		dctx->max_entropy = dctx->seedlen;
++		/* Nonce not used */
++		dctx->min_nonce = 0;
++		dctx->max_nonce = 0;
++		dctx->max_pers = dctx->seedlen;
++		dctx->max_adin = dctx->seedlen;
++		}
++
++	dctx->max_request = 1<<16;
++	dctx->reseed_interval = 1<<24;
++
++	return 1;
++	}
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hash.c
+--- openssl-1.0.1e/crypto/fips/fips_drbg_hash.c.fips	2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_hash.c	2013-10-04 11:48:04.183694204 +0200
+@@ -0,0 +1,378 @@
++/* fips/rand/fips_drbg_hash.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#define OPENSSL_FIPSAPI
++
++#include <stdlib.h>
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/fips.h>
++#include <openssl/fips_rand.h>
++#include "fips_rand_lcl.h"
++
++/* This is Hash_df from SP 800-90 10.4.1 */
++
++static int hash_df(DRBG_CTX *dctx, unsigned char *out,
++			const unsigned char *in1, size_t in1len,
++			const unsigned char *in2, size_t in2len,
++			const unsigned char *in3, size_t in3len,
++			const unsigned char *in4, size_t in4len)
++	{
++	EVP_MD_CTX *mctx = &dctx->d.hash.mctx;
++	unsigned char *vtmp = dctx->d.hash.vtmp;
++	unsigned char tmp[6];
++	/* Standard only ever needs seedlen bytes which is always less than
++	 * maximum permitted so no need to check length.
++	 */
++	size_t outlen = dctx->seedlen;
++	tmp[0] = 1;
++	tmp[1] = ((outlen * 8) >> 24) & 0xff;
++	tmp[2] = ((outlen * 8) >> 16) & 0xff;
++	tmp[3] = ((outlen * 8) >> 8) & 0xff;
++	tmp[4] = (outlen * 8) & 0xff;
++	if (!in1)
++		{
++		tmp[5] = (unsigned char)in1len;
++		in1 = tmp + 5;
++		in1len = 1;
++		}
++	for (;;)
++		{
++		if (!FIPS_digestinit(mctx, dctx->d.hash.md))
++			return 0;
++		if (!FIPS_digestupdate(mctx, tmp, 5))
++			return 0;
++		if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
++			return 0;
++		if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
++			return 0;
++		if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
++			return 0;
++		if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
++			return 0;
++		if (outlen < dctx->blocklength)
++			{
++			if (!FIPS_digestfinal(mctx, vtmp, NULL))
++				return 0;
++			memcpy(out, vtmp, outlen);
++			OPENSSL_cleanse(vtmp, dctx->blocklength);
++			return 1;
++			}
++		else if(!FIPS_digestfinal(mctx, out, NULL))
++			return 0;
++
++		outlen -= dctx->blocklength;
++		if (outlen == 0)
++			return 1;
++		tmp[0]++;
++		out += dctx->blocklength;
++		}
++	}
++
++
++/* Add an unsigned buffer to the buf value, storing the result in buf. For
++ * this algorithm the length of input never exceeds the seed length.
++ */
++
++static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
++				unsigned char *in, size_t inlen)
++	{
++	size_t i = inlen;
++	const unsigned char *q;
++	unsigned char c, *p;
++	p = buf + dctx->seedlen;
++	q = in + inlen;
++
++	OPENSSL_assert(i <= dctx->seedlen);
++
++	/* Special case: zero length, just increment buffer */
++	if (i)
++		c = 0;
++	else 
++		c = 1;
++
++	while (i)
++		{
++		int r;
++		p--;
++		q--;
++		r = *p + *q + c;
++		/* Carry */
++		if (r > 0xff)
++			c = 1;
++		else
++			c = 0;
++		*p = r & 0xff;
++		i--;
++		}
++
++	i = dctx->seedlen - inlen;
++
++	/* If not adding whole buffer handle final carries */
++	if (c && i)
++		{
++		do
++			{
++			p--;
++			c = *p;
++			c++;
++			*p = c;
++			if(c)
++				return;
++			} while(i--);
++		}
++	}
++
++/* Finalise and add hash to V */
++	
++static int ctx_add_md(DRBG_CTX *dctx)
++	{
++	if (!FIPS_digestfinal(&dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
++			return 0;
++	ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
++	return 1;
++	}
++
++static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
++	{
++	DRBG_HASH_CTX *hctx = &dctx->d.hash;
++	if (outlen == 0)
++		return 1;
++	memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
++	for(;;)
++		{
++		FIPS_digestinit(&hctx->mctx, hctx->md);
++		FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
++		if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
++			{
++			FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
++			dctx->lb_valid = 1;
++			}
++		else if (outlen < dctx->blocklength)
++			{
++			FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
++			if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
++				return 0;
++			memcpy(out, hctx->vtmp, outlen);
++			return 1;
++			}
++		else
++			{
++			FIPS_digestfinal(&hctx->mctx, out, NULL);
++			if (!fips_drbg_cprng_test(dctx, out))
++				return 0;
++			outlen -= dctx->blocklength;
++			if (outlen == 0)
++				return 1;
++			out += dctx->blocklength;
++			}
++		ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
++		}
++	}
++
++static int drbg_hash_instantiate(DRBG_CTX *dctx,
++				const unsigned char *ent, size_t ent_len,
++				const unsigned char *nonce, size_t nonce_len,
++				const unsigned char *pstr, size_t pstr_len)
++	{
++	DRBG_HASH_CTX *hctx = &dctx->d.hash;
++	if (!hash_df(dctx, hctx->V, 
++			ent, ent_len, nonce, nonce_len, pstr, pstr_len,
++			NULL, 0))
++		return 0;
++	if (!hash_df(dctx, hctx->C, 
++			NULL, 0, hctx->V, dctx->seedlen,
++			NULL, 0, NULL, 0))
++		return 0;
++
++#ifdef HASH_DRBG_TRACE
++	fprintf(stderr, "V+C after instantiate:\n");
++	hexprint(stderr, hctx->V, dctx->seedlen);
++	hexprint(stderr, hctx->C, dctx->seedlen);
++#endif
++	return 1;
++	}
++
++	
++static int drbg_hash_reseed(DRBG_CTX *dctx,
++				const unsigned char *ent, size_t ent_len,
++				const unsigned char *adin, size_t adin_len)
++	{
++	DRBG_HASH_CTX *hctx = &dctx->d.hash;
++	/* V about to be updated so use C as output instead */
++	if (!hash_df(dctx, hctx->C,
++			NULL, 1, hctx->V, dctx->seedlen,
++			ent, ent_len, adin, adin_len))
++		return 0;
++	memcpy(hctx->V, hctx->C, dctx->seedlen);
++	if (!hash_df(dctx, hctx->C, NULL, 0,
++			hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
++		return 0;
++#ifdef HASH_DRBG_TRACE
++	fprintf(stderr, "V+C after reseed:\n");
++	hexprint(stderr, hctx->V, dctx->seedlen);
++	hexprint(stderr, hctx->C, dctx->seedlen);
++#endif
++	return 1;
++	}
++
++static int drbg_hash_generate(DRBG_CTX *dctx,
++				unsigned char *out, size_t outlen,
++				const unsigned char *adin, size_t adin_len)
++	{
++	DRBG_HASH_CTX *hctx = &dctx->d.hash;
++	EVP_MD_CTX *mctx = &hctx->mctx;
++	unsigned char tmp[4];
++	if (adin && adin_len)
++		{
++		tmp[0] = 2;
++		if (!FIPS_digestinit(mctx, hctx->md))
++			return 0;
++		if (!EVP_DigestUpdate(mctx, tmp, 1))
++			return 0;
++		if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
++			return 0;
++		if (!EVP_DigestUpdate(mctx, adin, adin_len))
++			return 0;
++		if (!ctx_add_md(dctx))
++			return 0;
++		}
++	if (!hash_gen(dctx, out, outlen))
++		return 0;
++
++	tmp[0] = 3;
++	if (!FIPS_digestinit(mctx, hctx->md))
++		return 0;
++	if (!EVP_DigestUpdate(mctx, tmp, 1))
++		return 0;
++	if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
++		return 0;
++
++	if (!ctx_add_md(dctx))
++		return 0;
++
++	ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
++
++	tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
++	tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
++	tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
++	tmp[3] = dctx->reseed_counter & 0xff;
++	ctx_add_buf(dctx, hctx->V, tmp, 4);
++#ifdef HASH_DRBG_TRACE
++	fprintf(stderr, "V+C after generate:\n");
++	hexprint(stderr, hctx->V, dctx->seedlen);
++	hexprint(stderr, hctx->C, dctx->seedlen);
++#endif
++	return 1;
++	}
++
++static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
++	{
++	EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
++	OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
++	return 1;
++	}
++
++int fips_drbg_hash_init(DRBG_CTX *dctx)
++	{
++	const EVP_MD *md;
++	DRBG_HASH_CTX *hctx = &dctx->d.hash;
++	md = FIPS_get_digestbynid(dctx->type);
++	if (!md)
++		return -2;
++	switch (dctx->type)
++		{
++		case NID_sha1:
++		dctx->strength = 128;
++		break;
++
++		case NID_sha224:
++		dctx->strength = 192;
++		break;
++
++		default:
++		dctx->strength = 256;
++		break;
++		}
++
++	dctx->instantiate = drbg_hash_instantiate;
++	dctx->reseed = drbg_hash_reseed;
++	dctx->generate = drbg_hash_generate;
++	dctx->uninstantiate = drbg_hash_uninstantiate;
++
++	dctx->d.hash.md = md;
++	EVP_MD_CTX_init(&hctx->mctx);
++
++	/* These are taken from SP 800-90 10.1 table 2 */
++
++	dctx->blocklength = M_EVP_MD_size(md);
++	if (dctx->blocklength > 32)
++		dctx->seedlen = 111;
++	else
++		dctx->seedlen = 55;
++
++
++	dctx->min_entropy = dctx->strength / 8;
++	dctx->max_entropy = DRBG_MAX_LENGTH;
++
++	dctx->min_nonce = dctx->min_entropy / 2;
++	dctx->max_nonce = DRBG_MAX_LENGTH;
++
++	dctx->max_pers = DRBG_MAX_LENGTH;
++	dctx->max_adin = DRBG_MAX_LENGTH;
++
++	dctx->max_request = 1<<16;
++	dctx->reseed_interval = 1<<24;
++
++	return 1;
++	}
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c
+--- openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c.fips	2013-10-04 11:48:04.183694204 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_hmac.c	2013-10-04 11:48:04.183694204 +0200
+@@ -0,0 +1,281 @@
++/* fips/rand/fips_drbg_hmac.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#include <stdlib.h>
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++#include <openssl/aes.h>
++#include <openssl/fips.h>
++#include <openssl/fips_rand.h>
++#include "fips_rand_lcl.h"
++
++static int drbg_hmac_update(DRBG_CTX *dctx,
++				const unsigned char *in1, size_t in1len,
++				const unsigned char *in2, size_t in2len,
++				const unsigned char *in3, size_t in3len
++			)
++	{
++	static unsigned char c0 = 0, c1 = 1;
++	DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
++	HMAC_CTX *hctx = &hmac->hctx;
++
++	if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
++		return 0;
++	if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
++		return 0;
++	if (!HMAC_Update(hctx, &c0, 1))
++		return 0;
++	if (in1len && !HMAC_Update(hctx, in1, in1len))
++		return 0;
++	if (in2len && !HMAC_Update(hctx, in2, in2len))
++		return 0;
++	if (in3len && !HMAC_Update(hctx, in3, in3len))
++		return 0;
++
++	if (!HMAC_Final(hctx, hmac->K, NULL))
++		return 0;
++
++	if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
++		return 0;
++	if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
++		return 0;
++
++	if (!HMAC_Final(hctx, hmac->V, NULL))
++		return 0;
++
++	if (!in1len && !in2len && !in3len)
++		return 1;
++
++	if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
++		return 0;
++	if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
++		return 0;
++	if (!HMAC_Update(hctx, &c1, 1))
++		return 0;
++	if (in1len && !HMAC_Update(hctx, in1, in1len))
++		return 0;
++	if (in2len && !HMAC_Update(hctx, in2, in2len))
++		return 0;
++	if (in3len && !HMAC_Update(hctx, in3, in3len))
++		return 0;
++
++	if (!HMAC_Final(hctx, hmac->K, NULL))
++		return 0;
++
++	if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
++		return 0;
++	if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
++		return 0;
++
++	if (!HMAC_Final(hctx, hmac->V, NULL))
++		return 0;
++
++	return 1;
++
++	}
++
++static int drbg_hmac_instantiate(DRBG_CTX *dctx,
++				const unsigned char *ent, size_t ent_len,
++				const unsigned char *nonce, size_t nonce_len,
++				const unsigned char *pstr, size_t pstr_len)
++	{
++	DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
++	memset(hmac->K, 0, dctx->blocklength);
++	memset(hmac->V, 1, dctx->blocklength);
++	if (!drbg_hmac_update(dctx,
++			ent, ent_len, nonce, nonce_len, pstr, pstr_len))
++		return 0;
++
++#ifdef HMAC_DRBG_TRACE
++	fprintf(stderr, "K+V after instantiate:\n");
++	hexprint(stderr, hmac->K, hmac->blocklength);
++	hexprint(stderr, hmac->V, hmac->blocklength);
++#endif
++	return 1;
++	}
++
++static int drbg_hmac_reseed(DRBG_CTX *dctx,
++				const unsigned char *ent, size_t ent_len,
++				const unsigned char *adin, size_t adin_len)
++	{
++	if (!drbg_hmac_update(dctx,
++			ent, ent_len, adin, adin_len, NULL, 0))
++		return 0;
++
++#ifdef HMAC_DRBG_TRACE
++	{
++		DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
++		fprintf(stderr, "K+V after reseed:\n");
++		hexprint(stderr, hmac->K, hmac->blocklength);
++		hexprint(stderr, hmac->V, hmac->blocklength);
++	}
++#endif
++	return 1;
++	}
++
++static int drbg_hmac_generate(DRBG_CTX *dctx,
++				unsigned char *out, size_t outlen,
++				const unsigned char *adin, size_t adin_len)
++	{
++	DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
++	HMAC_CTX *hctx = &hmac->hctx;
++	const unsigned char *Vtmp = hmac->V;
++	if (adin_len && !drbg_hmac_update(dctx, adin, adin_len,
++						NULL, 0, NULL, 0))
++		return 0;
++	for (;;)
++		{
++		if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength,
++							hmac->md, NULL))
++			return 0;
++		if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
++			return 0;
++		if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
++			{
++			if (!HMAC_Final(hctx, dctx->lb, NULL))
++				return 0;
++			dctx->lb_valid = 1;
++			Vtmp = dctx->lb;
++			continue;
++			}
++		else if (outlen > dctx->blocklength)
++			{
++			if (!HMAC_Final(hctx, out, NULL))
++				return 0;
++			if (!fips_drbg_cprng_test(dctx, out))
++				return 0;
++			Vtmp = out;
++			}
++		else
++			{
++			if (!HMAC_Final(hctx, hmac->V, NULL))
++				return 0;
++			if (!fips_drbg_cprng_test(dctx, hmac->V))
++				return 0;
++			memcpy(out, hmac->V, outlen);
++			break;
++			}
++		out += dctx->blocklength;
++		outlen -= dctx->blocklength;
++		}
++	if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
++		return 0;
++
++	return 1;
++	}
++
++static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
++	{
++	HMAC_CTX_cleanup(&dctx->d.hmac.hctx);
++	OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
++	return 1;
++	}
++
++int fips_drbg_hmac_init(DRBG_CTX *dctx)
++	{
++	const EVP_MD *md = NULL;
++	DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
++	dctx->strength = 256;
++	switch (dctx->type)
++		{
++		case NID_hmacWithSHA1:
++		md = EVP_sha1();
++		dctx->strength = 128;
++		break;
++
++		case NID_hmacWithSHA224:
++		md = EVP_sha224();
++		dctx->strength = 192;
++		break;
++
++		case NID_hmacWithSHA256:
++		md = EVP_sha256();
++		break;
++
++		case NID_hmacWithSHA384:
++		md = EVP_sha384();
++		break;
++
++		case NID_hmacWithSHA512:
++		md = EVP_sha512();
++		break;
++
++		default:
++		dctx->strength = 0;
++		return -2;
++		}
++        dctx->instantiate = drbg_hmac_instantiate;
++        dctx->reseed = drbg_hmac_reseed;
++        dctx->generate = drbg_hmac_generate;
++        dctx->uninstantiate = drbg_hmac_uninstantiate;
++	HMAC_CTX_init(&hctx->hctx);
++	hctx->md = md;
++	dctx->blocklength = M_EVP_MD_size(md);
++	dctx->seedlen = M_EVP_MD_size(md);
++
++        dctx->min_entropy = dctx->strength / 8;
++        dctx->max_entropy = DRBG_MAX_LENGTH;
++
++        dctx->min_nonce = dctx->min_entropy / 2;
++        dctx->max_nonce = DRBG_MAX_LENGTH;
++
++        dctx->max_pers = DRBG_MAX_LENGTH;
++        dctx->max_adin = DRBG_MAX_LENGTH;
++
++        dctx->max_request = 1<<16;
++        dctx->reseed_interval = 1<<24;
++
++	return 1;
++	}
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_lib.c
+--- openssl-1.0.1e/crypto/fips/fips_drbg_lib.c.fips	2013-10-04 11:48:04.184694226 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_lib.c	2013-10-04 11:48:04.184694226 +0200
+@@ -0,0 +1,578 @@
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/err.h>
++#include <openssl/fips_rand.h>
++#include "fips_locl.h"
++#include "fips_rand_lcl.h"
++
++/* Support framework for SP800-90 DRBGs */
++
++int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
++	{
++	int rv;
++	memset(dctx, 0, sizeof(DRBG_CTX));
++	dctx->status = DRBG_STATUS_UNINITIALISED;
++	dctx->xflags = flags;
++	dctx->type = type;
++
++	dctx->iflags = 0;
++	dctx->entropy_blocklen = 0;
++	dctx->health_check_cnt = 0;
++	dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
++
++	rv = fips_drbg_hash_init(dctx);
++
++	if (rv == -2)
++		rv = fips_drbg_ctr_init(dctx);
++	if (rv == -2)
++		rv = fips_drbg_hmac_init(dctx);
++
++	if (rv <= 0)
++		{
++		if (rv == -2)
++			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
++		else
++			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
++		}
++
++	/* If not in test mode run selftests on DRBG of the same type */
++
++	if (!(dctx->xflags & DRBG_FLAG_TEST))
++		{
++		if (!FIPS_drbg_health_check(dctx))
++			{
++			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
++			return 0;
++			}
++		}
++
++	return rv;
++	}
++
++DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
++	{
++	DRBG_CTX *dctx;
++	dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
++	if (!dctx)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
++		return NULL;
++		}
++
++	if (type == 0)
++		{
++		memset(dctx, 0, sizeof(DRBG_CTX));
++		dctx->type = 0;
++		dctx->status = DRBG_STATUS_UNINITIALISED;
++		return dctx;
++		}
++
++	if (FIPS_drbg_init(dctx, type, flags) <= 0)
++		{
++		OPENSSL_free(dctx);
++		return NULL;
++		}
++		
++	return dctx;
++	}
++
++void FIPS_drbg_free(DRBG_CTX *dctx)
++	{
++	if (dctx->uninstantiate)
++		dctx->uninstantiate(dctx);
++	/* Don't free up default DRBG */
++	if (dctx == FIPS_get_default_drbg())
++		{
++		memset(dctx, 0, sizeof(DRBG_CTX));
++		dctx->type = 0;
++		dctx->status = DRBG_STATUS_UNINITIALISED;
++		}
++	else
++		{
++		OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
++		OPENSSL_free(dctx);
++		}
++	}
++
++static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
++				int entropy, size_t min_len, size_t max_len)
++	{
++	unsigned char *tout, *p;
++	size_t bl = dctx->entropy_blocklen, rv;
++	if (!dctx->get_entropy)
++		return 0;
++	if (dctx->xflags & DRBG_FLAG_TEST || !bl)
++		return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
++	rv = dctx->get_entropy(dctx, &tout, entropy + bl,
++				min_len + bl, max_len + bl);
++	if (tout == NULL)
++		return 0;
++	*pout = tout + bl;
++	if (rv < (min_len + bl) || (rv % bl))
++		return 0;
++	/* Compare consecutive blocks for continuous PRNG test */
++	for (p = tout; p < tout + rv - bl; p += bl)
++		{
++		if (!memcmp(p, p + bl, bl))
++			{
++			FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
++			return 0;
++			}
++		}
++	rv -= bl;
++	if (rv > max_len)
++		return max_len;
++	return rv;
++	}
++
++static void fips_cleanup_entropy(DRBG_CTX *dctx,
++					unsigned char *out, size_t olen)
++	{
++	size_t bl;
++	if (dctx->xflags & DRBG_FLAG_TEST)
++		bl = 0;
++	else
++		bl = dctx->entropy_blocklen;
++	/* Call cleanup with original arguments */
++	dctx->cleanup_entropy(dctx, out - bl, olen + bl);
++	}
++
++
++int FIPS_drbg_instantiate(DRBG_CTX *dctx,
++				const unsigned char *pers, size_t perslen)
++	{
++	size_t entlen = 0, noncelen = 0;
++	unsigned char *nonce = NULL, *entropy = NULL;
++
++#if 0
++	/* Put here so error script picks them up */
++	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
++				FIPS_R_PERSONALISATION_STRING_TOO_LONG);
++	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
++	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
++	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
++	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
++	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
++	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
++#endif
++
++	int r = 0;
++
++	if (perslen > dctx->max_pers)
++		{
++		r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
++		goto end;
++		}
++
++	if (!dctx->instantiate)
++		{
++		r = FIPS_R_DRBG_NOT_INITIALISED;
++		goto end;
++		}
++
++	if (dctx->status != DRBG_STATUS_UNINITIALISED)
++		{
++		if (dctx->status == DRBG_STATUS_ERROR)
++			r = FIPS_R_IN_ERROR_STATE;
++		else
++			r = FIPS_R_ALREADY_INSTANTIATED;
++		goto end;
++		}
++
++	dctx->status = DRBG_STATUS_ERROR;
++
++	entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
++				dctx->min_entropy, dctx->max_entropy);
++
++	if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
++		{
++		r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
++		goto end;
++		}
++
++	if (dctx->max_nonce > 0 && dctx->get_nonce)
++		{
++		noncelen = dctx->get_nonce(dctx, &nonce,
++					dctx->strength / 2,
++					dctx->min_nonce, dctx->max_nonce);
++
++		if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce)
++			{
++			r = FIPS_R_ERROR_RETRIEVING_NONCE;
++			goto end;
++			}
++
++		}
++
++	if (!dctx->instantiate(dctx, 
++				entropy, entlen,
++				nonce, noncelen,
++				pers, perslen))
++		{
++		r = FIPS_R_ERROR_INSTANTIATING_DRBG;
++		goto end;
++		}
++
++
++	dctx->status = DRBG_STATUS_READY;
++	if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
++		dctx->reseed_counter = 1;
++
++	end:
++
++	if (entropy && dctx->cleanup_entropy)
++		fips_cleanup_entropy(dctx, entropy, entlen);
++
++	if (nonce && dctx->cleanup_nonce)
++		dctx->cleanup_nonce(dctx, nonce, noncelen);
++
++	if (dctx->status == DRBG_STATUS_READY)
++		return 1;
++
++	if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
++		FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
++
++	return 0;
++
++	}
++
++static int drbg_reseed(DRBG_CTX *dctx,
++			const unsigned char *adin, size_t adinlen, int hcheck)
++	{
++	unsigned char *entropy = NULL;
++	size_t entlen = 0;
++	int r = 0;
++
++#if 0
++	FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
++	FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
++#endif
++	if (dctx->status != DRBG_STATUS_READY
++		&& dctx->status != DRBG_STATUS_RESEED)
++		{
++		if (dctx->status == DRBG_STATUS_ERROR)
++			r = FIPS_R_IN_ERROR_STATE;
++		else if(dctx->status == DRBG_STATUS_UNINITIALISED)
++			r = FIPS_R_NOT_INSTANTIATED;
++		goto end;
++		}
++
++	if (!adin)
++		adinlen = 0;
++	else if (adinlen > dctx->max_adin)
++		{
++		r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
++		goto end;
++		}
++
++	dctx->status = DRBG_STATUS_ERROR;
++	/* Peform health check on all reseed operations if not a prediction
++	 * resistance request and not in test mode.
++	 */
++	if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))
++		{
++		if (!FIPS_drbg_health_check(dctx))
++			{
++			r = FIPS_R_SELFTEST_FAILURE;
++			goto end;
++			}
++		}
++
++	entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
++				dctx->min_entropy, dctx->max_entropy);
++
++	if (entlen < dctx->min_entropy || entlen > dctx->max_entropy)
++		{
++		r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
++		goto end;
++		}
++
++	if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
++		goto end;
++
++	dctx->status = DRBG_STATUS_READY;
++	if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
++		dctx->reseed_counter = 1;
++	end:
++
++	if (entropy && dctx->cleanup_entropy)
++		fips_cleanup_entropy(dctx, entropy, entlen);
++
++	if (dctx->status == DRBG_STATUS_READY)
++		return 1;
++
++	if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
++		FIPSerr(FIPS_F_DRBG_RESEED, r);
++
++	return 0;
++	}
++
++int FIPS_drbg_reseed(DRBG_CTX *dctx,
++			const unsigned char *adin, size_t adinlen)
++	{
++	return drbg_reseed(dctx, adin, adinlen, 1);
++	}
++
++static int fips_drbg_check(DRBG_CTX *dctx)
++	{
++	if (dctx->xflags & DRBG_FLAG_TEST)
++		return 1;
++	dctx->health_check_cnt++;
++	if (dctx->health_check_cnt >= dctx->health_check_interval)
++		{
++		if (!FIPS_drbg_health_check(dctx))
++			{
++			FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
++			return 0;
++			}
++		}
++	return 1;
++	}
++
++int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
++			int prediction_resistance,
++			const unsigned char *adin, size_t adinlen)
++	{
++	int r = 0;
++
++	if (FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++
++	if (!fips_drbg_check(dctx))
++		return 0;
++
++	if (dctx->status != DRBG_STATUS_READY
++		&& dctx->status != DRBG_STATUS_RESEED)
++		{
++		if (dctx->status == DRBG_STATUS_ERROR)
++			r = FIPS_R_IN_ERROR_STATE;
++		else if(dctx->status == DRBG_STATUS_UNINITIALISED)
++			r = FIPS_R_NOT_INSTANTIATED;
++		goto end;
++		}
++
++	if (outlen > dctx->max_request)
++		{
++		r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
++		return 0;
++		}
++
++	if (adinlen > dctx->max_adin)
++		{
++		r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
++		goto end;
++		}
++
++	if (dctx->iflags & DRBG_CUSTOM_RESEED)
++		dctx->generate(dctx, NULL, outlen, NULL, 0);
++	else if (dctx->reseed_counter >= dctx->reseed_interval)
++		dctx->status = DRBG_STATUS_RESEED;
++
++	if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
++		{
++		/* If prediction resistance request don't do health check */
++		int hcheck = prediction_resistance ? 0 : 1;
++		
++		if (!drbg_reseed(dctx, adin, adinlen, hcheck))
++			{
++			r = FIPS_R_RESEED_ERROR;
++			goto end;
++			}
++		adin = NULL;
++		adinlen = 0;
++		}
++
++	if (!dctx->generate(dctx, out, outlen, adin, adinlen))
++		{
++		r = FIPS_R_GENERATE_ERROR;
++		dctx->status = DRBG_STATUS_ERROR;
++		goto end;
++		}
++	if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
++		{
++		if (dctx->reseed_counter >= dctx->reseed_interval)
++			dctx->status = DRBG_STATUS_RESEED;
++		else
++			dctx->reseed_counter++;
++		}
++
++	end:
++	if (r)
++		{
++		if (!(dctx->iflags & DRBG_FLAG_NOERR))
++			FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
++		return 0;
++		}
++
++	return 1;
++	}
++
++int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
++	{
++	int rv;
++	if (!dctx->uninstantiate)
++		rv = 1;
++	else
++		rv = dctx->uninstantiate(dctx);
++	/* Although we'd like to cleanse here we can't because we have to
++	 * test the uninstantiate really zeroes the data.
++	 */
++	memset(&dctx->d, 0, sizeof(dctx->d));
++	dctx->status = DRBG_STATUS_UNINITIALISED;
++	/* If method has problems uninstantiating, return error */
++	return rv;
++	}
++
++int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
++	size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
++				int entropy, size_t min_len, size_t max_len),
++	void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
++	size_t entropy_blocklen,
++	size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
++				int entropy, size_t min_len, size_t max_len),
++	void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen))
++	{
++	if (dctx->status != DRBG_STATUS_UNINITIALISED)
++		return 0;
++	dctx->entropy_blocklen = entropy_blocklen;
++	dctx->get_entropy = get_entropy;
++	dctx->cleanup_entropy = cleanup_entropy;
++	dctx->get_nonce = get_nonce;
++	dctx->cleanup_nonce = cleanup_nonce;
++	return 1;
++	}
++
++int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
++	size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
++	void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
++	int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
++	int (*rand_add_cb)(DRBG_CTX *ctx,
++				const void *buf, int num, double entropy))
++	{
++	if (dctx->status != DRBG_STATUS_UNINITIALISED)
++		return 0;
++	dctx->get_adin = get_adin;
++	dctx->cleanup_adin = cleanup_adin;
++	dctx->rand_seed_cb = rand_seed_cb;
++	dctx->rand_add_cb = rand_add_cb;
++	return 1;
++	}
++
++void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
++	{
++	return dctx->app_data;
++	}
++
++void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
++	{
++	dctx->app_data = app_data;
++	}
++
++size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
++	{
++	return dctx->blocklength;
++	}
++
++int FIPS_drbg_get_strength(DRBG_CTX *dctx)
++	{
++	return dctx->strength;
++	}
++
++void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
++	{
++	dctx->health_check_interval = interval;
++	}
++
++void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
++	{
++	dctx->reseed_interval = interval;
++	}
++
++static int drbg_stick = 0;
++
++void FIPS_drbg_stick(int onoff)
++	{
++	drbg_stick = onoff;
++	}
++
++/* Continuous DRBG utility function */
++int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
++	{
++	/* No CPRNG in test mode */
++	if (dctx->xflags & DRBG_FLAG_TEST)
++		return 1;
++	/* Check block is valid: should never happen */
++	if (dctx->lb_valid == 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
++		fips_set_selftest_fail();
++		return 0;
++		}
++	if (drbg_stick)
++		memcpy(dctx->lb, out, dctx->blocklength);
++	/* Check against last block: fail if match */
++	if (!memcmp(dctx->lb, out, dctx->blocklength))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
++		fips_set_selftest_fail();
++		return 0;
++		}
++	/* Save last block for next comparison */
++	memcpy(dctx->lb, out, dctx->blocklength);
++	return 1;
++	}
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_rand.c
+--- openssl-1.0.1e/crypto/fips/fips_drbg_rand.c.fips	2013-10-04 11:48:04.184694226 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_rand.c	2013-10-04 11:48:04.184694226 +0200
+@@ -0,0 +1,172 @@
++/* fips/rand/fips_drbg_rand.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/err.h>
++#include <openssl/rand.h>
++#include <openssl/fips_rand.h>
++#include "fips_rand_lcl.h"
++
++/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
++
++/* Since we only have one global PRNG used at any time in OpenSSL use a global
++ * variable to store context.
++ */
++
++static DRBG_CTX ossl_dctx;
++
++DRBG_CTX *FIPS_get_default_drbg(void)
++	{
++	return &ossl_dctx;
++	}
++
++static int fips_drbg_bytes(unsigned char *out, int count)
++	{
++	DRBG_CTX *dctx = &ossl_dctx;
++	int rv = 0;
++	unsigned char *adin = NULL;
++	size_t adinlen = 0;
++	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	do 
++		{
++		size_t rcnt;
++		if (count > (int)dctx->max_request)
++			rcnt = dctx->max_request;
++		else
++			rcnt = count;
++		if (dctx->get_adin)
++			{
++			adinlen = dctx->get_adin(dctx, &adin);
++			if (adinlen && !adin)
++				{
++				FIPSerr(FIPS_F_FIPS_DRBG_BYTES, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
++				goto err;
++				}
++			}
++		rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
++		if (adin)
++			{
++			if (dctx->cleanup_adin)
++				dctx->cleanup_adin(dctx, adin, adinlen);
++			adin = NULL;
++			}
++		if (!rv)
++			goto err;
++		out += rcnt;
++		count -= rcnt;
++		}
++	while (count);
++	rv = 1;
++	err:
++	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	return rv;
++	}
++
++static int fips_drbg_pseudo(unsigned char *out, int count)
++	{
++	if (fips_drbg_bytes(out, count) <= 0)
++		return -1;
++	return 1;
++	}
++
++static int fips_drbg_status(void)
++	{
++	DRBG_CTX *dctx = &ossl_dctx;
++	int rv;
++	CRYPTO_r_lock(CRYPTO_LOCK_RAND);
++	rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
++	CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
++	return rv;
++	}
++
++static void fips_drbg_cleanup(void)
++	{
++	DRBG_CTX *dctx = &ossl_dctx;
++	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	FIPS_drbg_uninstantiate(dctx);
++	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	}
++
++static int fips_drbg_seed(const void *seed, int seedlen)
++	{
++	DRBG_CTX *dctx = &ossl_dctx;
++	if (dctx->rand_seed_cb)
++		return dctx->rand_seed_cb(dctx, seed, seedlen);
++	return 1;
++	}
++
++static int fips_drbg_add(const void *seed, int seedlen,
++					double add_entropy)
++	{
++	DRBG_CTX *dctx = &ossl_dctx;
++	if (dctx->rand_add_cb)
++		return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
++	return 1;
++	}
++
++static const RAND_METHOD rand_drbg_meth =
++	{
++	fips_drbg_seed,
++	fips_drbg_bytes,
++	fips_drbg_cleanup,
++	fips_drbg_add,
++	fips_drbg_pseudo,
++	fips_drbg_status
++	};
++
++const RAND_METHOD *FIPS_drbg_method(void)
++	{
++	return &rand_drbg_meth;
++	}
++
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c.fips	2013-10-04 11:48:04.184694226 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.c	2013-10-04 11:48:04.184694226 +0200
+@@ -0,0 +1,862 @@
++/* fips/rand/fips_drbg_selftest.c */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/err.h>
++#include <openssl/fips_rand.h>
++#include "fips_rand_lcl.h"
++#include "fips_locl.h"
++
++#include "fips_drbg_selftest.h"
++
++typedef struct {
++	int post;
++	int nid;
++	unsigned int flags;
++
++	/* KAT data for no PR */
++	const unsigned char *ent;
++	size_t entlen;
++	const unsigned char *nonce;
++	size_t noncelen;
++	const unsigned char *pers;
++	size_t perslen;
++	const unsigned char *adin;
++	size_t adinlen;
++	const unsigned char *entreseed;
++	size_t entreseedlen;
++	const unsigned char *adinreseed;
++	size_t adinreseedlen;
++	const unsigned char *adin2;
++	size_t adin2len;
++	const unsigned char *kat;
++	size_t katlen;
++	const unsigned char *kat2;
++	size_t kat2len;
++
++	/* KAT data for PR */
++	const unsigned char *ent_pr;
++	size_t entlen_pr;
++	const unsigned char *nonce_pr;
++	size_t noncelen_pr;
++	const unsigned char *pers_pr;
++	size_t perslen_pr;
++	const unsigned char *adin_pr;
++	size_t adinlen_pr;
++	const unsigned char *entpr_pr;
++	size_t entprlen_pr;
++	const unsigned char *ading_pr;
++	size_t adinglen_pr;
++	const unsigned char *entg_pr;
++	size_t entglen_pr;
++	const unsigned char *kat_pr;
++	size_t katlen_pr;
++	const unsigned char *kat2_pr;
++	size_t kat2len_pr;
++
++	} DRBG_SELFTEST_DATA;
++
++#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
++	pr##_entropyinput, sizeof(pr##_entropyinput), \
++	pr##_nonce, sizeof(pr##_nonce), \
++	pr##_personalizationstring, sizeof(pr##_personalizationstring), \
++	pr##_additionalinput, sizeof(pr##_additionalinput), \
++	pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
++	pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
++	pr##_additionalinput2, sizeof(pr##_additionalinput2), \
++	pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
++	pr##_returnedbits, sizeof(pr##_returnedbits), \
++	pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
++	pr##_pr_nonce, sizeof(pr##_pr_nonce), \
++	pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
++	pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
++	pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
++	pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
++	pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
++	pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
++	pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
++	}
++
++#define make_drbg_test_data_df(nid, pr, p) \
++	make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
++
++#define make_drbg_test_data_ec(curve, md, pr, p) \
++	make_drbg_test_data((curve << 16) | md , 0, pr, p)
++
++static DRBG_SELFTEST_DATA drbg_test[] = {
++	make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
++	make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
++	make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
++	make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
++	make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
++	make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
++	make_drbg_test_data(NID_sha1, 0, sha1, 0),
++	make_drbg_test_data(NID_sha224, 0, sha224, 0),
++	make_drbg_test_data(NID_sha256, 0, sha256, 1),
++	make_drbg_test_data(NID_sha384, 0, sha384, 0),
++	make_drbg_test_data(NID_sha512, 0, sha512, 0),
++	make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
++	make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
++	make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
++	make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
++	make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
++	{0,0,0}
++	};
++
++typedef struct 
++	{
++	const unsigned char *ent;
++	size_t entlen;
++	int entcnt;
++	const unsigned char *nonce;
++	size_t noncelen;
++	int noncecnt;
++	} TEST_ENT;
++
++static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
++                                int entropy, size_t min_len, size_t max_len)
++	{
++	TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
++	*pout = (unsigned char *)t->ent;
++	t->entcnt++;
++	return t->entlen;
++	}
++
++static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
++                                int entropy, size_t min_len, size_t max_len)
++	{
++	TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
++	*pout = (unsigned char *)t->nonce;
++	t->noncecnt++;
++	return t->noncelen;
++	}
++
++static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
++								int quick)
++	{
++	TEST_ENT t;
++	int rv = 0;
++	size_t adinlen;
++	unsigned char randout[1024];
++
++	/* Initial test without PR */
++
++	/* Instantiate DRBG with test entropy, nonce and personalisation
++	 * string.
++	 */
++
++	if (!FIPS_drbg_init(dctx, td->nid, td->flags))
++		return 0;
++	if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
++		return 0;
++
++	FIPS_drbg_set_app_data(dctx, &t);
++
++	t.ent = td->ent;
++	t.entlen = td->entlen;
++	t.nonce = td->nonce;
++	t.noncelen = td->noncelen;
++	t.entcnt = 0;
++	t.noncecnt = 0;
++
++	if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
++		goto err;
++
++	/* Note for CTR without DF some additional input values
++	 * ignore bytes after the keylength: so reduce adinlen
++	 * to half to ensure invalid data is fed in.
++	 */
++	if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
++		adinlen = td->adinlen / 2;
++	else
++		adinlen = td->adinlen;
++
++	/* Generate with no PR and verify output matches expected data */
++	if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
++				td->adin, adinlen))
++		goto err;
++
++	if (memcmp(randout, td->kat, td->katlen))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
++		goto err2;
++		}
++	/* If abbreviated POST end of test */
++	if (quick)
++		{
++		rv = 1;
++		goto err;
++		}
++	/* Reseed DRBG with test entropy and additional input */
++	t.ent = td->entreseed;
++	t.entlen = td->entreseedlen;
++
++	if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
++		goto err;
++
++	/* Generate with no PR and verify output matches expected data */
++	if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
++				td->adin2, td->adin2len))
++		goto err;
++
++	if (memcmp(randout, td->kat2, td->kat2len))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
++		goto err2;
++		}
++
++	FIPS_drbg_uninstantiate(dctx);
++
++	/* Now test with PR */
++
++	/* Instantiate DRBG with test entropy, nonce and personalisation
++	 * string.
++	 */
++	if (!FIPS_drbg_init(dctx, td->nid, td->flags))
++		return 0;
++	if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
++		return 0;
++
++	FIPS_drbg_set_app_data(dctx, &t);
++
++	t.ent = td->ent_pr;
++	t.entlen = td->entlen_pr;
++	t.nonce = td->nonce_pr;
++	t.noncelen = td->noncelen_pr;
++	t.entcnt = 0;
++	t.noncecnt = 0;
++
++	if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
++		goto err;
++
++	/* Now generate with PR: we need to supply entropy as this will
++	 * perform a reseed operation. Check output matches expected value.
++	 */
++
++	t.ent = td->entpr_pr;
++	t.entlen = td->entprlen_pr;
++
++	/* Note for CTR without DF some additional input values
++	 * ignore bytes after the keylength: so reduce adinlen
++	 * to half to ensure invalid data is fed in.
++	 */
++	if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
++		adinlen = td->adinlen_pr / 2;
++	else
++		adinlen = td->adinlen_pr;
++	if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
++				td->adin_pr, adinlen))
++		goto err;
++
++	if (memcmp(randout, td->kat_pr, td->katlen_pr))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
++		goto err2;
++		}
++
++	/* Now generate again with PR: supply new entropy again.
++	 * Check output matches expected value.
++	 */
++
++	t.ent = td->entg_pr;
++	t.entlen = td->entglen_pr;
++
++	if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
++				td->ading_pr, td->adinglen_pr))
++		goto err;
++
++	if (memcmp(randout, td->kat2_pr, td->kat2len_pr))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
++		goto err2;
++		}
++	/* All OK, test complete */
++	rv = 1;
++
++	err:
++	if (rv == 0)
++		FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
++	err2:
++	FIPS_drbg_uninstantiate(dctx);
++	
++	return rv;
++
++	}
++
++/* Initialise a DRBG based on selftest data */
++
++static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, TEST_ENT *t)
++	{
++
++	if (!FIPS_drbg_init(dctx, td->nid, td->flags))
++		return 0;
++
++	if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
++		return 0;
++
++	FIPS_drbg_set_app_data(dctx, t);
++
++	t->ent = td->ent;
++	t->entlen = td->entlen;
++	t->nonce = td->nonce;
++	t->noncelen = td->noncelen;
++	t->entcnt = 0;
++	t->noncecnt = 0;
++	return 1;
++	}
++
++/* Initialise and instantiate DRBG based on selftest data */
++static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
++								TEST_ENT *t)
++	{
++	if (!do_drbg_init(dctx, td, t))
++		return 0;
++	if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
++		return 0;
++
++	return 1;
++	}
++
++/* This function performs extensive error checking as required by SP800-90.
++ * Induce several failure modes and check an error condition is set.
++ * This function along with fips_drbg_single_kat peforms the health checking
++ * operation.
++ */
++
++static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
++	{
++	unsigned char randout[1024];
++	TEST_ENT t;
++	size_t i;
++	unsigned int reseed_counter_tmp;
++	unsigned char *p = (unsigned char *)dctx;
++
++	/* Initialise DRBG */
++
++	if (!do_drbg_init(dctx, td, &t))
++		goto err;
++
++	/* Don't report induced errors */
++	dctx->iflags |= DRBG_FLAG_NOERR;
++
++	/* Personalisation string tests */
++
++	/* Test detection of too large personlisation string */
++
++	if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	/* Entropy source tests */
++
++	/* Test entropy source failure detecion: i.e. returns no data */
++
++	t.entlen = 0;
++
++	if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	/* Try to generate output from uninstantiated DRBG */
++	if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
++				td->adin, td->adinlen))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_GENERATE_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	dctx->iflags &= ~DRBG_FLAG_NOERR;
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	if (!do_drbg_init(dctx, td, &t))
++		goto err;
++
++	dctx->iflags |= DRBG_FLAG_NOERR;
++
++	/* Test insufficient entropy */
++
++	t.entlen = dctx->min_entropy - 1;
++
++	if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	dctx->iflags &= ~DRBG_FLAG_NOERR;
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	/* Test too much entropy */
++
++	if (!do_drbg_init(dctx, td, &t))
++		goto err;
++
++	dctx->iflags |= DRBG_FLAG_NOERR;
++
++	t.entlen = dctx->max_entropy + 1;
++
++	if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	dctx->iflags &= ~DRBG_FLAG_NOERR;
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	/* Nonce tests */
++
++	/* Test too small nonce */
++
++	if (dctx->min_nonce)
++		{
++
++		if (!do_drbg_init(dctx, td, &t))
++			goto err;
++
++		dctx->iflags |= DRBG_FLAG_NOERR;
++
++		t.noncelen = dctx->min_nonce - 1;
++
++		if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
++			{
++			FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
++			goto err;
++			}
++
++		dctx->iflags &= ~DRBG_FLAG_NOERR;
++		if (!FIPS_drbg_uninstantiate(dctx))
++			{
++			FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++			goto err;
++			}
++
++		}
++
++	/* Test too large nonce */
++
++	if (dctx->max_nonce)
++		{
++
++		if (!do_drbg_init(dctx, td, &t))
++			goto err;
++
++		dctx->iflags |= DRBG_FLAG_NOERR;
++
++		t.noncelen = dctx->max_nonce + 1;
++
++		if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0)
++			{
++			FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_NONCE_ERROR_UNDETECTED);
++			goto err;
++			}
++
++		dctx->iflags &= ~DRBG_FLAG_NOERR;
++		if (!FIPS_drbg_uninstantiate(dctx))
++			{
++			FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++			goto err;
++			}
++
++		}
++
++	/* Instantiate with valid data. */
++	if (!do_drbg_instantiate(dctx, td, &t))
++			goto err;
++
++	/* Check generation is now OK */
++	if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
++				td->adin, td->adinlen))
++		goto err;
++
++	dctx->iflags |= DRBG_FLAG_NOERR;
++
++	/* Request too much data for one request */
++	if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
++				td->adin, td->adinlen))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	/* Try too large additional input */
++	if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
++				td->adin, dctx->max_adin + 1))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	/* Check prediction resistance request fails if entropy source
++	 * failure.
++	 */
++
++	t.entlen = 0;
++
++	if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
++				td->adin, td->adinlen))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++		
++	dctx->iflags &= ~DRBG_FLAG_NOERR;
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++
++	/* Instantiate again with valid data */
++
++	if (!do_drbg_instantiate(dctx, td, &t))
++			goto err;
++	/* Test reseed counter works */
++	/* Save initial reseed counter */
++	reseed_counter_tmp = dctx->reseed_counter;
++	/* Set reseed counter to beyond interval */
++	dctx->reseed_counter = dctx->reseed_interval;
++
++	/* Generate output and check entropy has been requested for reseed */
++	t.entcnt = 0;
++	if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
++				td->adin, td->adinlen))
++		goto err;
++	if (t.entcnt != 1)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
++		goto err;
++		}
++	/* Check reseed counter has been reset */
++	if (dctx->reseed_counter != reseed_counter_tmp + 1)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
++		goto err;
++		}
++
++	dctx->iflags &= ~DRBG_FLAG_NOERR;
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	/* Check prediction resistance request fails if entropy source
++	 * failure.
++	 */
++
++	t.entlen = 0;
++
++	dctx->iflags |= DRBG_FLAG_NOERR;
++	if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
++				td->adin, td->adinlen))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++		
++	dctx->iflags &= ~DRBG_FLAG_NOERR;
++
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++
++	if (!do_drbg_instantiate(dctx, td, &t))
++			goto err;
++	/* Test reseed counter works */
++	/* Save initial reseed counter */
++	reseed_counter_tmp = dctx->reseed_counter;
++	/* Set reseed counter to beyond interval */
++	dctx->reseed_counter = dctx->reseed_interval;
++
++	/* Generate output and check entropy has been requested for reseed */
++	t.entcnt = 0;
++	if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
++				td->adin, td->adinlen))
++		goto err;
++	if (t.entcnt != 1)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
++		goto err;
++		}
++	/* Check reseed counter has been reset */
++	if (dctx->reseed_counter != reseed_counter_tmp + 1)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
++		goto err;
++		}
++
++	dctx->iflags &= ~DRBG_FLAG_NOERR;
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	/* Explicit reseed tests */
++
++	/* Test explicit reseed with too large additional input */
++	if (!do_drbg_init(dctx, td, &t))
++		goto err;
++
++	dctx->iflags |= DRBG_FLAG_NOERR;
++
++	if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	/* Test explicit reseed with entropy source failure */
++
++	t.entlen = 0;
++
++	if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	/* Test explicit reseed with too much entropy */
++
++	if (!do_drbg_init(dctx, td, &t))
++		goto err;
++
++	dctx->iflags |= DRBG_FLAG_NOERR;
++
++	t.entlen = dctx->max_entropy + 1;
++
++	if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	/* Test explicit reseed with too little entropy */
++
++	if (!do_drbg_init(dctx, td, &t))
++		goto err;
++
++	dctx->iflags |= DRBG_FLAG_NOERR;
++
++	t.entlen = dctx->min_entropy - 1;
++
++	if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ENTROPY_ERROR_UNDETECTED);
++		goto err;
++		}
++
++	if (!FIPS_drbg_uninstantiate(dctx))
++		{
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
++		goto err;
++		}
++
++	p = (unsigned char *)&dctx->d;
++	/* Standard says we have to check uninstantiate really zeroes
++	 * the data...
++	 */
++	for (i = 0; i < sizeof(dctx->d); i++)
++		{
++		if (*p != 0)
++			{
++			FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
++			goto err;
++			}
++		p++;
++		}
++
++	return 1;
++
++	err:
++	/* A real error as opposed to an induced one: underlying function will
++	 * indicate the error.
++	 */
++	if (!(dctx->iflags & DRBG_FLAG_NOERR))
++		FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
++	FIPS_drbg_uninstantiate(dctx);
++	return 0;
++
++	}
++
++int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
++	{
++	DRBG_SELFTEST_DATA *td;
++	flags |= DRBG_FLAG_TEST;
++	for (td = drbg_test; td->nid != 0; td++)
++		{
++		if (td->nid == nid && td->flags == flags)
++			{
++			if (!fips_drbg_single_kat(dctx, td, 0))
++				return 0;
++			return fips_drbg_error_check(dctx, td);
++			}
++		}
++	return 0;
++	}
++
++int FIPS_drbg_health_check(DRBG_CTX *dctx)
++	{
++	int rv;
++	DRBG_CTX *tctx = NULL;
++	tctx = FIPS_drbg_new(0, 0);
++	fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
++	if (!tctx)
++		return 0;
++	rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
++	if (tctx)
++		FIPS_drbg_free(tctx);
++	if (rv)
++		fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
++	else
++		fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
++	if (!rv)
++		dctx->status = DRBG_STATUS_ERROR;
++	else
++		dctx->health_check_cnt = 0;
++	return rv;
++	}
++
++int FIPS_selftest_drbg(void)
++	{
++	DRBG_CTX *dctx;
++	DRBG_SELFTEST_DATA *td;
++	int rv = 1;
++	dctx = FIPS_drbg_new(0, 0);
++	if (!dctx)
++		return 0;
++	for (td = drbg_test; td->nid != 0; td++)
++		{
++		if (td->post != 1)
++			continue;
++		if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
++			return 1;
++		if (!fips_drbg_single_kat(dctx, td, 1))
++			{
++			fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
++			rv = 0;
++			continue;
++			}
++		if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
++			return 0;
++		}
++	FIPS_drbg_free(dctx);
++	return rv;
++	}
++
++
++int FIPS_selftest_drbg_all(void)
++	{
++	DRBG_CTX *dctx;
++	DRBG_SELFTEST_DATA *td;
++	int rv = 1;
++	dctx = FIPS_drbg_new(0, 0);
++	if (!dctx)
++		return 0;
++	for (td = drbg_test; td->nid != 0; td++)
++		{
++		if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
++			return 1;
++		if (!fips_drbg_single_kat(dctx, td, 0))
++			{
++			fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
++			rv = 0;
++			continue;
++			}
++		if (!fips_drbg_error_check(dctx, td))
++			{
++			fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
++			rv = 0;
++			continue;
++			}
++		if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
++			return 0;
++		}
++	FIPS_drbg_free(dctx);
++	return rv;
++	}
++
+diff -up openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h
+--- openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h.fips	2013-10-04 11:48:04.185694249 +0200
++++ openssl-1.0.1e/crypto/fips/fips_drbg_selftest.h	2013-10-04 11:48:04.185694249 +0200
+@@ -0,0 +1,2335 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/* Selftest and health check data for the SP800-90 DRBG */
++
++#define __fips_constseg
++
++/* AES-128 use df PR  */
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_entropyinput[] =
++	{
++	0x61,0x52,0x7c,0xe3,0x23,0x7d,0x0a,0x07,0x10,0x0c,0x50,0x33,
++	0xc8,0xdb,0xff,0x12
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_nonce[] =
++	{
++	0x51,0x0d,0x85,0x77,0xed,0x22,0x97,0x28
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_personalizationstring[] =
++	{
++	0x59,0x9f,0xbb,0xcd,0xd5,0x25,0x69,0xb5,0xcb,0xb5,0x03,0xfe,
++	0xd7,0xd7,0x01,0x67
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_additionalinput[] =
++	{
++	0xef,0x88,0x76,0x01,0xaf,0x3c,0xfe,0x8b,0xaf,0x26,0x06,0x9e,
++	0x9a,0x47,0x08,0x76
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_entropyinputpr[] =
++	{
++	0xe2,0x76,0xf9,0xf6,0x3a,0xba,0x10,0x9f,0xbf,0x47,0x0e,0x51,
++	0x09,0xfb,0xa3,0xb6
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_int_returnedbits[] =
++	{
++	0xd4,0x98,0x8a,0x46,0x80,0x4c,0xdb,0xa3,0x59,0x02,0x57,0x52,
++	0x66,0x1c,0xea,0x5b
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_additionalinput2[] =
++	{
++	0x88,0x8c,0x91,0xd6,0xbe,0x56,0x6e,0x08,0x9a,0x62,0x2b,0x11,
++	0x3f,0x5e,0x31,0x06
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_entropyinputpr2[] =
++	{
++	0xc0,0x5c,0x6b,0x98,0x01,0x0d,0x58,0x18,0x51,0x18,0x96,0xae,
++	0xa7,0xe3,0xa8,0x67
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_pr_returnedbits[] =
++	{
++	0xcf,0x01,0xac,0x22,0x31,0x06,0x8e,0xfc,0xce,0x56,0xea,0x24,
++	0x0f,0x38,0x43,0xc6
++	};
++
++
++/* AES-128 use df No PR  */
++__fips_constseg
++static const unsigned char aes_128_use_df_entropyinput[] =
++	{
++	0x1f,0x8e,0x34,0x82,0x0c,0xb7,0xbe,0xc5,0x01,0x3e,0xd0,0xa3,
++	0x9d,0x7d,0x1c,0x9b
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_nonce[] =
++	{
++	0xd5,0x4d,0xbd,0x4a,0x93,0x7f,0xb8,0x96
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_personalizationstring[] =
++	{
++	0xab,0xd6,0x3f,0x04,0xfe,0x27,0x6b,0x2d,0xd7,0xc3,0x1c,0xf3,
++	0x38,0x66,0xba,0x1b
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_additionalinput[] =
++	{
++	0xfe,0xf4,0x09,0xa8,0xb7,0x73,0x27,0x9c,0x5f,0xa7,0xea,0x46,
++	0xb5,0xe2,0xb2,0x41
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_int_returnedbits[] =
++	{
++	0x42,0xe4,0x4e,0x7b,0x27,0xdd,0xcb,0xbc,0x0a,0xcf,0xa6,0x67,
++	0xe7,0x57,0x11,0xb4
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_entropyinputreseed[] =
++	{
++	0x14,0x26,0x69,0xd9,0xf3,0x65,0x03,0xd6,0x6b,0xb9,0x44,0x0b,
++	0xc7,0xc4,0x9e,0x39
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_additionalinputreseed[] =
++	{
++	0x55,0x2e,0x60,0x9a,0x05,0x72,0x8a,0xa8,0xef,0x22,0x81,0x5a,
++	0xc8,0x93,0xfa,0x84
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_additionalinput2[] =
++	{
++	0x3c,0x40,0xc8,0xc4,0x16,0x0c,0x21,0xa4,0x37,0x2c,0x8f,0xa5,
++	0x06,0x0c,0x15,0x2c
++	};
++
++__fips_constseg
++static const unsigned char aes_128_use_df_returnedbits[] =
++	{
++	0xe1,0x3e,0x99,0x98,0x86,0x67,0x0b,0x63,0x7b,0xbe,0x3f,0x88,
++	0x46,0x81,0xc7,0x19
++	};
++
++
++/* AES-192 use df PR  */
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_entropyinput[] =
++	{
++	0x2b,0x4e,0x8b,0xe1,0xf1,0x34,0x80,0x56,0x81,0xf9,0x74,0xec,
++	0x17,0x44,0x2a,0xf1,0x14,0xb0,0xbf,0x97,0x39,0xb7,0x04,0x7d
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_nonce[] =
++	{
++	0xd6,0x9d,0xeb,0x14,0x4e,0x6c,0x30,0x1e,0x39,0x55,0x73,0xd0,
++	0xd1,0x80,0x78,0xfa
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_personalizationstring[] =
++	{
++	0xfc,0x43,0x4a,0xf8,0x9a,0x55,0xb3,0x53,0x83,0xe2,0x18,0x16,
++	0x0c,0xdc,0xcd,0x5e,0x4f,0xa0,0x03,0x01,0x2b,0x9f,0xe4,0xd5,
++	0x7d,0x49,0xf0,0x41,0x9e,0x3d,0x99,0x04
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_additionalinput[] =
++	{
++	0x5e,0x9f,0x49,0x6f,0x21,0x8b,0x1d,0x32,0xd5,0x84,0x5c,0xac,
++	0xaf,0xdf,0xe4,0x79,0x9e,0xaf,0xa9,0x82,0xd0,0xf8,0x4f,0xcb,
++	0x69,0x10,0x0a,0x7e,0x81,0x57,0xb5,0x36
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_entropyinputpr[] =
++	{
++	0xd4,0x81,0x0c,0xd7,0x66,0x39,0xec,0x42,0x53,0x87,0x41,0xa5,
++	0x1e,0x7d,0x80,0x91,0x8e,0xbb,0xed,0xac,0x14,0x02,0x1a,0xd5
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_int_returnedbits[] =
++	{
++	0xdf,0x1d,0x39,0x45,0x7c,0x9b,0xc6,0x2b,0x7d,0x8c,0x93,0xe9,
++	0x19,0x30,0x6b,0x67
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_additionalinput2[] =
++	{
++	0x00,0x71,0x27,0x4e,0xd3,0x14,0xf1,0x20,0x7f,0x4a,0x41,0x32,
++	0x2a,0x97,0x11,0x43,0x8f,0x4a,0x15,0x7b,0x9b,0x51,0x79,0xda,
++	0x49,0x3d,0xde,0xe8,0xbc,0x93,0x91,0x99
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_entropyinputpr2[] =
++	{
++	0x90,0xee,0x76,0xa1,0x45,0x8d,0xb7,0x40,0xb0,0x11,0xbf,0xd0,
++	0x65,0xd7,0x3c,0x7c,0x4f,0x20,0x3f,0x4e,0x11,0x9d,0xb3,0x5e
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_pr_returnedbits[] =
++	{
++	0x24,0x3b,0x20,0xa4,0x37,0x66,0xba,0x72,0x39,0x3f,0xcf,0x3c,
++	0x7e,0x1a,0x2b,0x83
++	};
++
++
++/* AES-192 use df No PR  */
++__fips_constseg
++static const unsigned char aes_192_use_df_entropyinput[] =
++	{
++	0x8d,0x74,0xa4,0x50,0x1a,0x02,0x68,0x0c,0x2a,0x69,0xc4,0x82,
++	0x3b,0xbb,0xda,0x0e,0x7f,0x77,0xa3,0x17,0x78,0x57,0xb2,0x7b
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_nonce[] =
++	{
++	0x75,0xd5,0x1f,0xac,0xa4,0x8d,0x42,0x78,0xd7,0x69,0x86,0x9d,
++	0x77,0xd7,0x41,0x0e
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_personalizationstring[] =
++	{
++	0x4e,0x33,0x41,0x3c,0x9c,0xc2,0xd2,0x53,0xaf,0x90,0xea,0xcf,
++	0x19,0x50,0x1e,0xe6,0x6f,0x63,0xc8,0x32,0x22,0xdc,0x07,0x65,
++	0x9c,0xd3,0xf8,0x30,0x9e,0xed,0x35,0x70
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_additionalinput[] =
++	{
++	0x5d,0x8b,0x8c,0xc1,0xdf,0x0e,0x02,0x78,0xfb,0x19,0xb8,0x69,
++	0x78,0x4e,0x9c,0x52,0xbc,0xc7,0x20,0xc9,0xe6,0x5e,0x77,0x22,
++	0x28,0x3d,0x0c,0x9e,0x68,0xa8,0x45,0xd7
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_int_returnedbits[] =
++	{
++	0xd5,0xe7,0x08,0xc5,0x19,0x99,0xd5,0x31,0x03,0x0a,0x74,0xb6,
++	0xb7,0xed,0xe9,0xea
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_entropyinputreseed[] =
++	{
++	0x9c,0x26,0xda,0xf1,0xac,0xd9,0x5a,0xd6,0xa8,0x65,0xf5,0x02,
++	0x8f,0xdc,0xa2,0x09,0x54,0xa6,0xe2,0xa4,0xde,0x32,0xe0,0x01
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_additionalinputreseed[] =
++	{
++	0x9b,0x90,0xb0,0x3a,0x0e,0x3a,0x80,0x07,0x4a,0xf4,0xda,0x76,
++	0x28,0x30,0x3c,0xee,0x54,0x1b,0x94,0x59,0x51,0x43,0x56,0x77,
++	0xaf,0x88,0xdd,0x63,0x89,0x47,0x06,0x65
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_additionalinput2[] =
++	{
++	0x3c,0x11,0x64,0x7a,0x96,0xf5,0xd8,0xb8,0xae,0xd6,0x70,0x4e,
++	0x16,0x96,0xde,0xe9,0x62,0xbc,0xee,0x28,0x2f,0x26,0xa6,0xf0,
++	0x56,0xef,0xa3,0xf1,0x6b,0xa1,0xb1,0x77
++	};
++
++__fips_constseg
++static const unsigned char aes_192_use_df_returnedbits[] =
++	{
++	0x0b,0xe2,0x56,0x03,0x1e,0xdb,0x2c,0x6d,0x7f,0x1b,0x15,0x58,
++	0x1a,0xf9,0x13,0x28
++	};
++
++
++/* AES-256 use df PR  */
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_entropyinput[] =
++	{
++	0x61,0x68,0xfc,0x1a,0xf0,0xb5,0x95,0x6b,0x85,0x09,0x9b,0x74,
++	0x3f,0x13,0x78,0x49,0x3b,0x85,0xec,0x93,0x13,0x3b,0xa9,0x4f,
++	0x96,0xab,0x2c,0xe4,0xc8,0x8f,0xdd,0x6a
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_nonce[] =
++	{
++	0xad,0xd2,0xbb,0xba,0xb7,0x65,0x89,0xc3,0x21,0x6c,0x55,0x33,
++	0x2b,0x36,0xff,0xa4
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_personalizationstring[] =
++	{
++	0x6e,0xca,0xe7,0x20,0x72,0xd3,0x84,0x5a,0x32,0xd3,0x4b,0x24,
++	0x72,0xc4,0x63,0x2b,0x9d,0x12,0x24,0x0c,0x23,0x26,0x8e,0x83,
++	0x16,0x37,0x0b,0xd1,0x06,0x4f,0x68,0x6d
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_additionalinput[] =
++	{
++	0x7e,0x08,0x4a,0xbb,0xe3,0x21,0x7c,0xc9,0x23,0xd2,0xf8,0xb0,
++	0x73,0x98,0xba,0x84,0x74,0x23,0xab,0x06,0x8a,0xe2,0x22,0xd3,
++	0x7b,0xce,0x9b,0xd2,0x4a,0x76,0xb8,0xde
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_entropyinputpr[] =
++	{
++	0x0b,0x23,0xaf,0xdf,0xf1,0x62,0xd7,0xd3,0x43,0x97,0xf8,0x77,
++	0x04,0xa8,0x42,0x20,0xbd,0xf6,0x0f,0xc1,0x17,0x2f,0x9f,0x54,
++	0xbb,0x56,0x17,0x86,0x68,0x0e,0xba,0xa9
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_int_returnedbits[] =
++	{
++	0x31,0x8e,0xad,0xaf,0x40,0xeb,0x6b,0x74,0x31,0x46,0x80,0xc7,
++	0x17,0xab,0x3c,0x7a
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_additionalinput2[] =
++	{
++	0x94,0x6b,0xc9,0x9f,0xab,0x8d,0xc5,0xec,0x71,0x88,0x1d,0x00,
++	0x8c,0x89,0x68,0xe4,0xc8,0x07,0x77,0x36,0x17,0x6d,0x79,0x78,
++	0xc7,0x06,0x4e,0x99,0x04,0x28,0x29,0xc3
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_entropyinputpr2[] =
++	{
++	0xbf,0x6c,0x59,0x2a,0x0d,0x44,0x0f,0xae,0x9a,0x5e,0x03,0x73,
++	0xd8,0xa6,0xe1,0xcf,0x25,0x61,0x38,0x24,0x86,0x9e,0x53,0xe8,
++	0xa4,0xdf,0x56,0xf4,0x06,0x07,0x9c,0x0f
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_pr_returnedbits[] =
++	{
++	0x22,0x4a,0xb4,0xb8,0xb6,0xee,0x7d,0xb1,0x9e,0xc9,0xf9,0xa0,
++	0xd9,0xe2,0x97,0x00
++	};
++
++
++/* AES-256 use df No PR  */
++__fips_constseg
++static const unsigned char aes_256_use_df_entropyinput[] =
++	{
++	0xa5,0x3e,0x37,0x10,0x17,0x43,0x91,0x93,0x59,0x1e,0x47,0x50,
++	0x87,0xaa,0xdd,0xd5,0xc1,0xc3,0x86,0xcd,0xca,0x0d,0xdb,0x68,
++	0xe0,0x02,0xd8,0x0f,0xdc,0x40,0x1a,0x47
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_nonce[] =
++	{
++	0xa9,0x4d,0xa5,0x5a,0xfd,0xc5,0x0c,0xe5,0x1c,0x9a,0x3b,0x8a,
++	0x4c,0x44,0x84,0x40
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_personalizationstring[] =
++	{
++	0x8b,0x52,0xa2,0x4a,0x93,0xc3,0x4e,0xa7,0x1e,0x1c,0xa7,0x05,
++	0xeb,0x82,0x9b,0xa6,0x5d,0xe4,0xd4,0xe0,0x7f,0xa3,0xd8,0x6b,
++	0x37,0x84,0x5f,0xf1,0xc7,0xd5,0xf6,0xd2
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_additionalinput[] =
++	{
++	0x20,0xf4,0x22,0xed,0xf8,0x5c,0xa1,0x6a,0x01,0xcf,0xbe,0x5f,
++	0x8d,0x6c,0x94,0x7f,0xae,0x12,0xa8,0x57,0xdb,0x2a,0xa9,0xbf,
++	0xc7,0xb3,0x65,0x81,0x80,0x8d,0x0d,0x46
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_int_returnedbits[] =
++	{
++	0x4e,0x44,0xfd,0xf3,0x9e,0x29,0xa2,0xb8,0x0f,0x5d,0x6c,0xe1,
++	0x28,0x0c,0x3b,0xc1
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_entropyinputreseed[] =
++	{
++	0xdd,0x40,0xe5,0x98,0x7b,0x27,0x16,0x73,0x15,0x68,0xd2,0x76,
++	0xbf,0x0c,0x67,0x15,0x75,0x79,0x03,0xd3,0xde,0xde,0x91,0x46,
++	0x42,0xdd,0xd4,0x67,0xc8,0x79,0xc8,0x1e
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_additionalinputreseed[] =
++	{
++	0x7f,0xd8,0x1f,0xbd,0x2a,0xb5,0x1c,0x11,0x5d,0x83,0x4e,0x99,
++	0xf6,0x5c,0xa5,0x40,0x20,0xed,0x38,0x8e,0xd5,0x9e,0xe0,0x75,
++	0x93,0xfe,0x12,0x5e,0x5d,0x73,0xfb,0x75
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_additionalinput2[] =
++	{
++	0xcd,0x2c,0xff,0x14,0x69,0x3e,0x4c,0x9e,0xfd,0xfe,0x26,0x0d,
++	0xe9,0x86,0x00,0x49,0x30,0xba,0xb1,0xc6,0x50,0x57,0x77,0x2a,
++	0x62,0x39,0x2c,0x3b,0x74,0xeb,0xc9,0x0d
++	};
++
++__fips_constseg
++static const unsigned char aes_256_use_df_returnedbits[] =
++	{
++	0x4f,0x78,0xbe,0xb9,0x4d,0x97,0x8c,0xe9,0xd0,0x97,0xfe,0xad,
++	0xfa,0xfd,0x35,0x5e
++	};
++
++
++/* AES-128 no df PR  */
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_entropyinput[] =
++	{
++	0x9a,0x25,0x65,0x10,0x67,0xd5,0xb6,0x6b,0x70,0xa1,0xb3,0xa4,
++	0x43,0x95,0x80,0xc0,0x84,0x0a,0x79,0xb0,0x88,0x74,0xf2,0xbf,
++	0x31,0x6c,0x33,0x38,0x0b,0x00,0xb2,0x5a
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_nonce[] =
++	{
++	0x78,0x47,0x6b,0xf7,0x90,0x8e,0x87,0xf1
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_personalizationstring[] =
++	{
++	0xf7,0x22,0x1d,0x3a,0xbe,0x1d,0xca,0x32,0x1b,0xbd,0x87,0x0c,
++	0x51,0x24,0x19,0xee,0xa3,0x23,0x09,0x63,0x33,0x3d,0xa8,0x0c,
++	0x1c,0xfa,0x42,0x89,0xcc,0x6f,0xa0,0xa8
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_additionalinput[] =
++	{
++	0xc9,0xe0,0x80,0xbf,0x8c,0x45,0x58,0x39,0xff,0x00,0xab,0x02,
++	0x4c,0x3e,0x3a,0x95,0x9b,0x80,0xa8,0x21,0x2a,0xee,0xba,0x73,
++	0xb1,0xd9,0xcf,0x28,0xf6,0x8f,0x9b,0x12
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_entropyinputpr[] =
++	{
++	0x4c,0xa8,0xc5,0xf0,0x59,0x9e,0xa6,0x8d,0x26,0x53,0xd7,0x8a,
++	0xa9,0xd8,0xf7,0xed,0xb2,0xf9,0x12,0x42,0xe1,0xe5,0xbd,0xe7,
++	0xe7,0x1d,0x74,0x99,0x00,0x9d,0x31,0x3e
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_int_returnedbits[] =
++	{
++	0xe2,0xac,0x20,0xf0,0x80,0xe7,0xbc,0x7e,0x9c,0x7b,0x65,0x71,
++	0xaf,0x19,0x32,0x16
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_additionalinput2[] =
++	{
++	0x32,0x7f,0x38,0x8b,0x73,0x0a,0x78,0x83,0xdc,0x30,0xbe,0x9f,
++	0x10,0x1f,0xf5,0x1f,0xca,0x00,0xb5,0x0d,0xd6,0x9d,0x60,0x83,
++	0x51,0x54,0x7d,0x38,0x23,0x3a,0x52,0x50
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_entropyinputpr2[] =
++	{
++	0x18,0x61,0x53,0x56,0xed,0xed,0xd7,0x20,0xfb,0x71,0x04,0x7a,
++	0xb2,0xac,0xc1,0x28,0xcd,0xf2,0xc2,0xfc,0xaa,0xb1,0x06,0x07,
++	0xe9,0x46,0x95,0x02,0x48,0x01,0x78,0xf9
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_pr_returnedbits[] =
++	{
++	0x29,0xc8,0x1b,0x15,0xb1,0xd1,0xc2,0xf6,0x71,0x86,0x68,0x33,
++	0x57,0x82,0x33,0xaf
++	};
++
++
++/* AES-128 no df No PR  */
++__fips_constseg
++static const unsigned char aes_128_no_df_entropyinput[] =
++	{
++	0xc9,0xc5,0x79,0xbc,0xe8,0xc5,0x19,0xd8,0xbc,0x66,0x73,0x67,
++	0xf6,0xd3,0x72,0xaa,0xa6,0x16,0xb8,0x50,0xb7,0x47,0x3a,0x42,
++	0xab,0xf4,0x16,0xb2,0x96,0xd2,0xb6,0x60
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_nonce[] =
++	{
++	0x5f,0xbf,0x97,0x0c,0x4b,0xa4,0x87,0x13
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_personalizationstring[] =
++	{
++	0xce,0xfb,0x7b,0x3f,0xd4,0x6b,0x29,0x0d,0x69,0x06,0xff,0xbb,
++	0xf2,0xe5,0xc6,0x6c,0x0a,0x10,0xa0,0xcf,0x1a,0x48,0xc7,0x8b,
++	0x3c,0x16,0x88,0xed,0x50,0x13,0x81,0xce
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_additionalinput[] =
++	{
++	0x4b,0x22,0x46,0x18,0x02,0x7b,0xd2,0x1b,0x22,0x42,0x7c,0x37,
++	0xd9,0xf6,0xe8,0x9b,0x12,0x30,0x5f,0xe9,0x90,0xe8,0x08,0x24,
++	0x4f,0x06,0x66,0xdb,0x19,0x2b,0x13,0x95
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_int_returnedbits[] =
++	{
++	0x2e,0x96,0x70,0x64,0xfa,0xdf,0xdf,0x57,0xb5,0x82,0xee,0xd6,
++	0xed,0x3e,0x65,0xc2
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_entropyinputreseed[] =
++	{
++	0x26,0xc0,0x72,0x16,0x3a,0x4b,0xb7,0x99,0xd4,0x07,0xaf,0x66,
++	0x62,0x36,0x96,0xa4,0x51,0x17,0xfa,0x07,0x8b,0x17,0x5e,0xa1,
++	0x2f,0x3c,0x10,0xe7,0x90,0xd0,0x46,0x00
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_additionalinputreseed[] =
++	{
++	0x83,0x39,0x37,0x7b,0x02,0x06,0xd2,0x12,0x13,0x8d,0x8b,0xf2,
++	0xf0,0xf6,0x26,0xeb,0xa4,0x22,0x7b,0xc2,0xe7,0xba,0x79,0xe4,
++	0x3b,0x77,0x5d,0x4d,0x47,0xb2,0x2d,0xb4
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_additionalinput2[] =
++	{
++	0x0b,0xb9,0x67,0x37,0xdb,0x83,0xdf,0xca,0x81,0x8b,0xf9,0x3f,
++	0xf1,0x11,0x1b,0x2f,0xf0,0x61,0xa6,0xdf,0xba,0xa3,0xb1,0xac,
++	0xd3,0xe6,0x09,0xb8,0x2c,0x6a,0x67,0xd6
++	};
++
++__fips_constseg
++static const unsigned char aes_128_no_df_returnedbits[] =
++	{
++	0x1e,0xa7,0xa4,0xe4,0xe1,0xa6,0x7c,0x69,0x9a,0x44,0x6c,0x36,
++	0x81,0x37,0x19,0xd4
++	};
++
++
++/* AES-192 no df PR  */
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_entropyinput[] =
++	{
++	0x9d,0x2c,0xd2,0x55,0x66,0xea,0xe0,0xbe,0x18,0xb7,0x76,0xe7,
++	0x73,0x35,0xd8,0x1f,0xad,0x3a,0xe3,0x81,0x0e,0x92,0xd0,0x61,
++	0xc9,0x12,0x26,0xf6,0x1c,0xdf,0xfe,0x47,0xaa,0xfe,0x7d,0x5a,
++	0x17,0x1f,0x8d,0x9a
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_nonce[] =
++	{
++	0x44,0x82,0xed,0xe8,0x4c,0x28,0x5a,0x14,0xff,0x88,0x8d,0x19,
++	0x61,0x5c,0xee,0x0f
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_personalizationstring[] =
++	{
++	0x47,0xd7,0x9b,0x99,0xaa,0xcb,0xe7,0xd2,0x57,0x66,0x2c,0xe1,
++	0x78,0xd6,0x2c,0xea,0xa3,0x23,0x5f,0x2a,0xc1,0x3a,0xf0,0xa4,
++	0x20,0x3b,0xfa,0x07,0xd5,0x05,0x02,0xe4,0x57,0x01,0xb6,0x10,
++	0x57,0x2e,0xe7,0x55
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_additionalinput[] =
++	{
++	0x4b,0x74,0x0b,0x40,0xce,0x6b,0xc2,0x6a,0x24,0xb4,0xf3,0xad,
++	0x7a,0xa5,0x7a,0xa2,0x15,0xe2,0xc8,0x61,0x15,0xc6,0xb7,0x85,
++	0x69,0x11,0xad,0x7b,0x14,0xd2,0xf6,0x12,0xa1,0x95,0x5d,0x3f,
++	0xe2,0xd0,0x0c,0x2f
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_entropyinputpr[] =
++	{
++	0x0c,0x9c,0xad,0x05,0xee,0xae,0x48,0x23,0x89,0x59,0xa1,0x94,
++	0xd7,0xd8,0x75,0xd5,0x54,0x93,0xc7,0x4a,0xd9,0x26,0xde,0xeb,
++	0xba,0xb0,0x7e,0x30,0x1d,0x5f,0x69,0x40,0x9c,0x3b,0x17,0x58,
++	0x1d,0x30,0xb3,0x78
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_int_returnedbits[] =
++	{
++	0xf7,0x93,0xb0,0x6d,0x77,0x83,0xd5,0x38,0x01,0xe1,0x52,0x40,
++	0x7e,0x3e,0x0c,0x26
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_additionalinput2[] =
++	{
++	0xbc,0x4b,0x37,0x44,0x1c,0xc5,0x45,0x5f,0x8f,0x51,0x62,0x8a,
++	0x85,0x30,0x1d,0x7c,0xe4,0xcf,0xf7,0x44,0xce,0x32,0x3e,0x57,
++	0x95,0xa4,0x2a,0xdf,0xfd,0x9e,0x38,0x41,0xb3,0xf6,0xc5,0xee,
++	0x0c,0x4b,0xee,0x6e
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_entropyinputpr2[] =
++	{
++	0xec,0xaf,0xf6,0x4f,0xb1,0xa0,0x54,0xb5,0x5b,0xe3,0x46,0xb0,
++	0x76,0x5a,0x7c,0x3f,0x7b,0x94,0x69,0x21,0x51,0x02,0xe5,0x9f,
++	0x04,0x59,0x02,0x98,0xc6,0x43,0x2c,0xcc,0x26,0x4c,0x87,0x6b,
++	0x8e,0x0a,0x83,0xdf
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_pr_returnedbits[] =
++	{
++	0x74,0x45,0xfb,0x53,0x84,0x96,0xbe,0xff,0x15,0xcc,0x41,0x91,
++	0xb9,0xa1,0x21,0x68
++	};
++
++
++/* AES-192 no df No PR  */
++__fips_constseg
++static const unsigned char aes_192_no_df_entropyinput[] =
++	{
++	0x3c,0x7d,0xb5,0xe0,0x54,0xd9,0x6e,0x8c,0xa9,0x86,0xce,0x4e,
++	0x6b,0xaf,0xeb,0x2f,0xe7,0x75,0xe0,0x8b,0xa4,0x3b,0x07,0xfe,
++	0xbe,0x33,0x75,0x93,0x80,0x27,0xb5,0x29,0x47,0x8b,0xc7,0x28,
++	0x94,0xc3,0x59,0x63
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_nonce[] =
++	{
++	0x43,0xf1,0x7d,0xb8,0xc3,0xfe,0xd0,0x23,0x6b,0xb4,0x92,0xdb,
++	0x29,0xfd,0x45,0x71
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_personalizationstring[] =
++	{
++	0x9f,0x24,0x29,0x99,0x9e,0x01,0xab,0xe9,0x19,0xd8,0x23,0x08,
++	0xb7,0xd6,0x7e,0x8c,0xc0,0x9e,0x7f,0x6e,0x5b,0x33,0x20,0x96,
++	0x0b,0x23,0x2c,0xa5,0x6a,0xf8,0x1b,0x04,0x26,0xdb,0x2e,0x2b,
++	0x3b,0x88,0xce,0x35
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_additionalinput[] =
++	{
++	0x94,0xe9,0x7c,0x3d,0xa7,0xdb,0x60,0x83,0x1f,0x98,0x3f,0x0b,
++	0x88,0x59,0x57,0x51,0x88,0x9f,0x76,0x49,0x9f,0xa6,0xda,0x71,
++	0x1d,0x0d,0x47,0x16,0x63,0xc5,0x68,0xe4,0x5d,0x39,0x69,0xb3,
++	0x3e,0xbe,0xd4,0x8e
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_int_returnedbits[] =
++	{
++	0xf9,0xd7,0xad,0x69,0xab,0x8f,0x23,0x56,0x70,0x17,0x4f,0x2a,
++	0x45,0xe7,0x4a,0xc5
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_entropyinputreseed[] =
++	{
++	0xa6,0x71,0x6a,0x3d,0xba,0xd1,0xe8,0x66,0xa6,0xef,0xb2,0x0e,
++	0xa8,0x9c,0xaa,0x4e,0xaf,0x17,0x89,0x50,0x00,0xda,0xa1,0xb1,
++	0x0b,0xa4,0xd9,0x35,0x89,0xc8,0xe5,0xb0,0xd9,0xb7,0xc4,0x33,
++	0x9b,0xcb,0x7e,0x75
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_additionalinputreseed[] =
++	{
++	0x27,0x21,0xfc,0xc2,0xbd,0xf3,0x3c,0xce,0xc3,0xca,0xc1,0x01,
++	0xe0,0xff,0x93,0x12,0x7d,0x54,0x42,0xe3,0x9f,0x03,0xdf,0x27,
++	0x04,0x07,0x3c,0x53,0x7f,0xa8,0x66,0xc8,0x97,0x4b,0x61,0x40,
++	0x5d,0x7a,0x25,0x79
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_additionalinput2[] =
++	{
++	0x2d,0x8e,0x16,0x5d,0x0b,0x9f,0xeb,0xaa,0xd6,0xec,0x28,0x71,
++	0x7c,0x0b,0xc1,0x1d,0xd4,0x44,0x19,0x47,0xfd,0x1d,0x7c,0xe5,
++	0xf3,0x27,0xe1,0xb6,0x72,0x0a,0xe0,0xec,0x0e,0xcd,0xef,0x1a,
++	0x91,0x6a,0xe3,0x5f
++	};
++
++__fips_constseg
++static const unsigned char aes_192_no_df_returnedbits[] =
++	{
++	0xe5,0xda,0xb8,0xe0,0x63,0x59,0x5a,0xcc,0x3d,0xdc,0x9f,0xe8,
++	0x66,0x67,0x2c,0x92
++	};
++
++
++/* AES-256 no df PR  */
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_entropyinput[] =
++	{
++	0x15,0xc7,0x5d,0xcb,0x41,0x4b,0x16,0x01,0x3a,0xd1,0x44,0xe8,
++	0x22,0x32,0xc6,0x9c,0x3f,0xe7,0x43,0xf5,0x9a,0xd3,0xea,0xf2,
++	0xd7,0x4e,0x6e,0x6a,0x55,0x73,0x40,0xef,0x89,0xad,0x0d,0x03,
++	0x96,0x7e,0x78,0x81,0x2f,0x91,0x1b,0x44,0xb0,0x02,0xba,0x1c
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_nonce[] =
++	{
++	0xdc,0xe4,0xd4,0x27,0x7a,0x90,0xd7,0x99,0x43,0xa1,0x3c,0x30,
++	0xcc,0x4b,0xee,0x2e
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_personalizationstring[] =
++	{
++	0xe3,0xe6,0xb9,0x11,0xe4,0x7a,0xa4,0x40,0x6b,0xf8,0x73,0xf7,
++	0x7e,0xec,0xc7,0xb9,0x97,0xbf,0xf8,0x25,0x7b,0xbe,0x11,0x9b,
++	0x5b,0x6a,0x0c,0x2e,0x2b,0x01,0x51,0xcd,0x41,0x4b,0x6b,0xac,
++	0x31,0xa8,0x0b,0xf7,0xe6,0x59,0x42,0xb8,0x03,0x0c,0xf8,0x06
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_additionalinput[] =
++	{
++	0x6a,0x9f,0x00,0x91,0xae,0xfe,0xcf,0x84,0x99,0xce,0xb1,0x40,
++	0x6d,0x5d,0x33,0x28,0x84,0xf4,0x8c,0x63,0x4c,0x7e,0xbd,0x2c,
++	0x80,0x76,0xee,0x5a,0xaa,0x15,0x07,0x31,0xd8,0xbb,0x8c,0x69,
++	0x9d,0x9d,0xbc,0x7e,0x49,0xae,0xec,0x39,0x6b,0xd1,0x1f,0x7e
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_entropyinputpr[] =
++	{
++	0xf3,0xb9,0x75,0x9c,0xbd,0x88,0xea,0xa2,0x50,0xad,0xd6,0x16,
++	0x1a,0x12,0x3c,0x86,0x68,0xaf,0x6f,0xbe,0x19,0xf2,0xee,0xcc,
++	0xa5,0x70,0x84,0x53,0x50,0xcb,0x9f,0x14,0xa9,0xe5,0xee,0xb9,
++	0x48,0x45,0x40,0xe2,0xc7,0xc9,0x9a,0x74,0xff,0x8c,0x99,0x1f
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_int_returnedbits[] =
++	{
++	0x2e,0xf2,0x45,0x4c,0x62,0x2e,0x0a,0xb9,0x6b,0xa2,0xfd,0x56,
++	0x79,0x60,0x93,0xcf
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_additionalinput2[] =
++	{
++	0xaf,0x69,0x20,0xe9,0x3b,0x37,0x9d,0x3f,0xb4,0x80,0x02,0x7a,
++	0x25,0x7d,0xb8,0xde,0x71,0xc5,0x06,0x0c,0xb4,0xe2,0x8f,0x35,
++	0xd8,0x14,0x0d,0x7f,0x76,0x63,0x4e,0xb5,0xee,0xe9,0x6f,0x34,
++	0xc7,0x5f,0x56,0x14,0x4a,0xe8,0x73,0x95,0x5b,0x1c,0xb9,0xcb
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_entropyinputpr2[] =
++	{
++	0xe5,0xb0,0x2e,0x7e,0x52,0x30,0xe3,0x63,0x82,0xb6,0x44,0xd3,
++	0x25,0x19,0x05,0x24,0x9a,0x9f,0x5f,0x27,0x6a,0x29,0xab,0xfa,
++	0x07,0xa2,0x42,0x0f,0xc5,0xa8,0x94,0x7c,0x17,0x7b,0x85,0x83,
++	0x0c,0x25,0x0e,0x63,0x0b,0xe9,0x12,0x60,0xcd,0xef,0x80,0x0f
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_pr_returnedbits[] =
++	{
++	0x5e,0xf2,0x26,0xef,0x9f,0x58,0x5d,0xd5,0x4a,0x10,0xfe,0xa7,
++	0x2d,0x5f,0x4a,0x46
++	};
++
++
++/* AES-256 no df No PR  */
++__fips_constseg
++static const unsigned char aes_256_no_df_entropyinput[] =
++	{
++	0xfb,0xcf,0x1b,0x61,0x16,0x89,0x78,0x23,0xf5,0xd8,0x96,0xe3,
++	0x4e,0x64,0x0b,0x29,0x9a,0x3f,0xf8,0xa5,0xed,0xf2,0xfe,0xdb,
++	0x16,0xca,0x7f,0x10,0xfa,0x5e,0x18,0x76,0x2c,0x63,0x5e,0x96,
++	0xcf,0xb3,0xd6,0xfc,0xaf,0x99,0x39,0x28,0x9c,0x61,0xe8,0xb3
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_nonce[] =
++	{
++	0x12,0x96,0xf0,0x52,0xf3,0x8d,0x81,0xcf,0xde,0x86,0xf2,0x99,
++	0x43,0x96,0xb9,0xf0
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_personalizationstring[] =
++	{
++	0x63,0x0d,0x78,0xf5,0x90,0x8e,0x32,0x47,0xb0,0x4d,0x37,0x60,
++	0x09,0x96,0xbc,0xbf,0x97,0x7a,0x62,0x14,0x45,0xbd,0x8d,0xcc,
++	0x69,0xfb,0x03,0xe1,0x80,0x1c,0xc7,0xe2,0x2a,0xf9,0x37,0x3f,
++	0x66,0x4d,0x62,0xd9,0x10,0xe0,0xad,0xc8,0x9a,0xf0,0xa8,0x6d
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_additionalinput[] =
++	{
++	0x36,0xc6,0x13,0x60,0xbb,0x14,0xad,0x22,0xb0,0x38,0xac,0xa6,
++	0x18,0x16,0x93,0x25,0x86,0xb7,0xdc,0xdc,0x36,0x98,0x2b,0xf9,
++	0x68,0x33,0xd3,0xc6,0xff,0xce,0x8d,0x15,0x59,0x82,0x76,0xed,
++	0x6f,0x8d,0x49,0x74,0x2f,0xda,0xdc,0x1f,0x17,0xd0,0xde,0x17
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_int_returnedbits[] =
++	{
++	0x16,0x2f,0x8e,0x3f,0x21,0x7a,0x1c,0x20,0x56,0xd1,0x92,0xf6,
++	0xd2,0x25,0x75,0x0e
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_entropyinputreseed[] =
++	{
++	0x91,0x79,0x76,0xee,0xe0,0xcf,0x9e,0xc2,0xd5,0xd4,0x23,0x9b,
++	0x12,0x8c,0x7e,0x0a,0xb7,0xd2,0x8b,0xd6,0x7c,0xa3,0xc6,0xe5,
++	0x0e,0xaa,0xc7,0x6b,0xae,0x0d,0xfa,0x53,0x06,0x79,0xa1,0xed,
++	0x4d,0x6a,0x0e,0xd8,0x9d,0xbe,0x1b,0x31,0x93,0x7b,0xec,0xfb
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_additionalinputreseed[] =
++	{
++	0xd2,0x46,0x50,0x22,0x10,0x14,0x63,0xf7,0xea,0x0f,0xb9,0x7e,
++	0x0d,0xe1,0x94,0x07,0xaf,0x09,0x44,0x31,0xea,0x64,0xa4,0x18,
++	0x5b,0xf9,0xd8,0xc2,0xfa,0x03,0x47,0xc5,0x39,0x43,0xd5,0x3b,
++	0x62,0x86,0x64,0xea,0x2c,0x73,0x8c,0xae,0x9d,0x98,0x98,0x29
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_additionalinput2[] =
++	{
++	0x8c,0xab,0x18,0xf8,0xc3,0xec,0x18,0x5c,0xb3,0x1e,0x9d,0xbe,
++	0x3f,0x03,0xb4,0x00,0x98,0x9d,0xae,0xeb,0xf4,0x94,0xf8,0x42,
++	0x8f,0xe3,0x39,0x07,0xe1,0xc9,0xad,0x0b,0x1f,0xed,0xc0,0xba,
++	0xf6,0xd1,0xec,0x27,0x86,0x7b,0xd6,0x55,0x9b,0x60,0xa5,0xc6
++	};
++
++__fips_constseg
++static const unsigned char aes_256_no_df_returnedbits[] =
++	{
++	0xef,0xd2,0xd8,0x5c,0xdc,0x62,0x25,0x9f,0xaa,0x1e,0x2c,0x67,
++	0xf6,0x02,0x32,0xe2
++	};
++
++
++/* SHA-1 PR  */
++__fips_constseg
++static const unsigned char sha1_pr_entropyinput[] =
++	{
++	0xd2,0x36,0xa5,0x27,0x31,0x73,0xdd,0x11,0x4f,0x93,0xbd,0xe2,
++	0x31,0xa5,0x91,0x13
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_nonce[] =
++	{
++	0xb5,0xb3,0x60,0xef,0xf7,0x63,0x31,0xf3
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_personalizationstring[] =
++	{
++	0xd4,0xbb,0x02,0x10,0xb2,0x71,0xdb,0x81,0xd6,0xf0,0x42,0x60,
++	0xda,0xea,0x77,0x52
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_additionalinput[] =
++	{
++	0x4d,0xd2,0x6c,0x87,0xfb,0x2c,0x4f,0xa6,0x8d,0x16,0x63,0x22,
++	0x6a,0x51,0xe3,0xf8
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_entropyinputpr[] =
++	{
++	0xc9,0x83,0x9e,0x16,0xf6,0x1c,0x0f,0xb2,0xec,0x60,0x31,0xa9,
++	0xcb,0xa9,0x36,0x7a
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_int_returnedbits[] =
++	{
++	0xa8,0x13,0x4f,0xf4,0x31,0x02,0x44,0xe3,0xd3,0x3d,0x61,0x9e,
++	0xe5,0xc6,0x3e,0x89,0xb5,0x9b,0x0f,0x35
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_additionalinput2[] =
++	{
++	0xf9,0xe8,0xd2,0x72,0x13,0x34,0x95,0x6f,0x15,0x49,0x47,0x99,
++	0x16,0x03,0x19,0x47
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_entropyinputpr2[] =
++	{
++	0x4e,0x8c,0x49,0x9b,0x4a,0x5c,0x9b,0x9c,0x3a,0xee,0xfb,0xd2,
++	0xae,0xcd,0x8c,0xc4
++	};
++
++__fips_constseg
++static const unsigned char sha1_pr_returnedbits[] =
++	{
++	0x50,0xb4,0xb4,0xcd,0x68,0x57,0xfc,0x2e,0xc1,0x52,0xcc,0xf6,
++	0x68,0xa4,0x81,0xed,0x7e,0xe4,0x1d,0x87
++	};
++
++
++/* SHA-1 No PR  */
++__fips_constseg
++static const unsigned char sha1_entropyinput[] =
++	{
++	0xa9,0x47,0x1b,0x29,0x2d,0x1c,0x05,0xdf,0x76,0xd0,0x62,0xf9,
++	0xe2,0x7f,0x4c,0x7b
++	};
++
++__fips_constseg
++static const unsigned char sha1_nonce[] =
++	{
++	0x53,0x23,0x24,0xe3,0xec,0x0c,0x54,0x14
++	};
++
++__fips_constseg
++static const unsigned char sha1_personalizationstring[] =
++	{
++	0x7a,0x87,0xa1,0xac,0x1c,0xfd,0xab,0xae,0xf7,0xd6,0xfb,0x76,
++	0x28,0xec,0x6d,0xca
++	};
++
++__fips_constseg
++static const unsigned char sha1_additionalinput[] =
++	{
++	0xfc,0x92,0x35,0xd6,0x7e,0xb7,0x24,0x65,0xfd,0x12,0x27,0x35,
++	0xc0,0x72,0xca,0x28
++	};
++
++__fips_constseg
++static const unsigned char sha1_int_returnedbits[] =
++	{
++	0x57,0x88,0x82,0xe5,0x25,0xa5,0x2c,0x4a,0x06,0x20,0x6c,0x72,
++	0x55,0x61,0xdd,0x90,0x71,0x9f,0x95,0xea
++	};
++
++__fips_constseg
++static const unsigned char sha1_entropyinputreseed[] =
++	{
++	0x69,0xa5,0x40,0x62,0x98,0x47,0x56,0x73,0x4a,0x8f,0x60,0x96,
++	0xd6,0x99,0x27,0xed
++	};
++
++__fips_constseg
++static const unsigned char sha1_additionalinputreseed[] =
++	{
++	0xe5,0x40,0x4e,0xbd,0x50,0x00,0xf5,0x15,0xa6,0xee,0x45,0xda,
++	0x84,0x3d,0xd4,0xc0
++	};
++
++__fips_constseg
++static const unsigned char sha1_additionalinput2[] =
++	{
++	0x11,0x51,0x14,0xf0,0x09,0x1b,0x4e,0x56,0x0d,0xe9,0xf6,0x1e,
++	0x52,0x65,0xcd,0x96
++	};
++
++__fips_constseg
++static const unsigned char sha1_returnedbits[] =
++	{
++	0xa1,0x9c,0x94,0x6e,0x29,0xe1,0x33,0x0d,0x32,0xd6,0xaa,0xce,
++	0x71,0x3f,0x52,0x72,0x8b,0x42,0xa8,0xd7
++	};
++
++
++/* SHA-224 PR  */
++__fips_constseg
++static const unsigned char sha224_pr_entropyinput[] =
++	{
++	0x12,0x69,0x32,0x4f,0x83,0xa6,0xf5,0x14,0xe3,0x49,0x3e,0x75,
++	0x3e,0xde,0xad,0xa1,0x29,0xc3,0xf3,0x19,0x20,0xb5,0x4c,0xd9
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_nonce[] =
++	{
++	0x6a,0x78,0xd0,0xeb,0xbb,0x5a,0xf0,0xee,0xe8,0xc3,0xba,0x71
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_personalizationstring[] =
++	{
++	0xd5,0xb8,0xb6,0xbc,0xc1,0x5b,0x60,0x31,0x3c,0xf5,0xe5,0xc0,
++	0x8e,0x52,0x7a,0xbd,0xea,0x47,0xa9,0x5f,0x8f,0xf9,0x8b,0xae
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_additionalinput[] =
++	{
++	0x1f,0x55,0xec,0xae,0x16,0x12,0x84,0xba,0x84,0x16,0x19,0x88,
++	0x8e,0xb8,0x33,0x25,0x54,0xff,0xca,0x79,0xaf,0x07,0x25,0x50
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_entropyinputpr[] =
++	{
++	0x92,0xa3,0x32,0xa8,0x9a,0x0a,0x58,0x7c,0x1d,0x5a,0x7e,0xe1,
++	0xb2,0x73,0xab,0x0e,0x16,0x79,0x23,0xd3,0x29,0x89,0x81,0xe1
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_int_returnedbits[] =
++	{
++	0xf3,0x38,0x91,0x40,0x37,0x7a,0x51,0x72,0x42,0x74,0x78,0x0a,
++	0x69,0xfd,0xa6,0x44,0x43,0x45,0x6c,0x0c,0x5a,0x19,0xff,0xf1,
++	0x54,0x60,0xee,0x6a
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_additionalinput2[] =
++	{
++	0x75,0xf3,0x04,0x25,0xdd,0x36,0xa8,0x37,0x46,0xae,0x0c,0x52,
++	0x05,0x79,0x4c,0x26,0xdb,0xe9,0x71,0x16,0x4c,0x0a,0xf2,0x60
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_entropyinputpr2[] =
++	{
++	0xea,0xc5,0x03,0x0a,0x4f,0xb0,0x38,0x8d,0x23,0xd4,0xc8,0x77,
++	0xe2,0x6d,0x9c,0x0b,0x44,0xf7,0x2d,0x5b,0xbf,0x5d,0x2a,0x11
++	};
++
++__fips_constseg
++static const unsigned char sha224_pr_returnedbits[] =
++	{
++	0x60,0x50,0x2b,0xe7,0x86,0xd8,0x26,0x73,0xe3,0x1d,0x95,0x20,
++	0xb3,0x2c,0x32,0x1c,0xf5,0xce,0x57,0xa6,0x67,0x2b,0xdc,0x4e,
++	0xdd,0x11,0x4c,0xc4
++	};
++
++
++/* SHA-224 No PR  */
++__fips_constseg
++static const unsigned char sha224_entropyinput[] =
++	{
++	0xb2,0x1c,0x77,0x4d,0xf6,0xd3,0xb6,0x40,0xb7,0x30,0x3e,0x29,
++	0xb0,0x85,0x1c,0xbe,0x4a,0xea,0x6b,0x5a,0xb5,0x8a,0x97,0xeb
++	};
++
++__fips_constseg
++static const unsigned char sha224_nonce[] =
++	{
++	0x42,0x02,0x0a,0x1c,0x98,0x9a,0x77,0x9e,0x9f,0x80,0xba,0xe0
++	};
++
++__fips_constseg
++static const unsigned char sha224_personalizationstring[] =
++	{
++	0x98,0xb8,0x04,0x41,0xfc,0xc1,0x5d,0xc5,0xe9,0xb9,0x08,0xda,
++	0xf9,0xfa,0x0d,0x90,0xce,0xdf,0x1d,0x10,0xa9,0x8d,0x50,0x0c
++	};
++
++__fips_constseg
++static const unsigned char sha224_additionalinput[] =
++	{
++	0x9a,0x8d,0x39,0x49,0x42,0xd5,0x0b,0xae,0xe1,0xaf,0xb7,0x00,
++	0x02,0xfa,0x96,0xb1,0xa5,0x1d,0x2d,0x25,0x78,0xee,0x83,0x3f
++	};
++
++__fips_constseg
++static const unsigned char sha224_int_returnedbits[] =
++	{
++	0xe4,0xf5,0x53,0x79,0x5a,0x97,0x58,0x06,0x08,0xba,0x7b,0xfa,
++	0xf0,0x83,0x05,0x8c,0x22,0xc0,0xc9,0xdb,0x15,0xe7,0xde,0x20,
++	0x55,0x22,0x9a,0xad
++	};
++
++__fips_constseg
++static const unsigned char sha224_entropyinputreseed[] =
++	{
++	0x67,0x09,0x48,0xaa,0x07,0x16,0x99,0x89,0x7f,0x6d,0xa0,0xe5,
++	0x8f,0xdf,0xbc,0xdb,0xfe,0xe5,0x6c,0x7a,0x95,0x4a,0x66,0x17
++	};
++
++__fips_constseg
++static const unsigned char sha224_additionalinputreseed[] =
++	{
++	0x0f,0x4b,0x1c,0x6f,0xb7,0xe3,0x47,0xe5,0x5d,0x7d,0x38,0xd6,
++	0x28,0x9b,0xeb,0x55,0x63,0x09,0x3e,0x7c,0x56,0xea,0xf8,0x19
++	};
++
++__fips_constseg
++static const unsigned char sha224_additionalinput2[] =
++	{
++	0x2d,0x26,0x7c,0x37,0xe4,0x7a,0x28,0x5e,0x5a,0x3c,0xaf,0x3d,
++	0x5a,0x8e,0x55,0xa2,0x1a,0x6e,0xc0,0xe5,0xf6,0x21,0xd3,0xf6
++	};
++
++__fips_constseg
++static const unsigned char sha224_returnedbits[] =
++	{
++	0x4d,0x83,0x35,0xdf,0x67,0xa9,0xfc,0x17,0xda,0x70,0xcc,0x8b,
++	0x7f,0x77,0xae,0xa2,0x5f,0xb9,0x7e,0x74,0x4c,0x26,0xc1,0x7a,
++	0x3b,0xa7,0x5c,0x93
++	};
++
++
++/* SHA-256 PR  */
++__fips_constseg
++static const unsigned char sha256_pr_entropyinput[] =
++	{
++	0xce,0x49,0x00,0x7a,0x56,0xe3,0x67,0x8f,0xe1,0xb6,0xa7,0xd4,
++	0x4f,0x08,0x7a,0x1b,0x01,0xf4,0xfa,0x6b,0xef,0xb7,0xe5,0xeb,
++	0x07,0x3d,0x11,0x0d,0xc8,0xea,0x2b,0xfe
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_nonce[] =
++	{
++	0x73,0x41,0xc8,0x92,0x94,0xe2,0xc5,0x5f,0x93,0xfd,0x39,0x5d,
++	0x2b,0x91,0x4d,0x38
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_personalizationstring[] =
++	{
++	0x50,0x6d,0x01,0x01,0x07,0x5a,0x80,0x35,0x7a,0x56,0x1a,0x56,
++	0x2f,0x9a,0x0b,0x35,0xb2,0xb1,0xc9,0xe5,0xca,0x69,0x61,0x48,
++	0xff,0xfb,0x0f,0xd9,0x4b,0x79,0x1d,0xba
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_additionalinput[] =
++	{
++	0x20,0xb8,0xdf,0x44,0x77,0x5a,0xb8,0xd3,0xbf,0xf6,0xcf,0xac,
++	0x5e,0xa6,0x96,0x62,0x73,0x44,0x40,0x4a,0x30,0xfb,0x38,0xa5,
++	0x7b,0x0d,0xe4,0x0d,0xc6,0xe4,0x9a,0x1f
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_entropyinputpr[] =
++	{
++	0x04,0xc4,0x65,0xf4,0xd3,0xbf,0x83,0x4b,0xab,0xc8,0x41,0xa8,
++	0xc2,0xe0,0x44,0x63,0x77,0x4c,0x6f,0x6c,0x49,0x46,0xff,0x94,
++	0x17,0xea,0xe6,0x1a,0x9d,0x5e,0x66,0x78
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_int_returnedbits[] =
++	{
++	0x07,0x4d,0xac,0x9b,0x86,0xca,0x4a,0xaa,0x6e,0x7a,0x03,0xa2,
++	0x5d,0x10,0xea,0x0b,0xf9,0x83,0xcc,0xd1,0xfc,0xe2,0x07,0xc7,
++	0x06,0x34,0x60,0x6f,0x83,0x94,0x99,0x76
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_additionalinput2[] =
++	{
++	0x89,0x4e,0x45,0x8c,0x11,0xf9,0xbc,0x5b,0xac,0x74,0x8b,0x4b,
++	0x5f,0xf7,0x19,0xf3,0xf5,0x24,0x54,0x14,0xd1,0x15,0xb1,0x43,
++	0x12,0xa4,0x5f,0xd4,0xec,0xfc,0xcd,0x09
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_entropyinputpr2[] =
++	{
++	0x0e,0xeb,0x1f,0xd7,0xfc,0xd1,0x9d,0xd4,0x05,0x36,0x8b,0xb2,
++	0xfb,0xe4,0xf4,0x51,0x0c,0x87,0x9b,0x02,0x44,0xd5,0x92,0x4d,
++	0x44,0xfe,0x1a,0x03,0x43,0x56,0xbd,0x86
++	};
++
++__fips_constseg
++static const unsigned char sha256_pr_returnedbits[] =
++	{
++	0x02,0xaa,0xb6,0x1d,0x7e,0x2a,0x40,0x03,0x69,0x2d,0x49,0xa3,
++	0x41,0xe7,0x44,0x0b,0xaf,0x7b,0x85,0xe4,0x5f,0x53,0x3b,0x64,
++	0xbc,0x89,0xc8,0x82,0xd4,0x78,0x37,0xa2
++	};
++
++
++/* SHA-256 No PR  */
++__fips_constseg
++static const unsigned char sha256_entropyinput[] =
++	{
++	0x5b,0x1b,0xec,0x4d,0xa9,0x38,0x74,0x5a,0x34,0x0b,0x7b,0xc5,
++	0xe5,0xd7,0x66,0x7c,0xbc,0x82,0xb9,0x0e,0x2d,0x1f,0x92,0xd7,
++	0xc1,0xbc,0x67,0x69,0xec,0x6b,0x03,0x3c
++	};
++
++__fips_constseg
++static const unsigned char sha256_nonce[] =
++	{
++	0xa4,0x0c,0xd8,0x9c,0x61,0xd8,0xc3,0x54,0xfe,0x53,0xc9,0xe5,
++	0x5d,0x6f,0x6d,0x35
++	};
++
++__fips_constseg
++static const unsigned char sha256_personalizationstring[] =
++	{
++	0x22,0x5e,0x62,0x93,0x42,0x83,0x78,0x24,0xd8,0x40,0x8c,0xde,
++	0x6f,0xf9,0xa4,0x7a,0xc5,0xa7,0x3b,0x88,0xa3,0xee,0x42,0x20,
++	0xfd,0x61,0x56,0xc6,0x4c,0x13,0x41,0x9c
++	};
++
++__fips_constseg
++static const unsigned char sha256_additionalinput[] =
++	{
++	0xbf,0x74,0x5b,0xf6,0xc5,0x64,0x5e,0x99,0x34,0x8f,0xbc,0xa4,
++	0xe2,0xbd,0xd8,0x85,0x26,0x37,0xea,0xba,0x4f,0xf2,0x9a,0x9a,
++	0x66,0xfc,0xdf,0x63,0x26,0x26,0x19,0x87
++	};
++
++__fips_constseg
++static const unsigned char sha256_int_returnedbits[] =
++	{
++	0xb3,0xc6,0x07,0x07,0xd6,0x75,0xf6,0x2b,0xd6,0x21,0x96,0xf1,
++	0xae,0xdb,0x2b,0xac,0x25,0x2a,0xae,0xae,0x41,0x72,0x03,0x5e,
++	0xbf,0xd3,0x64,0xbc,0x59,0xf9,0xc0,0x76
++	};
++
++__fips_constseg
++static const unsigned char sha256_entropyinputreseed[] =
++	{
++	0xbf,0x20,0x33,0x56,0x29,0xa8,0x37,0x04,0x1f,0x78,0x34,0x3d,
++	0x81,0x2a,0xc9,0x86,0xc6,0x7a,0x2f,0x88,0x5e,0xd5,0xbe,0x34,
++	0x46,0x20,0xa4,0x35,0xeb,0xc7,0xe2,0x9d
++	};
++
++__fips_constseg
++static const unsigned char sha256_additionalinputreseed[] =
++	{
++	0x9b,0xae,0x2d,0x2d,0x61,0xa4,0x89,0xeb,0x43,0x46,0xa7,0xda,
++	0xef,0x40,0xca,0x4a,0x99,0x11,0x41,0xdc,0x5c,0x94,0xe9,0xac,
++	0xd4,0xd0,0xe6,0xbd,0xfb,0x03,0x9c,0xa8
++	};
++
++__fips_constseg
++static const unsigned char sha256_additionalinput2[] =
++	{
++	0x23,0xaa,0x0c,0xbd,0x28,0x33,0xe2,0x51,0xfc,0x71,0xd2,0x15,
++	0x1f,0x76,0xfd,0x0d,0xe0,0xb7,0xb5,0x84,0x75,0x5b,0xbe,0xf3,
++	0x5c,0xca,0xc5,0x30,0xf2,0x75,0x1f,0xda
++	};
++
++__fips_constseg
++static const unsigned char sha256_returnedbits[] =
++	{
++	0x90,0x3c,0xc1,0x10,0x8c,0x12,0x01,0xc6,0xa6,0x3a,0x0f,0x4d,
++	0xb6,0x3a,0x4f,0x41,0x9c,0x61,0x75,0x84,0xe9,0x74,0x75,0xfd,
++	0xfe,0xf2,0x1f,0x43,0xd8,0x5e,0x24,0xa3
++	};
++
++
++/* SHA-384 PR  */
++__fips_constseg
++static const unsigned char sha384_pr_entropyinput[] =
++	{
++	0x71,0x9d,0xb2,0x5a,0x71,0x6d,0x04,0xe9,0x1e,0xc7,0x92,0x24,
++	0x6e,0x12,0x33,0xa9,0x52,0x64,0x31,0xef,0x71,0xeb,0x22,0x55,
++	0x28,0x97,0x06,0x6a,0xc0,0x0c,0xa0,0x7e
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_nonce[] =
++	{
++	0xf5,0x0d,0xfa,0xb0,0xec,0x6a,0x7c,0xd6,0xbd,0x9b,0x05,0xfd,
++	0x38,0x3e,0x2e,0x56
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_personalizationstring[] =
++	{
++	0x74,0xac,0x7e,0x6d,0xb1,0xa4,0xe7,0x21,0xd1,0x1e,0x6e,0x96,
++	0x6d,0x4d,0x53,0x46,0x82,0x96,0x6e,0xcf,0xaa,0x81,0x8d,0x7d,
++	0x9e,0xe1,0x0f,0x15,0xea,0x41,0xbf,0xe3
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_additionalinput[] =
++	{
++	0xda,0x95,0xd4,0xd0,0xb8,0x11,0xd3,0x49,0x27,0x5d,0xa9,0x39,
++	0x68,0xf3,0xa8,0xe9,0x5d,0x19,0x8a,0x2b,0x66,0xe8,0x69,0x06,
++	0x7c,0x9e,0x03,0xa1,0x8b,0x26,0x2d,0x6e
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_entropyinputpr[] =
++	{
++	0x49,0xdf,0x44,0x00,0xe4,0x1c,0x75,0x0b,0x26,0x5a,0x59,0x64,
++	0x1f,0x4e,0xb1,0xb2,0x13,0xf1,0x22,0x4e,0xb4,0x6d,0x9a,0xcc,
++	0xa0,0x48,0xe6,0xcf,0x1d,0xd1,0x92,0x0d
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_int_returnedbits[] =
++	{
++	0xc8,0x52,0xae,0xbf,0x04,0x3c,0x27,0xb7,0x78,0x18,0xaa,0x8f,
++	0xff,0xcf,0xa4,0xf1,0xcc,0xe7,0x68,0xfa,0x22,0xa2,0x13,0x45,
++	0xe8,0xdd,0x87,0xe6,0xf2,0x6e,0xdd,0xc7,0x52,0x90,0x9f,0x7b,
++	0xfa,0x61,0x2d,0x9d,0x9e,0xcf,0x98,0xac,0x52,0x40,0xce,0xaf
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_additionalinput2[] =
++	{
++	0x61,0x7c,0x03,0x9a,0x3e,0x50,0x57,0x60,0xc5,0x83,0xc9,0xb2,
++	0xd1,0x87,0x85,0x66,0x92,0x5d,0x84,0x0e,0x53,0xfb,0x70,0x03,
++	0x72,0xfd,0xba,0xae,0x9c,0x8f,0xf8,0x18
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_entropyinputpr2[] =
++	{
++	0xf8,0xeb,0x89,0xb1,0x8d,0x78,0xbe,0x21,0xe0,0xbb,0x9d,0xb7,
++	0x95,0x0e,0xd9,0x46,0x0c,0x8c,0xe2,0x63,0xb7,0x9d,0x67,0x90,
++	0xbd,0xc7,0x0b,0xa5,0xce,0xb2,0x65,0x81
++	};
++
++__fips_constseg
++static const unsigned char sha384_pr_returnedbits[] =
++	{
++	0xe6,0x9f,0xfe,0x68,0xd6,0xb5,0x79,0xf1,0x06,0x5f,0xa3,0xbb,
++	0x23,0x85,0xd8,0xf0,0x29,0x5a,0x68,0x9e,0xf5,0xf4,0xa6,0x12,
++	0xe0,0x9a,0xe2,0xac,0x00,0x1d,0x98,0x26,0xfc,0x53,0x95,0x53,
++	0xe4,0x3e,0x17,0xd5,0x08,0x0b,0x70,0x3d,0x67,0x99,0xac,0x66
++	};
++
++
++/* SHA-384 No PR  */
++__fips_constseg
++static const unsigned char sha384_entropyinput[] =
++	{
++	0x07,0x15,0x27,0x2a,0xaf,0x74,0x24,0x37,0xbc,0xd5,0x14,0x69,
++	0xce,0x11,0xff,0xa2,0x6b,0xb8,0x05,0x67,0x34,0xf8,0xbd,0x6d,
++	0x6a,0xcc,0xcd,0x60,0xa3,0x68,0xca,0xf4
++	};
++
++__fips_constseg
++static const unsigned char sha384_nonce[] =
++	{
++	0x70,0x17,0xc2,0x5b,0x5d,0x22,0x0b,0x06,0x15,0x54,0x78,0x77,
++	0x44,0xaf,0x2f,0x09
++	};
++
++__fips_constseg
++static const unsigned char sha384_personalizationstring[] =
++	{
++	0x89,0x39,0x28,0xb0,0x60,0xeb,0x3d,0xdc,0x55,0x75,0x86,0xeb,
++	0xae,0xa2,0x8f,0xbc,0x1b,0x75,0xd4,0xe1,0x0f,0xaa,0x38,0xca,
++	0x62,0x8b,0xcb,0x2c,0x26,0xf6,0xbc,0xb1
++	};
++
++__fips_constseg
++static const unsigned char sha384_additionalinput[] =
++	{
++	0x30,0x2b,0x42,0x35,0xef,0xda,0x40,0x55,0x28,0xc6,0x95,0xfb,
++	0x54,0x01,0x62,0xd7,0x87,0x14,0x48,0x6d,0x90,0x4c,0xa9,0x02,
++	0x54,0x40,0x22,0xc8,0x66,0xa5,0x48,0x48
++	};
++
++__fips_constseg
++static const unsigned char sha384_int_returnedbits[] =
++	{
++	0x82,0xc4,0xa1,0x9c,0x21,0xd2,0xe7,0xa5,0xa6,0xf6,0x5f,0x04,
++	0x5c,0xc7,0x31,0x9d,0x8d,0x59,0x74,0x50,0x19,0x89,0x2f,0x63,
++	0xd5,0xb7,0x7e,0xeb,0x15,0xe3,0x70,0x83,0xa1,0x24,0x59,0xfa,
++	0x2c,0x56,0xf6,0x88,0x3a,0x92,0x93,0xa1,0xfb,0x79,0xc1,0x7a
++	};
++
++__fips_constseg
++static const unsigned char sha384_entropyinputreseed[] =
++	{
++	0x39,0xa6,0xe8,0x5c,0x82,0x17,0x71,0x26,0x57,0x4f,0x9f,0xc2,
++	0x55,0xff,0x5c,0x9b,0x53,0x1a,0xd1,0x5f,0xbc,0x62,0xe4,0x27,
++	0x2d,0x32,0xf0,0xe4,0x52,0x8c,0xc5,0x0c
++	};
++
++__fips_constseg
++static const unsigned char sha384_additionalinputreseed[] =
++	{
++	0x8d,0xcb,0x8d,0xce,0x08,0xea,0x80,0xe8,0x9b,0x61,0xa8,0x0f,
++	0xaf,0x49,0x20,0x9e,0x74,0xcb,0x57,0x80,0x42,0xb0,0x84,0x5e,
++	0x30,0x2a,0x67,0x08,0xf4,0xe3,0x40,0x22
++	};
++
++__fips_constseg
++static const unsigned char sha384_additionalinput2[] =
++	{
++	0x7c,0x8f,0xc2,0xae,0x22,0x4a,0xd6,0xf6,0x05,0xa4,0x7a,0xea,
++	0xbb,0x25,0xd0,0xb7,0x5a,0xd6,0xcf,0x9d,0xf3,0x6c,0xe2,0xb2,
++	0x4e,0xb4,0xbd,0xf4,0xe5,0x40,0x80,0x94
++	};
++
++__fips_constseg
++static const unsigned char sha384_returnedbits[] =
++	{
++	0x9e,0x7e,0xfb,0x59,0xbb,0xaa,0x3c,0xf7,0xe1,0xf8,0x76,0xdd,
++	0x63,0x5f,0xaf,0x23,0xd6,0x64,0x61,0xc0,0x9a,0x09,0x47,0xc9,
++	0x33,0xdf,0x6d,0x55,0x91,0x34,0x79,0x70,0xc4,0x99,0x6e,0x54,
++	0x09,0x64,0x21,0x1a,0xbd,0x1e,0x80,0x40,0x34,0xad,0xfa,0xd7
++	};
++
++
++/* SHA-512 PR  */
++__fips_constseg
++static const unsigned char sha512_pr_entropyinput[] =
++	{
++	0x13,0xf7,0x61,0x75,0x65,0x28,0xa2,0x59,0x13,0x5a,0x4a,0x4f,
++	0x56,0x60,0x8c,0x53,0x7d,0xb0,0xbd,0x06,0x4f,0xed,0xcc,0xd2,
++	0xa2,0xb5,0xfd,0x5b,0x3a,0xab,0xec,0x28
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_nonce[] =
++	{
++	0xbe,0xa3,0x91,0x93,0x1d,0xc3,0x31,0x3a,0x23,0x33,0x50,0x67,
++	0x88,0xc7,0xa2,0xc4
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_personalizationstring[] =
++	{
++	0x1f,0x59,0x4d,0x7b,0xe6,0x46,0x91,0x48,0xc1,0x25,0xfa,0xff,
++	0x89,0x12,0x77,0x35,0xdf,0x3e,0xf4,0x80,0x5f,0xd9,0xb0,0x07,
++	0x22,0x41,0xdd,0x48,0x78,0x6b,0x77,0x2b
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_additionalinput[] =
++	{
++	0x30,0xff,0x63,0x6f,0xac,0xd9,0x84,0x39,0x6f,0xe4,0x99,0xce,
++	0x91,0x7d,0x7e,0xc8,0x58,0xf2,0x12,0xc3,0xb6,0xad,0xda,0x22,
++	0x04,0xa0,0xd2,0x21,0xfe,0xf2,0x95,0x1d
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_entropyinputpr[] =
++	{
++	0x64,0x54,0x13,0xec,0x4f,0x77,0xda,0xb2,0x92,0x2e,0x52,0x80,
++	0x11,0x10,0xc2,0xf8,0xe6,0xa7,0xcd,0x4b,0xfc,0x32,0x2e,0x9e,
++	0xeb,0xbb,0xb1,0xbf,0x15,0x5c,0x73,0x08
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_int_returnedbits[] =
++	{
++	0xef,0x1e,0xdc,0x0a,0xa4,0x36,0x91,0x9c,0x3d,0x27,0x97,0x50,
++	0x8d,0x36,0x29,0x8d,0xce,0x6a,0x0c,0xf7,0x21,0xc0,0x91,0xae,
++	0x0c,0x96,0x72,0xbd,0x52,0x81,0x58,0xfc,0x6d,0xe5,0xf7,0xa5,
++	0xfd,0x5d,0xa7,0x58,0x68,0xc8,0x99,0x58,0x8e,0xc8,0xce,0x95,
++	0x01,0x7d,0xff,0xa4,0xc8,0xf7,0x63,0xfe,0x5f,0x69,0x83,0x53,
++	0xe2,0xc6,0x8b,0xc3
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_additionalinput2[] =
++	{
++	0xe6,0x9b,0xc4,0x88,0x34,0xca,0xea,0x29,0x2f,0x98,0x05,0xa4,
++	0xd3,0xc0,0x7b,0x11,0xe8,0xbb,0x75,0xf2,0xbd,0x29,0xb7,0x40,
++	0x25,0x7f,0xc1,0xb7,0xb1,0xf1,0x25,0x61
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_entropyinputpr2[] =
++	{
++	0x23,0x6d,0xff,0xde,0xfb,0xd1,0xba,0x33,0x18,0xe6,0xbe,0xb5,
++	0x48,0x77,0x6d,0x7f,0xa7,0xe1,0x4d,0x48,0x1e,0x3c,0xa7,0x34,
++	0x1a,0xc8,0x60,0xdb,0x8f,0x99,0x15,0x99
++	};
++
++__fips_constseg
++static const unsigned char sha512_pr_returnedbits[] =
++	{
++	0x70,0x27,0x31,0xdb,0x92,0x70,0x21,0xfe,0x16,0xb6,0xc8,0x51,
++	0x34,0x87,0x65,0xd0,0x4e,0xfd,0xfe,0x68,0xec,0xac,0xdc,0x93,
++	0x41,0x38,0x92,0x90,0xb4,0x94,0xf9,0x0d,0xa4,0xf7,0x4e,0x80,
++	0x92,0x67,0x48,0x40,0xa7,0x08,0xc7,0xbc,0x66,0x00,0xfd,0xf7,
++	0x4c,0x8b,0x17,0x6e,0xd1,0x8f,0x9b,0xf3,0x6f,0xf6,0x34,0xdd,
++	0x67,0xf7,0x68,0xdd
++	};
++
++
++/* SHA-512 No PR  */
++__fips_constseg
++static const unsigned char sha512_entropyinput[] =
++	{
++	0xb6,0x0b,0xb7,0xbc,0x84,0x56,0xf6,0x12,0xaf,0x45,0x67,0x17,
++	0x7c,0xd1,0xb2,0x78,0x2b,0xa0,0xf2,0xbe,0xb6,0x6d,0x8b,0x56,
++	0xc6,0xbc,0x4d,0xe1,0xf7,0xbe,0xce,0xbd
++	};
++
++__fips_constseg
++static const unsigned char sha512_nonce[] =
++	{
++	0x9d,0xed,0xc0,0xe5,0x5a,0x98,0x6a,0xcb,0x51,0x7d,0x76,0x31,
++	0x5a,0x64,0xf0,0xf7
++	};
++
++__fips_constseg
++static const unsigned char sha512_personalizationstring[] =
++	{
++	0xc2,0x6d,0xa3,0xc3,0x06,0x74,0xe5,0x01,0x5c,0x10,0x17,0xc7,
++	0xaf,0x83,0x9d,0x59,0x8d,0x2d,0x29,0x38,0xc5,0x59,0x70,0x8b,
++	0x46,0x48,0x2d,0xcf,0x36,0x7d,0x59,0xc0
++	};
++
++__fips_constseg
++static const unsigned char sha512_additionalinput[] =
++	{
++	0xec,0x8c,0xd4,0xf7,0x61,0x6e,0x0d,0x95,0x79,0xb7,0x28,0xad,
++	0x5f,0x69,0x74,0x5f,0x2d,0x36,0x06,0x8a,0x6b,0xac,0x54,0x97,
++	0xc4,0xa1,0x12,0x85,0x0a,0xdf,0x4b,0x34
++	};
++
++__fips_constseg
++static const unsigned char sha512_int_returnedbits[] =
++	{
++	0x84,0x2f,0x1f,0x68,0x6a,0xa3,0xad,0x1e,0xfb,0xf4,0x15,0xbd,
++	0xde,0x38,0xd4,0x30,0x80,0x51,0xe9,0xd3,0xc7,0x20,0x88,0xe9,
++	0xf5,0xcc,0xdf,0x57,0x5c,0x47,0x2f,0x57,0x3c,0x5f,0x13,0x56,
++	0xcc,0xc5,0x4f,0x84,0xf8,0x10,0x41,0xd5,0x7e,0x58,0x6e,0x19,
++	0x19,0x9e,0xaf,0xc2,0x22,0x58,0x41,0x50,0x79,0xc2,0xd8,0x04,
++	0x28,0xd4,0x39,0x9a
++	};
++
++__fips_constseg
++static const unsigned char sha512_entropyinputreseed[] =
++	{
++	0xfa,0x7f,0x46,0x51,0x83,0x62,0x98,0x16,0x9a,0x19,0xa2,0x49,
++	0xa9,0xe6,0x4a,0xd8,0x85,0xe7,0xd4,0x3b,0x2c,0x82,0xc5,0x82,
++	0xbf,0x11,0xf9,0x9e,0xbc,0xd0,0x01,0xee
++	};
++
++__fips_constseg
++static const unsigned char sha512_additionalinputreseed[] =
++	{
++	0xb9,0x12,0xe0,0x4f,0xf7,0xa7,0xc4,0xd8,0xd0,0x8e,0x99,0x29,
++	0x7c,0x9a,0xe9,0xcf,0xc4,0x6c,0xf8,0xc3,0xa7,0x41,0x83,0xd6,
++	0x2e,0xfa,0xb8,0x5e,0x8e,0x6b,0x78,0x20
++	};
++
++__fips_constseg
++static const unsigned char sha512_additionalinput2[] =
++	{
++	0xd7,0x07,0x52,0xb9,0x83,0x2c,0x03,0x71,0xee,0xc9,0xc0,0x85,
++	0xe1,0x57,0xb2,0xcd,0x3a,0xf0,0xc9,0x34,0x24,0x41,0x1c,0x42,
++	0x99,0xb2,0x84,0xe9,0x17,0xd2,0x76,0x92
++	};
++
++__fips_constseg
++static const unsigned char sha512_returnedbits[] =
++	{
++	0x36,0x17,0x5d,0x98,0x2b,0x65,0x25,0x8e,0xc8,0x29,0xdf,0x27,
++	0x05,0x36,0x26,0x12,0x8a,0x68,0x74,0x27,0x37,0xd4,0x7f,0x32,
++	0xb1,0x12,0xd6,0x85,0x83,0xeb,0x2e,0xa0,0xed,0x4b,0xb5,0x7b,
++	0x6f,0x39,0x3c,0x71,0x77,0x02,0x12,0xcc,0x2c,0x3a,0x8e,0x63,
++	0xdf,0x4a,0xbd,0x6f,0x6e,0x2e,0xed,0x0a,0x85,0xa5,0x2f,0xa2,
++	0x68,0xde,0x42,0xb5
++	};
++
++
++/* HMAC SHA-1 PR  */
++__fips_constseg
++static const unsigned char hmac_sha1_pr_entropyinput[] =
++	{
++	0x26,0x5f,0x36,0x14,0xff,0x3d,0x83,0xfa,0x73,0x5e,0x75,0xdc,
++	0x2c,0x18,0x17,0x1b
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_nonce[] =
++	{
++	0xc8,0xe3,0x57,0xa5,0x7b,0x74,0x86,0x6e
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_personalizationstring[] =
++	{
++	0x6e,0xdb,0x0d,0xfe,0x7d,0xac,0x79,0xd0,0xa5,0x3a,0x48,0x85,
++	0x80,0xe2,0x7f,0x2a
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_additionalinput[] =
++	{
++	0x31,0xcd,0x5e,0x43,0xdc,0xfb,0x7a,0x79,0xca,0x88,0xde,0x1f,
++	0xd7,0xbb,0x42,0x09
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_entropyinputpr[] =
++	{
++	0x7c,0x23,0x95,0x38,0x00,0x95,0xc1,0x78,0x1f,0x8f,0xd7,0x63,
++	0x23,0x87,0x2a,0xed
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_int_returnedbits[] =
++	{
++	0xbb,0x34,0xe7,0x93,0xa3,0x02,0x2c,0x4a,0xd0,0x89,0xda,0x7f,
++	0xed,0xf4,0x4c,0xde,0x17,0xec,0xe5,0x6c
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_additionalinput2[] =
++	{
++	0x49,0xbc,0x2d,0x2c,0xb7,0x32,0xcb,0x20,0xdf,0xf5,0x77,0x58,
++	0xa0,0x4b,0x93,0x6e
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_entropyinputpr2[] =
++	{
++	0x3c,0xaa,0xb0,0x21,0x42,0xb0,0xdd,0x34,0xf0,0x16,0x7f,0x0c,
++	0x0f,0xff,0x2e,0xaf
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_pr_returnedbits[] =
++	{
++	0x8e,0xcb,0xa3,0x64,0xb2,0xb8,0x33,0x6c,0x64,0x3b,0x78,0x16,
++	0x99,0x35,0xc8,0x30,0xcb,0x3e,0xa0,0xd8
++	};
++
++
++/* HMAC SHA-1 No PR  */
++__fips_constseg
++static const unsigned char hmac_sha1_entropyinput[] =
++	{
++	0x32,0x9a,0x2a,0x87,0x7b,0x89,0x7c,0xf6,0xcb,0x95,0xd5,0x40,
++	0x17,0xfe,0x47,0x70
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_nonce[] =
++	{
++	0x16,0xd8,0xe0,0xc7,0x52,0xcf,0x4a,0x25
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_personalizationstring[] =
++	{
++	0x35,0x35,0xa9,0xa5,0x40,0xbe,0x9b,0xd1,0x56,0xdd,0x44,0x00,
++	0x72,0xf7,0xd3,0x5e
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_additionalinput[] =
++	{
++	0x1b,0x2c,0x84,0x2d,0x4a,0x89,0x8f,0x69,0x19,0xf1,0xf3,0xdb,
++	0xbb,0xe3,0xaa,0xea
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_int_returnedbits[] =
++	{
++	0xcf,0xfa,0x7d,0x72,0x0f,0xe6,0xc7,0x96,0xa0,0x69,0x31,0x11,
++	0x9b,0x0b,0x1a,0x20,0x1f,0x3f,0xaa,0xd1
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_entropyinputreseed[] =
++	{
++	0x90,0x75,0x15,0x04,0x95,0xf1,0xba,0x81,0x0c,0x37,0x94,0x6f,
++	0x86,0x52,0x6d,0x9c
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_additionalinputreseed[] =
++	{
++	0x5b,0x40,0xba,0x5f,0x17,0x70,0xf0,0x4b,0xdf,0xc9,0x97,0x92,
++	0x79,0xc5,0x82,0x28
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_additionalinput2[] =
++	{
++	0x97,0xc8,0x80,0x90,0xb3,0xaa,0x6e,0x60,0xea,0x83,0x7a,0xe3,
++	0x8a,0xca,0xa4,0x7f
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha1_returnedbits[] =
++	{
++	0x90,0xbd,0x05,0x56,0x6d,0xb5,0x22,0xd5,0xb9,0x5a,0x29,0x2d,
++	0xe9,0x0b,0xe1,0xac,0xde,0x27,0x0b,0xb0
++	};
++
++
++/* HMAC SHA-224 PR  */
++__fips_constseg
++static const unsigned char hmac_sha224_pr_entropyinput[] =
++	{
++	0x17,0x32,0x2b,0x2e,0x6f,0x1b,0x9c,0x6d,0x31,0xe0,0x34,0x07,
++	0xcf,0xed,0xf6,0xb6,0x5a,0x76,0x4c,0xbc,0x62,0x85,0x01,0x90
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_nonce[] =
++	{
++	0x38,0xbf,0x5f,0x20,0xb3,0x68,0x2f,0x43,0x61,0x05,0x8f,0x23
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_personalizationstring[] =
++	{
++	0xc0,0xc9,0x45,0xac,0x8d,0x27,0x77,0x08,0x0b,0x17,0x6d,0xed,
++	0xc1,0x7d,0xd5,0x07,0x9d,0x6e,0xf8,0x23,0x2a,0x22,0x13,0xbd
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_additionalinput[] =
++	{
++	0xa4,0x3c,0xe7,0x3b,0xea,0x19,0x45,0x32,0xc2,0x83,0x6d,0x21,
++	0x8a,0xc0,0xee,0x67,0x45,0xde,0x13,0x7d,0x9d,0x61,0x00,0x3b
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_entropyinputpr[] =
++	{
++	0x15,0x05,0x74,0x4a,0x7f,0x8d,0x5c,0x60,0x16,0xe5,0x7b,0xad,
++	0xf5,0x41,0x8f,0x55,0x60,0xc4,0x09,0xee,0x1e,0x11,0x81,0xab
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_int_returnedbits[] =
++	{
++	0x6f,0xf5,0x9a,0xe2,0x54,0x53,0x30,0x3d,0x5a,0x27,0x29,0x38,
++	0x27,0xf2,0x0d,0x05,0xe9,0x26,0xcb,0x16,0xc3,0x51,0x5f,0x13,
++	0x41,0xfe,0x99,0xf2
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_additionalinput2[] =
++	{
++	0x73,0x81,0x88,0x84,0x8f,0xed,0x6f,0x10,0x9f,0x93,0xbf,0x17,
++	0x35,0x7c,0xef,0xd5,0x8d,0x26,0xa6,0x7a,0xe8,0x09,0x36,0x4f
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_entropyinputpr2[] =
++	{
++	0xe6,0xcf,0xcf,0x7e,0x12,0xe5,0x43,0xd2,0x38,0xd8,0x24,0x6f,
++	0x5a,0x37,0x68,0xbf,0x4f,0xa0,0xff,0xd5,0x61,0x8a,0x93,0xe0
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_pr_returnedbits[] =
++	{
++	0xaf,0xf9,0xd8,0x19,0x91,0x30,0x82,0x6f,0xa9,0x1e,0x9d,0xd7,
++	0xf3,0x50,0xe0,0xc7,0xd5,0x64,0x96,0x7d,0x4c,0x4d,0x78,0x03,
++	0x6d,0xd8,0x9e,0x72
++	};
++
++
++/* HMAC SHA-224 No PR  */
++__fips_constseg
++static const unsigned char hmac_sha224_entropyinput[] =
++	{
++	0x11,0x82,0xfd,0xd9,0x42,0xf4,0xfa,0xc8,0xf2,0x41,0xe6,0x54,
++	0x01,0xae,0x22,0x6e,0xc6,0xaf,0xaf,0xd0,0xa6,0xb2,0xe2,0x6d
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_nonce[] =
++	{
++	0xa9,0x48,0xd7,0x92,0x39,0x7e,0x2a,0xdc,0x30,0x1f,0x0e,0x2b
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_personalizationstring[] =
++	{
++	0x11,0xd5,0xf4,0xbd,0x67,0x8c,0x31,0xcf,0xa3,0x3f,0x1e,0x6b,
++	0xa8,0x07,0x02,0x0b,0xc8,0x2e,0x6c,0x64,0x41,0x5b,0xc8,0x37
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_additionalinput[] =
++	{
++	0x68,0x18,0xc2,0x06,0xeb,0x3e,0x04,0x95,0x44,0x5e,0xfb,0xe6,
++	0x41,0xc1,0x5c,0xcc,0x40,0x2f,0xb7,0xd2,0x0f,0xf3,0x6b,0xe7
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_int_returnedbits[] =
++	{
++	0x7f,0x45,0xc7,0x5d,0x32,0xe6,0x17,0x60,0xba,0xdc,0xb8,0x42,
++	0x1b,0x9c,0xf1,0xfa,0x3b,0x4d,0x29,0x54,0xc6,0x90,0xff,0x5c,
++	0xcd,0xd6,0xa9,0xcc
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_entropyinputreseed[] =
++	{
++	0xc4,0x8e,0x37,0x95,0x69,0x53,0x28,0xd7,0x37,0xbb,0x70,0x95,
++	0x1c,0x07,0x1d,0xd9,0xb7,0xe6,0x1b,0xbb,0xfe,0x41,0xeb,0xc9
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_additionalinputreseed[] =
++	{
++	0x53,0x17,0xa1,0x6a,0xfa,0x77,0x47,0xb0,0x95,0x56,0x9a,0x20,
++	0x57,0xde,0x5c,0x89,0x9f,0x7f,0xe2,0xde,0x17,0x3a,0x50,0x23
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_additionalinput2[] =
++	{
++	0x3a,0x32,0xf9,0x85,0x0c,0xc1,0xed,0x76,0x2d,0xdf,0x40,0xc3,
++	0x06,0x22,0x66,0xd4,0x9a,0x9a,0xff,0x5a,0x7e,0x7a,0xf3,0x96
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha224_returnedbits[] =
++	{
++	0x43,0xb4,0x57,0x5c,0x38,0x25,0x9d,0xae,0xec,0x96,0xd1,0x85,
++	0x3a,0x84,0x8d,0xfe,0x68,0xd5,0x0e,0x5c,0x8f,0x65,0xa5,0x4e,
++	0x45,0x84,0xa8,0x94
++	};
++
++
++/* HMAC SHA-256 PR  */
++__fips_constseg
++static const unsigned char hmac_sha256_pr_entropyinput[] =
++	{
++	0x4d,0xb0,0x43,0xd8,0x34,0x4b,0x10,0x70,0xb1,0x8b,0xed,0xea,
++	0x07,0x92,0x9f,0x6c,0x79,0x31,0xaf,0x81,0x29,0xeb,0x6e,0xca,
++	0x32,0x48,0x28,0xe7,0x02,0x5d,0xa6,0xa6
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_nonce[] =
++	{
++	0x3a,0xae,0x15,0xa9,0x99,0xdc,0xe4,0x67,0x34,0x3b,0x70,0x15,
++	0xaa,0xd3,0x30,0x9a
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_personalizationstring[] =
++	{
++	0x13,0x1d,0x24,0x04,0xb0,0x18,0x81,0x15,0x21,0x51,0x2a,0x24,
++	0x52,0x61,0xbe,0x64,0x82,0x6b,0x55,0x2f,0xe2,0xf1,0x40,0x7d,
++	0x71,0xd8,0x01,0x86,0x15,0xb7,0x8b,0xb5
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_additionalinput[] =
++	{
++	0x8f,0xa6,0x54,0x5f,0xb1,0xd0,0xd8,0xc3,0xe7,0x0c,0x15,0xa9,
++	0x23,0x6e,0xfe,0xfb,0x93,0xf7,0x3a,0xbd,0x59,0x01,0xfa,0x18,
++	0x8e,0xe9,0x1a,0xa9,0x78,0xfc,0x79,0x0b
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_entropyinputpr[] =
++	{
++	0xcf,0x24,0xb9,0xeb,0xb3,0xd4,0xcd,0x17,0x37,0x38,0x75,0x79,
++	0x15,0xcb,0x2d,0x75,0x51,0xf1,0xcc,0xaa,0x32,0xa4,0xa7,0x36,
++	0x7c,0x5c,0xe4,0x47,0xf1,0x3e,0x1d,0xe5
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_int_returnedbits[] =
++	{
++	0x52,0x42,0xfa,0xeb,0x85,0xe0,0x30,0x22,0x79,0x00,0x16,0xb2,
++	0x88,0x2f,0x14,0x6a,0xb7,0xfc,0xb7,0x53,0xdc,0x4a,0x12,0xef,
++	0x54,0xd6,0x33,0xe9,0x20,0xd6,0xfd,0x56
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_additionalinput2[] =
++	{
++	0xf4,0xf6,0x49,0xa1,0x2d,0x64,0x2b,0x30,0x58,0xf8,0xbd,0xb8,
++	0x75,0xeb,0xbb,0x5e,0x1c,0x9b,0x81,0x6a,0xda,0x14,0x86,0x6e,
++	0xd0,0xda,0x18,0xb7,0x88,0xfb,0x59,0xf3
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_entropyinputpr2[] =
++	{
++	0x21,0xcd,0x6e,0x46,0xad,0x99,0x07,0x17,0xb4,0x3d,0x76,0x0a,
++	0xff,0x5b,0x52,0x50,0x78,0xdf,0x1f,0x24,0x06,0x0d,0x3f,0x74,
++	0xa9,0xc9,0x37,0xcf,0xd8,0x26,0x25,0x91
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_pr_returnedbits[] =
++	{
++	0xa7,0xaf,0x2f,0x29,0xe0,0x3a,0x72,0x95,0x96,0x1c,0xa9,0xf0,
++	0x4a,0x17,0x4d,0x66,0x06,0x10,0xbf,0x39,0x89,0x88,0xb8,0x91,
++	0x37,0x18,0x99,0xcf,0x8c,0x53,0x3b,0x7e
++	};
++
++
++/* HMAC SHA-256 No PR  */
++__fips_constseg
++static const unsigned char hmac_sha256_entropyinput[] =
++	{
++	0x96,0xb7,0x53,0x22,0x1e,0x52,0x2a,0x96,0xb1,0x15,0x3c,0x35,
++	0x5a,0x8b,0xd3,0x4a,0xa6,0x6c,0x83,0x0a,0x7d,0xa3,0x23,0x3d,
++	0x43,0xa1,0x07,0x2c,0x2d,0xe3,0x81,0xcc
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_nonce[] =
++	{
++	0xf1,0xac,0x97,0xcb,0x5e,0x06,0x48,0xd2,0x94,0xbe,0x15,0x2e,
++	0xc7,0xfc,0xc2,0x01
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_personalizationstring[] =
++	{
++	0x98,0xc5,0x1e,0x35,0x5e,0x89,0x0d,0xce,0x64,0x6d,0x18,0xa7,
++	0x5a,0xc6,0xf3,0xe7,0xd6,0x9e,0xc0,0xea,0xb7,0x3a,0x8d,0x65,
++	0xb8,0xeb,0x10,0xd7,0x57,0x18,0xa0,0x32
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_additionalinput[] =
++	{
++	0x1b,0x10,0xaf,0xac,0xd0,0x65,0x95,0xad,0x04,0xad,0x03,0x1c,
++	0xe0,0x40,0xd6,0x3e,0x1c,0x46,0x53,0x39,0x7c,0xe2,0xbc,0xda,
++	0x8c,0xa2,0x33,0xa7,0x9a,0x26,0xd3,0x27
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_int_returnedbits[] =
++	{
++	0xba,0x61,0x0e,0x55,0xfe,0x11,0x8a,0x9e,0x0f,0x80,0xdf,0x1d,
++	0x03,0x0a,0xfe,0x15,0x94,0x28,0x4b,0xba,0xf4,0x9f,0x51,0x25,
++	0x88,0xe5,0x4e,0xfb,0xaf,0xce,0x69,0x90
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_entropyinputreseed[] =
++	{
++	0x62,0x7f,0x1e,0x6b,0xe8,0x8e,0xe1,0x35,0x7d,0x9b,0x4f,0xc7,
++	0xec,0xc8,0xac,0xef,0x6b,0x13,0x9e,0x05,0x56,0xc1,0x08,0xf9,
++	0x2f,0x0f,0x27,0x9c,0xd4,0x15,0xed,0x2d
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_additionalinputreseed[] =
++	{
++	0xc7,0x76,0x6e,0xa9,0xd2,0xb2,0x76,0x40,0x82,0x25,0x2c,0xb3,
++	0x6f,0xac,0xe9,0x74,0xef,0x8f,0x3c,0x8e,0xcd,0xf1,0xbf,0xb3,
++	0x49,0x77,0x34,0x88,0x52,0x36,0xe6,0x2e
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_additionalinput2[] =
++	{
++	0x8d,0xb8,0x0c,0xd1,0xbf,0x70,0xf6,0x19,0xc3,0x41,0x80,0x9f,
++	0xe1,0xa5,0xa4,0x1f,0x2c,0x26,0xb1,0xe5,0xd8,0xeb,0xbe,0xf8,
++	0xdf,0x88,0x6a,0x89,0xd6,0x05,0xd8,0x9d
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha256_returnedbits[] =
++	{
++	0x43,0x12,0x2a,0x2c,0x40,0x53,0x2e,0x7c,0x66,0x34,0xac,0xc3,
++	0x43,0xe3,0xe0,0x6a,0xfc,0xfa,0xea,0x87,0x21,0x1f,0xe2,0x26,
++	0xc4,0xf9,0x09,0x9a,0x0d,0x6e,0x7f,0xe0
++	};
++
++
++/* HMAC SHA-384 PR  */
++__fips_constseg
++static const unsigned char hmac_sha384_pr_entropyinput[] =
++	{
++	0x69,0x81,0x98,0x88,0x44,0xf5,0xd6,0x2e,0x00,0x08,0x3b,0xc5,
++	0xfb,0xd7,0x8e,0x6f,0x23,0xf8,0x6d,0x09,0xd6,0x85,0x49,0xd1,
++	0xf8,0x6d,0xa4,0x58,0x54,0xfd,0x88,0xa9
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_nonce[] =
++	{
++	0x6e,0x38,0x81,0xca,0xb7,0xe8,0x6e,0x66,0x49,0x8a,0xb2,0x59,
++	0xee,0x16,0xc9,0xde
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_personalizationstring[] =
++	{
++	0xfe,0x4c,0xd9,0xf4,0x78,0x3b,0x08,0x41,0x8d,0x8f,0x55,0xc4,
++	0x43,0x56,0xb6,0x12,0x36,0x6b,0x30,0xb7,0x5e,0xe1,0xb9,0x47,
++	0x04,0xb1,0x4e,0xa9,0x00,0xa1,0x52,0xa1
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_additionalinput[] =
++	{
++	0x89,0xe9,0xcc,0x8f,0x27,0x3c,0x26,0xd1,0x95,0xc8,0x7d,0x0f,
++	0x5b,0x1a,0xf0,0x78,0x39,0x56,0x6f,0xa4,0x23,0xe7,0xd1,0xda,
++	0x7c,0x66,0x33,0xa0,0x90,0xc9,0x92,0x88
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_entropyinputpr[] =
++	{
++	0xbe,0x3d,0x7c,0x0d,0xca,0xda,0x7c,0x49,0xb8,0x12,0x36,0xc0,
++	0xdb,0xad,0x35,0xa8,0xc7,0x0b,0x2a,0x2c,0x69,0x6d,0x25,0x56,
++	0x63,0x82,0x11,0x3e,0xa7,0x33,0x70,0x72
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_int_returnedbits[] =
++	{
++	0x82,0x3d,0xe6,0x54,0x80,0x42,0xf8,0xba,0x90,0x4f,0x06,0xa6,
++	0xd2,0x7f,0xbf,0x79,0x7c,0x12,0x7d,0xa6,0xa2,0x66,0xe8,0xa6,
++	0xc0,0xd6,0x4a,0x55,0xbf,0xd8,0x0a,0xc5,0xf8,0x03,0x88,0xdd,
++	0x8e,0x87,0xd1,0x5a,0x48,0x26,0x72,0x2a,0x8e,0xcf,0xee,0xba
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_additionalinput2[] =
++	{
++	0x8f,0xff,0xd9,0x84,0xbb,0x85,0x3a,0x66,0xa1,0x21,0xce,0xb2,
++	0x3a,0x3a,0x17,0x22,0x19,0xae,0xc7,0xb6,0x63,0x81,0xd5,0xff,
++	0x0d,0xc8,0xe1,0xaf,0x57,0xd2,0xcb,0x60
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_entropyinputpr2[] =
++	{
++	0xd7,0xfb,0xc9,0xe8,0xe2,0xf2,0xaa,0x4c,0xb8,0x51,0x2f,0xe1,
++	0x22,0xba,0xf3,0xda,0x0a,0x19,0x76,0x71,0x57,0xb2,0x1d,0x94,
++	0x09,0x69,0x6c,0xd3,0x97,0x51,0x81,0x87
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_pr_returnedbits[] =
++	{
++	0xe6,0x19,0x28,0xa8,0x21,0xce,0x5e,0xdb,0x24,0x79,0x8c,0x76,
++	0x5d,0x73,0xb2,0xdf,0xac,0xef,0x85,0xa7,0x3b,0x19,0x09,0x8b,
++	0x7f,0x98,0x28,0xa9,0x93,0xd8,0x7a,0xad,0x55,0x8b,0x24,0x9d,
++	0xe6,0x98,0xfe,0x47,0xd5,0x48,0xc1,0x23,0xd8,0x1d,0x62,0x75
++	};
++
++
++/* HMAC SHA-384 No PR  */
++__fips_constseg
++static const unsigned char hmac_sha384_entropyinput[] =
++	{
++	0xc3,0x56,0x2b,0x1d,0xc2,0xbb,0xa8,0xf0,0xae,0x1b,0x0d,0xd3,
++	0x5a,0x6c,0xda,0x57,0x8e,0xa5,0x8a,0x0d,0x6c,0x4b,0x18,0xb1,
++	0x04,0x3e,0xb4,0x99,0x35,0xc4,0xc0,0x5f
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_nonce[] =
++	{
++	0xc5,0x49,0x1e,0x66,0x27,0x92,0xbe,0xec,0xb5,0x1e,0x4b,0xb1,
++	0x38,0xe3,0xeb,0x62
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_personalizationstring[] =
++	{
++	0xbe,0xe7,0x6b,0x57,0xde,0x88,0x11,0x96,0x9b,0x6e,0xea,0xe5,
++	0x63,0x83,0x4c,0xb6,0x8d,0x66,0xaa,0x1f,0x8b,0x54,0xe7,0x62,
++	0x6d,0x5a,0xfc,0xbf,0x97,0xba,0xcd,0x77
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_additionalinput[] =
++	{
++	0xe5,0x28,0x5f,0x43,0xf5,0x83,0x6e,0x0a,0x83,0x5c,0xe3,0x81,
++	0x03,0xf2,0xf8,0x78,0x00,0x7c,0x95,0x87,0x16,0xd6,0x6c,0x58,
++	0x33,0x6c,0x53,0x35,0x0d,0x66,0xe3,0xce
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_int_returnedbits[] =
++	{
++	0xe2,0x1f,0xf3,0xda,0x0d,0x19,0x99,0x87,0xc4,0x90,0xa2,0x31,
++	0xca,0x2a,0x89,0x58,0x43,0x44,0xb8,0xde,0xcf,0xa4,0xbe,0x3b,
++	0x53,0x26,0x22,0x31,0x76,0x41,0x22,0xb5,0xa8,0x70,0x2f,0x4b,
++	0x64,0x95,0x4d,0x48,0x96,0x35,0xe6,0xbd,0x3c,0x34,0xdb,0x1b
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_entropyinputreseed[] =
++	{
++	0x77,0x61,0xba,0xbc,0xf2,0xc1,0xf3,0x4b,0x86,0x65,0xfd,0x48,
++	0x0e,0x3c,0x02,0x5e,0xa2,0x7a,0x6b,0x7c,0xed,0x21,0x5e,0xf9,
++	0xcd,0xcd,0x77,0x07,0x2b,0xbe,0xc5,0x5c
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_additionalinputreseed[] =
++	{
++	0x18,0x24,0x5f,0xc6,0x84,0xd1,0x67,0xc3,0x9a,0x11,0xa5,0x8c,
++	0x07,0x39,0x21,0x83,0x4d,0x04,0xc4,0x6a,0x28,0x19,0xcf,0x92,
++	0x21,0xd9,0x9e,0x41,0x72,0x6c,0x9e,0x63
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_additionalinput2[] =
++	{
++	0x96,0x67,0x41,0x28,0x9b,0xb7,0x92,0x8d,0x64,0x3b,0xe4,0xcf,
++	0x7e,0xaa,0x1e,0xb1,0x4b,0x1d,0x09,0x56,0x67,0x9c,0xc6,0x6d,
++	0x3b,0xe8,0x91,0x9d,0xe1,0x8a,0xb7,0x32
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha384_returnedbits[] =
++	{
++	0xe3,0x59,0x61,0x38,0x92,0xec,0xe2,0x3c,0xff,0xb7,0xdb,0x19,
++	0x0f,0x5b,0x93,0x68,0x0d,0xa4,0x94,0x40,0x72,0x0b,0xe0,0xed,
++	0x4d,0xcd,0x68,0xa0,0x1e,0xfe,0x67,0xb2,0xfa,0x21,0x56,0x74,
++	0xa4,0xad,0xcf,0xb7,0x60,0x66,0x2e,0x40,0xde,0x82,0xca,0xfb
++	};
++
++
++/* HMAC SHA-512 PR  */
++__fips_constseg
++static const unsigned char hmac_sha512_pr_entropyinput[] =
++	{
++	0xaa,0x9e,0x45,0x67,0x0e,0x00,0x2a,0x67,0x98,0xd6,0xda,0x0b,
++	0x0f,0x17,0x7e,0xac,0xfd,0x27,0xc4,0xca,0x84,0xdf,0xde,0xba,
++	0x85,0xd9,0xbe,0x8f,0xf3,0xff,0x91,0x4d
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_nonce[] =
++	{
++	0x8c,0x49,0x2f,0x58,0x1e,0x7a,0xda,0x4b,0x7e,0x8a,0x30,0x7b,
++	0x86,0xea,0xaf,0xa2
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_personalizationstring[] =
++	{
++	0x71,0xe1,0xbb,0xad,0xa7,0x4b,0x2e,0x31,0x3b,0x0b,0xec,0x24,
++	0x99,0x38,0xbc,0xaa,0x05,0x4c,0x46,0x44,0xfa,0xad,0x8e,0x02,
++	0xc1,0x7e,0xad,0xec,0x54,0xa6,0xd0,0xad
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_additionalinput[] =
++	{
++	0x3d,0x6e,0xa6,0xa8,0x29,0x2a,0xb2,0xf5,0x98,0x42,0xe4,0x92,
++	0x78,0x22,0x67,0xfd,0x1b,0x15,0x1e,0x29,0xaa,0x71,0x3c,0x3c,
++	0xe7,0x05,0x20,0xa9,0x29,0xc6,0x75,0x71
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_entropyinputpr[] =
++	{
++	0xab,0xb9,0x16,0xd8,0x55,0x35,0x54,0xb7,0x97,0x3f,0x94,0xbc,
++	0x2f,0x7c,0x70,0xc7,0xd0,0xed,0xb7,0x4b,0xf7,0xf6,0x6c,0x03,
++	0x0c,0xb0,0x03,0xd8,0xbb,0x71,0xd9,0x10
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_int_returnedbits[] =
++	{
++	0x8e,0xd3,0xfd,0x52,0x9e,0x83,0x08,0x49,0x18,0x6e,0x23,0x56,
++	0x5c,0x45,0x93,0x34,0x05,0xe2,0x98,0x8f,0x0c,0xd4,0x32,0x0c,
++	0xfd,0xda,0x5f,0x92,0x3a,0x8c,0x81,0xbd,0xf6,0x6c,0x55,0xfd,
++	0xb8,0x20,0xce,0x8d,0x97,0x27,0xe8,0xe8,0xe0,0xb3,0x85,0x50,
++	0xa2,0xc2,0xb2,0x95,0x1d,0x48,0xd3,0x7b,0x4b,0x78,0x13,0x35,
++	0x05,0x17,0xbe,0x0d
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_additionalinput2[] =
++	{
++	0xc3,0xfc,0x95,0xaa,0x69,0x06,0xae,0x59,0x41,0xce,0x26,0x08,
++	0x29,0x6d,0x45,0xda,0xe8,0xb3,0x6c,0x95,0x60,0x0f,0x70,0x2c,
++	0x10,0xba,0x38,0x8c,0xcf,0x29,0x99,0xaa
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_entropyinputpr2[] =
++	{
++	0x3b,0x9a,0x25,0xce,0xd7,0xf9,0x5c,0xd1,0x3a,0x3e,0xaa,0x71,
++	0x14,0x3e,0x19,0xe8,0xce,0xe6,0xfe,0x51,0x84,0xe9,0x1b,0xfe,
++	0x3f,0xa7,0xf2,0xfd,0x76,0x5f,0x6a,0xe7
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_pr_returnedbits[] =
++	{
++	0xb7,0x82,0xa9,0x57,0x81,0x67,0x53,0xb5,0xa1,0xe9,0x3d,0x35,
++	0xf9,0xe4,0x97,0xbe,0xa6,0xca,0xf1,0x01,0x13,0x09,0xe7,0x21,
++	0xc0,0xed,0x93,0x5d,0x4b,0xf4,0xeb,0x8d,0x53,0x25,0x8a,0xc4,
++	0xb1,0x6f,0x6e,0x37,0xcd,0x2e,0xac,0x39,0xb2,0xb6,0x99,0xa3,
++	0x82,0x00,0xb0,0x21,0xf0,0xc7,0x2f,0x4c,0x73,0x92,0xfd,0x00,
++	0xb6,0xaf,0xbc,0xd3
++	};
++
++
++/* HMAC SHA-512 No PR  */
++__fips_constseg
++static const unsigned char hmac_sha512_entropyinput[] =
++	{
++	0x6e,0x85,0xe6,0x25,0x96,0x29,0xa7,0x52,0x5b,0x60,0xba,0xaa,
++	0xde,0xdb,0x36,0x0a,0x51,0x9a,0x15,0xae,0x6e,0x18,0xd3,0xfe,
++	0x39,0xb9,0x4a,0x96,0xf8,0x77,0xcb,0x95
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_nonce[] =
++	{
++	0xe0,0xa6,0x5d,0x08,0xc3,0x7c,0xae,0x25,0x2e,0x80,0xd1,0x3e,
++	0xd9,0xaf,0x43,0x3c
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_personalizationstring[] =
++	{
++	0x53,0x99,0x52,0x5f,0x11,0xa9,0x64,0x66,0x20,0x5e,0x1b,0x5f,
++	0x42,0xb3,0xf4,0xda,0xed,0xbb,0x63,0xc1,0x23,0xaf,0xd0,0x01,
++	0x90,0x3b,0xd0,0x78,0xe4,0x0b,0xa7,0x20
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_additionalinput[] =
++	{
++	0x85,0x90,0x80,0xd3,0x98,0xf1,0x53,0x6d,0x68,0x15,0x8f,0xe5,
++	0x60,0x3f,0x17,0x29,0x55,0x8d,0x33,0xb1,0x45,0x64,0x64,0x8d,
++	0x50,0x21,0x89,0xae,0xf6,0xfd,0x32,0x73
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_int_returnedbits[] =
++	{
++	0x28,0x56,0x30,0x6f,0xf4,0xa1,0x48,0xe0,0xc9,0xf5,0x75,0x90,
++	0xcc,0xfb,0xdf,0xdf,0x71,0x3d,0x0a,0x9a,0x03,0x65,0x3b,0x18,
++	0x61,0xe3,0xd1,0xda,0xcc,0x4a,0xfe,0x55,0x38,0xf8,0x21,0x6b,
++	0xfa,0x18,0x01,0x42,0x39,0x2f,0x99,0x53,0x38,0x15,0x82,0x34,
++	0xc5,0x93,0x92,0xbc,0x4d,0x75,0x1a,0x5f,0x21,0x27,0xcc,0xa1,
++	0xb1,0x57,0x69,0xe8
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_entropyinputreseed[] =
++	{
++	0x8c,0x52,0x7e,0x77,0x72,0x3f,0xa3,0x04,0x97,0x10,0x9b,0x41,
++	0xbd,0xe8,0xff,0x89,0xed,0x80,0xe3,0xbd,0xaa,0x12,0x2d,0xca,
++	0x75,0x82,0x36,0x77,0x88,0xcd,0xa6,0x73
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_additionalinputreseed[] =
++	{
++	0x7e,0x32,0xe3,0x69,0x69,0x07,0x34,0xa2,0x16,0xa2,0x5d,0x1a,
++	0x10,0x91,0xd3,0xe2,0x21,0xa2,0xa3,0xdd,0xcd,0x0c,0x09,0x86,
++	0x11,0xe1,0x50,0xff,0x5c,0xb7,0xeb,0x5c
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_additionalinput2[] =
++	{
++	0x7f,0x78,0x66,0xd8,0xfb,0x67,0xcf,0x8d,0x8c,0x08,0x30,0xa5,
++	0xf8,0x7d,0xcf,0x44,0x59,0xce,0xf8,0xdf,0x58,0xd3,0x60,0xcb,
++	0xa8,0x60,0xb9,0x07,0xc4,0xb1,0x95,0x48
++	};
++
++__fips_constseg
++static const unsigned char hmac_sha512_returnedbits[] =
++	{
++	0xdf,0xa7,0x36,0xd4,0xdc,0x5d,0x4d,0x31,0xad,0x69,0x46,0x9f,
++	0xf1,0x7c,0xd7,0x3b,0x4f,0x55,0xf2,0xd7,0xb9,0x9d,0xad,0x7a,
++	0x79,0x08,0x59,0xa5,0xdc,0x74,0xf5,0x9b,0x73,0xd2,0x13,0x25,
++	0x0b,0x81,0x08,0x08,0x25,0xfb,0x39,0xf2,0xf0,0xa3,0xa4,0x8d,
++	0xef,0x05,0x9e,0xb8,0xc7,0x52,0xe4,0x0e,0x42,0xaa,0x7c,0x79,
++	0xc2,0xd6,0xfd,0xa5
++	};
++
+diff -up openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c.fips	2013-10-04 11:48:04.185694249 +0200
++++ openssl-1.0.1e/crypto/fips/fips_dsa_selftest.c	2013-10-04 11:48:04.185694249 +0200
+@@ -0,0 +1,193 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/dsa.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++#include "fips_locl.h"
++
++#ifdef OPENSSL_FIPS
++
++static const unsigned char dsa_test_2048_p[] = {
++	0xa8,0x53,0x78,0xd8,0xfd,0x3f,0x8d,0x72,0xec,0x74,0x18,0x08,
++	0x0d,0xa2,0x13,0x17,0xe4,0x3e,0xc4,0xb6,0x2b,0xa8,0xc8,0x62,
++	0x3b,0x7e,0x4d,0x04,0x44,0x1d,0xd1,0xa0,0x65,0x86,0x62,0x59,
++	0x64,0x93,0xca,0x8e,0x9e,0x8f,0xbb,0x7e,0x34,0xaa,0xdd,0xb6,
++	0x2e,0x5d,0x67,0xb6,0xd0,0x9a,0x6e,0x61,0xb7,0x69,0xe7,0xc3,
++	0x52,0xaa,0x2b,0x10,0xe2,0x0c,0xa0,0x63,0x69,0x63,0xb5,0x52,
++	0x3e,0x86,0x47,0x0d,0xec,0xbb,0xed,0xa0,0x27,0xe7,0x97,0xe7,
++	0xb6,0x76,0x35,0xd4,0xd4,0x9c,0x30,0x70,0x0e,0x74,0xaf,0x8a,
++	0x0f,0xf1,0x56,0xa8,0x01,0xaf,0x57,0xa2,0x6e,0x70,0x78,0xf1,
++	0xd8,0x2f,0x74,0x90,0x8e,0xcb,0x6d,0x07,0xe7,0x0b,0x35,0x03,
++	0xee,0xd9,0x4f,0xa3,0x2c,0xf1,0x7a,0x7f,0xc3,0xd6,0xcf,0x40,
++	0xdc,0x7b,0x00,0x83,0x0e,0x6a,0x25,0x66,0xdc,0x07,0x3e,0x34,
++	0x33,0x12,0x51,0x7c,0x6a,0xa5,0x15,0x2b,0x4b,0xfe,0xcd,0x2e,
++	0x55,0x1f,0xee,0x34,0x63,0x18,0xa1,0x53,0x42,0x3c,0x99,0x6b,
++	0x0d,0x5d,0xcb,0x91,0x02,0xae,0xdd,0x38,0x79,0x86,0x16,0xf1,
++	0xf1,0xe0,0xd6,0xc4,0x03,0x52,0x5b,0x1f,0x9b,0x3d,0x4d,0xc7,
++	0x66,0xde,0x2d,0xfc,0x4a,0x56,0xd7,0xb8,0xba,0x59,0x63,0xd6,
++	0x0f,0x3e,0x16,0x31,0x88,0x70,0xad,0x43,0x69,0x52,0xe5,0x57,
++	0x65,0x37,0x4e,0xab,0x85,0xe8,0xec,0x17,0xd6,0xb9,0xa4,0x54,
++	0x7b,0x9b,0x5f,0x27,0x52,0xf3,0x10,0x5b,0xe8,0x09,0xb2,0x3a,
++	0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
++	0xdb,0xa0,0x69,0xe9
++};
++
++static const unsigned char dsa_test_2048_q[] = {
++	0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
++	0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
++	0x74,0x41,0xa0,0xa5
++};
++
++static const unsigned char dsa_test_2048_g[] = {
++	0x13,0xd7,0x54,0xe2,0x1f,0xd2,0x41,0x65,0x5d,0xa8,0x91,0xc5,
++	0x22,0xa6,0x5a,0x72,0xa8,0x9b,0xdc,0x64,0xec,0x9b,0x54,0xa8,
++	0x21,0xed,0x4a,0x89,0x8b,0x49,0x0e,0x0c,0x4f,0xcb,0x72,0x19,
++	0x2a,0x4a,0x20,0xf5,0x41,0xf3,0xf2,0x92,0x53,0x99,0xf0,0xba,
++	0xec,0xf9,0x29,0xaa,0xfb,0xf7,0x9d,0xfe,0x43,0x32,0x39,0x3b,
++	0x32,0xcd,0x2e,0x2f,0xcf,0x27,0x2f,0x32,0xa6,0x27,0x43,0x4a,
++	0x0d,0xf2,0x42,0xb7,0x5b,0x41,0x4d,0xf3,0x72,0x12,0x1e,0x53,
++	0xa5,0x53,0xf2,0x22,0xf8,0x36,0xb0,0x00,0xf0,0x16,0x48,0x5b,
++	0x6b,0xd0,0x89,0x84,0x51,0x80,0x1d,0xcd,0x8d,0xe6,0x4c,0xd5,
++	0x36,0x56,0x96,0xff,0xc5,0x32,0xd5,0x28,0xc5,0x06,0x62,0x0a,
++	0x94,0x2a,0x03,0x05,0x04,0x6d,0x8f,0x18,0x76,0x34,0x1f,0x1e,
++	0x57,0x0b,0xc3,0x97,0x4b,0xa6,0xb9,0xa4,0x38,0xe9,0x70,0x23,
++	0x02,0xa2,0xe6,0xe6,0x7b,0xfd,0x06,0xd3,0x2b,0xc6,0x79,0x96,
++	0x22,0x71,0xd7,0xb4,0x0c,0xd7,0x2f,0x38,0x6e,0x64,0xe0,0xd7,
++	0xef,0x86,0xca,0x8c,0xa5,0xd1,0x42,0x28,0xdc,0x2a,0x4f,0x16,
++	0xe3,0x18,0x98,0x86,0xb5,0x99,0x06,0x74,0xf4,0x20,0x0f,0x3a,
++	0x4c,0xf6,0x5a,0x3f,0x0d,0xdb,0xa1,0xfa,0x67,0x2d,0xff,0x2f,
++	0x5e,0x14,0x3d,0x10,0xe4,0xe9,0x7a,0xe8,0x4f,0x6d,0xa0,0x95,
++	0x35,0xd5,0xb9,0xdf,0x25,0x91,0x81,0xa7,0x9b,0x63,0xb0,0x69,
++	0xe9,0x49,0x97,0x2b,0x02,0xba,0x36,0xb3,0x58,0x6a,0xab,0x7e,
++	0x45,0xf3,0x22,0xf8,0x2e,0x4e,0x85,0xca,0x3a,0xb8,0x55,0x91,
++	0xb3,0xc2,0xa9,0x66
++};
++
++static const unsigned char dsa_test_2048_pub_key[] = {
++	0x24,0x52,0xf3,0xcc,0xbe,0x9e,0xd5,0xca,0x7d,0xc7,0x4c,0x60,
++	0x2b,0x99,0x22,0x6e,0x8f,0x2f,0xab,0x38,0xe7,0xd7,0xdd,0xfb,
++	0x75,0x53,0x9b,0x17,0x15,0x5e,0x9f,0xcf,0xd1,0xab,0xa5,0x64,
++	0xeb,0x85,0x35,0xd8,0x12,0xc9,0xc2,0xdc,0xf9,0x72,0x84,0x44,
++	0x1b,0xc4,0x82,0x24,0x36,0x24,0xc7,0xf4,0x57,0x58,0x0c,0x1c,
++	0x38,0xa5,0x7c,0x46,0xc4,0x57,0x39,0x24,0x70,0xed,0xb5,0x2c,
++	0xb5,0xa6,0xe0,0x3f,0xe6,0x28,0x7b,0xb6,0xf4,0x9a,0x42,0xa2,
++	0x06,0x5a,0x05,0x4f,0x03,0x08,0x39,0xdf,0x1f,0xd3,0x14,0x9c,
++	0x4c,0xa0,0x53,0x1d,0xd8,0xca,0x8a,0xaa,0x9c,0xc7,0x33,0x71,
++	0x93,0x38,0x73,0x48,0x33,0x61,0x18,0x22,0x45,0x45,0xe8,0x8c,
++	0x80,0xff,0xd8,0x76,0x5d,0x74,0x36,0x03,0x33,0xcc,0xab,0x99,
++	0x72,0x77,0x9b,0x65,0x25,0xa6,0x5b,0xdd,0x0d,0x10,0xc6,0x75,
++	0xc1,0x09,0xbb,0xd3,0xe5,0xbe,0x4d,0x72,0xef,0x6e,0xba,0x6e,
++	0x43,0x8d,0x52,0x26,0x23,0x7d,0xb8,0x88,0x37,0x9c,0x5f,0xcc,
++	0x47,0xa3,0x84,0x7f,0xf6,0x37,0x11,0xba,0xed,0x6d,0x03,0xaf,
++	0xe8,0x1e,0x69,0x4a,0x41,0x3b,0x68,0x0b,0xd3,0x8a,0xb4,0x90,
++	0x3f,0x83,0x70,0xa7,0x07,0xef,0x55,0x1d,0x49,0x41,0x02,0x6d,
++	0x95,0x79,0xd6,0x91,0xde,0x8e,0xda,0xa1,0x61,0x05,0xeb,0x9d,
++	0xba,0x3c,0x2f,0x4c,0x1b,0xec,0x50,0x82,0x75,0xaa,0x02,0x07,
++	0xe2,0x51,0xb5,0xec,0xcb,0x28,0x6a,0x4b,0x01,0xd4,0x49,0xd3,
++	0x0a,0xcb,0x67,0x37,0x17,0xa0,0xd2,0xfb,0x3b,0x50,0xc8,0x93,
++	0xf7,0xda,0xb1,0x4f
++};
++
++static const unsigned char dsa_test_2048_priv_key[] = {
++	0x0c,0x4b,0x30,0x89,0xd1,0xb8,0x62,0xcb,0x3c,0x43,0x64,0x91,
++	0xf0,0x91,0x54,0x70,0xc5,0x27,0x96,0xe3,0xac,0xbe,0xe8,0x00,
++	0xec,0x55,0xf6,0xcc
++};
++
++static int corrupt_dsa;
++
++void FIPS_corrupt_dsa()
++    {
++    corrupt_dsa = 1;
++    }
++
++int FIPS_selftest_dsa()
++	{
++	DSA *dsa = NULL;
++	EVP_PKEY *pk = NULL;
++	int ret = 0;
++
++	dsa = DSA_new();
++
++	if(dsa == NULL)
++		goto err;
++
++	fips_load_key_component(dsa, p, dsa_test_2048);
++	fips_load_key_component(dsa, q, dsa_test_2048);
++	fips_load_key_component(dsa, g, dsa_test_2048);
++	fips_load_key_component(dsa, pub_key, dsa_test_2048);
++	fips_load_key_component(dsa, priv_key, dsa_test_2048);
++
++	if (corrupt_dsa)
++		BN_set_bit(dsa->pub_key, 2047);
++
++	if ((pk=EVP_PKEY_new()) == NULL)
++		goto err;
++
++	EVP_PKEY_assign_DSA(pk, dsa);
++
++	if (!fips_pkey_signature_test(pk, NULL, 0,
++					NULL, 0, EVP_sha256(), 0,
++					"DSA SHA256"))
++		goto err;
++	ret = 1;
++
++	err:
++	if (pk)
++		EVP_PKEY_free(pk);
++	else if (dsa)
++		DSA_free(dsa);
++	return ret;
++	}
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_enc.c.fips openssl-1.0.1e/crypto/fips/fips_enc.c
+--- openssl-1.0.1e/crypto/fips/fips_enc.c.fips	2013-10-04 11:48:04.185694249 +0200
++++ openssl-1.0.1e/crypto/fips/fips_enc.c	2013-10-04 11:48:04.185694249 +0200
+@@ -0,0 +1,191 @@
++/* fipe/evp/fips_enc.c */
++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ * 
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to.  The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ * 
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ * 
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ *    must display the following acknowledgement:
++ *    "This product includes cryptographic software written by
++ *     Eric Young (eay@cryptsoft.com)"
++ *    The word 'cryptographic' can be left out if the rouines from the library
++ *    being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from 
++ *    the apps directory (application code) you must include an acknowledgement:
++ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ * 
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ * 
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed.  i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++#include <stdio.h>
++#include <string.h>
++#include <openssl/evp.h>
++#include <openssl/err.h>
++#include <openssl/fips.h>
++
++const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
++	{
++	switch (nid)
++		{
++		case NID_aes_128_cbc:
++		return EVP_aes_128_cbc();
++
++		case NID_aes_128_ccm:
++		return EVP_aes_128_ccm();
++
++		case NID_aes_128_cfb1:
++		return EVP_aes_128_cfb1();
++
++		case NID_aes_128_cfb128:
++		return EVP_aes_128_cfb128();
++
++		case NID_aes_128_cfb8:
++		return EVP_aes_128_cfb8();
++
++		case NID_aes_128_ctr:
++		return EVP_aes_128_ctr();
++
++		case NID_aes_128_ecb:
++		return EVP_aes_128_ecb();
++
++		case NID_aes_128_gcm:
++		return EVP_aes_128_gcm();
++
++		case NID_aes_128_ofb128:
++		return EVP_aes_128_ofb();
++
++		case NID_aes_128_xts:
++		return EVP_aes_128_xts();
++
++		case NID_aes_192_cbc:
++		return EVP_aes_192_cbc();
++
++		case NID_aes_192_ccm:
++		return EVP_aes_192_ccm();
++
++		case NID_aes_192_cfb1:
++		return EVP_aes_192_cfb1();
++
++		case NID_aes_192_cfb128:
++		return EVP_aes_192_cfb128();
++
++		case NID_aes_192_cfb8:
++		return EVP_aes_192_cfb8();
++
++		case NID_aes_192_ctr:
++		return EVP_aes_192_ctr();
++
++		case NID_aes_192_ecb:
++		return EVP_aes_192_ecb();
++
++		case NID_aes_192_gcm:
++		return EVP_aes_192_gcm();
++
++		case NID_aes_192_ofb128:
++		return EVP_aes_192_ofb();
++
++		case NID_aes_256_cbc:
++		return EVP_aes_256_cbc();
++
++		case NID_aes_256_ccm:
++		return EVP_aes_256_ccm();
++
++		case NID_aes_256_cfb1:
++		return EVP_aes_256_cfb1();
++
++		case NID_aes_256_cfb128:
++		return EVP_aes_256_cfb128();
++
++		case NID_aes_256_cfb8:
++		return EVP_aes_256_cfb8();
++
++		case NID_aes_256_ctr:
++		return EVP_aes_256_ctr();
++
++		case NID_aes_256_ecb:
++		return EVP_aes_256_ecb();
++
++		case NID_aes_256_gcm:
++		return EVP_aes_256_gcm();
++
++		case NID_aes_256_ofb128:
++		return EVP_aes_256_ofb();
++
++		case NID_aes_256_xts:
++		return EVP_aes_256_xts();
++
++		case NID_des_ede_ecb:
++		return EVP_des_ede();
++
++		case NID_des_ede3_ecb:
++		return EVP_des_ede3();
++
++		case NID_des_ede3_cbc:
++		return EVP_des_ede3_cbc();
++
++		case NID_des_ede3_cfb1:
++		return EVP_des_ede3_cfb1();
++
++		case NID_des_ede3_cfb64:
++		return EVP_des_ede3_cfb64();
++
++		case NID_des_ede3_cfb8:
++		return EVP_des_ede3_cfb8();
++
++		case NID_des_ede3_ofb64:
++		return EVP_des_ede3_ofb();
++
++		case NID_des_ede_cbc:
++		return EVP_des_ede_cbc();
++
++		case NID_des_ede_cfb64:
++		return EVP_des_ede_cfb64();
++
++		case NID_des_ede_ofb64:
++		return EVP_des_ede_ofb();
++
++		default:
++		return NULL;
++
++		}
++	}
++
+diff -up openssl-1.0.1e/crypto/fips/fips.h.fips openssl-1.0.1e/crypto/fips/fips.h
+--- openssl-1.0.1e/crypto/fips/fips.h.fips	2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips.h	2013-10-04 11:48:04.186694271 +0200
+@@ -0,0 +1,279 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <openssl/opensslconf.h>
++#include <openssl/crypto.h>
++#include <stdarg.h>
++
++#ifndef OPENSSL_FIPS
++#error FIPS is disabled.
++#endif
++
++#ifdef OPENSSL_FIPS
++
++#ifdef  __cplusplus
++extern "C" {
++#endif
++
++struct dsa_st;
++struct rsa_st;
++struct evp_pkey_st;
++struct env_md_st;
++struct env_md_ctx_st;
++struct evp_cipher_st;
++struct evp_cipher_ctx_st;
++struct dh_method;
++struct CMAC_CTX_st;
++struct hmac_ctx_st;
++
++int FIPS_module_mode_set(int onoff, const char *auth);
++int FIPS_module_mode(void);
++const void *FIPS_rand_check(void);
++int FIPS_selftest(void);
++int FIPS_selftest_failed(void);
++void FIPS_corrupt_sha1(void);
++int FIPS_selftest_sha1(void);
++int FIPS_selftest_sha2(void);
++void FIPS_corrupt_aes(void);
++int FIPS_selftest_aes_ccm(void);
++int FIPS_selftest_aes_gcm(void);
++int FIPS_selftest_aes_xts(void);
++int FIPS_selftest_aes(void);
++void FIPS_corrupt_des(void);
++int FIPS_selftest_des(void);
++void FIPS_corrupt_rsa(void);
++void FIPS_corrupt_rsa_keygen(void);
++int FIPS_selftest_rsa(void);
++void FIPS_corrupt_dsa(void);
++void FIPS_corrupt_dsa_keygen(void);
++int FIPS_selftest_dsa(void);
++void FIPS_corrupt_rng(void);
++void FIPS_rng_stick(void);
++void FIPS_x931_stick(int onoff);
++void FIPS_drbg_stick(int onoff);
++int FIPS_selftest_rng(void);
++int FIPS_selftest_x931(void);
++int FIPS_selftest_hmac(void);
++int FIPS_selftest_drbg(void);
++int FIPS_selftest_drbg_all(void);
++int FIPS_selftest_cmac(void);
++
++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
++
++#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
++		alg " previous FIPS forbidden algorithm error ignored");
++
++int fips_pkey_signature_test(struct evp_pkey_st *pkey,
++			const unsigned char *tbs, int tbslen,
++			const unsigned char *kat, unsigned int katlen,
++			const struct env_md_st *digest, unsigned int md_flags,
++			const char *fail_str);
++
++int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
++			const struct evp_cipher_st *cipher,
++			const unsigned char *key,
++			const unsigned char *iv,
++			const unsigned char *plaintext,
++			const unsigned char *ciphertext,
++			int len);
++
++void fips_set_selftest_fail(void);
++
++const struct env_md_st *FIPS_get_digestbynid(int nid);
++
++const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
++
++
++/* BEGIN ERROR CODES */
++/* The following lines are auto generated by the script mkerr.pl. Any changes
++ * made after this point may be overwritten when the script is next run.
++ */
++void ERR_load_FIPS_strings(void);
++
++/* Error codes for the FIPS functions. */
++
++/* Function codes. */
++#define FIPS_F_DH_BUILTIN_GENPARAMS			 100
++#define FIPS_F_DH_INIT					 148
++#define FIPS_F_DRBG_RESEED				 162
++#define FIPS_F_DSA_BUILTIN_PARAMGEN			 101
++#define FIPS_F_DSA_BUILTIN_PARAMGEN2			 107
++#define FIPS_F_DSA_DO_SIGN				 102
++#define FIPS_F_DSA_DO_VERIFY				 103
++#define FIPS_F_ECDH_COMPUTE_KEY				 163
++#define FIPS_F_ECDSA_DO_SIGN				 164
++#define FIPS_F_ECDSA_DO_VERIFY				 165
++#define FIPS_F_EC_KEY_GENERATE_KEY			 166
++#define FIPS_F_EVP_CIPHERINIT_EX			 124
++#define FIPS_F_EVP_DIGESTINIT_EX			 125
++#define FIPS_F_FIPS_CHECK_DSA				 104
++#define FIPS_F_FIPS_CHECK_DSA_PRNG			 151
++#define FIPS_F_FIPS_CHECK_EC				 142
++#define FIPS_F_FIPS_CHECK_EC_PRNG			 152
++#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT		 105
++#define FIPS_F_FIPS_CHECK_RSA				 106
++#define FIPS_F_FIPS_CHECK_RSA_PRNG			 150
++#define FIPS_F_FIPS_CIPHER				 160
++#define FIPS_F_FIPS_CIPHERINIT				 143
++#define FIPS_F_FIPS_CIPHER_CTX_CTRL			 161
++#define FIPS_F_FIPS_DIGESTFINAL				 158
++#define FIPS_F_FIPS_DIGESTINIT				 128
++#define FIPS_F_FIPS_DIGESTUPDATE			 159
++#define FIPS_F_FIPS_DRBG_BYTES				 131
++#define FIPS_F_FIPS_DRBG_CHECK				 146
++#define FIPS_F_FIPS_DRBG_CPRNG_TEST			 132
++#define FIPS_F_FIPS_DRBG_ERROR_CHECK			 136
++#define FIPS_F_FIPS_DRBG_GENERATE			 134
++#define FIPS_F_FIPS_DRBG_INIT				 135
++#define FIPS_F_FIPS_DRBG_INSTANTIATE			 138
++#define FIPS_F_FIPS_DRBG_NEW				 139
++#define FIPS_F_FIPS_DRBG_RESEED				 140
++#define FIPS_F_FIPS_DRBG_SINGLE_KAT			 141
++#define FIPS_F_FIPS_DSA_CHECK		/* unused */	 107
++#define FIPS_F_FIPS_DSA_SIGN_DIGEST			 154
++#define FIPS_F_FIPS_DSA_VERIFY_DIGEST			 155
++#define FIPS_F_FIPS_GET_ENTROPY				 147
++#define FIPS_F_FIPS_MODE_SET		/* unused */	 108
++#define FIPS_F_FIPS_MODULE_MODE_SET			 108
++#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 109
++#define FIPS_F_FIPS_RAND_ADD				 137
++#define FIPS_F_FIPS_RAND_BYTES				 122
++#define FIPS_F_FIPS_RAND_PSEUDO_BYTES			 167
++#define FIPS_F_FIPS_RAND_SEED				 168
++#define FIPS_F_FIPS_RAND_SET_METHOD			 126
++#define FIPS_F_FIPS_RAND_STATUS				 127
++#define FIPS_F_FIPS_RSA_SIGN_DIGEST			 156
++#define FIPS_F_FIPS_RSA_VERIFY_DIGEST			 157
++#define FIPS_F_FIPS_SELFTEST_AES			 110
++#define FIPS_F_FIPS_SELFTEST_AES_CCM			 145
++#define FIPS_F_FIPS_SELFTEST_AES_GCM			 129
++#define FIPS_F_FIPS_SELFTEST_AES_XTS			 144
++#define FIPS_F_FIPS_SELFTEST_CMAC			 130
++#define FIPS_F_FIPS_SELFTEST_DES			 111
++#define FIPS_F_FIPS_SELFTEST_DSA			 112
++#define FIPS_F_FIPS_SELFTEST_ECDSA			 133
++#define FIPS_F_FIPS_SELFTEST_HMAC			 113
++#define FIPS_F_FIPS_SELFTEST_RNG	/* unused */	 114
++#define FIPS_F_FIPS_SELFTEST_SHA1			 115
++#define FIPS_F_FIPS_SELFTEST_X931			 114
++#define FIPS_F_FIPS_SET_PRNG_KEY			 153
++#define FIPS_F_HASH_FINAL				 123
++#define FIPS_F_RSA_BUILTIN_KEYGEN			 116
++#define FIPS_F_RSA_EAY_INIT				 149
++#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT			 117
++#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT			 118
++#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT			 119
++#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 120
++#define FIPS_F_RSA_X931_GENERATE_KEY_EX			 121
++#define FIPS_F_SSLEAY_RAND_BYTES	/* unused */	 122
++
++/* Reason codes. */
++#define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED	 150
++#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG		 125
++#define FIPS_R_ALREADY_INSTANTIATED			 134
++#define FIPS_R_AUTHENTICATION_FAILURE			 151
++#define FIPS_R_CANNOT_READ_EXE		/* unused */	 103
++#define FIPS_R_CANNOT_READ_EXE_DIGEST	/* unused */	 104
++#define FIPS_R_CONTRADICTING_EVIDENCE			 114
++#define FIPS_R_DRBG_NOT_INITIALISED			 152
++#define FIPS_R_DRBG_STUCK				 103
++#define FIPS_R_ENTROPY_ERROR_UNDETECTED			 104
++#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED		 105
++#define FIPS_R_ENTROPY_SOURCE_STUCK			 142
++#define FIPS_R_ERROR_INITIALISING_DRBG			 115
++#define FIPS_R_ERROR_INSTANTIATING_DRBG			 127
++#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT	 124
++#define FIPS_R_ERROR_RETRIEVING_ENTROPY			 122
++#define FIPS_R_ERROR_RETRIEVING_NONCE			 140
++#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH   /* unused */	 105
++#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH		 110
++#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
++#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
++#define FIPS_R_FIPS_MODE_ALREADY_SET			 102
++#define FIPS_R_FIPS_SELFTEST_FAILED			 106
++#define FIPS_R_FUNCTION_ERROR				 116
++#define FIPS_R_GENERATE_ERROR				 137
++#define FIPS_R_GENERATE_ERROR_UNDETECTED		 118
++#define FIPS_R_INSTANTIATE_ERROR			 119
++#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH		 120
++#define FIPS_R_INTERNAL_ERROR				 121
++#define FIPS_R_INVALID_KEY_LENGTH			 109
++#define FIPS_R_INVALID_PARAMETERS			 144
++#define FIPS_R_IN_ERROR_STATE				 123
++#define FIPS_R_KEY_TOO_SHORT				 108
++#define FIPS_R_NONCE_ERROR_UNDETECTED			 149
++#define FIPS_R_NON_FIPS_METHOD				 100
++#define FIPS_R_NOPR_TEST1_FAILURE			 145
++#define FIPS_R_NOPR_TEST2_FAILURE			 146
++#define FIPS_R_NOT_INSTANTIATED				 126
++#define FIPS_R_PAIRWISE_TEST_FAILED			 107
++#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED		 128
++#define FIPS_R_PERSONALISATION_STRING_TOO_LONG		 129
++#define FIPS_R_PRNG_STRENGTH_TOO_LOW			 143
++#define FIPS_R_PR_TEST1_FAILURE				 147
++#define FIPS_R_PR_TEST2_FAILURE				 148
++#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED		 130
++#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG		 131
++#define FIPS_R_RESEED_COUNTER_ERROR			 132
++#define FIPS_R_RESEED_ERROR				 133
++#define FIPS_R_RSA_DECRYPT_ERROR	/* unused */	 115
++#define FIPS_R_RSA_ENCRYPT_ERROR	/* unused */	 116
++#define FIPS_R_SELFTEST_FAILED				 101
++#define FIPS_R_SELFTEST_FAILURE				 135
++#define FIPS_R_STRENGTH_ERROR_UNDETECTED		 136
++#define FIPS_R_TEST_FAILURE				 117
++#define FIPS_R_UNINSTANTIATE_ERROR			 141
++#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR		 138
++#define FIPS_R_UNSUPPORTED_DRBG_TYPE			 139
++#define FIPS_R_UNSUPPORTED_PLATFORM			 113
++
++#ifdef  __cplusplus
++}
++#endif
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c.fips	2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_hmac_selftest.c	2013-10-04 11:48:04.186694271 +0200
+@@ -0,0 +1,137 @@
++/* ====================================================================
++ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++#include <openssl/hmac.h>
++
++#ifdef OPENSSL_FIPS
++typedef struct {
++	const EVP_MD *(*alg)(void);
++	const char *key, *iv;
++	unsigned char kaval[EVP_MAX_MD_SIZE];
++} HMAC_KAT;
++
++static const HMAC_KAT vector[] = {
++    {	EVP_sha1,
++	/* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
++	"0123456789:;<=>?@ABC",
++	"Sample #2",
++	{ 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
++	  0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
++	  0xc6,0xc7,0x5d,0x24 }
++    },
++    {	EVP_sha224,
++	/* just keep extending the above... */
++	"0123456789:;<=>?@ABC",
++	"Sample #2",
++	{ 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
++	  0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
++	  0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
++	  0x8c,0x8d,0x12,0xc7 }
++    },
++    {	EVP_sha256,
++	"0123456789:;<=>?@ABC",
++	"Sample #2",
++	{ 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
++	  0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
++	  0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
++	  0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
++    },
++    {	EVP_sha384,
++	"0123456789:;<=>?@ABC",
++	"Sample #2",
++	{ 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
++	  0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
++	  0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
++	  0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
++	  0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
++	  0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
++    },
++    {	EVP_sha512,
++	"0123456789:;<=>?@ABC",
++	"Sample #2",
++	{ 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
++	  0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
++	  0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
++	  0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
++	  0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
++	  0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
++	  0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
++	  0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
++    },
++};
++
++int FIPS_selftest_hmac()
++    {
++    int n;
++    unsigned int    outlen;
++    unsigned char   out[EVP_MAX_MD_SIZE];
++    const EVP_MD   *md;
++    const HMAC_KAT *t;
++
++    for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
++	{
++	md = (*t->alg)();
++	HMAC(md,t->key,strlen(t->key),
++		(const unsigned char *)t->iv,strlen(t->iv),
++		out,&outlen);
++
++	if(memcmp(out,t->kaval,outlen))
++	    {
++	    FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
++	    return 0;
++	    }
++	}
++    return 1;
++    }
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_locl.h.fips openssl-1.0.1e/crypto/fips/fips_locl.h
+--- openssl-1.0.1e/crypto/fips/fips_locl.h.fips	2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_locl.h	2013-10-04 11:48:04.186694271 +0200
+@@ -0,0 +1,71 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#ifdef OPENSSL_FIPS
++
++#ifdef  __cplusplus
++extern "C" {
++#endif
++
++#define FIPS_MAX_CIPHER_TEST_SIZE	32
++#define fips_load_key_component(key, comp, pre) \
++	key->comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), key->comp); \
++	if (!key->comp) \
++		goto err
++
++#define fips_post_started(id, subid, ex) 1
++#define fips_post_success(id, subid, ex) 1
++#define fips_post_failed(id, subid, ex) 1
++#define fips_post_corrupt(id, subid, ex) 1
++#define fips_post_status() 1
++
++#ifdef  __cplusplus
++}
++#endif
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_md.c.fips openssl-1.0.1e/crypto/fips/fips_md.c
+--- openssl-1.0.1e/crypto/fips/fips_md.c.fips	2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_md.c	2013-10-04 11:48:04.186694271 +0200
+@@ -0,0 +1,145 @@
++/* fips/evp/fips_md.c */
++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ * 
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to.  The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ * 
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ * 
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ *    must display the following acknowledgement:
++ *    "This product includes cryptographic software written by
++ *     Eric Young (eay@cryptsoft.com)"
++ *    The word 'cryptographic' can be left out if the rouines from the library
++ *    being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from 
++ *    the apps directory (application code) you must include an acknowledgement:
++ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ * 
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ * 
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed.  i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++/* ====================================================================
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++/* Minimal standalone FIPS versions of Digest operations */
++
++#define OPENSSL_FIPSAPI
++
++#include <stdio.h>
++#include <string.h>
++#include <openssl/objects.h>
++#include <openssl/evp.h>
++#include <openssl/err.h>
++#include <openssl/fips.h>
++
++const EVP_MD *FIPS_get_digestbynid(int nid)
++	{
++	switch (nid)
++		{
++		case NID_sha1:
++		return EVP_sha1();
++
++		case NID_sha224:
++		return EVP_sha224();
++
++		case NID_sha256:
++		return EVP_sha256();
++
++		case NID_sha384:
++		return EVP_sha384();
++
++		case NID_sha512:
++		return EVP_sha512();
++
++		default:
++		return NULL;
++		}
++	}
+diff -up openssl-1.0.1e/crypto/fips/fips_post.c.fips openssl-1.0.1e/crypto/fips/fips_post.c
+--- openssl-1.0.1e/crypto/fips/fips_post.c.fips	2013-10-04 11:48:04.186694271 +0200
++++ openssl-1.0.1e/crypto/fips/fips_post.c	2013-10-04 11:48:04.186694271 +0200
+@@ -0,0 +1,205 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#define OPENSSL_FIPSAPI
++
++#include <openssl/crypto.h>
++#include <openssl/rand.h>
++#include <openssl/fips_rand.h>
++#include <openssl/err.h>
++#include <openssl/bio.h>
++#include <openssl/hmac.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++#include <string.h>
++#include <limits.h>
++
++#ifdef OPENSSL_FIPS
++
++/* Power on self test (POST) support functions */
++
++#include <openssl/fips.h>
++#include "fips_locl.h"
++
++/* Run all selftests */
++int FIPS_selftest(void)
++	{
++	int rv = 1;
++	if (!FIPS_selftest_drbg())
++		rv = 0;
++	if (!FIPS_selftest_x931())
++		rv = 0;
++    	if (!FIPS_selftest_sha1())
++		rv = 0;
++    	if (!FIPS_selftest_sha2())
++		rv = 0;
++	if (!FIPS_selftest_hmac())
++		rv = 0;
++	if (!FIPS_selftest_cmac())
++		rv = 0;
++	if (!FIPS_selftest_aes())
++		rv = 0;
++	if (!FIPS_selftest_aes_ccm())
++		rv = 0;
++	if (!FIPS_selftest_aes_gcm())
++		rv = 0;
++	if (!FIPS_selftest_aes_xts())
++		rv = 0;
++	if (!FIPS_selftest_des())
++		rv = 0;
++	if (!FIPS_selftest_rsa())
++		rv = 0;
++	if (!FIPS_selftest_dsa())
++		rv = 0;
++	return rv;
++	}
++
++/* Generalized public key test routine. Signs and verifies the data
++ * supplied in tbs using mesage digest md and setting option digest
++ * flags md_flags. If the 'kat' parameter is not NULL it will
++ * additionally check the signature matches it: a known answer test
++ * The string "fail_str" is used for identification purposes in case
++ * of failure. If "pkey" is NULL just perform a message digest check.
++ */
++
++int fips_pkey_signature_test(EVP_PKEY *pkey,
++			const unsigned char *tbs, int tbslen,
++			const unsigned char *kat, unsigned int katlen,
++			const EVP_MD *digest, unsigned int md_flags,
++			const char *fail_str)
++	{	
++	int ret = 0;
++	unsigned char sigtmp[256], *sig = sigtmp;
++	unsigned int siglen;
++	EVP_MD_CTX mctx;
++	EVP_MD_CTX_init(&mctx);
++
++	if (digest == NULL)
++		digest = EVP_sha256();
++
++	if ((pkey->type == EVP_PKEY_RSA)
++		&& (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
++		{
++		sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
++		if (!sig)
++			{
++			FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
++			return 0;
++			}
++		}
++
++	if (tbslen == -1)
++		tbslen = strlen((char *)tbs);
++
++	if (md_flags)
++		EVP_MD_CTX_set_flags(&mctx, md_flags);
++
++	if (!EVP_SignInit_ex(&mctx, digest, NULL))
++		goto error;
++	if (!EVP_SignUpdate(&mctx, tbs, tbslen))
++		goto error;
++	if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
++		goto error;
++
++	if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
++		goto error;
++
++	if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
++		goto error;
++	if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
++		goto error;
++	ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
++
++	error:
++	if (sig != sigtmp)
++		OPENSSL_free(sig);
++	EVP_MD_CTX_cleanup(&mctx);
++	if (ret != 1)
++		{
++		FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
++		if (fail_str)
++			ERR_add_error_data(2, "Type=", fail_str);
++		return 0;
++		}
++	return 1;
++	}
++
++/* Generalized symmetric cipher test routine. Encrypt data, verify result
++ * against known answer, decrypt and compare with original plaintext.
++ */
++
++int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
++			const unsigned char *key,
++			const unsigned char *iv,
++			const unsigned char *plaintext,
++			const unsigned char *ciphertext,
++			int len)
++	{
++	unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
++	unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
++
++	OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
++	memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
++	memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
++
++	if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
++		return 0;
++	if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0)
++		return 0;
++	if (memcmp(citmp, ciphertext, len))
++		return 0;
++	if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
++		return 0;
++	if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0)
++		return 0;
++	if (memcmp(pltmp, plaintext, len))
++		return 0;
++	return 1;
++	}
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_rand.c.fips openssl-1.0.1e/crypto/fips/fips_rand.c
+--- openssl-1.0.1e/crypto/fips/fips_rand.c.fips	2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand.c	2013-10-04 11:48:04.187694294 +0200
+@@ -0,0 +1,457 @@
++/* ====================================================================
++ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/*
++ * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
++ */
++#include <openssl/crypto.h>
++#include "e_os.h"
++
++/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
++   be defined and gettimeofday() won't be declared with strict compilers
++   like DEC C in ANSI C mode.  */
++#ifndef _XOPEN_SOURCE_EXTENDED
++#define _XOPEN_SOURCE_EXTENDED 1
++#endif
++
++#include <openssl/rand.h>
++#include <openssl/aes.h>
++#include <openssl/err.h>
++#include <openssl/fips_rand.h>
++#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
++# include <sys/time.h>
++#endif
++#if defined(OPENSSL_SYS_VXWORKS)
++# include <time.h>
++#endif
++#include <assert.h>
++#ifndef OPENSSL_SYS_WIN32
++# ifdef OPENSSL_UNISTD
++#  include OPENSSL_UNISTD
++# else
++#  include <unistd.h>
++# endif
++#endif
++#include <string.h>
++#include <openssl/fips.h>
++#include "fips_locl.h"
++
++#ifdef OPENSSL_FIPS
++
++void *OPENSSL_stderr(void);
++
++#define AES_BLOCK_LENGTH	16
++
++
++/* AES FIPS PRNG implementation */
++
++typedef struct 
++	{
++	int seeded;
++	int keyed;
++	int test_mode;
++	int second;
++	int error;
++	unsigned long counter;
++	AES_KEY ks;
++	int vpos;
++	/* Temporary storage for key if it equals seed length */
++	unsigned char tmp_key[AES_BLOCK_LENGTH];
++	unsigned char V[AES_BLOCK_LENGTH];
++	unsigned char DT[AES_BLOCK_LENGTH];
++	unsigned char last[AES_BLOCK_LENGTH];
++	} FIPS_PRNG_CTX;
++
++static FIPS_PRNG_CTX sctx;
++
++static int fips_prng_fail = 0;
++
++void FIPS_x931_stick(int onoff)
++	{
++	fips_prng_fail = onoff;
++	}
++
++void FIPS_rng_stick(void)
++	{
++	FIPS_x931_stick(1);
++	}
++
++static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
++	{
++	ctx->seeded = 0;
++	ctx->keyed = 0;
++	ctx->test_mode = 0;
++	ctx->counter = 0;
++	ctx->second = 0;
++	ctx->error = 0;
++	ctx->vpos = 0;
++	OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
++	OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
++	}
++	
++
++static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
++			const unsigned char *key, unsigned int keylen)
++	{
++	if (FIPS_selftest_failed())
++		{
++		FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++	if (keylen != 16 && keylen != 24 && keylen != 32)
++		{
++		/* error: invalid key size */
++		return 0;
++		}
++	AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
++	if (keylen == 16)
++		{
++		memcpy(ctx->tmp_key, key, 16);
++		ctx->keyed = 2;
++		}
++	else
++		ctx->keyed = 1;
++	ctx->seeded = 0;
++	ctx->second = 0;
++	return 1;
++	}
++
++static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
++			const unsigned char *seed, unsigned int seedlen)
++	{
++	unsigned int i;
++	if (!ctx->keyed)
++		return 0;
++	/* In test mode seed is just supplied data */
++	if (ctx->test_mode)
++		{
++		if (seedlen != AES_BLOCK_LENGTH)
++			return 0;
++		memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
++		ctx->seeded = 1;
++		return 1;
++		}
++	/* Outside test mode XOR supplied data with existing seed */
++	for (i = 0; i < seedlen; i++)
++		{
++		ctx->V[ctx->vpos++] ^= seed[i];
++		if (ctx->vpos == AES_BLOCK_LENGTH)
++			{
++			ctx->vpos = 0;
++			/* Special case if first seed and key length equals
++ 			 * block size check key and seed do not match.
++ 			 */ 
++			if (ctx->keyed == 2)
++				{
++				if (!memcmp(ctx->tmp_key, ctx->V, 16))
++					{
++					RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
++						RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
++					return 0;
++					}
++				OPENSSL_cleanse(ctx->tmp_key, 16);
++				ctx->keyed = 1;
++				}
++			ctx->seeded = 1;
++			}
++		}
++	return 1;
++	}
++
++static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
++	{
++	if (ctx->keyed)
++		{
++		RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
++		return 0;
++		}
++	ctx->test_mode = 1;
++	return 1;
++	}
++
++int FIPS_x931_test_mode(void)
++	{
++	return fips_set_test_mode(&sctx);
++	}
++
++int FIPS_rand_test_mode(void)
++	{
++	return fips_set_test_mode(&sctx);
++	}
++
++
++int FIPS_x931_set_dt(unsigned char *dt)
++	{
++	if (!sctx.test_mode)
++		{
++		RANDerr(RAND_F_FIPS_X931_SET_DT,RAND_R_NOT_IN_TEST_MODE);
++		return 0;
++		}
++	memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
++	return 1;
++	}
++
++int FIPS_rand_set_dt(unsigned char *dt)
++	{
++	if (!sctx.test_mode)
++		{
++		RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);
++		return 0;
++		}
++	memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
++	return 1;
++	}
++
++void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
++	{
++#ifdef OPENSSL_SYS_WIN32
++	FILETIME ft;
++#elif defined(OPENSSL_SYS_VXWORKS)
++        struct timespec ts;
++#else
++	struct timeval tv;
++#endif
++
++#ifndef GETPID_IS_MEANINGLESS
++	unsigned long pid;
++#endif
++
++#ifdef OPENSSL_SYS_WIN32
++	GetSystemTimeAsFileTime(&ft);
++	buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
++	buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
++	buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
++	buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
++	buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
++	buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
++	buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
++	buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
++#elif defined(OPENSSL_SYS_VXWORKS)
++	clock_gettime(CLOCK_REALTIME, &ts);
++	buf[0] = (unsigned char) (ts.tv_sec & 0xff);
++	buf[1] = (unsigned char) ((ts.tv_sec >> 8) & 0xff);
++	buf[2] = (unsigned char) ((ts.tv_sec >> 16) & 0xff);
++	buf[3] = (unsigned char) ((ts.tv_sec >> 24) & 0xff);
++	buf[4] = (unsigned char) (ts.tv_nsec & 0xff);
++	buf[5] = (unsigned char) ((ts.tv_nsec >> 8) & 0xff);
++	buf[6] = (unsigned char) ((ts.tv_nsec >> 16) & 0xff);
++	buf[7] = (unsigned char) ((ts.tv_nsec >> 24) & 0xff);
++#else
++	gettimeofday(&tv,NULL);
++	buf[0] = (unsigned char) (tv.tv_sec & 0xff);
++	buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
++	buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
++	buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
++	buf[4] = (unsigned char) (tv.tv_usec & 0xff);
++	buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
++	buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
++	buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
++#endif
++	buf[8] = (unsigned char) (*pctr & 0xff);
++	buf[9] = (unsigned char) ((*pctr >> 8) & 0xff);
++	buf[10] = (unsigned char) ((*pctr >> 16) & 0xff);
++	buf[11] = (unsigned char) ((*pctr >> 24) & 0xff);
++
++	(*pctr)++;
++
++
++#ifndef GETPID_IS_MEANINGLESS
++	pid=(unsigned long)getpid();
++	buf[12] = (unsigned char) (pid & 0xff);
++	buf[13] = (unsigned char) ((pid >> 8) & 0xff);
++	buf[14] = (unsigned char) ((pid >> 16) & 0xff);
++	buf[15] = (unsigned char) ((pid >> 24) & 0xff);
++#endif
++    }
++
++static int fips_rand(FIPS_PRNG_CTX *ctx,
++			unsigned char *out, unsigned int outlen)
++	{
++	unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
++	unsigned char tmp[AES_BLOCK_LENGTH];
++	int i;
++	if (ctx->error)
++		{
++		RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
++		return 0;
++		}
++	if (!ctx->keyed)
++		{
++		RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
++		return 0;
++		}
++	if (!ctx->seeded)
++		{
++		RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
++		return 0;
++		}
++	for (;;)
++		{
++		if (!ctx->test_mode)
++			FIPS_get_timevec(ctx->DT, &ctx->counter);
++		AES_encrypt(ctx->DT, I, &ctx->ks);
++		for (i = 0; i < AES_BLOCK_LENGTH; i++)
++			tmp[i] = I[i] ^ ctx->V[i];
++		AES_encrypt(tmp, R, &ctx->ks);
++		for (i = 0; i < AES_BLOCK_LENGTH; i++)
++			tmp[i] = R[i] ^ I[i];
++		AES_encrypt(tmp, ctx->V, &ctx->ks);
++		/* Continuous PRNG test */
++		if (ctx->second)
++			{
++			if (fips_prng_fail)
++				memcpy(ctx->last, R, AES_BLOCK_LENGTH);
++			if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
++				{
++	    			RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
++				ctx->error = 1;
++				fips_set_selftest_fail();
++				return 0;
++				}
++			}
++		memcpy(ctx->last, R, AES_BLOCK_LENGTH);
++		if (!ctx->second)
++			{
++			ctx->second = 1;
++			if (!ctx->test_mode)
++				continue;
++			}
++
++		if (outlen <= AES_BLOCK_LENGTH)
++			{
++			memcpy(out, R, outlen);
++			break;
++			}
++
++		memcpy(out, R, AES_BLOCK_LENGTH);
++		out += AES_BLOCK_LENGTH;
++		outlen -= AES_BLOCK_LENGTH;
++		}
++	return 1;
++	}
++
++
++int FIPS_x931_set_key(const unsigned char *key, int keylen)
++	{
++	int ret;
++	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	ret = fips_set_prng_key(&sctx, key, keylen);
++	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	return ret;
++	}
++
++int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
++	{
++	return FIPS_x931_set_key(key, keylen);
++	}
++
++int FIPS_x931_seed(const void *seed, int seedlen)
++	{
++	int ret;
++	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	ret = fips_set_prng_seed(&sctx, seed, seedlen);
++	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	return ret;
++	}
++
++
++int FIPS_x931_bytes(unsigned char *out, int count)
++	{
++	int ret;
++	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	ret = fips_rand(&sctx, out, count);
++	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	return ret;
++	}
++
++int FIPS_x931_status(void)
++	{
++	int ret;
++	CRYPTO_r_lock(CRYPTO_LOCK_RAND);
++	ret = sctx.seeded;
++	CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
++	return ret;
++	}
++
++void FIPS_x931_reset(void)
++	{
++	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	fips_rand_prng_reset(&sctx);
++	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	}
++
++static int fips_do_rand_seed(const void *seed, int seedlen)
++	{
++	FIPS_x931_seed(seed, seedlen);
++	return 1;
++	}
++
++static int fips_do_rand_add(const void *seed, int seedlen,
++					double add_entropy)
++	{
++	FIPS_x931_seed(seed, seedlen);
++	return 1;
++	}
++
++static const RAND_METHOD rand_x931_meth=
++    {
++    fips_do_rand_seed,
++    FIPS_x931_bytes,
++    FIPS_x931_reset,
++    fips_do_rand_add,
++    FIPS_x931_bytes,
++    FIPS_x931_status
++    };
++
++const RAND_METHOD *FIPS_x931_method(void)
++{
++  return &rand_x931_meth;
++}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_rand.h.fips openssl-1.0.1e/crypto/fips/fips_rand.h
+--- openssl-1.0.1e/crypto/fips/fips_rand.h.fips	2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand.h	2013-10-04 11:48:04.187694294 +0200
+@@ -0,0 +1,145 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#ifndef HEADER_FIPS_RAND_H
++#define HEADER_FIPS_RAND_H
++
++#include <openssl/aes.h>
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++#include <openssl/rand.h>
++
++#ifdef OPENSSL_FIPS
++
++#ifdef  __cplusplus
++extern "C" {
++#endif
++
++int FIPS_x931_set_key(const unsigned char *key, int keylen);
++int FIPS_x931_seed(const void *buf, int num);
++int FIPS_x931_bytes(unsigned char *out, int outlen);
++
++int FIPS_x931_test_mode(void);
++void FIPS_x931_reset(void);
++int FIPS_x931_set_dt(unsigned char *dt);
++
++int FIPS_x931_status(void);
++
++const RAND_METHOD *FIPS_x931_method(void);
++
++typedef struct drbg_ctx_st DRBG_CTX;
++/* DRBG external flags */
++/* Flag for CTR mode only: use derivation function ctr_df */
++#define	DRBG_FLAG_CTR_USE_DF		0x1
++/* PRNG is in test state */
++#define	DRBG_FLAG_TEST			0x2
++
++DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
++int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
++int FIPS_drbg_instantiate(DRBG_CTX *dctx,
++				const unsigned char *pers, size_t perslen);
++int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
++int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
++			int prediction_resistance,
++			const unsigned char *adin, size_t adinlen);
++
++int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
++void FIPS_drbg_free(DRBG_CTX *dctx);
++
++int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
++	size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
++				int entropy, size_t min_len, size_t max_len),
++	void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
++	size_t entropy_blocklen,
++	size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
++				int entropy, size_t min_len, size_t max_len),
++	void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
++
++int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
++	size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
++	void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
++	int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
++	int (*rand_add_cb)(DRBG_CTX *ctx,
++				const void *buf, int num, double entropy));
++
++void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
++void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
++size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
++int FIPS_drbg_get_strength(DRBG_CTX *dctx);
++void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
++void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
++
++int FIPS_drbg_health_check(DRBG_CTX *dctx);
++
++DRBG_CTX *FIPS_get_default_drbg(void);
++const RAND_METHOD *FIPS_drbg_method(void);
++
++
++int FIPS_rand_set_method(const RAND_METHOD *meth);
++const RAND_METHOD *FIPS_rand_get_method(void);
++
++void FIPS_rand_set_bits(int nbits);
++
++int FIPS_rand_strength(void);
++
++/* 1.0.0 compat functions */
++int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
++int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
++int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
++int FIPS_rand_test_mode(void);
++void FIPS_rand_reset(void);
++int FIPS_rand_set_dt(unsigned char *dt);
++int FIPS_rand_status(void);
++const RAND_METHOD *FIPS_rand_method(void);
++
++#ifdef  __cplusplus
++}
++#endif
++#endif
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips openssl-1.0.1e/crypto/fips/fips_rand_lcl.h
+--- openssl-1.0.1e/crypto/fips/fips_rand_lcl.h.fips	2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_lcl.h	2013-10-04 11:48:04.187694294 +0200
+@@ -0,0 +1,219 @@
++/* fips/rand/fips_rand_lcl.h */
++/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
++ * project.
++ */
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ */
++
++typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
++typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
++typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
++
++/* 888 bits from 10.1 table 2 */
++#define HASH_PRNG_MAX_SEEDLEN	111
++
++struct drbg_hash_ctx_st
++	{
++	const EVP_MD *md;
++	EVP_MD_CTX mctx;
++	unsigned char V[HASH_PRNG_MAX_SEEDLEN];
++	unsigned char C[HASH_PRNG_MAX_SEEDLEN];
++	/* Temporary value storage: should always exceed max digest length */
++	unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
++	};
++
++struct drbg_hmac_ctx_st
++	{
++	const EVP_MD *md;
++	HMAC_CTX hctx;
++	unsigned char K[EVP_MAX_MD_SIZE];
++	unsigned char V[EVP_MAX_MD_SIZE];
++	};
++
++struct drbg_ctr_ctx_st
++	{
++	AES_KEY ks;
++	size_t keylen;
++	unsigned char K[32];
++	unsigned char V[16];
++	/* Temp variables used by derivation function */
++	AES_KEY df_ks;
++	AES_KEY df_kxks;
++	/* Temporary block storage used by ctr_df */
++	unsigned char bltmp[16];
++	size_t bltmp_pos;
++	unsigned char KX[48];
++	};
++
++/* DRBG internal flags */
++
++/* Functions shouldn't call err library */
++#define	DRBG_FLAG_NOERR			0x1
++/* Custom reseed checking */
++#define	DRBG_CUSTOM_RESEED		0x2
++
++/* DRBG status values */
++/* not initialised */
++#define DRBG_STATUS_UNINITIALISED	0
++/* ok and ready to generate random bits */
++#define DRBG_STATUS_READY		1
++/* reseed required */
++#define DRBG_STATUS_RESEED		2
++/* fatal error condition */
++#define DRBG_STATUS_ERROR		3
++
++/* A default maximum length: larger than any reasonable value used in pratice */
++
++#define DRBG_MAX_LENGTH			0x7ffffff0
++/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
++ * so use max digest length.
++ */
++#define DRBG_MAX_BLOCK			EVP_MAX_MD_SIZE
++
++#define DRBG_HEALTH_INTERVAL		(1 << 24)
++
++/* DRBG context structure */
++
++struct drbg_ctx_st
++	{
++	/* First types common to all implementations */
++	/* DRBG type: a NID for the underlying algorithm */
++	int type;
++	/* Various external flags */
++	unsigned int xflags;
++	/* Various internal use only flags */
++	unsigned int iflags;
++	/* Used for periodic health checks */
++	int health_check_cnt, health_check_interval;
++
++	/* The following parameters are setup by mechanism drbg_init() call */
++	int strength;
++	size_t blocklength;
++	size_t max_request;
++
++	size_t min_entropy, max_entropy;
++	size_t min_nonce, max_nonce;
++	size_t max_pers, max_adin;
++	unsigned int reseed_counter;
++	unsigned int reseed_interval;
++	size_t seedlen;
++	int status;
++	/* Application data: typically used by test get_entropy */
++	void *app_data;
++	/* Implementation specific structures */
++	union 
++		{
++		DRBG_HASH_CTX hash;
++		DRBG_HMAC_CTX hmac;
++		DRBG_CTR_CTX  ctr;
++		} d;
++	/* Initialiase PRNG and setup callbacks below */
++	int (*init)(DRBG_CTX *ctx, int nid, int security, unsigned int flags);
++	/* Intantiate PRNG */
++	int (*instantiate)(DRBG_CTX *ctx,
++				const unsigned char *ent, size_t entlen,
++				const unsigned char *nonce, size_t noncelen,
++				const unsigned char *pers, size_t perslen);
++	/* reseed */
++	int (*reseed)(DRBG_CTX *ctx,
++				const unsigned char *ent, size_t entlen,
++				const unsigned char *adin, size_t adinlen);
++	/* generat output */
++	int (*generate)(DRBG_CTX *ctx,
++				unsigned char *out, size_t outlen,
++				const unsigned char *adin, size_t adinlen);
++	/* uninstantiate */
++	int (*uninstantiate)(DRBG_CTX *ctx);
++
++	/* Entropy source block length */
++	size_t entropy_blocklen;
++
++	/* entropy gathering function */
++	size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout,
++				int entropy, size_t min_len, size_t max_len);
++	/* Indicates we have finished with entropy buffer */
++	void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
++
++	/* nonce gathering function */
++	size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
++				int entropy, size_t min_len, size_t max_len);
++	/* Indicates we have finished with nonce buffer */
++	void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
++
++	/* Continuous random number test temporary area */
++	/* Last block */	
++	unsigned char lb[EVP_MAX_MD_SIZE];
++	/* set if lb is valid */
++	int lb_valid;
++
++	/* Callbacks used when called through RAND interface */
++	/* Get any additional input for generate */
++	size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout);
++	void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
++	/* Callback for RAND_seed(), RAND_add() */
++	int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num);
++	int (*rand_add_cb)(DRBG_CTX *ctx,
++				const void *buf, int num, double entropy);
++	};
++
++
++int fips_drbg_ctr_init(DRBG_CTX *dctx);
++int fips_drbg_hash_init(DRBG_CTX *dctx);
++int fips_drbg_hmac_init(DRBG_CTX *dctx);
++int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
++int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
++
++const struct env_md_st *FIPS_get_digestbynid(int nid);
++
++const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
++
++#define FIPS_digestinit EVP_DigestInit
++#define FIPS_digestupdate EVP_DigestUpdate
++#define FIPS_digestfinal EVP_DigestFinal
++#define M_EVP_MD_size EVP_MD_size
+diff -up openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips openssl-1.0.1e/crypto/fips/fips_rand_lib.c
+--- openssl-1.0.1e/crypto/fips/fips_rand_lib.c.fips	2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_lib.c	2013-10-04 11:48:04.187694294 +0200
+@@ -0,0 +1,191 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <openssl/crypto.h>
++#include <openssl/rand.h>
++#include <openssl/err.h>
++#include <openssl/fips.h>
++#include <openssl/fips_rand.h>
++#include "e_os.h"
++
++/* FIPS API for PRNG use. Similar to RAND functionality but without
++ * ENGINE and additional checking for non-FIPS rand methods.
++ */
++
++static const RAND_METHOD *fips_rand_meth = NULL;
++static int fips_approved_rand_meth = 0;
++static int fips_rand_bits = 0;
++
++/* Allows application to override number of bits and uses non-FIPS methods */
++void FIPS_rand_set_bits(int nbits)
++	{
++	fips_rand_bits = nbits;
++	}
++
++int FIPS_rand_set_method(const RAND_METHOD *meth)
++	{
++	if (!fips_rand_bits)
++		{
++		if (meth == FIPS_drbg_method())
++			fips_approved_rand_meth = 1;
++		else if (meth == FIPS_x931_method())
++			fips_approved_rand_meth = 2;
++		else
++			{
++			fips_approved_rand_meth = 0;
++			if (FIPS_module_mode())
++				{
++				FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD,
++						FIPS_R_NON_FIPS_METHOD);
++				return 0;
++				}
++			}
++		}
++	fips_rand_meth = meth;
++	return 1;
++	}
++
++const RAND_METHOD *FIPS_rand_get_method(void)
++	{
++	return fips_rand_meth;
++	}
++
++const RAND_METHOD *FIPS_rand_method(void)
++	{
++	return FIPS_rand_get_method();
++	}
++
++void FIPS_rand_reset(void)
++	{
++	if (fips_rand_meth && fips_rand_meth->cleanup)
++		fips_rand_meth->cleanup();
++	}
++
++int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num)
++	{
++	if (!fips_approved_rand_meth && FIPS_module_mode())
++		{
++		FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
++		return 0;
++		}
++	if (fips_rand_meth && fips_rand_meth->seed)
++		fips_rand_meth->seed(buf,num);
++	return 1;
++	}
++
++void FIPS_rand_add(const void *buf, int num, double entropy)
++	{
++	if (!fips_approved_rand_meth && FIPS_module_mode())
++		{
++		FIPSerr(FIPS_F_FIPS_RAND_ADD, FIPS_R_NON_FIPS_METHOD);
++		return;
++		}
++	if (fips_rand_meth && fips_rand_meth->add)
++		fips_rand_meth->add(buf,num,entropy);
++	}
++
++int FIPS_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num)
++	{
++	if (!fips_approved_rand_meth && FIPS_module_mode())
++		{
++		FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
++		return 0;
++		}
++	if (fips_rand_meth && fips_rand_meth->bytes)
++		return fips_rand_meth->bytes(buf,num);
++	return 0;
++	}
++
++int FIPS_rand_pseudo_bytes(unsigned char *buf, int num)
++	{
++	if (!fips_approved_rand_meth && FIPS_module_mode())
++		{
++		FIPSerr(FIPS_F_FIPS_RAND_PSEUDO_BYTES, FIPS_R_NON_FIPS_METHOD);
++		return 0;
++		}
++	if (fips_rand_meth && fips_rand_meth->pseudorand)
++		return fips_rand_meth->pseudorand(buf,num);
++	return -1;
++	}
++
++int FIPS_rand_status(void)
++	{
++	if (!fips_approved_rand_meth && FIPS_module_mode())
++		{
++		FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
++		return 0;
++		}
++	if (fips_rand_meth && fips_rand_meth->status)
++		return fips_rand_meth->status();
++	return 0;
++	}
++
++/* Return instantiated strength of PRNG. For DRBG this is an internal
++ * parameter. For X9.31 PRNG it is 80 bits (from SP800-131). Any other
++ * type of PRNG is not approved and returns 0 in FIPS mode and maximum
++ * 256 outside FIPS mode.
++ */
++
++int FIPS_rand_strength(void)
++	{
++	if (fips_rand_bits)
++		return fips_rand_bits;
++	if (fips_approved_rand_meth == 1)
++		return FIPS_drbg_get_strength(FIPS_get_default_drbg());
++	else if (fips_approved_rand_meth == 2)
++		return 80;
++	else if (fips_approved_rand_meth == 0)
++		{
++		if (FIPS_module_mode())
++			return 0;
++		else
++			return 256;
++		}
++	return 0;
++	}
+diff -up openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rand_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_rand_selftest.c.fips	2013-10-04 11:48:04.187694294 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rand_selftest.c	2013-10-04 11:48:04.187694294 +0200
+@@ -0,0 +1,183 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/err.h>
++#include <openssl/fips.h>
++#include <openssl/rand.h>
++#include <openssl/fips_rand.h>
++#include "fips_locl.h"
++
++#ifdef OPENSSL_FIPS
++
++
++
++typedef struct
++	{
++	unsigned char DT[16];
++	unsigned char V[16];
++	unsigned char R[16];
++	} AES_PRNG_TV;
++
++/* The following test vectors are taken directly from the RGNVS spec */
++
++static unsigned char aes_128_key[16] =
++		{0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
++		 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
++
++static AES_PRNG_TV aes_128_tv = 
++	{
++				/* DT */
++		{0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
++		 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
++				/* V */
++		{0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++		 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
++				/* R */
++		{0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
++		 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
++	};
++
++static unsigned char aes_192_key[24] =
++		{0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
++		 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
++		 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
++
++static AES_PRNG_TV aes_192_tv = 
++	{
++				/* DT */
++		{0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
++		 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
++				/* V */
++		{0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++		 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
++				/* R */
++		{0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
++		 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
++	};
++
++static unsigned char aes_256_key[32] =
++		{0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
++		 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
++		 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
++		 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
++
++static AES_PRNG_TV aes_256_tv =
++	{
++				/* DT */
++		{0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
++		 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
++				/* V */
++		{0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++		 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
++				/* R */
++		{0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
++		 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
++	};
++
++void FIPS_corrupt_rng()
++    {
++    aes_192_tv.V[0]++;
++    }
++
++#define fips_x931_test(key, tv) \
++	do_x931_test(key, sizeof key, &tv)
++
++static int do_x931_test(unsigned char *key, int keylen,
++			AES_PRNG_TV *tv)
++	{
++	unsigned char R[16], V[16];
++	int rv = 1;
++	memcpy(V, tv->V, sizeof(V));
++	if (!FIPS_x931_set_key(key, keylen))
++		return 0;
++	if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
++		return 1;
++	if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
++		V[0]++;
++	FIPS_x931_seed(V, 16);
++	FIPS_x931_set_dt(tv->DT);
++	FIPS_x931_bytes(R, 16);
++	if (memcmp(R, tv->R, 16))
++		{
++		fips_post_failed(FIPS_TEST_X931, keylen, NULL);
++		rv = 0;
++		}
++	else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
++		return 0;
++	return rv;
++	}
++
++int FIPS_selftest_x931()
++	{
++	int rv = 1;
++	FIPS_x931_reset();
++	if (!FIPS_x931_test_mode())
++		{
++		FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++	if (!fips_x931_test(aes_128_key,aes_128_tv))
++		rv = 0;
++	if (!fips_x931_test(aes_192_key, aes_192_tv))
++		rv = 0;
++	if (!fips_x931_test(aes_256_key, aes_256_tv))
++		rv = 0;
++	FIPS_x931_reset();
++	if (!rv)
++		FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
++	return rv;
++	}
++
++int FIPS_selftest_rng(void)
++	{
++	return FIPS_selftest_x931();
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_randtest.c.fips openssl-1.0.1e/crypto/fips/fips_randtest.c
+--- openssl-1.0.1e/crypto/fips/fips_randtest.c.fips	2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_randtest.c	2013-10-04 11:48:04.187694294 +0200
+@@ -0,0 +1,250 @@
++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ * 
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to.  The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ * 
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ * 
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ *    must display the following acknowledgement:
++ *    "This product includes cryptographic software written by
++ *     Eric Young (eay@cryptsoft.com)"
++ *    The word 'cryptographic' can be left out if the rouines from the library
++ *    being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from 
++ *    the apps directory (application code) you must include an acknowledgement:
++ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ * 
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ * 
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed.  i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <ctype.h>
++#include <openssl/rand.h>
++#include <openssl/fips_rand.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++
++#include "e_os.h"
++
++#ifndef OPENSSL_FIPS
++int main(int argc, char *argv[])
++{
++    printf("No FIPS RAND support\n");
++    return(0);
++}
++
++#else
++
++#include "fips_utl.h"
++#include <openssl/fips.h>
++
++typedef struct
++	{
++	unsigned char DT[16];
++	unsigned char V[16];
++	unsigned char R[16];
++	} AES_PRNG_MCT;
++
++static const unsigned char aes_128_mct_key[16] =
++	{0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
++	 0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
++
++static const AES_PRNG_MCT aes_128_mct_tv = {
++			/* DT */
++	{0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
++	 0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
++			/* V */
++	{0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
++	 0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
++			/* R */
++	{0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
++	 0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
++};
++
++static const unsigned char aes_192_mct_key[24] =
++	{0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
++	 0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
++	 0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
++
++static const AES_PRNG_MCT aes_192_mct_tv = {
++			/* DT */
++	{0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
++	 0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
++			/* V */
++	{0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
++	 0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
++			/* R */
++	{0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
++	 0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
++};
++
++static const unsigned char aes_256_mct_key[32] =
++	{0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
++	 0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
++	 0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
++	 0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
++
++static const AES_PRNG_MCT aes_256_mct_tv = {
++			/* DT */
++	{0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
++	 0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
++			/* V */
++	{0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
++	 0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
++			/* R */
++	{0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
++	 0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
++};
++
++static void dump(const unsigned char *b,int n)
++    {
++    while(n-- > 0)
++	{
++	printf(" %02x",*b++);
++	}
++    }
++
++static void compare(const unsigned char *result,const unsigned char *expected,
++		    int n)
++    {
++    int i;
++
++    for(i=0 ; i < n ; ++i)
++	if(result[i] != expected[i])
++	    {
++	    puts("Random test failed, got:");
++	    dump(result,n);
++	    puts("\n               expected:");
++	    dump(expected,n);
++	    putchar('\n');
++	    EXIT(1);
++	    }
++    }
++
++
++static void run_test(const unsigned char *key, int keylen,
++							const AES_PRNG_MCT *tv)
++    {
++    unsigned char buf[16], dt[16];
++    int i, j;
++    FIPS_x931_reset();
++    FIPS_x931_test_mode();
++    FIPS_x931_set_key(key, keylen);
++    FIPS_x931_seed(tv->V, 16);
++    memcpy(dt, tv->DT, 16);
++    for (i = 0; i < 10000; i++)
++	{
++    	FIPS_x931_set_dt(dt);
++	FIPS_x931_bytes(buf, 16);
++	/* Increment DT */
++	for (j = 15; j >= 0; j--)
++		{
++		dt[j]++;
++		if (dt[j])
++			break;
++		}
++	}
++
++    compare(buf,tv->R, 16);
++    }
++
++int main()
++	{
++	run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
++	printf("FIPS PRNG test 1 done\n");
++	run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
++	printf("FIPS PRNG test 2 done\n");
++	run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
++	printf("FIPS PRNG test 3 done\n");
++	return 0;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c.fips	2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rsa_selftest.c	2013-10-04 11:48:04.188694316 +0200
+@@ -0,0 +1,444 @@
++/* ====================================================================
++ * Copyright (c) 2003-2007 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++#include <openssl/rsa.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++#include <openssl/opensslconf.h>
++
++#ifdef OPENSSL_FIPS
++
++static const unsigned char n[] =
++"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
++"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
++"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
++"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
++"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
++"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
++"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
++"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
++"\xCB";
++
++static int corrupt_rsa;
++
++static int setrsakey(RSA *key)
++    {
++    static const unsigned char e[] = "\x11";
++
++    static const unsigned char d[] =
++"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
++"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
++"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
++"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
++"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
++"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
++"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
++"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
++"\xC1";
++
++    static const unsigned char p[] =
++"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
++"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
++"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
++"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
++"\x99";
++
++    static const unsigned char q[] =
++"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
++"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
++"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
++"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
++"\x03";
++
++    static const unsigned char dmp1[] =
++"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
++"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
++"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
++"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
++
++    static const unsigned char dmq1[] =
++"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
++"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
++"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
++"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
++    
++    static const unsigned char iqmp[] =
++"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
++"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
++"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
++"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
++"\xF7";
++
++    key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
++    if (corrupt_rsa)
++	BN_set_bit(key->n, 1024);
++    key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
++    key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
++    key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
++    key->q = BN_bin2bn(q, sizeof(q)-1, key->q);
++    key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1);
++    key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1);
++    key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp);
++    return 1;
++    }
++
++void FIPS_corrupt_rsa()
++    {
++    corrupt_rsa = 1;
++    }
++
++/* Known Answer Test (KAT) data for the above RSA private key signing
++ * kat_tbs.
++ */
++
++static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
++
++static const unsigned char kat_RSA_PSS_SHA1[] = {
++  0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
++  0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
++  0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
++  0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
++  0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
++  0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
++  0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
++  0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
++  0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
++  0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
++  0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
++};
++
++static const unsigned char kat_RSA_PSS_SHA224[] = {
++  0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
++  0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
++  0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
++  0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
++  0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
++  0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
++  0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
++  0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
++  0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
++  0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
++  0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
++};
++
++static const unsigned char kat_RSA_PSS_SHA256[] = {
++  0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
++  0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
++  0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
++  0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
++  0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
++  0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
++  0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
++  0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
++  0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
++  0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
++  0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
++};
++
++static const unsigned char kat_RSA_PSS_SHA384[] = {
++  0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
++  0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
++  0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
++  0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
++  0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
++  0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
++  0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
++  0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
++  0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
++  0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
++  0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
++};
++
++static const unsigned char kat_RSA_PSS_SHA512[] = {
++  0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
++  0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
++  0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
++  0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
++  0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
++  0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
++  0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
++  0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
++  0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
++  0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
++  0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
++};
++
++static const unsigned char kat_RSA_SHA1[] = {
++  0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
++  0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
++  0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
++  0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
++  0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
++  0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
++  0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
++  0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
++  0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
++  0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
++  0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
++};
++
++static const unsigned char kat_RSA_SHA224[] = {
++  0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
++  0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
++  0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
++  0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
++  0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
++  0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
++  0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
++  0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
++  0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
++  0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
++  0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
++};
++
++static const unsigned char kat_RSA_SHA256[] = {
++  0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
++  0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
++  0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
++  0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
++  0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
++  0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
++  0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
++  0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
++  0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
++  0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
++  0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
++};
++
++static const unsigned char kat_RSA_SHA384[] = {
++  0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
++  0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
++  0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
++  0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
++  0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
++  0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
++  0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
++  0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
++  0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
++  0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
++  0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
++};
++
++static const unsigned char kat_RSA_SHA512[] = {
++  0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
++  0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
++  0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
++  0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
++  0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
++  0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
++  0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
++  0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
++  0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
++  0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
++  0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
++};
++
++static const unsigned char kat_RSA_X931_SHA1[] = {
++  0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
++  0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
++  0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
++  0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
++  0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
++  0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
++  0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
++  0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
++  0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
++  0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
++  0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
++};
++
++static const unsigned char kat_RSA_X931_SHA256[] = {
++  0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
++  0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
++  0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
++  0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
++  0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
++  0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
++  0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
++  0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
++  0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
++  0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
++  0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
++};
++
++static const unsigned char kat_RSA_X931_SHA384[] = {
++  0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
++  0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
++  0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
++  0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
++  0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
++  0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
++  0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
++  0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
++  0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
++  0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
++  0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
++};
++
++static const unsigned char kat_RSA_X931_SHA512[] = {
++  0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
++  0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
++  0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
++  0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
++  0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
++  0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
++  0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
++  0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
++  0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
++  0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
++  0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
++};
++
++
++int FIPS_selftest_rsa()
++	{
++	int ret = 0;
++	RSA *key;
++	EVP_PKEY *pk = NULL;
++
++	if ((key=RSA_new()) == NULL)
++		goto err;
++	setrsakey(key);
++	if ((pk=EVP_PKEY_new()) == NULL)
++		goto err;
++
++	EVP_PKEY_assign_RSA(pk, key);
++
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
++				EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
++				"RSA SHA1 PKCS#1"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
++				EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
++				"RSA SHA224 PKCS#1"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
++				EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
++				"RSA SHA256 PKCS#1"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
++				EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
++				"RSA SHA384 PKCS#1"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
++				EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
++				"RSA SHA512 PKCS#1"))
++		goto err;
++
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
++				EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
++				"RSA SHA1 PSS"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
++				EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
++				"RSA SHA224 PSS"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
++				EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
++				"RSA SHA256 PSS"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
++				EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
++				"RSA SHA384 PSS"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++				kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
++				EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
++				"RSA SHA512 PSS"))
++		goto err;
++
++
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++			kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
++			EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
++			"RSA SHA1 X931"))
++		goto err;
++	/* NB: SHA224 not supported in X9.31 */
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++			kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
++			EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
++			"RSA SHA256 X931"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++			kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
++			EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
++			"RSA SHA384 X931"))
++		goto err;
++	if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
++			kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
++			EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
++			"RSA SHA512 X931"))
++		goto err;
++
++
++	ret = 1;
++
++	err:
++	if (pk)
++		EVP_PKEY_free(pk);
++	else if (key)
++		RSA_free(key);
++	return ret;
++	}
++
++#endif /* def OPENSSL_FIPS */
+diff -up openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c
+--- openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c.fips	2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_rsa_x931g.c	2013-10-04 11:48:04.188694316 +0200
+@@ -0,0 +1,282 @@
++/* crypto/rsa/rsa_gen.c */
++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
++ * All rights reserved.
++ *
++ * This package is an SSL implementation written
++ * by Eric Young (eay@cryptsoft.com).
++ * The implementation was written so as to conform with Netscapes SSL.
++ * 
++ * This library is free for commercial and non-commercial use as long as
++ * the following conditions are aheared to.  The following conditions
++ * apply to all code found in this distribution, be it the RC4, RSA,
++ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
++ * included with this distribution is covered by the same copyright terms
++ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
++ * 
++ * Copyright remains Eric Young's, and as such any Copyright notices in
++ * the code are not to be removed.
++ * If this package is used in a product, Eric Young should be given attribution
++ * as the author of the parts of the library used.
++ * This can be in the form of a textual message at program startup or
++ * in documentation (online or textual) provided with the package.
++ * 
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. All advertising materials mentioning features or use of this software
++ *    must display the following acknowledgement:
++ *    "This product includes cryptographic software written by
++ *     Eric Young (eay@cryptsoft.com)"
++ *    The word 'cryptographic' can be left out if the rouines from the library
++ *    being used are not cryptographic related :-).
++ * 4. If you include any Windows specific code (or a derivative thereof) from 
++ *    the apps directory (application code) you must include an acknowledgement:
++ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
++ * 
++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ * 
++ * The licence and distribution terms for any publically available version or
++ * derivative of this code cannot be changed.  i.e. this code cannot simply be
++ * copied and put under another distribution licence
++ * [including the GNU Public Licence.]
++ */
++
++#include <stdio.h>
++#include <string.h>
++#include <time.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/rsa.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++
++extern int fips_check_rsa(RSA *rsa);
++#endif
++
++/* X9.31 RSA key derivation and generation */
++
++int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
++			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
++			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
++			const BIGNUM *e, BN_GENCB *cb)
++	{
++	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
++	BN_CTX *ctx=NULL,*ctx2=NULL;
++
++	if (!rsa) 
++		goto err;
++
++	ctx = BN_CTX_new();
++	if (!ctx) 
++		goto err;
++	BN_CTX_start(ctx);
++
++	r0 = BN_CTX_get(ctx);
++	r1 = BN_CTX_get(ctx);
++	r2 = BN_CTX_get(ctx);
++	r3 = BN_CTX_get(ctx);
++
++	if (r3 == NULL)
++		goto err;
++	if (!rsa->e)
++		{
++		rsa->e = BN_dup(e);
++		if (!rsa->e)
++			goto err;
++		}
++	else
++		e = rsa->e;
++
++	/* If not all parameters present only calculate what we can.
++	 * This allows test programs to output selective parameters.
++	 */
++
++	if (Xp && !rsa->p)
++		{
++		rsa->p = BN_new();
++		if (!rsa->p)
++			goto err;
++
++		if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
++					Xp, Xp1, Xp2, e, ctx, cb))
++			goto err;
++		}
++
++	if (Xq && !rsa->q)
++		{
++		rsa->q = BN_new();
++		if (!rsa->q)
++			goto err;
++		if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
++					Xq, Xq1, Xq2, e, ctx, cb))
++			goto err;
++		}
++
++	if (!rsa->p || !rsa->q)
++		{
++		BN_CTX_end(ctx);
++		BN_CTX_free(ctx);
++		return 2;
++		}
++
++	/* Since both primes are set we can now calculate all remaining 
++	 * components.
++	 */
++
++	/* calculate n */
++	rsa->n=BN_new();
++	if (rsa->n == NULL)
++		goto err;
++	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
++		goto err;
++
++	/* calculate d */
++	if (!BN_sub(r1,rsa->p,BN_value_one()))
++		goto err;	/* p-1 */
++	if (!BN_sub(r2,rsa->q,BN_value_one()))
++		goto err;	/* q-1 */
++	if (!BN_mul(r0,r1,r2,ctx))
++		goto err;	/* (p-1)(q-1) */
++
++	if (!BN_gcd(r3, r1, r2, ctx))
++		goto err;
++
++	if (!BN_div(r0, NULL, r0, r3, ctx))
++		goto err;	/* LCM((p-1)(q-1)) */
++
++	ctx2 = BN_CTX_new();
++	if (!ctx2)
++		goto err;
++
++	rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);	/* d */
++	if (rsa->d == NULL)
++		goto err;
++
++	/* calculate d mod (p-1) */
++	rsa->dmp1=BN_new();
++	if (rsa->dmp1 == NULL)
++		goto err;
++	if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
++		goto err;
++
++	/* calculate d mod (q-1) */
++	rsa->dmq1=BN_new();
++	if (rsa->dmq1 == NULL)
++		goto err;
++	if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
++		goto err;
++
++	/* calculate inverse of q mod p */
++	rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
++
++	err:
++	if (ctx)
++		{
++		BN_CTX_end(ctx);
++		BN_CTX_free(ctx);
++		}
++	if (ctx2)
++		BN_CTX_free(ctx2);
++	/* If this is set all calls successful */
++	if (rsa && rsa->iqmp != NULL)
++		return 1;
++
++	return 0;
++
++	}
++
++int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
++	{
++	int ok = 0;
++	BIGNUM *Xp = NULL, *Xq = NULL;
++	BN_CTX *ctx = NULL;
++
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && 
++		(bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
++	    {
++	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
++	    return 0;
++	    }
++
++	if (bits & 0xff)
++	    {
++	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
++	    return 0;
++	    }
++
++	if(FIPS_selftest_failed())
++	    {
++	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
++	    return 0;
++	    }
++#endif
++
++	ctx = BN_CTX_new();
++	if (!ctx)
++		goto error;
++
++	BN_CTX_start(ctx);
++	Xp = BN_CTX_get(ctx);
++	Xq = BN_CTX_get(ctx);
++	if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
++		goto error;
++
++	rsa->p = BN_new();
++	rsa->q = BN_new();
++	if (!rsa->p || !rsa->q)
++		goto error;
++
++	/* Generate two primes from Xp, Xq */
++
++	if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
++					e, ctx, cb))
++		goto error;
++
++	if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
++					e, ctx, cb))
++		goto error;
++
++	/* Since rsa->p and rsa->q are valid this call will just derive
++	 * remaining RSA components.
++	 */
++
++	if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
++				NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
++		goto error;
++
++#ifdef OPENSSL_FIPS
++	if(!fips_check_rsa(rsa))
++	    goto error;
++#endif
++
++	ok = 1;
++
++	error:
++	if (ctx)
++		{
++		BN_CTX_end(ctx);
++		BN_CTX_free(ctx);
++		}
++
++	if (ok)
++		return 1;
++
++	return 0;
++
++	}
+diff -up openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips openssl-1.0.1e/crypto/fips/fips_sha_selftest.c
+--- openssl-1.0.1e/crypto/fips/fips_sha_selftest.c.fips	2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_sha_selftest.c	2013-10-04 11:48:04.188694316 +0200
+@@ -0,0 +1,140 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++#include <openssl/evp.h>
++#include <openssl/sha.h>
++
++#ifdef OPENSSL_FIPS
++static const char test[][60]=
++    {
++    "",
++    "abc",
++    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
++    };
++
++static const unsigned char ret[][SHA_DIGEST_LENGTH]=
++    {
++    { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
++      0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
++    { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
++      0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
++    { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
++      0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
++    };
++
++static int corrupt_sha;
++
++void FIPS_corrupt_sha1()
++    {
++    corrupt_sha = 1;
++    }
++
++int FIPS_selftest_sha1()
++    {
++    int n;
++
++    for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
++	{
++	unsigned char md[SHA_DIGEST_LENGTH];
++
++	EVP_Digest(test[n],strlen(test[n])+corrupt_sha,md, NULL, EVP_sha1(), NULL);
++	if(memcmp(md,ret[n],sizeof md))
++	    {
++	    FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
++	    return 0;
++	    }
++	}
++    return 1;
++    }
++
++static const unsigned char msg_sha256[] = { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
++					    0xfc };
++static const unsigned char dig_sha256[] = { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
++					    0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
++					    0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
++					    0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a };
++
++static const unsigned char msg_sha512[] = { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
++					    0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd };
++static const unsigned char dig_sha512[] = { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
++					    0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
++					    0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
++					    0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
++					    0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
++					    0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
++					    0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
++					    0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43 };
++
++int FIPS_selftest_sha2(void)
++	{
++	unsigned char md[SHA512_DIGEST_LENGTH];
++
++	EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
++	if(memcmp(dig_sha256, md, sizeof(dig_sha256)))
++		{
++		FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++
++	EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
++	if(memcmp(dig_sha512, md, sizeof(dig_sha512)))
++		{
++		FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_SELFTEST_FAILED);
++		return 0;
++		}
++
++	return 1;
++	}
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c
+--- openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c.fips	2013-10-04 11:48:04.188694316 +0200
++++ openssl-1.0.1e/crypto/fips/fips_standalone_hmac.c	2013-10-04 11:48:04.188694316 +0200
+@@ -0,0 +1,180 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <openssl/opensslconf.h>
++#include <openssl/sha.h>
++#include <openssl/hmac.h>
++
++#ifndef FIPSCANISTER_O
++int FIPS_selftest_failed() { return 0; }
++void FIPS_selftest_check() {}
++void OPENSSL_cleanse(void *p,size_t len) {}
++#endif
++
++#if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
++	defined(__INTEL__) || \
++	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
++
++unsigned int  OPENSSL_ia32cap_P[2];
++#endif
++
++#ifdef OPENSSL_FIPS
++
++static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
++		      const char *key)
++    {
++    size_t len=strlen(key);
++    int i;
++    unsigned char keymd[HMAC_MAX_MD_CBLOCK];
++    unsigned char pad[HMAC_MAX_MD_CBLOCK];
++
++    if (len > SHA_CBLOCK)
++	{
++	SHA256_Init(md_ctx);
++	SHA256_Update(md_ctx,key,len);
++	SHA256_Final(keymd,md_ctx);
++	len=SHA256_DIGEST_LENGTH;
++	}
++    else
++	memcpy(keymd,key,len);
++    memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
++
++    for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
++	pad[i]=0x36^keymd[i];
++    SHA256_Init(md_ctx);
++    SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
++
++    for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
++	pad[i]=0x5c^keymd[i];
++    SHA256_Init(o_ctx);
++    SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
++    }
++
++static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
++    {
++    unsigned char buf[SHA256_DIGEST_LENGTH];
++
++    SHA256_Final(buf,md_ctx);
++    SHA256_Update(o_ctx,buf,sizeof buf);
++    SHA256_Final(md,o_ctx);
++    }
++
++#endif
++
++int main(int argc,char **argv)
++    {
++#ifdef OPENSSL_FIPS
++    static char key[]="orboDeJITITejsirpADONivirpUkvarP";
++    int n,binary=0;
++
++    if(argc < 2)
++	{
++	fprintf(stderr,"%s [<file>]+\n",argv[0]);
++	exit(1);
++	}
++
++    n=1;
++    if (!strcmp(argv[n],"-binary"))
++	{
++	n++;
++	binary=1;	/* emit binary fingerprint... */
++	}
++
++    for(; n < argc ; ++n)
++	{
++	FILE *f=fopen(argv[n],"rb");
++	SHA256_CTX md_ctx,o_ctx;
++	unsigned char md[SHA256_DIGEST_LENGTH];
++	int i;
++
++	if(!f)
++	    {
++	    perror(argv[n]);
++	    exit(2);
++	    }
++
++	hmac_init(&md_ctx,&o_ctx,key);
++	for( ; ; )
++	    {
++	    char buf[1024];
++	    size_t l=fread(buf,1,sizeof buf,f);
++
++	    if(l == 0)
++		{
++		if(ferror(f))
++		    {
++		    perror(argv[n]);
++		    exit(3);
++		    }
++		else
++		    break;
++		}
++	    SHA256_Update(&md_ctx,buf,l);
++	    }
++	hmac_final(md,&md_ctx,&o_ctx);
++
++	if (binary)
++	    {
++	    fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
++	    break;	/* ... for single(!) file */
++	    }
++
++/*	printf("HMAC-SHA1(%s)= ",argv[n]); */
++	for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
++	    printf("%02x",md[i]);
++	printf("\n");
++	}
++#endif
++    return 0;
++    }
++
++
+diff -up openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips openssl-1.0.1e/crypto/fips/fips_test_suite.c
+--- openssl-1.0.1e/crypto/fips/fips_test_suite.c.fips	2013-10-04 11:48:04.189694339 +0200
++++ openssl-1.0.1e/crypto/fips/fips_test_suite.c	2013-10-04 11:48:04.189694339 +0200
+@@ -0,0 +1,588 @@
++/* ====================================================================
++ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
++ *
++ *
++ * This command is intended as a test driver for the FIPS-140 testing
++ * lab performing FIPS-140 validation.  It demonstrates the use of the
++ * OpenSSL library ito perform a variety of common cryptographic
++ * functions.  A power-up self test is demonstrated by deliberately
++ * pointing to an invalid executable hash
++ *
++ * Contributed by Steve Marquess.
++ *
++ */
++#include <stdio.h>
++#include <assert.h>
++#include <ctype.h>
++#include <string.h>
++#include <stdlib.h>
++#include <openssl/aes.h>
++#include <openssl/des.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++#include <openssl/dh.h>
++#include <openssl/hmac.h>
++#include <openssl/err.h>
++
++#include <openssl/bn.h>
++#include <openssl/rand.h>
++#include <openssl/sha.h>
++
++
++#ifndef OPENSSL_FIPS
++int main(int argc, char *argv[])
++    {
++    printf("No FIPS support\n");
++    return(0);
++    }
++#else
++
++#include <openssl/fips.h>
++#include "fips_utl.h"
++
++/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
++*/
++static int FIPS_aes_test(void)
++	{
++	int ret = 0;
++	unsigned char pltmp[16];
++	unsigned char citmp[16];
++	unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
++	unsigned char plaintext[16] = "etaonrishdlcu";
++	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX_init(&ctx);
++	if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
++		goto err;
++	EVP_Cipher(&ctx, citmp, plaintext, 16);
++	if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
++		goto err;
++	EVP_Cipher(&ctx, pltmp, citmp, 16);
++	if (memcmp(pltmp, plaintext, 16))
++		goto err;
++	ret = 1;
++	err:
++	EVP_CIPHER_CTX_cleanup(&ctx);
++	return ret;
++	}
++
++static int FIPS_des3_test(void)
++	{
++	int ret = 0;
++	unsigned char pltmp[8];
++	unsigned char citmp[8];
++    	unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
++		              19,20,21,22,23,24};
++    	unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
++	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX_init(&ctx);
++	if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
++		goto err;
++	EVP_Cipher(&ctx, citmp, plaintext, 8);
++	if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
++		goto err;
++	EVP_Cipher(&ctx, pltmp, citmp, 8);
++	if (memcmp(pltmp, plaintext, 8))
++		goto err;
++	ret = 1;
++	err:
++	EVP_CIPHER_CTX_cleanup(&ctx);
++	return ret;
++	}
++
++/*
++ * DSA: generate keys and sign, verify input plaintext.
++ */
++static int FIPS_dsa_test(int bad)
++    {
++    DSA *dsa = NULL;
++    EVP_PKEY pk;
++    unsigned char dgst[] = "etaonrishdlc";
++    unsigned char buf[60];
++    unsigned int slen;
++    int r = 0;
++    EVP_MD_CTX mctx;
++
++    ERR_clear_error();
++    EVP_MD_CTX_init(&mctx);
++    dsa = DSA_new();
++    if (!dsa)
++	goto end;
++    if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
++	goto end;
++    if (!DSA_generate_key(dsa))
++	goto end;
++    if (bad)
++	    BN_add_word(dsa->pub_key, 1);
++
++    pk.type = EVP_PKEY_DSA;
++    pk.pkey.dsa = dsa;
++
++    if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
++	goto end;
++    if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
++	goto end;
++    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
++	goto end;
++
++    if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
++	goto end;
++    if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
++	goto end;
++    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
++    end:
++    EVP_MD_CTX_cleanup(&mctx);
++    if (dsa)
++  	  DSA_free(dsa);
++    if (r != 1)
++	return 0;
++    return 1;
++    }
++
++/*
++ * RSA: generate keys and sign, verify input plaintext.
++ */
++static int FIPS_rsa_test(int bad)
++    {
++    RSA *key;
++    unsigned char input_ptext[] = "etaonrishdlc";
++    unsigned char buf[256];
++    unsigned int slen;
++    BIGNUM *bn;
++    EVP_MD_CTX mctx;
++    EVP_PKEY pk;
++    int r = 0;
++
++    ERR_clear_error();
++    EVP_MD_CTX_init(&mctx);
++    key = RSA_new();
++    bn = BN_new();
++    if (!key || !bn)
++	return 0;
++    BN_set_word(bn, 65537);
++    if (!RSA_generate_key_ex(key, 1024,bn,NULL))
++	return 0;
++    BN_free(bn);
++    if (bad)
++	    BN_add_word(key->n, 1);
++
++    pk.type = EVP_PKEY_RSA;
++    pk.pkey.rsa = key;
++
++    if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
++	goto end;
++    if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
++	goto end;
++    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
++	goto end;
++
++    if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
++	goto end;
++    if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
++	goto end;
++    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
++    end:
++    EVP_MD_CTX_cleanup(&mctx);
++    if (key)
++  	    RSA_free(key);
++    if (r != 1)
++	return 0;
++    return 1;
++    }
++
++/* SHA1: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_sha1_test()
++    {
++    unsigned char digest[SHA_DIGEST_LENGTH] =
++        { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
++    unsigned char str[] = "etaonrishd";
++
++    unsigned char md[SHA_DIGEST_LENGTH];
++
++    ERR_clear_error();
++    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
++    if (memcmp(md,digest,sizeof(md)))
++        return 0;
++    return 1;
++    }
++
++/* SHA256: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_sha256_test()
++    {
++    unsigned char digest[SHA256_DIGEST_LENGTH] =
++	{0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
++	 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
++    unsigned char str[] = "etaonrishd";
++
++    unsigned char md[SHA256_DIGEST_LENGTH];
++
++    ERR_clear_error();
++    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
++    if (memcmp(md,digest,sizeof(md)))
++        return 0;
++    return 1;
++    }
++
++/* SHA512: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_sha512_test()
++    {
++    unsigned char digest[SHA512_DIGEST_LENGTH] =
++	{0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
++	 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
++	 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
++	 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
++    unsigned char str[] = "etaonrishd";
++
++    unsigned char md[SHA512_DIGEST_LENGTH];
++
++    ERR_clear_error();
++    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
++    if (memcmp(md,digest,sizeof(md)))
++        return 0;
++    return 1;
++    }
++
++/* HMAC-SHA1: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_hmac_sha1_test()
++    {
++    unsigned char key[] = "etaonrishd";
++    unsigned char iv[] = "Sample text";
++    unsigned char kaval[EVP_MAX_MD_SIZE] =
++	{0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
++	 0xb2, 0xfb, 0xec, 0xc6};
++
++    unsigned char out[EVP_MAX_MD_SIZE];
++    unsigned int outlen;
++
++    ERR_clear_error();
++    if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
++    if (memcmp(out,kaval,outlen))
++        return 0;
++    return 1;
++    }
++
++/* HMAC-SHA224: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_hmac_sha224_test()
++    {
++    unsigned char key[] = "etaonrishd";
++    unsigned char iv[] = "Sample text";
++    unsigned char kaval[EVP_MAX_MD_SIZE] =
++	{0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
++	 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
++
++    unsigned char out[EVP_MAX_MD_SIZE];
++    unsigned int outlen;
++
++    ERR_clear_error();
++    if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
++    if (memcmp(out,kaval,outlen))
++        return 0;
++    return 1;
++    }
++
++/* HMAC-SHA256: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_hmac_sha256_test()
++    {
++    unsigned char key[] = "etaonrishd";
++    unsigned char iv[] = "Sample text";
++    unsigned char kaval[EVP_MAX_MD_SIZE] =
++	{0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
++	 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
++
++    unsigned char out[EVP_MAX_MD_SIZE];
++    unsigned int outlen;
++
++    ERR_clear_error();
++    if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
++    if (memcmp(out,kaval,outlen))
++        return 0;
++    return 1;
++    }
++
++/* HMAC-SHA384: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_hmac_sha384_test()
++    {
++    unsigned char key[] = "etaonrishd";
++    unsigned char iv[] = "Sample text";
++    unsigned char kaval[EVP_MAX_MD_SIZE] =
++	{0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
++	 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
++	 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
++
++    unsigned char out[EVP_MAX_MD_SIZE];
++    unsigned int outlen;
++
++    ERR_clear_error();
++    if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
++    if (memcmp(out,kaval,outlen))
++        return 0;
++    return 1;
++    }
++
++/* HMAC-SHA512: generate hash of known digest value and compare to known
++   precomputed correct hash
++*/
++static int FIPS_hmac_sha512_test()
++    {
++    unsigned char key[] = "etaonrishd";
++    unsigned char iv[] = "Sample text";
++    unsigned char kaval[EVP_MAX_MD_SIZE] =
++	{0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
++	 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
++	 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
++	 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
++
++    unsigned char out[EVP_MAX_MD_SIZE];
++    unsigned int outlen;
++
++    ERR_clear_error();
++    if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
++    if (memcmp(out,kaval,outlen))
++        return 0;
++    return 1;
++    }
++
++
++/* DH: generate shared parameters
++*/
++static int dh_test()
++    {
++    DH *dh;
++    ERR_clear_error();
++    dh = FIPS_dh_new();
++    if (!dh)
++	return 0;
++    if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
++	return 0;
++    FIPS_dh_free(dh);
++    return 1;
++    }
++
++/* Zeroize
++*/
++static int Zeroize()
++    {
++    RSA *key;
++    BIGNUM *bn;
++    unsigned char userkey[16] = 
++	{ 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
++    int i, n;
++
++    key = FIPS_rsa_new();
++    bn = BN_new();
++    if (!key || !bn)
++	return 0;
++    BN_set_word(bn, 65537);
++    if (!RSA_generate_key_ex(key, 1024,bn,NULL))
++	return 0;
++    BN_free(bn);
++    
++    n = BN_num_bytes(key->d);
++    printf(" Generated %d byte RSA private key\n", n);
++    printf("\tBN key before overwriting:\n");
++    do_bn_print(stdout, key->d);
++    BN_rand(key->d,n*8,-1,0);
++    printf("\tBN key after overwriting:\n");
++    do_bn_print(stdout, key->d);
++
++    printf("\tchar buffer key before overwriting: \n\t\t");
++    for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
++        printf("\n");
++    RAND_bytes(userkey, sizeof userkey);
++    printf("\tchar buffer key after overwriting: \n\t\t");
++    for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
++        printf("\n");
++
++    return 1;
++    }
++
++static int Error;
++const char * Fail(const char *msg)
++    {
++    do_print_errors();
++    Error++;
++    return msg; 
++    }
++
++int main(int argc,char **argv)
++    {
++
++    int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
++    int bad_rsa = 0, bad_dsa = 0;
++    int do_rng_stick = 0;
++    int no_exit = 0;
++
++    printf("\tFIPS-mode test application\n\n");
++
++    /* Load entropy from external file, if any */
++    RAND_load_file(".rnd", 1024);
++
++    if (argv[1]) {
++        /* Corrupted KAT tests */
++        if (!strcmp(argv[1], "aes")) {
++            FIPS_corrupt_aes();
++            printf("AES encryption/decryption with corrupted KAT...\n");
++        } else if (!strcmp(argv[1], "des")) {
++            FIPS_corrupt_des();
++            printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
++        } else if (!strcmp(argv[1], "dsa")) {
++            FIPS_corrupt_dsa();
++            printf("DSA key generation and signature validation with corrupted KAT...\n");
++        } else if (!strcmp(argv[1], "rsa")) {
++            FIPS_corrupt_rsa();
++            printf("RSA key generation and signature validation with corrupted KAT...\n");
++        } else if (!strcmp(argv[1], "rsakey")) {
++            printf("RSA key generation and signature validation with corrupted key...\n");
++	    bad_rsa = 1;
++	    no_exit = 1;
++        } else if (!strcmp(argv[1], "rsakeygen")) {
++	    do_corrupt_rsa_keygen = 1;
++	    no_exit = 1;
++            printf("RSA key generation and signature validation with corrupted keygen...\n");
++        } else if (!strcmp(argv[1], "dsakey")) {
++            printf("DSA key generation and signature validation with corrupted key...\n");
++	    bad_dsa = 1;
++	    no_exit = 1;
++        } else if (!strcmp(argv[1], "dsakeygen")) {
++	    do_corrupt_dsa_keygen = 1;
++	    no_exit = 1;
++            printf("DSA key generation and signature validation with corrupted keygen...\n");
++        } else if (!strcmp(argv[1], "sha1")) {
++            FIPS_corrupt_sha1();
++            printf("SHA-1 hash with corrupted KAT...\n");
++	} else if (!strcmp(argv[1], "rng")) {
++	    FIPS_corrupt_rng();
++	} else if (!strcmp(argv[1], "rngstick")) {
++	    do_rng_stick = 1;
++	    no_exit = 1;
++	    printf("RNG test with stuck continuous test...\n");
++        } else {
++            printf("Bad argument \"%s\"\n", argv[1]);
++            exit(1);
++        }
++	if (!no_exit) {
++        	if (!FIPS_mode_set(1)) {
++ 		    do_print_errors();
++        	    printf("Power-up self test failed\n");
++		    exit(1);
++		}
++        	printf("Power-up self test successful\n");
++        	exit(0);
++	}
++    }
++
++    /* Non-Approved cryptographic operation
++    */
++    printf("1. Non-Approved cryptographic operation test...\n");
++    printf("\ta. Included algorithm (D-H)...");
++    printf( dh_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* Power-up self test
++    */
++    ERR_clear_error();
++    printf("2. Automatic power-up self test...");
++    if (!FIPS_mode_set(1))
++	{
++	do_print_errors();
++        printf(Fail("FAILED!\n"));
++	exit(1);
++	}
++    printf("successful\n");
++    if (do_corrupt_dsa_keygen)
++            FIPS_corrupt_dsa_keygen();
++    if (do_corrupt_rsa_keygen)
++            FIPS_corrupt_rsa_keygen();
++    if (do_rng_stick)
++            FIPS_rng_stick();
++
++    /* AES encryption/decryption
++    */
++    printf("3. AES encryption/decryption...");
++    printf( FIPS_aes_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* RSA key generation and encryption/decryption
++    */
++    printf("4. RSA key generation and encryption/decryption...");
++    printf( FIPS_rsa_test(bad_rsa) ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* DES-CBC encryption/decryption
++    */
++    printf("5. DES-ECB encryption/decryption...");
++    printf( FIPS_des3_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* DSA key generation and signature validation
++    */
++    printf("6. DSA key generation and signature validation...");
++    printf( FIPS_dsa_test(bad_dsa) ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* SHA-1 hash
++    */
++    printf("7a. SHA-1 hash...");
++    printf( FIPS_sha1_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* SHA-256 hash
++    */
++    printf("7b. SHA-256 hash...");
++    printf( FIPS_sha256_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* SHA-512 hash
++    */
++    printf("7c. SHA-512 hash...");
++    printf( FIPS_sha512_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* HMAC-SHA-1 hash
++    */
++    printf("7d. HMAC-SHA-1 hash...");
++    printf( FIPS_hmac_sha1_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* HMAC-SHA-224 hash
++    */
++    printf("7e. HMAC-SHA-224 hash...");
++    printf( FIPS_hmac_sha224_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* HMAC-SHA-256 hash
++    */
++    printf("7f. HMAC-SHA-256 hash...");
++    printf( FIPS_hmac_sha256_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* HMAC-SHA-384 hash
++    */
++    printf("7g. HMAC-SHA-384 hash...");
++    printf( FIPS_hmac_sha384_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* HMAC-SHA-512 hash
++    */
++    printf("7h. HMAC-SHA-512 hash...");
++    printf( FIPS_hmac_sha512_test() ? "successful\n" :  Fail("FAILED!\n") );
++
++    /* Non-Approved cryptographic operation
++    */
++    printf("8. Non-Approved cryptographic operation test...\n");
++    printf("\ta. Included algorithm (D-H)...");
++    printf( dh_test() ? "successful as expected\n"
++	    : Fail("failed INCORRECTLY!\n") );
++
++    /* Zeroization
++    */
++    printf("9. Zero-ization...\n");
++    printf( Zeroize() ? "\tsuccessful as expected\n"
++	    : Fail("\tfailed INCORRECTLY!\n") );
++
++    printf("\nAll tests completed with %d errors\n", Error);
++    return Error ? 1 : 0;
++    }
++
++#endif
+diff -up openssl-1.0.1e/crypto/fips/Makefile.fips openssl-1.0.1e/crypto/fips/Makefile
+--- openssl-1.0.1e/crypto/fips/Makefile.fips	2013-10-04 11:48:04.189694339 +0200
++++ openssl-1.0.1e/crypto/fips/Makefile	2013-10-04 11:48:04.189694339 +0200
+@@ -0,0 +1,340 @@
++#
++# OpenSSL/crypto/fips/Makefile
++#
++
++DIR=	fips
++TOP=	../..
++CC=	cc
++INCLUDES=
++CFLAG=-g
++MAKEFILE=	Makefile
++AR=		ar r
++
++CFLAGS= $(INCLUDES) $(CFLAG)
++
++GENERAL=Makefile
++TEST=fips_test_suite.c fips_randtest.c
++APPS=
++
++PROGRAM= fips_standalone_hmac
++EXE= $(PROGRAM)$(EXE_EXT)
++
++LIB=$(TOP)/libcrypto.a
++LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
++    fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
++    fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
++    fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
++    fips_cmac_selftest.c fips_enc.c fips_md.c
++
++LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
++    fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o  fips_rand.o \
++    fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
++    fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
++    fips_cmac_selftest.o fips_enc.o fips_md.o
++
++LIBCRYPTO=-L.. -lcrypto
++
++SRC= $(LIBSRC) fips_standalone_hmac.c
++
++EXHEADER= fips.h fips_rand.h
++HEADER=	$(EXHEADER)
++
++ALL=    $(GENERAL) $(SRC) $(HEADER)
++
++top:
++	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
++
++all:	lib exe
++
++lib:	$(LIBOBJ)
++	$(AR) $(LIB) $(LIBOBJ)
++	$(RANLIB) $(LIB) || echo Never mind.
++	@touch lib
++
++exe:	$(EXE)
++
++files:
++	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
++
++links:
++	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
++	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
++	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
++
++install:
++	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
++	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
++	do  \
++	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
++	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	done;
++
++tags:
++	ctags $(SRC)
++
++tests:
++
++lint:
++	lint -DLINT $(INCLUDES) $(SRC)>fluff
++
++depend:
++	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
++	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
++
++dclean:
++	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
++	mv -f Makefile.new $(MAKEFILE)
++
++clean:
++	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
++
++$(EXE): $(PROGRAM).o
++	FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
++	$(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
++
++# DO NOT DELETE THIS LINE -- make depend depends on it.
++
++fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
++fips.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
++fips.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
++fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++fips.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
++fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++fips.o: ../../include/openssl/symhacks.h fips.c fips_locl.h
++fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_aes_selftest.o: ../../include/openssl/crypto.h
++fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_aes_selftest.o: ../../include/openssl/lhash.h
++fips_aes_selftest.o: ../../include/openssl/obj_mac.h
++fips_aes_selftest.o: ../../include/openssl/objects.h
++fips_aes_selftest.o: ../../include/openssl/opensslconf.h
++fips_aes_selftest.o: ../../include/openssl/opensslv.h
++fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
++fips_aes_selftest.o: ../../include/openssl/safestack.h
++fips_aes_selftest.o: ../../include/openssl/stack.h
++fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
++fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_des_selftest.o: ../../include/openssl/crypto.h
++fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_des_selftest.o: ../../include/openssl/lhash.h
++fips_des_selftest.o: ../../include/openssl/obj_mac.h
++fips_des_selftest.o: ../../include/openssl/objects.h
++fips_des_selftest.o: ../../include/openssl/opensslconf.h
++fips_des_selftest.o: ../../include/openssl/opensslv.h
++fips_des_selftest.o: ../../include/openssl/ossl_typ.h
++fips_des_selftest.o: ../../include/openssl/safestack.h
++fips_des_selftest.o: ../../include/openssl/stack.h
++fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
++fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
++fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
++fips_drbg_ctr.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
++fips_drbg_ctr.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
++fips_drbg_ctr.o: ../../include/openssl/objects.h
++fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
++fips_drbg_ctr.o: ../../include/openssl/opensslv.h
++fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
++fips_drbg_ctr.o: ../../include/openssl/safestack.h
++fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
++fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
++fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
++fips_drbg_hash.o: ../../include/openssl/fips.h
++fips_drbg_hash.o: ../../include/openssl/fips_rand.h
++fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
++fips_drbg_hash.o: ../../include/openssl/objects.h
++fips_drbg_hash.o: ../../include/openssl/opensslconf.h
++fips_drbg_hash.o: ../../include/openssl/opensslv.h
++fips_drbg_hash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
++fips_drbg_hash.o: ../../include/openssl/safestack.h
++fips_drbg_hash.o: ../../include/openssl/stack.h
++fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
++fips_drbg_hash.o: fips_rand_lcl.h
++fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
++fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
++fips_drbg_hmac.o: ../../include/openssl/fips.h
++fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
++fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
++fips_drbg_hmac.o: ../../include/openssl/objects.h
++fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
++fips_drbg_hmac.o: ../../include/openssl/opensslv.h
++fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
++fips_drbg_hmac.o: ../../include/openssl/safestack.h
++fips_drbg_hmac.o: ../../include/openssl/stack.h
++fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
++fips_drbg_hmac.o: fips_rand_lcl.h
++fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
++fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_drbg_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
++fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
++fips_drbg_lib.o: ../../include/openssl/objects.h
++fips_drbg_lib.o: ../../include/openssl/opensslconf.h
++fips_drbg_lib.o: ../../include/openssl/opensslv.h
++fips_drbg_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
++fips_drbg_lib.o: ../../include/openssl/safestack.h
++fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++fips_drbg_lib.o: fips_drbg_lib.c fips_locl.h fips_rand_lcl.h
++fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
++fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_drbg_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_drbg_rand.o: ../../include/openssl/fips_rand.h
++fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
++fips_drbg_rand.o: ../../include/openssl/obj_mac.h
++fips_drbg_rand.o: ../../include/openssl/objects.h
++fips_drbg_rand.o: ../../include/openssl/opensslconf.h
++fips_drbg_rand.o: ../../include/openssl/opensslv.h
++fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
++fips_drbg_rand.o: ../../include/openssl/safestack.h
++fips_drbg_rand.o: ../../include/openssl/stack.h
++fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
++fips_drbg_rand.o: fips_rand_lcl.h
++fips_drbg_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_drbg_selftest.o: ../../include/openssl/bio.h
++fips_drbg_selftest.o: ../../include/openssl/crypto.h
++fips_drbg_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_drbg_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_drbg_selftest.o: ../../include/openssl/fips_rand.h
++fips_drbg_selftest.o: ../../include/openssl/hmac.h
++fips_drbg_selftest.o: ../../include/openssl/lhash.h
++fips_drbg_selftest.o: ../../include/openssl/obj_mac.h
++fips_drbg_selftest.o: ../../include/openssl/objects.h
++fips_drbg_selftest.o: ../../include/openssl/opensslconf.h
++fips_drbg_selftest.o: ../../include/openssl/opensslv.h
++fips_drbg_selftest.o: ../../include/openssl/ossl_typ.h
++fips_drbg_selftest.o: ../../include/openssl/rand.h
++fips_drbg_selftest.o: ../../include/openssl/safestack.h
++fips_drbg_selftest.o: ../../include/openssl/stack.h
++fips_drbg_selftest.o: ../../include/openssl/symhacks.h fips_drbg_selftest.c
++fips_drbg_selftest.o: fips_drbg_selftest.h fips_locl.h fips_rand_lcl.h
++fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
++fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
++fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
++fips_dsa_selftest.o: ../../include/openssl/objects.h
++fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
++fips_dsa_selftest.o: ../../include/openssl/opensslv.h
++fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
++fips_dsa_selftest.o: ../../include/openssl/safestack.h
++fips_dsa_selftest.o: ../../include/openssl/stack.h
++fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
++fips_dsa_selftest.o: fips_locl.h
++fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_hmac_selftest.o: ../../include/openssl/crypto.h
++fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_hmac_selftest.o: ../../include/openssl/hmac.h
++fips_hmac_selftest.o: ../../include/openssl/lhash.h
++fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
++fips_hmac_selftest.o: ../../include/openssl/objects.h
++fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
++fips_hmac_selftest.o: ../../include/openssl/opensslv.h
++fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
++fips_hmac_selftest.o: ../../include/openssl/safestack.h
++fips_hmac_selftest.o: ../../include/openssl/stack.h
++fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
++fips_post.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_post.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
++fips_post.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
++fips_post.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_post.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
++fips_post.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
++fips_post.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++fips_post.o: ../../include/openssl/opensslconf.h
++fips_post.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++fips_post.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
++fips_post.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++fips_post.o: ../../include/openssl/symhacks.h fips_locl.h fips_post.c
++fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
++fips_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
++fips_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
++fips_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
++fips_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++fips_rand.o: ../../include/openssl/opensslconf.h
++fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
++fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
++fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++fips_rand.o: fips_locl.h fips_rand.c
++fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
++fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
++fips_rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++fips_rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
++fips_rand_lib.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
++fips_rand_lib.o: ../../include/openssl/obj_mac.h
++fips_rand_lib.o: ../../include/openssl/objects.h
++fips_rand_lib.o: ../../include/openssl/opensslconf.h
++fips_rand_lib.o: ../../include/openssl/opensslv.h
++fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
++fips_rand_lib.o: ../../include/openssl/safestack.h
++fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++fips_rand_lib.o: fips_rand_lib.c
++fips_rand_selftest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
++fips_rand_selftest.o: ../../include/openssl/bio.h
++fips_rand_selftest.o: ../../include/openssl/crypto.h
++fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_rand_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_rand_selftest.o: ../../include/openssl/fips_rand.h
++fips_rand_selftest.o: ../../include/openssl/hmac.h
++fips_rand_selftest.o: ../../include/openssl/lhash.h
++fips_rand_selftest.o: ../../include/openssl/obj_mac.h
++fips_rand_selftest.o: ../../include/openssl/objects.h
++fips_rand_selftest.o: ../../include/openssl/opensslconf.h
++fips_rand_selftest.o: ../../include/openssl/opensslv.h
++fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
++fips_rand_selftest.o: ../../include/openssl/rand.h
++fips_rand_selftest.o: ../../include/openssl/safestack.h
++fips_rand_selftest.o: ../../include/openssl/stack.h
++fips_rand_selftest.o: ../../include/openssl/symhacks.h fips_locl.h
++fips_rand_selftest.o: fips_rand_selftest.c
++fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_rsa_selftest.o: ../../include/openssl/lhash.h
++fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
++fips_rsa_selftest.o: ../../include/openssl/objects.h
++fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
++fips_rsa_selftest.o: ../../include/openssl/opensslv.h
++fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
++fips_rsa_selftest.o: ../../include/openssl/rsa.h
++fips_rsa_selftest.o: ../../include/openssl/safestack.h
++fips_rsa_selftest.o: ../../include/openssl/stack.h
++fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
++fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
++fips_rsa_x931g.o: ../../include/openssl/opensslconf.h
++fips_rsa_x931g.o: ../../include/openssl/opensslv.h
++fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
++fips_rsa_x931g.o: ../../include/openssl/safestack.h
++fips_rsa_x931g.o: ../../include/openssl/stack.h
++fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c
++fips_sha_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++fips_sha_selftest.o: ../../include/openssl/crypto.h
++fips_sha_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++fips_sha_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
++fips_sha_selftest.o: ../../include/openssl/lhash.h
++fips_sha_selftest.o: ../../include/openssl/obj_mac.h
++fips_sha_selftest.o: ../../include/openssl/objects.h
++fips_sha_selftest.o: ../../include/openssl/opensslconf.h
++fips_sha_selftest.o: ../../include/openssl/opensslv.h
++fips_sha_selftest.o: ../../include/openssl/ossl_typ.h
++fips_sha_selftest.o: ../../include/openssl/safestack.h
++fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
+diff -up openssl-1.0.1e/crypto/hmac/hmac.c.fips openssl-1.0.1e/crypto/hmac/hmac.c
+--- openssl-1.0.1e/crypto/hmac/hmac.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/hmac/hmac.c	2013-10-04 11:48:04.189694339 +0200
+@@ -81,11 +81,6 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
+ 			EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
+ 			return 0;
+ 			}
+-		/* Other algorithm blocking will be done in FIPS_cmac_init,
+-		 * via FIPS_hmac_init_ex().
+-		 */
+-		if (!impl && !ctx->i_ctx.engine)
+-			return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
+ 		}
+ #endif
+ 
+@@ -99,6 +94,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
+ 
+ 	if (key != NULL)
+ 		{
++#ifdef OPENSSL_FIPS
++		if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
++		&& (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
++		 || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
++		 || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
++			goto err;
++#endif
+ 		reset=1;
+ 		j=EVP_MD_block_size(md);
+ 		OPENSSL_assert(j <= (int)sizeof(ctx->key));
+@@ -155,10 +157,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void
+ 
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !ctx->i_ctx.engine)
+-		return FIPS_hmac_update(ctx, data, len);
+-#endif
+ 	return EVP_DigestUpdate(&ctx->md_ctx,data,len);
+ 	}
+ 
+@@ -166,10 +164,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned c
+ 	{
+ 	unsigned int i;
+ 	unsigned char buf[EVP_MAX_MD_SIZE];
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !ctx->i_ctx.engine)
+-		return FIPS_hmac_final(ctx, md, len);
+-#endif
+ 
+ 	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
+ 		goto err;
+@@ -209,13 +203,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_C
+ 
+ void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+ 	{
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !ctx->i_ctx.engine)
+-		{
+-		FIPS_hmac_ctx_cleanup(ctx);
+-		return;
+-		}
+-#endif
+ 	EVP_MD_CTX_cleanup(&ctx->i_ctx);
+ 	EVP_MD_CTX_cleanup(&ctx->o_ctx);
+ 	EVP_MD_CTX_cleanup(&ctx->md_ctx);
+diff -up openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.1e/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.1e/crypto/mdc2/mdc2dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/mdc2/mdc2dgst.c	2013-10-04 11:48:04.189694339 +0200
+@@ -76,7 +76,7 @@
+ 			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
+ 
+ static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+-fips_md_init(MDC2)
++nonfips_md_init(MDC2)
+ 	{
+ 	c->num=0;
+ 	c->pad_type=1;
+diff -up openssl-1.0.1e/crypto/md2/md2_dgst.c.fips openssl-1.0.1e/crypto/md2/md2_dgst.c
+--- openssl-1.0.1e/crypto/md2/md2_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/md2/md2_dgst.c	2013-10-04 11:48:04.189694339 +0200
+@@ -62,6 +62,11 @@
+ #include <openssl/md2.h>
+ #include <openssl/opensslv.h>
+ #include <openssl/crypto.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
++#include <openssl/err.h>
+ 
+ const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
+ 
+@@ -116,7 +121,7 @@ const char *MD2_options(void)
+ 		return("md2(int)");
+ 	}
+ 
+-fips_md_init(MD2)
++nonfips_md_init(MD2)
+ 	{
+ 	c->num=0;
+ 	memset(c->state,0,sizeof c->state);
+diff -up openssl-1.0.1e/crypto/md4/md4_dgst.c.fips openssl-1.0.1e/crypto/md4/md4_dgst.c
+--- openssl-1.0.1e/crypto/md4/md4_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/md4/md4_dgst.c	2013-10-04 11:48:04.190694362 +0200
+@@ -71,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_V
+ #define INIT_DATA_C (unsigned long)0x98badcfeL
+ #define INIT_DATA_D (unsigned long)0x10325476L
+ 
+-fips_md_init(MD4)
++nonfips_md_init(MD4)
+ 	{
+ 	memset (c,0,sizeof(*c));
+ 	c->A=INIT_DATA_A;
+diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.fips openssl-1.0.1e/crypto/md5/md5_dgst.c
+--- openssl-1.0.1e/crypto/md5/md5_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/md5/md5_dgst.c	2013-10-04 11:48:04.190694362 +0200
+@@ -71,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_V
+ #define INIT_DATA_C (unsigned long)0x98badcfeL
+ #define INIT_DATA_D (unsigned long)0x10325476L
+ 
+-fips_md_init(MD5)
++nonfips_md_init(MD5)
+ 	{
+ 	memset (c,0,sizeof(*c));
+ 	c->A=INIT_DATA_A;
+diff -up openssl-1.0.1e/crypto/o_fips.c.fips openssl-1.0.1e/crypto/o_fips.c
+--- openssl-1.0.1e/crypto/o_fips.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/o_fips.c	2013-10-04 11:48:04.190694362 +0200
+@@ -79,6 +79,8 @@ int FIPS_mode_set(int r)
+ #ifndef FIPS_AUTH_USER_PASS
+ #define FIPS_AUTH_USER_PASS	"Default FIPS Crypto User Password"
+ #endif
++	if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
++		return 1;
+ 	if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
+ 		return 0;
+ 	if (r)
+diff -up openssl-1.0.1e/crypto/o_init.c.fips openssl-1.0.1e/crypto/o_init.c
+--- openssl-1.0.1e/crypto/o_init.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/o_init.c	2013-10-04 11:48:04.190694362 +0200
+@@ -55,28 +55,68 @@
+ #include <e_os.h>
+ #include <openssl/err.h>
+ #ifdef OPENSSL_FIPS
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++#include <unistd.h>
++#include <errno.h>
++#include <stdlib.h>
+ #include <openssl/fips.h>
+ #include <openssl/rand.h>
++
++#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
++
++static void init_fips_mode(void)
++	{
++	char buf[2] = "0";
++	int fd;
++	
++	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
++		{
++		buf[0] = '1';
++		}
++	else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
++		{
++		while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
++		close(fd);
++		}
++	/* Failure reading the fips mode switch file means just not
++	 * switching into FIPS mode. We would break too many things
++	 * otherwise. 
++	 */
++	
++	if (buf[0] == '1')
++		{
++		FIPS_mode_set(1);
++		}
++	}
+ #endif
+ 
+ /* Perform any essential OpenSSL initialization operations.
+  * Currently only sets FIPS callbacks
+  */
+ 
+-void OPENSSL_init(void)
++void OPENSSL_init_library(void)
+ 	{
+ 	static int done = 0;
+ 	if (done)
+ 		return;
+ 	done = 1;
+ #ifdef OPENSSL_FIPS
+-	FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
+-	FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
+-	FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
+ 	RAND_init_fips();
++	init_fips_mode();
++	if (!FIPS_mode())
++		{
++		/* Clean up prematurely set default rand method */
++		RAND_set_rand_method(NULL);
++		}
+ #endif
+ #if 0
+ 	fprintf(stderr, "Called OPENSSL_init\n");
+ #endif
+ 	}
+ 
++void OPENSSL_init(void)
++	{
++	OPENSSL_init_library();
++	}
+diff -up openssl-1.0.1e/crypto/opensslconf.h.in.fips openssl-1.0.1e/crypto/opensslconf.h.in
+--- openssl-1.0.1e/crypto/opensslconf.h.in.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/opensslconf.h.in	2013-10-04 11:48:04.190694362 +0200
+@@ -1,5 +1,20 @@
+ /* crypto/opensslconf.h.in */
+ 
++#ifdef OPENSSL_DOING_MAKEDEPEND
++
++/* Include any symbols here that have to be explicitly set to enable a feature
++ * that should be visible to makedepend.
++ *
++ * [Our "make depend" doesn't actually look at this, we use actual build settings
++ * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
++ */
++
++#ifndef OPENSSL_FIPS
++#define OPENSSL_FIPS
++#endif
++
++#endif
++
+ /* Generate 80386 code? */
+ #undef I386_ONLY
+ 
+diff -up openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips openssl-1.0.1e/crypto/pkcs12/p12_crt.c
+--- openssl-1.0.1e/crypto/pkcs12/p12_crt.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/pkcs12/p12_crt.c	2013-10-04 11:48:04.190694362 +0200
+@@ -59,6 +59,10 @@
+ #include <stdio.h>
+ #include "cryptlib.h"
+ #include <openssl/pkcs12.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+ 
+ 
+ static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
+@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *
+ 
+ 	/* Set defaults */
+ 	if (!nid_cert)
++		{
++#ifdef OPENSSL_FIPS
++		if (FIPS_mode())
++			nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
++		else
++#endif
+ 		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
++		}
+ 	if (!nid_key)
+ 		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ 	if (!iter)
+diff -up openssl-1.0.1e/crypto/rand/md_rand.c.fips openssl-1.0.1e/crypto/rand/md_rand.c
+--- openssl-1.0.1e/crypto/rand/md_rand.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rand/md_rand.c	2013-10-04 11:48:04.190694362 +0200
+@@ -389,7 +389,10 @@ static int ssleay_rand_bytes(unsigned ch
+ 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+ 	crypto_lock_rand = 1;
+ 
+-	if (!initialized)
++	/* always poll for external entropy in FIPS mode, drbg provides the 
++	 * expansion
++	 */
++	if (!initialized || FIPS_module_mode()) 
+ 		{
+ 		RAND_poll();
+ 		initialized = 1;
+diff -up openssl-1.0.1e/crypto/rand/rand.h.fips openssl-1.0.1e/crypto/rand/rand.h
+--- openssl-1.0.1e/crypto/rand/rand.h.fips	2013-10-04 11:48:03.945688829 +0200
++++ openssl-1.0.1e/crypto/rand/rand.h	2013-10-04 11:48:04.190694362 +0200
+@@ -133,15 +133,33 @@ void ERR_load_RAND_strings(void);
+ /* Error codes for the RAND functions. */
+ 
+ /* Function codes. */
++#define RAND_F_ENG_RAND_GET_RAND_METHOD			 108
++#define RAND_F_FIPS_RAND				 103
++#define RAND_F_FIPS_RAND_BYTES				 102
++#define RAND_F_FIPS_RAND_SET_DT				 106
++#define RAND_F_FIPS_X931_SET_DT				 106
++#define RAND_F_FIPS_SET_DT				 104
++#define RAND_F_FIPS_SET_PRNG_SEED			 107
++#define RAND_F_FIPS_SET_TEST_MODE			 105
+ #define RAND_F_RAND_GET_RAND_METHOD			 101
+-#define RAND_F_RAND_INIT_FIPS				 102
++#define RAND_F_RAND_INIT_FIPS				 109
+ #define RAND_F_SSLEAY_RAND_BYTES			 100
+ 
+ /* Reason codes. */
+-#define RAND_R_ERROR_INITIALISING_DRBG			 102
+-#define RAND_R_ERROR_INSTANTIATING_DRBG			 103
+-#define RAND_R_NO_FIPS_RANDOM_METHOD_SET		 101
++#define RAND_R_ERROR_INITIALISING_DRBG			 112
++#define RAND_R_ERROR_INSTANTIATING_DRBG			 113
++#define RAND_R_NON_FIPS_METHOD				 105
++#define RAND_R_NOT_IN_TEST_MODE				 106
++#define RAND_R_NO_FIPS_RANDOM_METHOD_SET		 111
++#define RAND_R_NO_KEY_SET				 107
++#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH			 101
++#define RAND_R_PRNG_ERROR				 108
++#define RAND_R_PRNG_KEYED				 109
++#define RAND_R_PRNG_NOT_REKEYED				 102
++#define RAND_R_PRNG_NOT_RESEEDED			 103
+ #define RAND_R_PRNG_NOT_SEEDED				 100
++#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY		 110
++#define RAND_R_PRNG_STUCK				 104
+ 
+ #ifdef  __cplusplus
+ }
+diff -up openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.1e/crypto/ripemd/rmd_dgst.c
+--- openssl-1.0.1e/crypto/ripemd/rmd_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/ripemd/rmd_dgst.c	2013-10-04 11:48:04.191694385 +0200
+@@ -70,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160"
+      void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
+ #  endif
+ 
+-fips_md_init(RIPEMD160)
++nonfips_md_init(RIPEMD160)
+ 	{
+ 	memset (c,0,sizeof(*c));
+ 	c->A=RIPEMD160_A;
+diff -up openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips openssl-1.0.1e/crypto/rsa/rsa_crpt.c
+--- openssl-1.0.1e/crypto/rsa/rsa_crpt.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_crpt.c	2013-10-04 11:48:04.191694385 +0200
+@@ -90,10 +90,9 @@ int RSA_private_encrypt(int flen, const
+ 	     RSA *rsa, int padding)
+ 	{
+ #ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
++	if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ 		{
+-		RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
++		RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ 		return -1;
+ 		}
+ #endif
+@@ -118,10 +117,9 @@ int RSA_public_decrypt(int flen, const u
+ 	     RSA *rsa, int padding)
+ 	{
+ #ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
++	if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ 		{
+-		RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
++		RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ 		return -1;
+ 		}
+ #endif
+diff -up openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips openssl-1.0.1e/crypto/rsa/rsa_eay.c
+--- openssl-1.0.1e/crypto/rsa/rsa_eay.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_eay.c	2013-10-04 11:48:04.191694385 +0200
+@@ -114,6 +114,10 @@
+ #include <openssl/bn.h>
+ #include <openssl/rsa.h>
+ #include <openssl/rand.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+ #ifndef RSA_NULL
+ 
+@@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
+ 	BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
+ 	RSA_eay_init,
+ 	RSA_eay_finish,
+-	0, /* flags */
++	RSA_FLAG_FIPS_METHOD, /* flags */
+ 	NULL,
+ 	0, /* rsa_sign */
+ 	0, /* rsa_verify */
+@@ -158,6 +162,24 @@ static int RSA_eay_public_encrypt(int fl
+ 	unsigned char *buf=NULL;
+ 	BN_CTX *ctx=NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if(FIPS_mode())
++		{
++		if (FIPS_selftest_failed())
++			{
++			FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
++			goto err;
++			}
++
++		if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
++			&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
++			{
++			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
++			return -1;
++			}
++		}
++#endif
++
+ 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+ 		{
+ 		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+@@ -361,6 +383,24 @@ static int RSA_eay_private_encrypt(int f
+ 	BIGNUM *unblind = NULL;
+ 	BN_BLINDING *blinding = NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode())
++		{
++		if(FIPS_selftest_failed())
++			{
++			FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
++			return -1;
++			}
++
++		if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
++			&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
++			{
++			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
++			return -1;
++			}
++		}
++#endif
++
+ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+ 	BN_CTX_start(ctx);
+ 	f   = BN_CTX_get(ctx);
+@@ -504,6 +544,24 @@ static int RSA_eay_private_decrypt(int f
+ 	BIGNUM *unblind = NULL;
+ 	BN_BLINDING *blinding = NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode())
++		{
++		if(FIPS_selftest_failed())
++			{
++			FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
++			return -1;
++			}
++
++		if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
++			&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
++			{
++			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
++			return -1;
++			}
++		}
++#endif
++
+ 	if((ctx = BN_CTX_new()) == NULL) goto err;
+ 	BN_CTX_start(ctx);
+ 	f   = BN_CTX_get(ctx);
+@@ -639,6 +697,24 @@ static int RSA_eay_public_decrypt(int fl
+ 	unsigned char *buf=NULL;
+ 	BN_CTX *ctx=NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode())
++		{
++		if(FIPS_selftest_failed())
++			{
++			FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
++			goto err;
++			}
++
++		if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
++			&& (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
++			{
++			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
++			return -1;
++			}
++		}
++#endif
++
+ 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+ 		{
+ 		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+@@ -897,6 +973,9 @@ err:
+ 
+ static int RSA_eay_init(RSA *rsa)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
+ 	return(1);
+ 	}
+diff -up openssl-1.0.1e/crypto/rsa/rsa_err.c.fips openssl-1.0.1e/crypto/rsa/rsa_err.c
+--- openssl-1.0.1e/crypto/rsa/rsa_err.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_err.c	2013-10-04 11:48:04.191694385 +0200
+@@ -121,6 +121,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
+ {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),	"RSA_public_encrypt"},
+ {ERR_FUNC(RSA_F_RSA_PUB_DECODE),	"RSA_PUB_DECODE"},
+ {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),	"RSA_setup_blinding"},
++{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD),	"RSA_set_default_method"},
++{ERR_FUNC(RSA_F_RSA_SET_METHOD),	"RSA_set_method"},
+ {ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},
+ {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},
+ {ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
+diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips openssl-1.0.1e/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_gen.c	2013-10-04 11:48:04.191694385 +0200
+@@ -69,6 +69,78 @@
+ #include <openssl/rsa.h>
+ #ifdef OPENSSL_FIPS
+ #include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++
++static int fips_rsa_pairwise_fail = 0;
++
++void FIPS_corrupt_rsa_keygen(void)
++	{
++	fips_rsa_pairwise_fail = 1;
++	}
++
++int fips_check_rsa(RSA *rsa)
++	{
++	const unsigned char tbs[] = "RSA Pairwise Check Data";
++	unsigned char *ctbuf = NULL, *ptbuf = NULL;
++	int len, ret = 0;
++	EVP_PKEY *pk;
++
++	if ((pk=EVP_PKEY_new()) == NULL)
++		goto err;
++
++	EVP_PKEY_set1_RSA(pk, rsa);
++
++	/* Perform pairwise consistency signature test */
++	if (!fips_pkey_signature_test(pk, tbs, -1,
++			NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
++		|| !fips_pkey_signature_test(pk, tbs, -1,
++			NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
++		|| !fips_pkey_signature_test(pk, tbs, -1,
++			NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
++		goto err;
++	/* Now perform pairwise consistency encrypt/decrypt test */
++	ctbuf = OPENSSL_malloc(RSA_size(rsa));
++	if (!ctbuf)
++		goto err;
++
++	len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
++	if (len <= 0)
++		goto err;
++	/* Check ciphertext doesn't match plaintext */
++	if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
++		goto err;
++	ptbuf = OPENSSL_malloc(RSA_size(rsa));
++
++	if (!ptbuf)
++		goto err;
++	len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
++	if (len != (sizeof(tbs) - 1))
++		goto err;
++	if (memcmp(ptbuf, tbs, len))
++		goto err;
++
++	ret = 1;
++
++	if (!ptbuf)
++		goto err;
++	
++	err:
++	if (ret == 0)
++		{
++		fips_set_selftest_fail();
++		FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
++		}
++
++	if (ctbuf)
++		OPENSSL_free(ctbuf);
++	if (ptbuf)
++		OPENSSL_free(ptbuf);
++	if (pk)
++		EVP_PKEY_free(pk);
++
++	return ret;
++	}
+ #endif
+ 
+ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
+@@ -81,7 +153,7 @@ static int rsa_builtin_keygen(RSA *rsa,
+ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+ 	{
+ #ifdef OPENSSL_FIPS
+-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
++	if (FIPS_module_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ 			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ 		{
+ 		RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+@@ -90,10 +162,6 @@ int RSA_generate_key_ex(RSA *rsa, int bi
+ #endif
+ 	if(rsa->meth->rsa_keygen)
+ 		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+-#ifdef OPENSSL_FIPS
+-	if (FIPS_mode())
+-		return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+-#endif
+ 	return rsa_builtin_keygen(rsa, bits, e_value, cb);
+ 	}
+ 
+@@ -105,6 +173,23 @@ static int rsa_builtin_keygen(RSA *rsa,
+ 	int bitsp,bitsq,ok= -1,n=0;
+ 	BN_CTX *ctx=NULL;
+ 
++#ifdef OPENSSL_FIPS
++	if (FIPS_module_mode())
++		{
++		if(FIPS_selftest_failed())
++	    	{
++		    FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
++	    	return 0;
++	    	}
++
++		if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
++		    {
++		    FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
++		    return 0;
++		    }
++		}
++#endif
++
+ 	ctx=BN_CTX_new();
+ 	if (ctx == NULL) goto err;
+ 	BN_CTX_start(ctx);
+@@ -216,6 +301,17 @@ static int rsa_builtin_keygen(RSA *rsa,
+ 		p = rsa->p;
+ 	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
+ 
++#ifdef OPENSSL_FIPS
++	if (FIPS_module_mode())
++		{
++		if (fips_rsa_pairwise_fail)
++			BN_add_word(rsa->n, 1);
++
++		if(!fips_check_rsa(rsa))
++		    goto err;
++		}
++#endif
++
+ 	ok=1;
+ err:
+ 	if (ok == -1)
+diff -up openssl-1.0.1e/crypto/rsa/rsa.h.fips openssl-1.0.1e/crypto/rsa/rsa.h
+--- openssl-1.0.1e/crypto/rsa/rsa.h.fips	2013-10-04 11:48:04.075691765 +0200
++++ openssl-1.0.1e/crypto/rsa/rsa.h	2013-10-04 11:48:04.192694407 +0200
+@@ -164,6 +164,8 @@ struct rsa_st
+ # define OPENSSL_RSA_MAX_MODULUS_BITS	16384
+ #endif
+ 
++#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
++
+ #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+ # define OPENSSL_RSA_SMALL_MODULUS_BITS	3072
+ #endif
+@@ -290,6 +292,11 @@ RSA *	RSA_generate_key(int bits, unsigne
+ 
+ /* New version */
+ int	RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
++int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
++			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
++			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
++			const BIGNUM *e, BN_GENCB *cb);
++int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
+ 
+ int	RSA_check_key(const RSA *);
+ 	/* next 4 return -1 on error */
+@@ -487,7 +494,7 @@ void ERR_load_RSA_strings(void);
+ #define RSA_F_RSA_PADDING_ADD_NONE			 107
+ #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
+ #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125
+-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1		 148
++#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1		 158
+ #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
+ #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
+ #define RSA_F_RSA_PADDING_ADD_SSLV23			 110
+@@ -500,20 +507,22 @@ void ERR_load_RSA_strings(void);
+ #define RSA_F_RSA_PADDING_CHECK_X931			 128
+ #define RSA_F_RSA_PRINT					 115
+ #define RSA_F_RSA_PRINT_FP				 116
+-#define RSA_F_RSA_PRIVATE_DECRYPT			 150
+-#define RSA_F_RSA_PRIVATE_ENCRYPT			 151
++#define RSA_F_RSA_PRIVATE_DECRYPT			 157
++#define RSA_F_RSA_PRIVATE_ENCRYPT			 148
+ #define RSA_F_RSA_PRIV_DECODE				 137
+ #define RSA_F_RSA_PRIV_ENCODE				 138
+-#define RSA_F_RSA_PUBLIC_DECRYPT			 152
++#define RSA_F_RSA_PUBLIC_DECRYPT			 149
+ #define RSA_F_RSA_PUBLIC_ENCRYPT			 153
+ #define RSA_F_RSA_PUB_DECODE				 139
+ #define RSA_F_RSA_SETUP_BLINDING			 136
++#define RSA_F_RSA_SET_DEFAULT_METHOD			 150
++#define RSA_F_RSA_SET_METHOD				 151
+ #define RSA_F_RSA_SIGN					 117
+ #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
+ #define RSA_F_RSA_VERIFY				 119
+ #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
+ #define RSA_F_RSA_VERIFY_PKCS1_PSS			 126
+-#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1			 149
++#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1			 152
+ 
+ /* Reason codes. */
+ #define RSA_R_ALGORITHM_MISMATCH			 100
+@@ -542,21 +551,22 @@ void ERR_load_RSA_strings(void);
+ #define RSA_R_INVALID_MGF1_MD				 156
+ #define RSA_R_INVALID_PADDING				 138
+ #define RSA_R_INVALID_PADDING_MODE			 141
+-#define RSA_R_INVALID_PSS_PARAMETERS			 149
++#define RSA_R_INVALID_PSS_PARAMETERS			 157
+ #define RSA_R_INVALID_PSS_SALTLEN			 146
+-#define RSA_R_INVALID_SALT_LENGTH			 150
++#define RSA_R_INVALID_SALT_LENGTH			 158
+ #define RSA_R_INVALID_TRAILER				 139
+ #define RSA_R_INVALID_X931_DIGEST			 142
+ #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
+ #define RSA_R_KEY_SIZE_TOO_SMALL			 120
+ #define RSA_R_LAST_OCTET_INVALID			 134
+ #define RSA_R_MODULUS_TOO_LARGE				 105
+-#define RSA_R_NON_FIPS_RSA_METHOD			 157
++#define RSA_R_NON_FIPS_RSA_METHOD			 149
++#define RSA_R_NON_FIPS_METHOD				 149
+ #define RSA_R_NO_PUBLIC_EXPONENT			 140
+ #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+ #define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
+ #define RSA_R_OAEP_DECODING_ERROR			 121
+-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 158
++#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 150
+ #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
+ #define RSA_R_PADDING_CHECK_FAILED			 114
+ #define RSA_R_P_NOT_PRIME				 128
+diff -up openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips openssl-1.0.1e/crypto/rsa/rsa_lib.c
+--- openssl-1.0.1e/crypto/rsa/rsa_lib.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_lib.c	2013-10-04 11:48:04.192694407 +0200
+@@ -84,6 +84,13 @@ RSA *RSA_new(void)
+ 
+ void RSA_set_default_method(const RSA_METHOD *meth)
+ 	{
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
++		{
++		RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
++		return;
++		}
++#endif
+ 	default_RSA_meth = meth;
+ 	}
+ 
+@@ -91,18 +98,11 @@ const RSA_METHOD *RSA_get_default_method
+ 	{
+ 	if (default_RSA_meth == NULL)
+ 		{
+-#ifdef OPENSSL_FIPS
+-		if (FIPS_mode())
+-			return FIPS_rsa_pkcs1_ssleay();
+-		else
+-			return RSA_PKCS1_SSLeay();
+-#else
+ #ifdef RSA_NULL
+ 		default_RSA_meth=RSA_null_method();
+ #else
+ 		default_RSA_meth=RSA_PKCS1_SSLeay();
+ #endif
+-#endif
+ 		}
+ 
+ 	return default_RSA_meth;
+@@ -118,6 +118,13 @@ int RSA_set_method(RSA *rsa, const RSA_M
+ 	/* NB: The caller is specifically setting a method, so it's not up to us
+ 	 * to deal with which ENGINE it comes from. */
+ 	const RSA_METHOD *mtmp;
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
++		{
++		RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
++		return 0;
++		}
++#endif
+ 	mtmp = rsa->meth;
+ 	if (mtmp->finish) mtmp->finish(rsa);
+ #ifndef OPENSSL_NO_ENGINE
+@@ -170,6 +177,18 @@ RSA *RSA_new_method(ENGINE *engine)
+ 			}
+ 		}
+ #endif
++#ifdef OPENSSL_FIPS
++	if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
++		{
++		RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
++#ifndef OPENSSL_NO_ENGINE
++		if (ret->engine)
++			ENGINE_finish(ret->engine);
++#endif
++		OPENSSL_free(ret);
++		return NULL;
++		}
++#endif
+ 
+ 	ret->pad=0;
+ 	ret->version=0;
+@@ -188,7 +207,7 @@ RSA *RSA_new_method(ENGINE *engine)
+ 	ret->blinding=NULL;
+ 	ret->mt_blinding=NULL;
+ 	ret->bignum_data=NULL;
+-	ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
++	ret->flags=ret->meth->flags;
+ 	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+ 		{
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips openssl-1.0.1e/crypto/rsa/rsa_pmeth.c
+--- openssl-1.0.1e/crypto/rsa/rsa_pmeth.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_pmeth.c	2013-10-04 11:48:04.192694407 +0200
+@@ -206,22 +206,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *c
+ 					RSA_R_INVALID_DIGEST_LENGTH);
+ 			return -1;
+ 			}
+-#ifdef OPENSSL_FIPS
+-		if (ret > 0)
+-			{
+-			unsigned int slen;
+-			ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
+-							rctx->pad_mode,
+-							rctx->saltlen,
+-							rctx->mgf1md,
+-							sig, &slen);
+-			if (ret > 0)
+-				*siglen = slen;
+-			else
+-				*siglen = 0;
+-			return ret;
+-			}
+-#endif
+ 
+ 		if (EVP_MD_type(rctx->md) == NID_mdc2)
+ 			{
+@@ -354,19 +338,6 @@ static int pkey_rsa_verify(EVP_PKEY_CTX
+ #endif
+ 	if (rctx->md)
+ 		{
+-#ifdef OPENSSL_FIPS
+-		if (rv > 0)
+-			{
+-			return FIPS_rsa_verify_digest(rsa,
+-							tbs, tbslen,
+-							rctx->md,
+-							rctx->pad_mode,
+-							rctx->saltlen,
+-							rctx->mgf1md,
+-							sig, siglen);
+-							
+-			}
+-#endif
+ 		if (rctx->pad_mode == RSA_PKCS1_PADDING)
+ 			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+ 					sig, siglen, rsa);
+diff -up openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips openssl-1.0.1e/crypto/rsa/rsa_sign.c
+--- openssl-1.0.1e/crypto/rsa/rsa_sign.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_sign.c	2013-10-04 11:48:04.192694407 +0200
+@@ -138,7 +138,8 @@ int RSA_sign(int type, const unsigned ch
+ 		i2d_X509_SIG(&sig,&p);
+ 		s=tmps;
+ 	}
+-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
++	/* NB: call underlying method directly to avoid FIPS blocking */
++	i = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING) : 0;
+ 	if (i <= 0)
+ 		ret=0;
+ 	else
+@@ -178,8 +179,8 @@ int int_rsa_verify(int dtype, const unsi
+ 
+ 	if((dtype == NID_md5_sha1) && rm)
+ 		{
+-		i = RSA_public_decrypt((int)siglen,
+-					sigbuf,rm,rsa,RSA_PKCS1_PADDING);
++		i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,
++					sigbuf,rm,rsa,RSA_PKCS1_PADDING) : 0;
+ 		if (i <= 0)
+ 			return 0;
+ 		*prm_len = i;
+@@ -196,7 +197,8 @@ int int_rsa_verify(int dtype, const unsi
+ 			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
+ 			goto err;
+ 	}
+-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
++	/* NB: call underlying method directly to avoid FIPS blocking */
++	i = rsa->meth->rsa_pub_dec ? rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING) : 0;
+ 
+ 	if (i <= 0) goto err;
+ 	/* Oddball MDC2 case: signature can be OCTET STRING.
+diff -up openssl-1.0.1e/crypto/sha/sha.h.fips openssl-1.0.1e/crypto/sha/sha.h
+--- openssl-1.0.1e/crypto/sha/sha.h.fips	2013-10-04 11:48:03.867687068 +0200
++++ openssl-1.0.1e/crypto/sha/sha.h	2013-10-04 11:48:04.192694407 +0200
+@@ -116,9 +116,6 @@ unsigned char *SHA(const unsigned char *
+ void SHA_Transform(SHA_CTX *c, const unsigned char *data);
+ #endif
+ #ifndef OPENSSL_NO_SHA1
+-#ifdef OPENSSL_FIPS
+-int private_SHA1_Init(SHA_CTX *c);
+-#endif
+ int SHA1_Init(SHA_CTX *c);
+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+ int SHA1_Final(unsigned char *md, SHA_CTX *c);
+@@ -141,10 +138,6 @@ typedef struct SHA256state_st
+ 	} SHA256_CTX;
+ 
+ #ifndef OPENSSL_NO_SHA256
+-#ifdef OPENSSL_FIPS
+-int private_SHA224_Init(SHA256_CTX *c);
+-int private_SHA256_Init(SHA256_CTX *c);
+-#endif
+ int SHA224_Init(SHA256_CTX *c);
+ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+ int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+@@ -192,10 +185,6 @@ typedef struct SHA512state_st
+ #endif
+ 
+ #ifndef OPENSSL_NO_SHA512
+-#ifdef OPENSSL_FIPS
+-int private_SHA384_Init(SHA512_CTX *c);
+-int private_SHA512_Init(SHA512_CTX *c);
+-#endif
+ int SHA384_Init(SHA512_CTX *c);
+ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+ int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+diff -up openssl-1.0.1e/crypto/sha/sha_locl.h.fips openssl-1.0.1e/crypto/sha/sha_locl.h
+--- openssl-1.0.1e/crypto/sha/sha_locl.h.fips	2013-10-04 11:48:03.870687135 +0200
++++ openssl-1.0.1e/crypto/sha/sha_locl.h	2013-10-04 11:48:04.192694407 +0200
+@@ -123,11 +123,14 @@ void sha1_block_data_order (SHA_CTX *c,
+ #define INIT_DATA_h4 0xc3d2e1f0UL
+ 
+ #ifdef SHA_0
+-fips_md_init(SHA)
++nonfips_md_init(SHA)
+ #else
+ fips_md_init_ctx(SHA1, SHA)
+ #endif
+ 	{
++#if defined(SHA_1) && defined(OPENSSL_FIPS)
++	FIPS_selftest_check();
++#endif
+ 	memset (c,0,sizeof(*c));
+ 	c->h0=INIT_DATA_h0;
+ 	c->h1=INIT_DATA_h1;
+diff -up openssl-1.0.1e/crypto/sha/sha256.c.fips openssl-1.0.1e/crypto/sha/sha256.c
+--- openssl-1.0.1e/crypto/sha/sha256.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/sha/sha256.c	2013-10-04 11:48:04.193694429 +0200
+@@ -12,12 +12,19 @@
+ 
+ #include <openssl/crypto.h>
+ #include <openssl/sha.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+ #include <openssl/opensslv.h>
+ 
+ const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
+ 
+ fips_md_init_ctx(SHA224, SHA256)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	memset (c,0,sizeof(*c));
+ 	c->h[0]=0xc1059ed8UL;	c->h[1]=0x367cd507UL;
+ 	c->h[2]=0x3070dd17UL;	c->h[3]=0xf70e5939UL;
+@@ -29,6 +36,9 @@ fips_md_init_ctx(SHA224, SHA256)
+ 
+ fips_md_init(SHA256)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	memset (c,0,sizeof(*c));
+ 	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;
+ 	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
+diff -up openssl-1.0.1e/crypto/sha/sha512.c.fips openssl-1.0.1e/crypto/sha/sha512.c
+--- openssl-1.0.1e/crypto/sha/sha512.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/sha/sha512.c	2013-10-04 11:48:04.193694429 +0200
+@@ -5,6 +5,10 @@
+  * ====================================================================
+  */
+ #include <openssl/opensslconf.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
++
+ #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
+ /*
+  * IMPLEMENTATION NOTES.
+@@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OP
+ 
+ fips_md_init_ctx(SHA384, SHA512)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	c->h[0]=U64(0xcbbb9d5dc1059ed8);
+ 	c->h[1]=U64(0x629a292a367cd507);
+ 	c->h[2]=U64(0x9159015a3070dd17);
+@@ -77,6 +84,9 @@ fips_md_init_ctx(SHA384, SHA512)
+ 
+ fips_md_init(SHA512)
+ 	{
++#ifdef OPENSSL_FIPS
++	FIPS_selftest_check();
++#endif
+ 	c->h[0]=U64(0x6a09e667f3bcc908);
+ 	c->h[1]=U64(0xbb67ae8584caa73b);
+ 	c->h[2]=U64(0x3c6ef372fe94f82b);
+diff -up openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.1e/crypto/whrlpool/wp_dgst.c
+--- openssl-1.0.1e/crypto/whrlpool/wp_dgst.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/whrlpool/wp_dgst.c	2013-10-04 11:48:04.193694429 +0200
+@@ -55,7 +55,7 @@
+ #include <openssl/crypto.h>
+ #include <string.h>
+ 
+-fips_md_init(WHIRLPOOL)
++nonfips_md_init(WHIRLPOOL)
+ 	{
+ 	memset (c,0,sizeof(*c));
+ 	return(1);
+diff -up openssl-1.0.1e/Makefile.org.fips openssl-1.0.1e/Makefile.org
+--- openssl-1.0.1e/Makefile.org.fips	2013-10-04 11:48:04.157693616 +0200
++++ openssl-1.0.1e/Makefile.org	2013-10-04 11:48:04.193694429 +0200
+@@ -136,6 +136,9 @@ FIPSCANLIB=
+ 
+ BASEADDR=
+ 
++# Non-empty if FIPS enabled
++FIPS=
++
+ DIRS=   crypto ssl engines apps test tools
+ ENGDIRS= ccgost
+ SHLIBDIRS= crypto ssl
+@@ -148,7 +151,7 @@ SDIRS=  \
+ 	bn ec rsa dsa ecdsa dh ecdh dso engine \
+ 	buffer bio stack lhash rand err \
+ 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+-	cms pqueue ts jpake srp store cmac
++	cms pqueue ts jpake srp store cmac fips
+ # keep in mind that the above list is adjusted by ./Configure
+ # according to no-xxx arguments...
+ 
+@@ -237,6 +240,7 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESS
+ 		FIPSLIBDIR='${FIPSLIBDIR}'			\
+ 		FIPSDIR='${FIPSDIR}'				\
+ 		FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"	\
++		FIPS="$${FIPS:-$(FIPS)}"	\
+ 		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+ # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+ # which in turn eliminates ambiguities in variable treatment with -e.
+diff -up openssl-1.0.1e/ssl/d1_srvr.c.fips openssl-1.0.1e/ssl/d1_srvr.c
+--- openssl-1.0.1e/ssl/d1_srvr.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/d1_srvr.c	2013-10-04 11:48:04.193694429 +0200
+@@ -1372,6 +1372,8 @@ int dtls1_send_server_key_exchange(SSL *
+ 				j=0;
+ 				for (num=2; num > 0; num--)
+ 					{
++					EVP_MD_CTX_set_flags(&md_ctx,
++								EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 					EVP_DigestInit_ex(&md_ctx,(num == 2)
+ 						?s->ctx->md5:s->ctx->sha1, NULL);
+ 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+diff -up openssl-1.0.1e/ssl/ssl_algs.c.fips openssl-1.0.1e/ssl/ssl_algs.c
+--- openssl-1.0.1e/ssl/ssl_algs.c.fips	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/ssl_algs.c	2013-10-04 11:48:04.193694429 +0200
+@@ -64,6 +64,12 @@
+ int SSL_library_init(void)
+ 	{
+ 
++#ifdef OPENSSL_FIPS
++	OPENSSL_init_library();
++	if (!FIPS_mode())
++		{
++#endif
++
+ #ifndef OPENSSL_NO_DES
+ 	EVP_add_cipher(EVP_des_cbc());
+ 	EVP_add_cipher(EVP_des_ede3_cbc());
+@@ -137,6 +143,50 @@ int SSL_library_init(void)
+ 	EVP_add_digest(EVP_sha());
+ 	EVP_add_digest(EVP_dss());
+ #endif
++#ifdef OPENSSL_FIPS
++		}
++	else
++		{
++#ifndef OPENSSL_NO_DES
++	EVP_add_cipher(EVP_des_ede3_cbc());
++#endif
++#ifndef OPENSSL_NO_AES
++	EVP_add_cipher(EVP_aes_128_cbc());
++	EVP_add_cipher(EVP_aes_192_cbc());
++	EVP_add_cipher(EVP_aes_256_cbc());
++	EVP_add_cipher(EVP_aes_128_gcm());
++	EVP_add_cipher(EVP_aes_256_gcm());
++#endif
++#ifndef OPENSSL_NO_MD5
++	/* needed even in the FIPS mode for TLS MAC */
++	EVP_add_digest(EVP_md5());
++	EVP_add_digest_alias(SN_md5,"ssl2-md5");
++	EVP_add_digest_alias(SN_md5,"ssl3-md5");
++#endif
++#ifndef OPENSSL_NO_SHA
++	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
++	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
++	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
++#endif
++#ifndef OPENSSL_NO_SHA256
++	EVP_add_digest(EVP_sha224());
++	EVP_add_digest(EVP_sha256());
++#endif
++#ifndef OPENSSL_NO_SHA512
++	EVP_add_digest(EVP_sha384());
++	EVP_add_digest(EVP_sha512());
++#endif
++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
++	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
++	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
++	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
++	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
++#endif
++#ifndef OPENSSL_NO_ECDSA
++	EVP_add_digest(EVP_ecdsa());
++#endif
++		}
++#endif
+ #ifndef OPENSSL_NO_COMP
+ 	/* This will initialise the built-in compression algorithms.
+ 	   The value returned is a STACK_OF(SSL_COMP), but that can
diff --git a/SOURCES/openssl-1.0.1e-issuer-hash.patch b/SOURCES/openssl-1.0.1e-issuer-hash.patch
new file mode 100644
index 0000000..0f3bfdb
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-issuer-hash.patch
@@ -0,0 +1,11 @@
+diff -up openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash openssl-1.0.1e/crypto/x509/x509_cmp.c
+--- openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x509_cmp.c	2013-02-19 12:46:11.315788592 +0100
+@@ -85,6 +85,7 @@ unsigned long X509_issuer_and_serial_has
+ 	char *f;
+ 
+ 	EVP_MD_CTX_init(&ctx);
++	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+ 	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
+ 		goto err;
diff --git a/SOURCES/openssl-1.0.1e-manfix.patch b/SOURCES/openssl-1.0.1e-manfix.patch
new file mode 100644
index 0000000..4ba2abb
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-manfix.patch
@@ -0,0 +1,555 @@
+diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod
+--- openssl-1.0.1e/doc/apps/cms.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/cms.pod	2013-09-12 11:17:42.147092310 +0200
+@@ -450,28 +450,28 @@ remains DER.
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ the operation was completely successfully.
+ 
+-=item 1 
++=item C<1>
+ 
+ an error occurred parsing the command options.
+ 
+-=item 2
++=item C<2>
+ 
+ one of the input files could not be read.
+ 
+-=item 3
++=item C<3>
+ 
+ an error occurred creating the CMS file or when reading the MIME
+ message.
+ 
+-=item 4
++=item C<4>
+ 
+ an error occurred decrypting or verifying the message.
+ 
+-=item 5
++=item C<5>
+ 
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+diff -up openssl-1.0.1e/doc/apps/ec.pod.manfix openssl-1.0.1e/doc/apps/ec.pod
+--- openssl-1.0.1e/doc/apps/ec.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/ec.pod	2013-09-12 11:17:42.147092310 +0200
+@@ -93,10 +93,6 @@ prints out the public, private key compo
+ 
+ this option prevents output of the encoded version of the key.
+ 
+-=item B<-modulus>
+-
+-this option prints out the value of the public key component of the key.
+-
+ =item B<-pubin>
+ 
+ by default a private key is read from the input file: with this option a
+diff -up openssl-1.0.1e/doc/apps/openssl.pod.manfix openssl-1.0.1e/doc/apps/openssl.pod
+--- openssl-1.0.1e/doc/apps/openssl.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/openssl.pod	2013-09-12 11:17:42.148092331 +0200
+@@ -163,7 +163,7 @@ Create or examine a netscape certificate
+ 
+ Online Certificate Status Protocol utility.
+ 
+-=item L<B<passwd>|passwd(1)>
++=item L<B<passwd>|sslpasswd(1)>
+ 
+ Generation of hashed passwords.
+ 
+@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
+ 
+ Public key algorithm cryptographic operation utility.
+ 
+-=item L<B<rand>|rand(1)>
++=item L<B<rand>|sslrand(1)>
+ 
+ Generate pseudo-random bytes.
+ 
+@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
+ L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+ L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
+ L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+-L<passwd(1)|passwd(1)>,
++L<sslpasswd(1)|sslpasswd(1)>,
+ L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
++L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
+ L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
+ L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_client.pod
+--- openssl-1.0.1e/doc/apps/s_client.pod.manfix	2013-09-12 11:17:41.517078502 +0200
++++ openssl-1.0.1e/doc/apps/s_client.pod	2013-09-12 11:17:42.149092353 +0200
+@@ -32,9 +32,14 @@ B<openssl> B<s_client>
+ [B<-ssl2>]
+ [B<-ssl3>]
+ [B<-tls1>]
++[B<-tls1_1>]
++[B<-tls1_2>]
++[B<-dtls1>]
+ [B<-no_ssl2>]
+ [B<-no_ssl3>]
+ [B<-no_tls1>]
++[B<-no_tls1_1>]
++[B<-no_tls1_2>]
+ [B<-bugs>]
+ [B<-cipher cipherlist>]
+ [B<-starttls protocol>]
+@@ -44,6 +49,7 @@ B<openssl> B<s_client>
+ [B<-sess_out filename>]
+ [B<-sess_in filename>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+ 
+ =head1 DESCRIPTION
+ 
+@@ -182,7 +188,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+ 
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+ 
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+@@ -243,6 +249,17 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+ 
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a list of
++comma-separated protocol names that the client should advertise
++support for. The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++Empty list of protocols is treated specially and will cause the client to
++advertise support for the TLS extension but disconnect just after
++reciving ServerHello with a list of server supported protocols.
++
+ =back
+ 
+ =head1 CONNECTED COMMANDS
+diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime.pod
+--- openssl-1.0.1e/doc/apps/smime.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/smime.pod	2013-09-12 11:17:42.150092375 +0200
+@@ -308,28 +308,28 @@ remains DER.
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ the operation was completely successfully.
+ 
+-=item 1 
++=item C<1>
+ 
+ an error occurred parsing the command options.
+ 
+-=item 2
++=item C<2>
+ 
+ one of the input files could not be read.
+ 
+-=item 3
++=item C<3>
+ 
+ an error occurred creating the PKCS#7 file or when reading the MIME
+ message.
+ 
+-=item 4
++=item C<4>
+ 
+ an error occurred decrypting or verifying the message.
+ 
+-=item 5
++=item C<5>
+ 
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_server.pod
+--- openssl-1.0.1e/doc/apps/s_server.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/s_server.pod	2013-09-12 11:17:42.150092375 +0200
+@@ -40,10 +40,16 @@ B<openssl> B<s_server>
+ [B<-ssl2>]
+ [B<-ssl3>]
+ [B<-tls1>]
++[B<-tls1_1>]
++[B<-tls1_2>]
++[B<-dtls1>]
+ [B<-no_ssl2>]
+ [B<-no_ssl3>]
+ [B<-no_tls1>]
++[B<-no_tls1_1>]
++[B<-no_tls1_2>]
+ [B<-no_dhe>]
++[B<-no_ecdhe>]
+ [B<-bugs>]
+ [B<-hack>]
+ [B<-www>]
+@@ -54,6 +60,7 @@ B<openssl> B<s_server>
+ [B<-no_ticket>]
+ [B<-id_prefix arg>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+ 
+ =head1 DESCRIPTION
+ 
+@@ -131,6 +138,10 @@ a static set of parameters hard coded in
+ if this option is set then no DH parameters will be loaded effectively
+ disabling the ephemeral DH cipher suites.
+ 
++=item B<-no_ecdhe>
++
++if this option is set then ephemeral ECDH cipher suites will be disabled.
++
+ =item B<-no_tmp_rsa>
+ 
+ certain export cipher suites sometimes use a temporary RSA key, this option
+@@ -201,7 +212,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+ 
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+ 
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+@@ -276,6 +287,14 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+ 
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a
++comma-separated list of supported protocol names.
++The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++
+ =back
+ 
+ =head1 CONNECTED COMMANDS
+diff -up openssl-1.0.1e/doc/apps/verify.pod.manfix openssl-1.0.1e/doc/apps/verify.pod
+--- openssl-1.0.1e/doc/apps/verify.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/verify.pod	2013-09-12 11:25:13.994994992 +0200
+@@ -25,6 +25,7 @@ B<openssl> B<verify>
+ [B<-untrusted file>]
+ [B<-help>]
+ [B<-issuer_checks>]
++[B<-attime timestamp>]
+ [B<-verbose>]
+ [B<->]
+ [certificates]
+@@ -80,6 +81,12 @@ rejected. The presence of rejection mess
+ anything is wrong; during the normal verification process, several
+ rejections may take place.
+ 
++=item B<-attime timestamp>
++
++Perform validation checks using the time specified by B<timestamp> and not
++the current system time. B<timestamp> is the number of seconds since
++01.01.1970 (UNIX time).
++
+ =item B<-policy arg>
+ 
+ Enable policy processing and add B<arg> to the user-initial-policy-set (see
+diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL_accept.pod
+--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix	2013-09-12 11:17:42.129091915 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod	2013-09-12 11:17:42.156092507 +0200
+@@ -44,13 +44,13 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_clear.pod
+--- openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_clear.pod	2013-09-12 11:17:42.158092551 +0200
+@@ -56,12 +56,12 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The SSL_clear() operation could not be performed. Check the error stack to
+ find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The SSL_clear() operation was successful.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
+--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix	2013-09-12 11:17:42.049090162 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod	2013-09-12 11:17:42.159092573 +0200
+@@ -60,11 +60,11 @@ SSL_COMP_add_compression_method() may re
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation succeeded.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation failed. Check the error queue to find out the reason.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SSL_connect.pod
+--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix	2013-09-12 11:17:42.130091937 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod	2013-09-12 11:17:42.161092616 +0200
+@@ -41,13 +41,13 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod	2013-09-12 11:17:42.162092638 +0200
+@@ -52,13 +52,13 @@ The following values are returned by all
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+  The operation failed. In case of the add operation, it was tried to add
+  the same (identical) session twice. In case of the remove operation, the
+  session was not found in the cache.
+ 
+-=item 1
++=item C<1>
+  
+  The operation succeeded.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod	2013-09-12 11:17:42.163092660 +0200
+@@ -100,13 +100,13 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation failed because B<CAfile> and B<CApath> are NULL or the
+ processing at one of the locations specified failed. Check the error
+ stack to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix	2013-09-12 11:17:42.132091981 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod	2013-09-12 11:17:42.164092682 +0200
+@@ -66,13 +66,13 @@ values:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod	2013-09-12 11:17:42.166092726 +0200
+@@ -64,13 +64,13 @@ return the following values:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
+ the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+ is logged to the error stack.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod	2013-09-12 11:17:42.167092748 +0200
+@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The new choice failed, check the error stack to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix	2013-09-12 11:17:42.133092003 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2013-09-12 11:17:42.168092770 +0200
+@@ -96,7 +96,7 @@ data to B<psk> and return the length of
+ connection will fail with decryption_error before it will be finished
+ completely.
+ 
+-=item 0
++=item C<0>
+ 
+ PSK identity was not found. An "unknown_psk_identity" alert message
+ will be sent and the connection setup fails.
+diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
+--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix	2013-09-12 11:17:42.135092047 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod	2013-09-12 11:17:42.170092814 +0200
+@@ -45,13 +45,13 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_read.pod
+--- openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_read.pod	2013-09-12 11:17:42.171092836 +0200
+@@ -86,7 +86,7 @@ The following return values can occur:
+ The read operation was successful; the return value is the number of
+ bytes actually read from the TLS/SSL connection.
+ 
+-=item 0
++=item C<0>
+ 
+ The read operation was not successful. The reason may either be a clean
+ shutdown due to a "close notify" alert sent by the peer (in which case
+diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
+--- openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod	2013-09-12 11:17:42.172092857 +0200
+@@ -27,11 +27,11 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ A new session was negotiated.
+ 
+-=item 1
++=item C<1>
+ 
+ A session was reused.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
+--- openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod	2013-09-12 11:17:42.174092901 +0200
+@@ -35,11 +35,11 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation failed. Check the error stack to find out why.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_session.pod
+--- openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod	2013-09-12 11:17:42.175092923 +0200
+@@ -37,11 +37,11 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation failed; check the error stack to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
+--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix	2013-09-12 11:17:42.137092090 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod	2013-09-12 11:17:42.177092967 +0200
+@@ -92,14 +92,14 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+ if a bidirectional shutdown shall be performed.
+ The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+ 
+-=item 1
++=item C<1>
+ 
+ The shutdown was successfully completed. The "close notify" alert was sent
+ and the peer's "close notify" alert was received.
+diff -up openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix openssl-1.0.1e/doc/ssl/SSL_write.pod
+--- openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_write.pod	2013-09-12 11:17:42.177092967 +0200
+@@ -79,7 +79,7 @@ The following return values can occur:
+ The write operation was successful, the return value is the number of
+ bytes actually written to the TLS/SSL connection.
+ 
+-=item 0
++=item C<0>
+ 
+ The write operation was not successful. Probably the underlying connection
+ was closed. Call SSL_get_error() with the return value B<ret> to find out,
diff --git a/SOURCES/openssl-1.0.1e-secure-getenv.patch b/SOURCES/openssl-1.0.1e-secure-getenv.patch
new file mode 100644
index 0000000..eb8034d
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-secure-getenv.patch
@@ -0,0 +1,244 @@
+diff -up openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_api.c
+--- openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/conf/conf_api.c	2013-02-19 13:02:02.531188124 +0100
+@@ -63,6 +63,8 @@
+ # define NDEBUG
+ #endif
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <assert.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -142,7 +144,7 @@ char *_CONF_get_string(const CONF *conf,
+ 			if (v != NULL) return(v->value);
+ 			if (strcmp(section,"ENV") == 0)
+ 				{
+-				p=getenv(name);
++				p=secure_getenv(name);
+ 				if (p != NULL) return(p);
+ 				}
+ 			}
+@@ -155,7 +157,7 @@ char *_CONF_get_string(const CONF *conf,
+ 			return(NULL);
+ 		}
+ 	else
+-		return(getenv(name));
++		return (secure_getenv(name));
+ 	}
+ 
+ #if 0 /* There's no way to provide error checking with this function, so
+diff -up openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_mod.c
+--- openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/conf/conf_mod.c	2013-02-19 13:02:02.531188124 +0100
+@@ -56,6 +56,8 @@
+  *
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <ctype.h>
+ #include <openssl/crypto.h>
+@@ -548,8 +550,8 @@ char *CONF_get1_default_config_file(void
+ 	char *file;
+ 	int len;
+ 
+-	file = getenv("OPENSSL_CONF");
+-	if (file) 
++	file = secure_getenv("OPENSSL_CONF");
++	if (file)
+ 		return BUF_strdup(file);
+ 
+ 	len = strlen(X509_get_default_cert_area());
+diff -up openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1e/crypto/engine/eng_list.c
+--- openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/engine/eng_list.c	2013-02-19 13:02:02.536188233 +0100
+@@ -61,6 +61,8 @@
+  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include "eng_int.h"
+ 
+ /* The linked-list of pointers to engine types. engine_list_head
+@@ -399,9 +401,9 @@ ENGINE *ENGINE_by_id(const char *id)
+ 	if (strcmp(id, "dynamic"))
+ 		{
+ #ifdef OPENSSL_SYS_VMS
+-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
++		if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+ #else
+-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
++		if((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+ #endif
+ 		iterator = ENGINE_by_id("dynamic");
+ 		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1e/crypto/md5/md5_dgst.c
+--- openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv	2013-02-19 13:02:02.492187275 +0100
++++ openssl-1.0.1e/crypto/md5/md5_dgst.c	2013-02-19 13:02:02.537188254 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include "md5_locl.h"
+ #include <openssl/opensslv.h>
+@@ -74,7 +76,7 @@ const char MD5_version[]="MD5" OPENSSL_V
+ int MD5_Init(MD5_CTX *c)
+ #ifdef OPENSSL_FIPS
+ 	{
+-	if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
++	if (FIPS_mode() && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
+ 		OpenSSLDie(__FILE__, __LINE__, \
+                 "Digest MD5 forbidden in FIPS mode!");
+ 	return private_MD5_Init(c);
+diff -up openssl-1.0.1e/crypto/o_init.c.secure-getenv openssl-1.0.1e/crypto/o_init.c
+--- openssl-1.0.1e/crypto/o_init.c.secure-getenv	2013-02-19 13:02:02.428185882 +0100
++++ openssl-1.0.1e/crypto/o_init.c	2013-02-19 13:02:02.538188276 +0100
+@@ -52,6 +52,8 @@
+  *
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <e_os.h>
+ #include <openssl/err.h>
+ #ifdef OPENSSL_FIPS
+@@ -71,7 +73,7 @@ static void init_fips_mode(void)
+ 	char buf[2] = "0";
+ 	int fd;
+ 	
+-	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
++	if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ 		{
+ 		buf[0] = '1';
+ 		}
+diff -up openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv openssl-1.0.1e/crypto/rand/randfile.c
+--- openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rand/randfile.c	2013-02-19 13:03:06.971591052 +0100
+@@ -60,6 +60,8 @@
+ #if !defined(OPENSSL_SYS_VXWORKS)
+ #define _XOPEN_SOURCE 500
+ #endif
++/* for secure_getenv */
++#define _GNU_SOURCE
+ 
+ #include <errno.h>
+ #include <stdio.h>
+@@ -277,8 +279,7 @@ const char *RAND_file_name(char *buf, si
+ 	struct stat sb;
+ #endif
+ 
+-	if (OPENSSL_issetugid() == 0)
+-		s=getenv("RANDFILE");
++	s=secure_getenv("RANDFILE");
+ 	if (s != NULL && *s && strlen(s) + 1 < size)
+ 		{
+ 		if (BUF_strlcpy(buf,s,size) >= size)
+@@ -286,8 +287,7 @@ const char *RAND_file_name(char *buf, si
+ 		}
+ 	else
+ 		{
+-		if (OPENSSL_issetugid() == 0)
+-			s=getenv("HOME");
++		s=secure_getenv("HOME");
+ #ifdef DEFAULT_HOME
+ 		if (s == NULL)
+ 			{
+diff -up openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1e/crypto/x509/by_dir.c
+--- openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/by_dir.c	2013-02-19 13:02:02.539188298 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -135,7 +137,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
+ 	case X509_L_ADD_DIR:
+ 		if (argl == X509_FILETYPE_DEFAULT)
+ 			{
+-			dir=(char *)getenv(X509_get_default_cert_dir_env());
++			dir=(char *)secure_getenv(X509_get_default_cert_dir_env());
+ 			if (dir)
+ 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+ 			else
+diff -up openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv openssl-1.0.1e/crypto/x509/by_file.c
+--- openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv	2013-02-19 13:02:02.236181701 +0100
++++ openssl-1.0.1e/crypto/x509/by_file.c	2013-02-19 13:02:02.554188624 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -100,7 +102,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
+ 	case X509_L_FILE_LOAD:
+ 		if (argl == X509_FILETYPE_DEFAULT)
+ 			{
+-			file = (char *)getenv(X509_get_default_cert_file_env());
++			file = (char *)secure_getenv(X509_get_default_cert_file_env());
+ 			if (file)
+ 				ok = (X509_load_cert_crl_file(ctx,file,
+ 					      X509_FILETYPE_PEM) != 0);
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1e/crypto/x509/x509_vfy.c
+--- openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x509_vfy.c	2013-02-19 13:02:02.556188668 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -481,7 +483,7 @@ static int check_chain_extensions(X509_S
+ 			!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+ 		/* A hack to keep people who don't want to modify their
+ 		   software happy */
+-		if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
++		if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ 			allow_proxy_certs = 1;
+ 		purpose = ctx->param->purpose;
+ 		}
+diff -up openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1e/engines/ccgost/gost_ctl.c
+--- openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/engines/ccgost/gost_ctl.c	2013-02-19 13:02:02.557188690 +0100
+@@ -6,6 +6,8 @@
+  *        Implementation of control commands for GOST engine          *
+  *            OpenSSL 0.9.9 libraries required                        *
+  **********************************************************************/            
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdlib.h>
+ #include <string.h>
+ #include <openssl/crypto.h>
+@@ -65,7 +67,7 @@ const char *get_gost_engine_param(int pa
+ 		{
+ 		return gost_params[param];
+ 		}
+-	tmp = getenv(gost_envnames[param]);
++	tmp = secure_getenv(gost_envnames[param]);
+ 	if (tmp) 
+ 		{
+ 		if (gost_params[param]) OPENSSL_free(gost_params[param]);
+@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co
+ 	{
+ 	const char *tmp;
+ 	if (param <0 || param >GOST_PARAM_MAX) return 0;
+-	tmp = getenv(gost_envnames[param]);
++	tmp = secure_getenv(gost_envnames[param]);
+ 	/* if there is value in the environment, use it, else -passed string * */
+ 	if (!tmp) tmp=value;
+ 	if (gost_params[param]) OPENSSL_free(gost_params[param]);
diff --git a/SOURCES/openssl-1.0.1e-trusted-first.patch b/SOURCES/openssl-1.0.1e-trusted-first.patch
new file mode 100644
index 0000000..08ab639
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-trusted-first.patch
@@ -0,0 +1,330 @@
+diff -up openssl-1.0.1e/apps/apps.c.trusted-first openssl-1.0.1e/apps/apps.c
+--- openssl-1.0.1e/apps/apps.c.trusted-first	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/apps.c	2013-08-16 15:42:39.920534769 +0200
+@@ -2361,6 +2361,8 @@ int args_verify(char ***pargs, int *parg
+ 		flags |= X509_V_FLAG_NOTIFY_POLICY;
+ 	else if (!strcmp(arg, "-check_ss_sig"))
+ 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++	else if (!strcmp(arg, "-trusted_first"))
++		flags |= X509_V_FLAG_TRUSTED_FIRST;
+ 	else
+ 		return 0;
+ 
+diff -up openssl-1.0.1e/apps/cms.c.trusted-first openssl-1.0.1e/apps/cms.c
+--- openssl-1.0.1e/apps/cms.c.trusted-first	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/cms.c	2013-08-16 15:43:56.671213879 +0200
+@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+ 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++		BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+ 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1e/apps/ocsp.c.trusted-first openssl-1.0.1e/apps/ocsp.c
+--- openssl-1.0.1e/apps/ocsp.c.trusted-first	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/ocsp.c	2013-08-16 15:49:47.477572414 +0200
+@@ -595,6 +595,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-path              path to use in OCSP request\n");
+ 		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");
++		BIO_printf (bio_err, "-trusted_first     use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");
+ 		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ 		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
+diff -up openssl-1.0.1e/apps/s_client.c.trusted-first openssl-1.0.1e/apps/s_client.c
+--- openssl-1.0.1e/apps/s_client.c.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/s_client.c	2013-08-16 15:49:00.727542994 +0200
+@@ -298,6 +298,7 @@ static void sc_usage(void)
+ 	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
+ 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+ 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
++	BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
+ 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+ 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
+diff -up openssl-1.0.1e/apps/smime.c.trusted-first openssl-1.0.1e/apps/smime.c
+--- openssl-1.0.1e/apps/smime.c.trusted-first	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/smime.c	2013-08-16 15:46:44.024875150 +0200
+@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+ 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++		BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+ 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1e/apps/s_server.c.trusted-first openssl-1.0.1e/apps/s_server.c
+--- openssl-1.0.1e/apps/s_server.c.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/s_server.c	2013-08-16 15:48:19.469634430 +0200
+@@ -501,6 +501,7 @@ static void sv_usage(void)
+ 	BIO_printf(bio_err," -state        - Print the SSL states\n");
+ 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+ 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
++	BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
+ 	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+ 	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
+diff -up openssl-1.0.1e/apps/s_time.c.trusted-first openssl-1.0.1e/apps/s_time.c
+--- openssl-1.0.1e/apps/s_time.c.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/s_time.c	2013-08-16 15:47:35.862674188 +0200
+@@ -179,6 +179,7 @@ static void s_time_usage(void)
+                 file if not specified by this option\n\
+ -CApath arg   - PEM format directory of CA's\n\
+ -CAfile arg   - PEM format file of CA's\n\
++-trusted_first - Use trusted CA's first when building the trust chain\n\
+ -cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
+ 
+ 	printf( "usage: s_time <args>\n\n" );
+diff -up openssl-1.0.1e/apps/ts.c.trusted-first openssl-1.0.1e/apps/ts.c
+--- openssl-1.0.1e/apps/ts.c.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/apps/ts.c	2013-08-16 15:45:27.766206812 +0200
+@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
+ 		   "ts -verify [-data file_to_hash] [-digest digest_bytes] "
+ 		   "[-queryfile request.tsq] "
+ 		   "-in response.tsr [-token_in] "
+-		   "-CApath ca_path -CAfile ca_file.pem "
++		   "-CApath ca_path -CAfile ca_file.pem -trusted_first"
+ 		   "-untrusted cert_file.pem\n");
+  cleanup:
+ 	/* Clean up. */
+diff -up openssl-1.0.1e/apps/verify.c.trusted-first openssl-1.0.1e/apps/verify.c
+--- openssl-1.0.1e/apps/verify.c.trusted-first	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/verify.c	2013-08-16 15:46:09.720124654 +0200
+@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
+ 
+ end:
+ 	if (ret == 1) {
+-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
++		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
+ 		BIO_printf(bio_err," [-attime timestamp]");
+ #ifndef OPENSSL_NO_ENGINE
+ 		BIO_printf(bio_err," [-engine e]");
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1e/crypto/x509/x509_vfy.c
+--- openssl-1.0.1e/crypto/x509/x509_vfy.c.trusted-first	2013-08-16 15:42:39.864533545 +0200
++++ openssl-1.0.1e/crypto/x509/x509_vfy.c	2013-08-16 15:42:39.921534791 +0200
+@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ 
+ 		/* If we are self signed, we break */
+ 		if (ctx->check_issued(ctx, x,x)) break;
++		/* If asked see if we can find issuer in trusted store first */
++		if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
++			{
++			ok = ctx->get_issuer(&xtmp, ctx, x);
++			if (ok < 0)
++				return ok;
++			/* If successful for now free up cert so it
++			 * will be picked up again later.
++			 */
++			if (ok > 0)
++				{
++				X509_free(xtmp);
++				break;
++				}
++			}
+ 
+ 		/* If we were passed a cert chain, use it first */
+ 		if (ctx->untrusted != NULL)
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1e/crypto/x509/x509_vfy.h
+--- openssl-1.0.1e/crypto/x509/x509_vfy.h.trusted-first	2013-08-16 15:42:39.356522432 +0200
++++ openssl-1.0.1e/crypto/x509/x509_vfy.h	2013-08-16 15:42:39.922534813 +0200
+@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
+ #define X509_V_FLAG_USE_DELTAS			0x2000
+ /* Check selfsigned CA signature */
+ #define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
++/* Use trusted store first */
++#define X509_V_FLAG_TRUSTED_FIRST		0x8000
+ 
+ 
+ #define X509_VP_FLAG_DEFAULT			0x1
+diff -up openssl-1.0.1e/doc/apps/cms.pod.trusted-first openssl-1.0.1e/doc/apps/cms.pod
+--- openssl-1.0.1e/doc/apps/cms.pod.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/cms.pod	2013-08-16 15:50:48.723921117 +0200
+@@ -35,6 +35,7 @@ B<openssl> B<cms>
+ [B<-print>]
+ [B<-CAfile file>]
+ [B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-md digest>]
+ [B<-[cipher]>]
+ [B<-nointern>]
+@@ -238,6 +239,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before untrusted certificates
++from the message when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+ 
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1e/doc/apps/ocsp.pod.trusted-first openssl-1.0.1e/doc/apps/ocsp.pod
+--- openssl-1.0.1e/doc/apps/ocsp.pod.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/ocsp.pod	2013-08-16 15:52:20.106933403 +0200
+@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
+ [B<-path>]
+ [B<-CApath dir>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-VAfile file>]
+ [B<-validity_period n>]
+ [B<-status_age n>]
+@@ -138,6 +139,13 @@ or "/" by default.
+ file or pathname containing trusted CA certificates. These are used to verify
+ the signature on the OCSP response.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the response or residing in other certificates file when building the trust
++chain to verify responder certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-verify_other file>
+ 
+ file containing additional certificates to search when attempting to locate
+diff -up openssl-1.0.1e/doc/apps/s_client.pod.trusted-first openssl-1.0.1e/doc/apps/s_client.pod
+--- openssl-1.0.1e/doc/apps/s_client.pod.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/s_client.pod	2013-08-16 15:53:17.364194159 +0200
+@@ -17,6 +17,7 @@ B<openssl> B<s_client>
+ [B<-pass arg>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reconnect>]
+ [B<-pause>]
+ [B<-showcerts>]
+@@ -107,7 +108,7 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+ 
+-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
++=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
+ 
+ Set various certificate chain valiadition option. See the
+ L<B<verify>|verify(1)> manual page for details.
+diff -up openssl-1.0.1e/doc/apps/smime.pod.trusted-first openssl-1.0.1e/doc/apps/smime.pod
+--- openssl-1.0.1e/doc/apps/smime.pod.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/smime.pod	2013-08-16 15:56:12.497050767 +0200
+@@ -15,6 +15,9 @@ B<openssl> B<smime>
+ [B<-pk7out>]
+ [B<-[cipher]>]
+ [B<-in file>]
++[B<-CAfile file>]
++[B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-certfile file>]
+ [B<-signer file>]
+ [B<-recip  file>]
+@@ -146,6 +149,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the message when building the trust chain to verify a certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+ 
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1e/doc/apps/s_server.pod.trusted-first openssl-1.0.1e/doc/apps/s_server.pod
+--- openssl-1.0.1e/doc/apps/s_server.pod.trusted-first	2013-08-16 15:42:39.000000000 +0200
++++ openssl-1.0.1e/doc/apps/s_server.pod	2013-08-16 15:54:33.609873214 +0200
+@@ -33,6 +33,7 @@ B<openssl> B<s_server>
+ [B<-state>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-nocert>]
+ [B<-cipher cipherlist>]
+ [B<-quiet>]
+@@ -168,6 +169,12 @@ and to use when attempting to build the
+ is also used in the list of acceptable client CAs passed to the client when
+ a certificate is requested.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates 
++when building the trust chain to verify client certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-state>
+ 
+ prints out the SSL session states.
+diff -up openssl-1.0.1e/doc/apps/s_time.pod.trusted-first openssl-1.0.1e/doc/apps/s_time.pod
+--- openssl-1.0.1e/doc/apps/s_time.pod.trusted-first	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/apps/s_time.pod	2013-08-16 15:55:12.651732938 +0200
+@@ -14,6 +14,7 @@ B<openssl> B<s_time>
+ [B<-key filename>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reuse>]
+ [B<-new>]
+ [B<-verify depth>]
+@@ -76,6 +77,12 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over the certificates provided
++by the server when building the trust chain to verify server certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-new>
+ 
+ performs the timing test using a new session ID for each connection.
+diff -up openssl-1.0.1e/doc/apps/ts.pod.trusted-first openssl-1.0.1e/doc/apps/ts.pod
+--- openssl-1.0.1e/doc/apps/ts.pod.trusted-first	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/ts.pod	2013-08-16 15:57:17.399479957 +0200
+@@ -46,6 +46,7 @@ B<-verify>
+ [B<-token_in>]
+ [B<-CApath> trusted_cert_path]
+ [B<-CAfile> trusted_certs.pem]
++[B<-trusted_first>]
+ [B<-untrusted> cert_file.pem]
+ 
+ =head1 DESCRIPTION
+@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
+ or B<-CApath> must be specified.
+ (Optional)
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates
++when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-untrusted> cert_file.pem
+ 
+ Set of additional untrusted certificates in PEM format which may be
+diff -up openssl-1.0.1e/doc/apps/verify.pod.trusted-first openssl-1.0.1e/doc/apps/verify.pod
+--- openssl-1.0.1e/doc/apps/verify.pod.trusted-first	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/verify.pod	2013-08-16 15:58:00.267423925 +0200
+@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
+ B<openssl> B<verify>
+ [B<-CApath directory>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-purpose purpose>]
+ [B<-policy arg>]
+ [B<-ignore_critical>]
+@@ -56,6 +57,12 @@ in PEM format concatenated together.
+ A file of untrusted certificates. The file should contain multiple certificates
+ in PEM format concatenated together.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before the certificates in the untrusted
++file when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-purpose purpose>
+ 
+ The intended use for the certificate. If this option is not specified,
diff --git a/SOURCES/openssl-1.0.1e-version.patch b/SOURCES/openssl-1.0.1e-version.patch
new file mode 100644
index 0000000..e73f2c9
--- /dev/null
+++ b/SOURCES/openssl-1.0.1e-version.patch
@@ -0,0 +1,63 @@
+diff -up openssl-1.0.1e/crypto/cversion.c.version openssl-1.0.1e/crypto/cversion.c
+--- openssl-1.0.1e/crypto/cversion.c.version	2013-02-11 16:02:47.000000000 +0100
++++ openssl-1.0.1e/crypto/cversion.c	2013-07-26 12:28:12.739161925 +0200
+@@ -62,7 +62,7 @@
+ #include "buildinf.h"
+ #endif
+ 
+-const char *SSLeay_version(int t)
++const char *_current_SSLeay_version(int t)
+ 	{
+ 	if (t == SSLEAY_VERSION)
+ 		return OPENSSL_VERSION_TEXT;
+@@ -110,8 +110,25 @@ const char *SSLeay_version(int t)
+ 	return("not available");
+ 	}
+ 
+-unsigned long SSLeay(void)
++const char *_original_SSLeay_version(int t)
++	{
++	if (t == SSLEAY_VERSION)
++		return "OpenSSL 1.0.0-fips 29 Mar 2010";
++	else
++		return _current_SSLeay_version(t);
++	}
++
++unsigned long _original_SSLeay(void)
++	{
++	return(0x10000003);
++	}
++
++unsigned long _current_SSLeay(void)
+ 	{
+ 	return(SSLEAY_VERSION_NUMBER);
+ 	}
+ 
++__asm__(".symver _original_SSLeay,SSLeay@");
++__asm__(".symver _original_SSLeay_version,SSLeay_version@");
++__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1");
++__asm__(".symver _current_SSLeay_version,SSLeay_version@@OPENSSL_1.0.1");
+diff -up openssl-1.0.1e/Makefile.shared.version openssl-1.0.1e/Makefile.shared
+--- openssl-1.0.1e/Makefile.shared.version	2013-07-26 12:23:43.615545603 +0200
++++ openssl-1.0.1e/Makefile.shared	2013-07-26 12:23:43.701547398 +0200
+@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
+ 	SHLIB_SUFFIX=; \
+ 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+diff -up openssl-1.0.1e/version.map.version openssl-1.0.1e/version.map
+--- openssl-1.0.1e/version.map.version	2013-07-26 12:23:43.701547398 +0200
++++ openssl-1.0.1e/version.map	2013-07-26 12:29:10.698371472 +0200
+@@ -0,0 +1,8 @@
++OPENSSL_1.0.1 {
++    global:
++	    SSLeay;
++	    SSLeay_version;
++    local:
++	    _original*;
++	    _current*;
++};
diff --git a/SOURCES/openssl-thread-test.c b/SOURCES/openssl-thread-test.c
new file mode 100644
index 0000000..3b90285
--- /dev/null
+++ b/SOURCES/openssl-thread-test.c
@@ -0,0 +1,400 @@
+/* Test program to verify that RSA signing is thread-safe in OpenSSL. */
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/md5.h>
+#include <openssl/ssl.h>
+
+/* Just assume we want to do engine stuff if we're using 0.9.6b or
+ * higher. This assumption is only valid for versions bundled with RHL. */
+#if OPENSSL_VERSION_NUMBER  >= 0x0090602fL
+#include <openssl/engine.h>
+#define USE_ENGINE
+#endif
+
+#define MAX_THREAD_COUNT	10000
+#define ITERATION_COUNT		10
+#define MAIN_COUNT		100
+
+/* OpenSSL requires us to provide thread ID and locking primitives. */
+pthread_mutex_t *mutex_locks = NULL;
+static unsigned long
+thread_id_cb(void)
+{
+	return (unsigned long) pthread_self();
+}
+static void
+lock_cb(int mode, int n, const char *file, int line)
+{
+	if (mode & CRYPTO_LOCK) {
+		pthread_mutex_lock(&mutex_locks[n]);
+	} else {
+		pthread_mutex_unlock(&mutex_locks[n]);
+	}
+}
+
+struct thread_args {
+	RSA *rsa;
+	int digest_type;
+	unsigned char *digest;
+	unsigned int digest_len;
+	unsigned char *signature;
+	unsigned int signature_len;
+	pthread_t main_thread;
+};
+
+static int print = 0;
+
+pthread_mutex_t sign_lock = PTHREAD_MUTEX_INITIALIZER;
+static int locked_sign = 0;
+static void SIGN_LOCK() {if (locked_sign) pthread_mutex_lock(&sign_lock);}
+static void SIGN_UNLOCK() {if (locked_sign) pthread_mutex_unlock(&sign_lock);}
+
+pthread_mutex_t verify_lock = PTHREAD_MUTEX_INITIALIZER;
+static int locked_verify = 0;
+static void VERIFY_LOCK() {if (locked_verify) pthread_mutex_lock(&verify_lock);}
+static void VERIFY_UNLOCK() {if (locked_verify) pthread_mutex_unlock(&verify_lock);}
+
+pthread_mutex_t failure_count_lock = PTHREAD_MUTEX_INITIALIZER;
+long failure_count = 0;
+static void
+failure()
+{
+	pthread_mutex_lock(&failure_count_lock);
+	failure_count++;
+	pthread_mutex_unlock(&failure_count_lock);
+}
+
+static void *
+thread_main(void *argp)
+{
+	struct thread_args *args = argp;
+	unsigned char *signature;
+	unsigned int signature_len, signature_alloc_len;
+	int ret, i;
+
+	signature_alloc_len = args->signature_len;
+	if (RSA_size(args->rsa) > signature_alloc_len) {
+		signature_alloc_len = RSA_size(args->rsa);
+	}
+	signature = malloc(signature_alloc_len);
+	if (signature == NULL) {
+		fprintf(stderr, "Skipping checks in thread %lu -- %s.\n",
+			(unsigned long) pthread_self(), strerror(errno));
+		pthread_exit(0);
+		return NULL;
+	}
+	for (i = 0; i < ITERATION_COUNT; i++) {
+		signature_len = signature_alloc_len;
+		SIGN_LOCK();
+		ret = RSA_check_key(args->rsa);
+		ERR_print_errors_fp(stdout);
+		if (ret != 1) {
+			failure();
+			break;
+		}
+		ret = RSA_sign(args->digest_type,
+			       args->digest,
+			       args->digest_len,
+			       signature, &signature_len,
+			       args->rsa);
+		SIGN_UNLOCK();
+		ERR_print_errors_fp(stdout);
+		if (ret != 1) {
+			failure();
+			break;
+		}
+
+		VERIFY_LOCK();
+		ret = RSA_verify(args->digest_type,
+			         args->digest,
+			         args->digest_len,
+			         signature, signature_len,
+			         args->rsa);
+		VERIFY_UNLOCK();
+		if (ret != 1) {
+			fprintf(stderr,
+				"Signature from thread %lu(%d) fails "
+				"verification (passed in thread #%lu)!\n",
+				(long) pthread_self(), i,
+				(long) args->main_thread);
+			ERR_print_errors_fp(stdout);
+			failure();
+			continue;
+		}
+		if (print) {
+			fprintf(stderr, ">%d\n", i);
+		}
+	}
+	free(signature);
+
+	pthread_exit(0);
+
+	return NULL;
+}
+
+unsigned char *
+xmemdup(unsigned char *s, size_t len)
+{
+	unsigned char *r;
+	r = malloc(len);
+	if (r == NULL) {
+		fprintf(stderr, "Out of memory.\n");
+		ERR_print_errors_fp(stdout);
+		assert(r != NULL);
+	}
+	memcpy(r, s, len);
+	return r;
+}
+
+int
+main(int argc, char **argv)
+{
+	RSA *rsa;
+	MD5_CTX md5;
+	int fd, i;
+	pthread_t threads[MAX_THREAD_COUNT];
+	int thread_count = 1000;
+	unsigned char *message, *digest;
+	unsigned int message_len, digest_len;
+	unsigned char *correct_signature;
+	unsigned int correct_siglen, ret;
+	struct thread_args master_args, *args;
+	int sync = 0, seed = 0;
+	int again = 1;
+#ifdef USE_ENGINE
+	char *engine = NULL;
+	ENGINE *e = NULL;
+#endif
+
+	pthread_mutex_init(&failure_count_lock, NULL);
+
+	for (i = 1; i < argc; i++) {
+		if (strcmp(argv[i], "--seed") == 0) {
+			printf("Seeding PRNG.\n");
+			seed++;
+		} else
+		if (strcmp(argv[i], "--sync") == 0) {
+			printf("Running synchronized.\n");
+			sync++;
+		} else
+		if ((strcmp(argv[i], "--threads") == 0) && (i < argc - 1)) {
+			i++;
+			thread_count = atol(argv[i]);
+			if (thread_count > MAX_THREAD_COUNT) {
+				thread_count = MAX_THREAD_COUNT;
+			}
+			printf("Starting %d threads.\n", thread_count);
+			sync++;
+		} else
+		if (strcmp(argv[i], "--sign") == 0) {
+			printf("Locking signing.\n");
+			locked_sign++;
+		} else
+		if (strcmp(argv[i], "--verify") == 0) {
+			printf("Locking verifies.\n");
+			locked_verify++;
+		} else
+		if (strcmp(argv[i], "--print") == 0) {
+			printf("Tracing.\n");
+			print++;
+#ifdef USE_ENGINE
+		} else
+		if ((strcmp(argv[i], "--engine") == 0) && (i < argc - 1)) {
+			printf("Using engine \"%s\".\n", argv[i + 1]);
+			engine = argv[i + 1];
+			i++;
+#endif
+		} else {
+			printf("Bad argument: %s\n", argv[i]);
+			return 1;
+		}
+	}
+
+	/* Get some random data to sign. */
+	fd = open("/dev/urandom", O_RDONLY);
+	if (fd == -1) {
+		fprintf(stderr, "Error opening /dev/urandom: %s\n",
+			strerror(errno));
+	}
+
+	if (print) {
+		fprintf(stderr, "Reading random data.\n");
+	}
+	message = malloc(message_len = 9371);
+	read(fd, message, message_len);
+	close(fd);
+
+	/* Initialize the SSL library and set up thread-safe locking. */
+	ERR_load_crypto_strings();
+	SSL_library_init();
+	mutex_locks = malloc(sizeof(pthread_mutex_t) * CRYPTO_num_locks());
+	for (i = 0; i < CRYPTO_num_locks(); i++) {
+		pthread_mutex_init(&mutex_locks[i], NULL);
+	}
+	CRYPTO_set_id_callback(thread_id_cb);
+	CRYPTO_set_locking_callback(lock_cb);
+	ERR_print_errors_fp(stdout);
+
+	/* Seed the PRNG if we were asked to do so. */
+	if (seed) {
+		if (print) {
+			fprintf(stderr, "Seeding PRNG.\n");
+		}
+		RAND_add(message, message_len, message_len);
+		ERR_print_errors_fp(stdout);
+	}
+
+	/* Turn on a hardware crypto device if asked to do so. */
+#ifdef USE_ENGINE
+	if (engine) {
+#if OPENSSL_VERSION_NUMBER  >= 0x0090700fL
+		ENGINE_load_builtin_engines();
+#endif
+		if (print) {
+			fprintf(stderr, "Initializing \"%s\" engine.\n",
+				engine);
+		}
+		e = ENGINE_by_id(engine);
+		ERR_print_errors_fp(stdout);
+		if (e) {
+			i = ENGINE_init(e);
+			ERR_print_errors_fp(stdout);
+			i = ENGINE_set_default_RSA(e);
+			ERR_print_errors_fp(stdout);
+		}
+	}
+#endif
+
+	/* Compute the digest for the signature. */
+	if (print) {
+		fprintf(stderr, "Computing digest.\n");
+	}
+	digest = malloc(digest_len = MD5_DIGEST_LENGTH);
+	MD5_Init(&md5);
+	MD5_Update(&md5, message, message_len);
+	MD5_Final(digest, &md5);
+
+	/* Generate a signing key. */
+	if (print) {
+		fprintf(stderr, "Generating key.\n");
+	}
+	rsa = RSA_generate_key(4096, 3, NULL, NULL);
+	ERR_print_errors_fp(stdout);
+	if (rsa == NULL) {
+		_exit(1);
+	}
+
+	/* Sign the data. */
+	correct_siglen = RSA_size(rsa);
+	correct_signature = malloc(correct_siglen);
+	for (i = 0; i < MAIN_COUNT; i++) {
+		if (print) {
+			fprintf(stderr, "Signing data (%d).\n", i);
+		}
+		ret = RSA_check_key(rsa);
+		ERR_print_errors_fp(stdout);
+		if (ret != 1) {
+			failure();
+		}
+		correct_siglen = RSA_size(rsa);
+		ret = RSA_sign(NID_md5, digest, digest_len,
+			       correct_signature, &correct_siglen,
+			       rsa);
+		ERR_print_errors_fp(stdout);
+		if (ret != 1) {
+			_exit(2);
+		}
+		if (print) {
+			fprintf(stderr, "Verifying data (%d).\n", i);
+		}
+		ret = RSA_verify(NID_md5, digest, digest_len,
+			         correct_signature, correct_siglen,
+			         rsa);
+		if (ret != 1) {
+			_exit(2);
+		}
+	}
+
+	/* Collect up the inforamtion which other threads will need for
+	 * comparing their signature results with ours. */
+	master_args.rsa = rsa;
+	master_args.digest_type = NID_md5;
+	master_args.digest = digest;
+	master_args.digest_len = digest_len;
+	master_args.signature = correct_signature;
+	master_args.signature_len = correct_siglen;
+	master_args.main_thread = pthread_self();
+	
+	fprintf(stdout, "Performing %d signatures in each of %d threads "
+		"(%d, %d).\n", ITERATION_COUNT, thread_count,
+		digest_len, correct_siglen);
+	fflush(NULL);
+
+	/* Start up all of the threads. */
+	for (i = 0; i < thread_count; i++) {
+		args = malloc(sizeof(struct thread_args));
+		args->rsa = RSAPrivateKey_dup(master_args.rsa);
+		args->digest_type = master_args.digest_type;
+		args->digest_len = master_args.digest_len;
+		args->digest = xmemdup(master_args.digest, args->digest_len);
+		args->signature_len = master_args.signature_len;
+		args->signature = xmemdup(master_args.signature,
+					  args->signature_len);
+		args->main_thread = pthread_self();
+		ret = pthread_create(&threads[i], NULL, thread_main, args);
+		while ((ret != 0) && (errno == EAGAIN)) {
+			ret = pthread_create(&threads[i], NULL,
+					     thread_main, &args);
+			fprintf(stderr, "Thread limit hit at %d.\n", i);
+		}
+		if (ret != 0) {
+			fprintf(stderr, "Unable to create thread %d: %s.\n",
+				i, strerror(errno));
+			threads[i] = -1;
+		} else {
+			if (sync) {
+				ret = pthread_join(threads[i], NULL);
+				assert(ret == 0);
+			}
+			if (print) {
+				fprintf(stderr, "%d\n", i);
+			}
+		}
+	}
+
+	/* Wait for all threads to complete.  So long as we can find an
+	 * unjoined thread, keep joining threads. */
+	do {
+		again = 0;
+		for (i = 0; i < thread_count; i++) {
+			/* If we have an unterminated thread, join it. */
+			if (threads[i] != -1) {
+				again = 1;
+				if (print) {
+					fprintf(stderr, "Joining thread %d.\n",
+						i);
+				}
+				pthread_join(threads[i], NULL);
+				threads[i] = -1;
+				break;
+			}
+		}
+	} while (again == 1);
+
+	fprintf(stderr, "%ld failures\n", failure_count);
+
+	return (failure_count != 0);
+}
diff --git a/SOURCES/opensslconf-new-warning.h b/SOURCES/opensslconf-new-warning.h
new file mode 100644
index 0000000..de091c8
--- /dev/null
+++ b/SOURCES/opensslconf-new-warning.h
@@ -0,0 +1,7 @@
+/* Prepended at openssl package build-time.  Don't include this file directly,
+ * use <openssl/opensslconf.h> instead. */
+
+#ifndef openssl_opensslconf_multilib_redirection_h
+#error "Don't include this file directly, use <openssl/opensslconf.h> instead!"
+#endif
+
diff --git a/SOURCES/opensslconf-new.h b/SOURCES/opensslconf-new.h
new file mode 100644
index 0000000..cf22738
--- /dev/null
+++ b/SOURCES/opensslconf-new.h
@@ -0,0 +1,34 @@
+/* This file is here to prevent a file conflict on multiarch systems.  A
+ * conflict will frequently occur because arch-specific build-time
+ * configuration options are stored (and used, so they can't just be stripped
+ * out) in opensslconf.h.  The original opensslconf.h has been renamed.
+ * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
+
+#ifdef openssl_opensslconf_multilib_redirection_h
+#error "Do not define openssl_opensslconf_multilib_redirection_h!"
+#endif
+#define openssl_opensslconf_multilib_redirection_h
+
+#if defined(__i386__)
+#include "opensslconf-i386.h"
+#elif defined(__ia64__)
+#include "opensslconf-ia64.h"
+#elif defined(__powerpc64__)
+#include "opensslconf-ppc64.h"
+#elif defined(__powerpc__)
+#include "opensslconf-ppc.h"
+#elif defined(__s390x__)
+#include "opensslconf-s390x.h"
+#elif defined(__s390__)
+#include "opensslconf-s390.h"
+#elif defined(__sparc__) && defined(__arch64__)
+#include "opensslconf-sparc64.h"
+#elif defined(__sparc__)
+#include "opensslconf-sparc.h"
+#elif defined(__x86_64__)
+#include "opensslconf-x86_64.h"
+#else
+#error "This openssl-devel package does not work your architecture?"
+#endif
+
+#undef openssl_opensslconf_multilib_redirection_h
diff --git a/SOURCES/renew-dummy-cert b/SOURCES/renew-dummy-cert
new file mode 100755
index 0000000..50f9931
--- /dev/null
+++ b/SOURCES/renew-dummy-cert
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+if [ $# -eq 0 ]; then
+	echo $"Usage: `basename $0` filename" 1>&2
+	exit 1
+fi
+
+PEM=$1
+REQ=`/bin/mktemp /tmp/openssl.XXXXXX`
+KEY=`/bin/mktemp /tmp/openssl.XXXXXX`
+CRT=`/bin/mktemp /tmp/openssl.XXXXXX`
+NEW=${PEM}_
+
+trap "rm -f $REQ $KEY $CRT $NEW" SIGINT
+
+if [ ! -f $PEM ]; then
+	echo "$PEM: file not found" 1>&2
+	exit 1
+fi
+
+let -a SERIAL=0x$(openssl x509 -in $PEM -noout -serial | cut -d= -f2)
+let SERIAL++
+
+umask 077
+
+OWNER=`ls -l $PEM | awk '{ printf "%s.%s", $3, $4; }'`
+
+openssl rsa -inform pem -in $PEM -out $KEY
+openssl x509 -x509toreq -in $PEM -signkey $KEY -out $REQ
+openssl x509 -req -in $REQ -signkey $KEY -set_serial $SERIAL -days 365 \
+	-extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -out $CRT
+
+(cat $KEY ; echo "" ; cat $CRT) > $NEW
+
+chown $OWNER $NEW
+
+mv -f $NEW $PEM
+
+rm -f $REQ $KEY $CRT
+
+exit 0
+
diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec
new file mode 100644
index 0000000..ee81939
--- /dev/null
+++ b/SPECS/openssl.spec
@@ -0,0 +1,1627 @@
+# For the curious:
+# 0.9.5a soversion = 0
+# 0.9.6  soversion = 1
+# 0.9.6a soversion = 2
+# 0.9.6c soversion = 3
+# 0.9.7a soversion = 4
+# 0.9.7ef soversion = 5
+# 0.9.8ab soversion = 6
+# 0.9.8g soversion = 7
+# 0.9.8jk + EAP-FAST soversion = 8
+# 1.0.0 soversion = 10
+%define soversion 10
+
+# Number of threads to spawn when testing some threading fixes.
+%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
+
+# Arches on which we need to prevent arch conflicts on opensslconf.h, must
+# also be handled in opensslconf-new.h.
+%define multilib_arches %{ix86} ia64 ppc %{power64} s390 s390x sparcv9 sparc64 x86_64
+
+Summary: Utilities from the general purpose cryptography library with TLS implementation
+Name: openssl
+Version: 1.0.1e
+Release: 23%{?dist}
+Epoch: 1
+# We have to remove certain patented algorithms from the openssl source
+# tarball with the hobble-openssl script which is included below.
+# The original openssl upstream tarball cannot be shipped in the .src.rpm.
+Source: openssl-%{version}-hobbled.tar.xz
+Source1: hobble-openssl
+Source2: Makefile.certificate
+Source6: make-dummy-cert
+Source7: renew-dummy-cert
+Source8: openssl-thread-test.c
+Source9: opensslconf-new.h
+Source10: opensslconf-new-warning.h
+Source11: README.FIPS
+Source12: ec_curve.c
+Source13: ectest.c
+# Build changes
+Patch1: openssl-1.0.1-beta2-rpmbuild.patch
+Patch2: openssl-1.0.0f-defaults.patch
+Patch4: openssl-1.0.0-beta5-enginesdir.patch
+Patch5: openssl-0.9.8a-no-rpath.patch
+Patch6: openssl-0.9.8b-test-use-localhost.patch
+Patch7: openssl-1.0.0-timezone.patch
+Patch8: openssl-1.0.1c-perlfind.patch
+Patch9: openssl-1.0.1c-aliasing.patch
+# Bug fixes
+Patch23: openssl-1.0.1c-default-paths.patch
+Patch24: openssl-1.0.1e-issuer-hash.patch
+# Functionality changes
+Patch33: openssl-1.0.0-beta4-ca-dir.patch
+Patch34: openssl-0.9.6-x509.patch
+Patch35: openssl-0.9.8j-version-add-engines.patch
+Patch36: openssl-1.0.0e-doc-noeof.patch
+Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
+Patch39: openssl-1.0.1c-ipv6-apps.patch
+Patch40: openssl-1.0.1e-fips.patch
+Patch45: openssl-1.0.1e-env-zlib.patch
+Patch47: openssl-1.0.0-beta5-readme-warning.patch
+Patch49: openssl-1.0.1a-algo-doc.patch
+Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
+Patch51: openssl-1.0.1e-version.patch
+Patch56: openssl-1.0.0c-rsa-x931.patch
+Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
+Patch60: openssl-1.0.0d-apps-dgst.patch
+Patch63: openssl-1.0.0d-xmpp-starttls.patch
+Patch65: openssl-1.0.0e-chil-fixes.patch
+Patch66: openssl-1.0.1-pkgconfig-krb5.patch
+Patch68: openssl-1.0.1e-secure-getenv.patch
+Patch69: openssl-1.0.1c-dh-1024.patch
+Patch70: openssl-1.0.1e-fips-ec.patch
+Patch71: openssl-1.0.1e-manfix.patch
+Patch72: openssl-1.0.1e-fips-ctor.patch
+Patch73: openssl-1.0.1e-ecc-suiteb.patch
+# Backported fixes including security fixes
+Patch81: openssl-1.0.1-beta2-padlock64.patch
+Patch82: openssl-1.0.1e-backports.patch
+Patch83: openssl-1.0.1e-bad-mac.patch
+Patch84: openssl-1.0.1e-trusted-first.patch
+Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
+
+License: OpenSSL
+Group: System Environment/Libraries
+URL: http://www.openssl.org/
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
+BuildRequires: coreutils, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp
+BuildRequires: /usr/bin/rename
+Requires: coreutils, make
+Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+
+%description
+The OpenSSL toolkit provides support for secure communications between
+machines. OpenSSL includes a certificate management tool and shared
+libraries which provide various cryptographic algorithms and
+protocols.
+
+%package libs
+Summary: A general purpose cryptography library with TLS implementation
+Group: System Environment/Libraries
+Requires: ca-certificates >= 2008-5
+# Needed obsoletes due to the base/lib subpackage split
+Obsoletes: openssl < 1:1.0.1-0.3.beta3
+
+%description libs
+OpenSSL is a toolkit for supporting cryptography. The openssl-libs
+package contains the libraries that are used by various applications which
+support cryptographic algorithms and protocols.
+
+%package devel
+Summary: Files for development of applications which will use OpenSSL
+Group: Development/Libraries
+Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: krb5-devel%{?_isa}, zlib-devel%{?_isa}
+Requires: pkgconfig
+
+%description devel
+OpenSSL is a toolkit for supporting cryptography. The openssl-devel
+package contains include files needed to develop applications which
+support various cryptographic algorithms and protocols.
+
+%package static
+Summary:  Libraries for static linking of applications which will use OpenSSL
+Group: Development/Libraries
+Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
+
+%description static
+OpenSSL is a toolkit for supporting cryptography. The openssl-static
+package contains static libraries needed for static linking of
+applications which support various cryptographic algorithms and
+protocols.
+
+%package perl
+Summary: Perl scripts provided with OpenSSL
+Group: Applications/Internet
+Requires: perl
+Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
+
+%description perl
+OpenSSL is a toolkit for supporting cryptography. The openssl-perl
+package provides Perl scripts for converting certificates and keys
+from other formats to the formats used by the OpenSSL toolkit.
+
+%prep
+%setup -q -n %{name}-%{version}
+
+# The hobble_openssl is called here redundantly, just to be sure.
+# The tarball has already the sources removed.
+%{SOURCE1} > /dev/null
+
+cp %{SOURCE12} %{SOURCE13} crypto/ec/
+
+%patch1 -p1 -b .rpmbuild
+%patch2 -p1 -b .defaults
+%patch4 -p1 -b .enginesdir %{?_rawbuild}
+%patch5 -p1 -b .no-rpath
+%patch6 -p1 -b .use-localhost
+%patch7 -p1 -b .timezone
+%patch8 -p1 -b .perlfind %{?_rawbuild}
+%patch9 -p1 -b .aliasing
+
+%patch23 -p1 -b .default-paths
+%patch24 -p1 -b .issuer-hash
+
+%patch33 -p1 -b .ca-dir
+%patch34 -p1 -b .x509
+%patch35 -p1 -b .version-add-engines
+%patch36 -p1 -b .doc-noeof
+%patch38 -p1 -b .op-all
+%patch39 -p1 -b .ipv6-apps
+%patch40 -p1 -b .fips
+%patch45 -p1 -b .env-zlib
+%patch47 -p1 -b .warning
+%patch49 -p1 -b .algo-doc
+%patch50 -p1 -b .dtls1-abi
+%patch51 -p1 -b .version
+%patch56 -p1 -b .x931
+%patch58 -p1 -b .md5-allow
+%patch60 -p1 -b .dgst
+%patch63 -p1 -b .starttls
+%patch65 -p1 -b .chil
+%patch66 -p1 -b .krb5
+%patch68 -p1 -b .secure-getenv
+%patch69 -p1 -b .dh1024
+%patch70 -p1 -b .fips-ec
+%patch72 -p1 -b .fips-ctor
+%patch73 -p1 -b .suiteb
+
+%patch81 -p1 -b .padlock64
+%patch82 -p1 -b .backports
+%patch71 -p1 -b .manfix
+%patch83 -p1 -b .bad-mac
+%patch84 -p1 -b .trusted-first
+%patch85 -p1 -b .armcap
+
+sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
+
+# Modify the various perl scripts to reference perl in the right location.
+perl util/perlpath.pl `dirname %{__perl}`
+
+# Generate a table with the compile settings for my perusal.
+touch Makefile
+make TABLE PERL=%{__perl}
+
+%build
+# Figure out which flags we want to use.
+# default
+sslarch=%{_os}-%{_target_cpu}
+%ifarch %ix86
+sslarch=linux-elf
+if ! echo %{_target} | grep -q i686 ; then
+	sslflags="no-asm 386"
+fi
+%endif
+%ifarch sparcv9
+sslarch=linux-sparcv9
+sslflags=no-asm
+%endif
+%ifarch sparc64
+sslarch=linux64-sparcv9
+sslflags=no-asm
+%endif
+%ifarch alpha alphaev56 alphaev6 alphaev67
+sslarch=linux-alpha-gcc
+%endif
+%ifarch s390 sh3eb sh4eb
+sslarch="linux-generic32 -DB_ENDIAN"
+%endif
+%ifarch s390x
+sslarch="linux64-s390x"
+%endif
+%ifarch %{arm}
+sslarch=linux-armv4
+%endif
+%ifarch sh3 sh4
+sslarch=linux-generic32
+%endif
+%ifarch %{power64}
+sslarch=linux-ppc64
+%endif
+
+# ia64, x86_64, ppc are OK by default
+# Configure the build tree.  Override OpenSSL defaults with known-good defaults
+# usable on all platforms.  The Configure script already knows to use -fPIC and
+# RPM_OPT_FLAGS, so we can skip specifiying them here.
+./Configure \
+	--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
+	zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
+	enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \
+	--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
+	--with-krb5-dir=/usr shared  ${sslarch} %{?!nofips:fips}
+
+# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
+# marked as not requiring an executable stack.
+# Also add -DPURIFY to make using valgrind with openssl easier as we do not
+# want to depend on the uninitialized memory as a source of entropy anyway.
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
+make depend
+make all
+
+# Generate hashes for the included certs.
+make rehash
+
+# Overwrite FIPS README
+cp -f %{SOURCE11} .
+
+%check
+# Verify that what was compiled actually works.
+
+# We must revert patch33 before tests otherwise they will fail
+patch -p1 -R < %{PATCH33}
+
+LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
+export LD_LIBRARY_PATH
+make -C test apps tests
+%{__cc} -o openssl-thread-test \
+	`krb5-config --cflags` \
+	-I./include \
+	$RPM_OPT_FLAGS \
+	%{SOURCE8} \
+	-L. \
+	-lssl -lcrypto \
+	`krb5-config --libs` \
+	-lpthread -lz -ldl
+./openssl-thread-test --threads %{thread_test_threads}
+
+# Add generation of HMAC checksum of the final stripped library
+%define __spec_install_post \
+    %{?__debug_package:%{__debug_install_post}} \
+    %{__arch_install_post} \
+    %{__os_install_post} \
+    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
+    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
+    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
+    ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
+%{nil}
+
+%define __provides_exclude_from %{_libdir}/openssl
+
+%install
+[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+# Install OpenSSL.
+install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
+make INSTALL_PREFIX=$RPM_BUILD_ROOT install
+make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs
+mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
+rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
+rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
+mkdir $RPM_BUILD_ROOT/%{_lib}
+for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
+	chmod 755 ${lib}
+	ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
+	ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
+done
+
+# Install a makefile for generating keys and self-signed certs, and a script
+# for generating them on the fly.
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
+install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
+install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
+install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/renew-dummy-cert
+
+# Make sure we actually include the headers we built against.
+for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
+	if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then
+		install -m644 include/openssl/`basename ${header}` ${header}
+	fi
+done
+
+# Rename man pages so that they don't conflict with other system man pages.
+pushd $RPM_BUILD_ROOT%{_mandir}
+ln -s -f config.5 man5/openssl.cnf.5
+for manpage in man*/* ; do
+	if [ -L ${manpage} ]; then
+		TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
+		ln -snf ${TARGET}ssl ${manpage}ssl
+		rm -f ${manpage}
+	else
+		mv ${manpage} ${manpage}ssl
+	fi
+done
+for conflict in passwd rand ; do
+	rename ${conflict} ssl${conflict} man*/${conflict}*
+done
+popd
+
+# Pick a CA script.
+pushd  $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
+mv CA.sh CA
+popd
+
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
+mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
+
+# Ensure the openssl.cnf timestamp is identical across builds to avoid
+# mulitlib conflicts and unnecessary renames on upgrade
+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
+
+# Determine which arch opensslconf.h is going to try to #include.
+basearch=%{_arch}
+%ifarch %{ix86}
+basearch=i386
+%endif
+%ifarch sparcv9
+basearch=sparc
+%endif
+%ifarch sparc64
+basearch=sparc64
+%endif
+
+%ifarch %{multilib_arches}
+# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
+# can have both a 32- and 64-bit version of the library, and they each need
+# their own correct-but-different versions of opensslconf.h to be usable.
+install -m644 %{SOURCE10} \
+	$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
+cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \
+	$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
+install -m644 %{SOURCE9} \
+	$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
+%endif
+
+# Remove unused files from upstream fips support
+rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
+rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.*
+rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
+
+%clean
+[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root)
+%doc FAQ LICENSE CHANGES NEWS INSTALL README
+%doc doc/c-indentation.el doc/openssl.txt
+%doc doc/openssl_button.html doc/openssl_button.gif
+%doc doc/ssleay.txt
+%doc README.FIPS
+%{_sysconfdir}/pki/tls/certs/make-dummy-cert
+%{_sysconfdir}/pki/tls/certs/renew-dummy-cert
+%{_sysconfdir}/pki/tls/certs/Makefile
+%{_sysconfdir}/pki/tls/misc/CA
+%dir %{_sysconfdir}/pki/CA
+%dir %{_sysconfdir}/pki/CA/private
+%dir %{_sysconfdir}/pki/CA/certs
+%dir %{_sysconfdir}/pki/CA/crl
+%dir %{_sysconfdir}/pki/CA/newcerts
+%{_sysconfdir}/pki/tls/misc/c_*
+%attr(0755,root,root) %{_bindir}/openssl
+%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
+%attr(0644,root,root) %{_mandir}/man5*/*
+%attr(0644,root,root) %{_mandir}/man7*/*
+
+%files libs
+%defattr(-,root,root)
+%doc LICENSE
+%dir %{_sysconfdir}/pki/tls
+%dir %{_sysconfdir}/pki/tls/certs
+%dir %{_sysconfdir}/pki/tls/misc
+%dir %{_sysconfdir}/pki/tls/private
+%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
+%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
+%attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion}
+%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
+%attr(0755,root,root) %{_libdir}/libssl.so.%{soversion}
+%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
+%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
+%attr(0755,root,root) %{_libdir}/openssl
+
+%files devel
+%defattr(-,root,root)
+%{_prefix}/include/openssl
+%attr(0755,root,root) %{_libdir}/*.so
+%attr(0644,root,root) %{_mandir}/man3*/*
+%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
+
+%files static
+%defattr(-,root,root)
+%attr(0644,root,root) %{_libdir}/*.a
+
+%files perl
+%defattr(-,root,root)
+%attr(0755,root,root) %{_bindir}/c_rehash
+%attr(0644,root,root) %{_mandir}/man1*/*.pl*
+%{_sysconfdir}/pki/tls/misc/*.pl
+%{_sysconfdir}/pki/tls/misc/tsget
+
+%post libs -p /sbin/ldconfig
+
+%postun libs -p /sbin/ldconfig
+
+%changelog
+* Fri Nov  8 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-23
+- add back support for secp521r1 EC curve
+- add aarch64 to Configure (#969692)
+
+* Thu Oct 24 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-22
+- do not advertise ECC curves we do not support (#1022493)
+
+* Fri Oct  4 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-21
+- make DTLS1 work in FIPS mode
+- avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode
+- drop the -fips subpackage, installation of dracut-fips marks that the FIPS
+  module is installed
+- avoid dlopening libssl.so from libcrypto
+- fix small memory leak in FIPS aes selftest
+- fix segfault in openssl speed hmac in the FIPS mode
+
+* Thu Sep 12 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-20
+- document the nextprotoneg option in manual pages
+  original patch by Hubert Kario
+- try to avoid some races when updating the -fips subpackage
+
+* Mon Sep  2 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-19
+- use version-release in .hmac suffix to avoid overwrite
+  during upgrade
+
+* Thu Aug 29 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-18
+- always perform the FIPS selftests in library constructor
+  if FIPS module is installed
+
+* Tue Aug 27 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-16
+- add -fips subpackage that contains the FIPS module files
+
+* Fri Aug 16 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-15
+- fix use of rdrand if available
+- more commits cherry picked from upstream
+- documentation fixes
+
+* Fri Jul 26 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-14
+- additional manual page fix
+- use symbol versioning also for the textual version
+
+* Thu Jul 25 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-13
+- additional manual page fixes
+- cleanup speed command output for ECDH ECDSA
+
+* Fri Jul 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-12
+- use _prefix macro
+
+* Thu Jul 11 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-11
+- add openssl.cnf.5 manpage symlink to config.5
+
+* Wed Jul 10 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-10
+- add relro linking flag
+
+* Wed Jul 10 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-9
+- add support for the -trusted_first option for certificate chain verification
+
+* Fri May 10 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-8
+- disable GOST engine
+
+* Thu May  9 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-7
+- add symbol version for ECC functions
+
+* Fri May  3 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-6
+- update the FIPS selftests to use 256 bit curves
+
+* Tue Apr 30 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-5
+- enabled NIST Suite B ECC curves and algorithms
+
+* Mon Mar 18 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-4
+- fix random bad record mac errors (#918981)
+
+* Tue Feb 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-3
+- fix up the SHLIB_VERSION_NUMBER
+
+* Tue Feb 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-2
+- disable ZLIB loading by default (due to CRIME attack)
+
+* Tue Feb 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-1
+- new upstream version
+
+* Wed Jan 30 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1c-12
+- more fixes from upstream
+- fix errors in manual causing build failure (#904777)
+
+* Fri Dec 21 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-11
+- add script for renewal of a self-signed cert by Philip Prindeville (#871566)
+- allow X509_issuer_and_serial_hash() produce correct result in
+  the FIPS mode (#881336)
+
+* Thu Dec  6 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-10
+- do not load default verify paths if CApath or CAfile specified (#884305)
+
+* Tue Nov 20 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-9
+- more fixes from upstream CVS
+- fix DSA key pairwise check (#878597)
+
+* Thu Nov 15 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-8
+- use 1024 bit DH parameters in s_server as 512 bit is not allowed
+  in FIPS mode and it is quite weak anyway
+
+* Mon Sep 10 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-7
+- add missing initialization of str in aes_ccm_init_key (#853963)
+- add important patches from upstream CVS
+- use the secure_getenv() with new glibc
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1c-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jul 13 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-5
+- use __getenv_secure() instead of __libc_enable_secure
+
+* Fri Jul 13 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-4
+- do not move libcrypto to /lib
+- do not use environment variables if __libc_enable_secure is on
+- fix strict aliasing problems in modes
+
+* Thu Jul 12 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-3
+- fix DSA key generation in FIPS mode (#833866)
+- allow duplicate FIPS_mode_set(1)
+- enable build on ppc64 subarch (#834652)
+
+* Wed Jul 11 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-2
+- fix s_server with new glibc when no global IPv6 address (#839031)
+- make it build with new Perl
+
+* Tue May 15 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-1
+- new upstream version
+
+* Thu Apr 26 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1b-1
+- new upstream version
+
+* Fri Apr 20 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1a-1
+- new upstream version fixing CVE-2012-2110
+
+* Wed Apr 11 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-3
+- add Kerberos 5 libraries to pkgconfig for static linking (#807050)
+
+* Thu Apr  5 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-2
+- backports from upstream CVS
+- fix segfault when /dev/urandom is not available (#809586)
+
+* Wed Mar 14 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-1
+- new upstream release
+
+* Mon Mar  5 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.3.beta3
+- add obsoletes to assist multilib updates (#799636)
+
+* Wed Feb 29 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.2.beta3
+- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
+- new upstream release from the 1.0.1 branch
+- fix s390x build (#798411)
+- versioning for the SSLeay symbol (#794950)
+- add -DPURIFY to build flags (#797323)
+- filter engine provides
+- split the libraries to a separate -libs package
+- add make to requires on the base package (#783446)
+
+* Tue Feb  7 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.1.beta2
+- new upstream release from the 1.0.1 branch, ABI compatible
+- add documentation for the -no_ign_eof option
+
+* Thu Jan 19 2012 Tomas Mraz <tmraz@redhat.com> 1.0.0g-1
+- new upstream release fixing CVE-2012-0050 - DoS regression in
+  DTLS support introduced by the previous release (#782795)
+
+* Thu Jan  5 2012 Tomas Mraz <tmraz@redhat.com> 1.0.0f-1
+- new upstream release fixing multiple CVEs
+
+* Tue Nov 22 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-4
+- move the libraries needed for static linking to Libs.private
+
+* Thu Nov  3 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-3
+- do not use AVX instructions when osxsave bit not set
+- add direct known answer tests for SHA2 algorithms
+
+* Wed Sep 21 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-2
+- fix missing initialization of variable in CHIL engine
+
+* Wed Sep  7 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0e-1
+- new upstream release fixing CVE-2011-3207 (#736088)
+
+* Wed Aug 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-8
+- drop the separate engine for Intel acceleration improvements
+  and merge in the AES-NI, SHA1, and RC4 optimizations
+- add support for OPENSSL_DISABLE_AES_NI environment variable
+  that disables the AES-NI support
+
+* Tue Jul 26 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-7
+- correct openssl cms help output (#636266)
+- more tolerant starttls detection in XMPP protocol (#608239)
+
+* Wed Jul 20 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-6
+- add support for newest Intel acceleration improvements backported
+  from upstream by Intel in form of a separate engine
+
+* Thu Jun  9 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-5
+- allow the AES-NI engine in the FIPS mode
+
+* Tue May 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-4
+- add API necessary for CAVS testing of the new DSA parameter generation
+
+* Thu Apr 28 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-3
+- add support for VIA Padlock on 64bit arch from upstream (#617539)
+- do not return bogus values from load_certs (#652286)
+
+* Tue Apr  5 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-2
+- clarify apps help texts for available digest algorithms (#693858)
+
+* Thu Feb 10 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0d-1
+- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0c-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Fri Feb  4 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0c-3
+- add -x931 parameter to openssl genrsa command to use the ANSI X9.31
+  key generation method
+- use FIPS-186-3 method for DSA parameter generation
+- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
+  to allow using MD5 when the system is in the maintenance state
+  even if the /proc fips flag is on
+- make openssl pkcs12 command work by default in the FIPS mode
+
+* Mon Jan 24 2011 Tomas Mraz <tmraz@redhat.com> 1.0.0c-2
+- listen on ipv6 wildcard in s_server so we accept connections
+  from both ipv4 and ipv6 (#601612)
+- fix openssl speed command so it can be used in the FIPS mode
+  with FIPS allowed ciphers
+
+* Fri Dec  3 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0c-1
+- new upstream version fixing CVE-2010-4180
+
+* Tue Nov 23 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-3
+- replace the revert for the s390x bignum asm routines with
+  fix from upstream
+
+* Mon Nov 22 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-2
+- revert upstream change in s390x bignum asm routines
+
+* Tue Nov 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0b-1
+- new upstream version fixing CVE-2010-3864 (#649304)
+
+* Tue Sep  7 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-3
+- make SHLIB_VERSION reflect the library suffix
+
+* Wed Jun 30 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-2
+- openssl man page fix (#609484)
+
+* Fri Jun  4 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0a-1
+- new upstream patch release, fixes CVE-2010-0742 (#598738)
+  and CVE-2010-1633 (#598732)
+
+* Wed May 19 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-5
+- pkgconfig files now contain the correct libdir (#593723)
+
+* Tue May 18 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-4
+- make CA dir readable - the private keys are in private subdir (#584810)
+
+* Fri Apr  9 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-3
+- a few fixes from upstream CVS
+- move libcrypto to /lib (#559953)
+
+* Tue Apr  6 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
+- set UTC timezone on pod2man run (#578842)
+- make X509_NAME_hash_old work in FIPS mode
+
+* Tue Mar 30 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
+- update to final 1.0.0 upstream release
+
+* Tue Feb 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.22.beta5
+- make TLS work in the FIPS mode
+
+* Fri Feb 12 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.21.beta5
+- gracefully handle zero length in assembler implementations of
+  OPENSSL_cleanse (#564029)
+- do not fail in s_server if client hostname not resolvable (#561260)
+
+* Wed Jan 20 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.20.beta5
+- new upstream release
+
+* Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.19.beta4
+- fix CVE-2009-4355 - leak in applications incorrectly calling
+  CRYPTO_free_all_ex_data() before application exit (#546707)
+- upstream fix for future TLS protocol version handling
+
+* Wed Jan 13 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.18.beta4
+- add support for Intel AES-NI
+
+* Thu Jan  7 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.17.beta4
+- upstream fix compression handling on session resumption
+- various null checks and other small fixes from upstream
+- upstream changes for the renegotiation info according to the latest draft
+
+* Mon Nov 23 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.16.beta4
+- fix non-fips mingw build (patch by Kalev Lember)
+- add IPV6 fix for DTLS
+
+* Fri Nov 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.15.beta4
+- add better error reporting for the unsafe renegotiation
+
+* Fri Nov 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.14.beta4
+- fix build on s390x
+
+* Wed Nov 18 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.13.beta4
+- disable enforcement of the renegotiation extension on the client (#537962)
+- add fixes from the current upstream snapshot
+
+* Fri Nov 13 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.12.beta4
+- keep the beta status in version number at 3 so we do not have to rebuild
+  openssh and possibly other dependencies with too strict version check
+
+* Thu Nov 12 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.11.beta4
+- update to new upstream version, no soname bump needed
+- fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used
+  so the compatibility with unfixed clients is not broken. The
+  protocol extension is also not final.
+
+* Fri Oct 16 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.10.beta3
+- fix use of freed memory if SSL_CTX_free() is called before
+  SSL_free() (#521342)
+
+* Thu Oct  8 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.9.beta3
+- fix typo in DTLS1 code (#527015)
+- fix leak in error handling of d2i_SSL_SESSION()
+
+* Wed Sep 30 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.8.beta3
+- fix RSA and DSA FIPS selftests
+- reenable fixed x86_64 camellia assembler code (#521127)
+
+* Fri Sep  4 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.7.beta3
+- temporarily disable x86_64 camellia assembler code (#521127)
+
+* Mon Aug 31 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.6.beta3
+- fix openssl dgst -dss1 (#520152)
+
+* Wed Aug 26 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.5.beta3
+- drop the compat symlink hacks
+
+* Sat Aug 22 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.4.beta3
+- constify SSL_CIPHER_description()
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.3.beta3
+- fix WWW:Curl:Easy reference in tsget
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.2.beta3
+- enable MD-2
+
+* Thu Aug 20 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.1.beta3
+- update to new major upstream release
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8k-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Jul 22 2009 Bill Nottingham <notting@redhat.com>
+- do not build special 'optimized' versions for i686, as that's the base
+  arch in Fedora now
+
+* Tue Jun 30 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-6
+- abort if selftests failed and random number generator is polled
+- mention EVP_aes and EVP_sha2xx routines in the manpages
+- add README.FIPS
+- make CA dir absolute path (#445344)
+- change default length for RSA key generation to 2048 (#484101)
+
+* Thu May 21 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-5
+- fix CVE-2009-1377 CVE-2009-1378 CVE-2009-1379
+  (DTLS DoS problems) (#501253, #501254, #501572)
+
+* Tue Apr 21 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-4
+- support compatibility DTLS mode for CISCO AnyConnect (#464629)
+
+* Fri Apr 17 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-3
+- correct the SHLIB_VERSION define
+
+* Wed Apr 15 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-2
+- add support for multiple CRLs with same subject
+- load only dynamic engine support in FIPS mode
+
+* Wed Mar 25 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8k-1
+- update to new upstream release (minor bug fixes, security
+  fixes and machine code optimizations only)
+
+* Thu Mar 19 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-10
+- move libraries to /usr/lib (#239375)
+
+* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-9
+- add a static subpackage
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Feb  2 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-7
+- must also verify checksum of libssl.so in the FIPS mode
+- obtain the seed for FIPS rng directly from the kernel device
+- drop the temporary symlinks
+
+* Mon Jan 26 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-6
+- drop the temporary triggerpostun and symlinking in post
+- fix the pkgconfig files and drop the unnecessary buildrequires
+  on pkgconfig as it is a rpmbuild dependency (#481419)
+
+* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-5
+- add temporary triggerpostun to reinstate the symlinks
+
+* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-4
+- no pairwise key tests in non-fips mode (#479817)
+
+* Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-3
+- even more robust test for the temporary symlinks
+
+* Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-2
+- try to ensure the temporary symlinks exist
+
+* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-1
+- new upstream version with necessary soname bump (#455753)
+- temporarily provide symlink to old soname to make it possible to rebuild
+  the dependent packages in rawhide
+- add eap-fast support (#428181)
+- add possibility to disable zlib by setting
+- add fips mode support for testing purposes
+- do not null dereference on some invalid smime files
+- add buildrequires pkgconfig (#479493)
+
+* Sun Aug 10 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-11
+- do not add tls extensions to server hello for SSLv3 either
+
+* Mon Jun  2 2008 Joe Orton <jorton@redhat.com> 0.9.8g-10
+- move root CA bundle to ca-certificates package
+
+* Wed May 28 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-9
+- fix CVE-2008-0891 - server name extension crash (#448492)
+- fix CVE-2008-1672 - server key exchange message omit crash (#448495)
+
+* Tue May 27 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-8
+- super-H arch support
+- drop workaround for bug 199604 as it should be fixed in gcc-4.3
+
+* Mon May 19 2008 Tom "spot" Callaway <tcallawa@redhat.com> 0.9.8g-7
+- sparc handling
+
+* Mon Mar 10 2008 Joe Orton <jorton@redhat.com> 0.9.8g-6
+- update to new root CA bundle from mozilla.org (r1.45)
+
+* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.9.8g-5
+- Autorebuild for GCC 4.3
+
+* Thu Jan 24 2008 Tomas Mraz <tmraz@redhat.com> 0.9.8g-4
+- merge review fixes (#226220)
+- adjust the SHLIB_VERSION_NUMBER to reflect library name (#429846)
+
+* Thu Dec 13 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-3
+- set default paths when no explicit paths are set (#418771)
+- do not add tls extensions to client hello for SSLv3 (#422081)
+
+* Tue Dec  4 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-2
+- enable some new crypto algorithms and features
+- add some more important bug fixes from openssl CVS
+
+* Mon Dec  3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8g-1
+- update to latest upstream release, SONAME bumped to 7
+
+* Mon Oct 15 2007 Joe Orton <jorton@redhat.com> 0.9.8b-17
+- update to new CA bundle from mozilla.org
+
+* Fri Oct 12 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-16
+- fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801)
+- fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191)
+- add alpha sub-archs (#296031)
+
+* Tue Aug 21 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-15
+- rebuild
+
+* Fri Aug  3 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-14
+- use localhost in testsuite, hopefully fixes slow build in koji
+- CVE-2007-3108 - fix side channel attack on private keys (#250577)
+- make ssl session cache id matching strict (#233599)
+
+* Wed Jul 25 2007 Tomas Mraz <tmraz@redhat.com> 0.9.8b-13
+- allow building on ARM architectures (#245417)
+- use reference timestamps to prevent multilib conflicts (#218064)
+- -devel package must require pkgconfig (#241031)
+
+* Mon Dec 11 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-12
+- detect duplicates in add_dir properly (#206346)
+
+* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-11
+- the previous change still didn't make X509_NAME_cmp transitive
+
+* Thu Nov 23 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-10
+- make X509_NAME_cmp transitive otherwise certificate lookup
+  is broken (#216050)
+
+* Thu Nov  2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-9
+- aliasing bug in engine loading, patch by IBM (#213216)
+
+* Mon Oct  2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-8
+- CVE-2006-2940 fix was incorrect (#208744)
+
+* Mon Sep 25 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-7
+- fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276)
+- fix CVE-2006-2940 - parasitic public keys DoS (#207274)
+- fix CVE-2006-3738 - buffer overflow in SSL_get_shared_ciphers (#206940)
+- fix CVE-2006-4343 - sslv2 client DoS (#206940)
+
+* Tue Sep  5 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-6
+- fix CVE-2006-4339 - prevent attack on PKCS#1 v1.5 signatures (#205180)
+
+* Wed Aug  2 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-5
+- set buffering to none on stdio/stdout FILE when bufsize is set (#200580)
+  patch by IBM
+
+* Fri Jul 28 2006 Alexandre Oliva <aoliva@redhat.com> - 0.9.8b-4.1
+- rebuild with new binutils (#200330)
+
+* Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-4
+- add a temporary workaround for sha512 test failure on s390 (#199604)
+
+* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com>
+- add ipv6 support to s_client and s_server (by Jan Pazdziora) (#198737)
+- add patches for BN threadsafety, AES cache collision attack hazard fix and
+  pkcs7 code memleak fix from upstream CVS
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8b-3.1
+- rebuild
+
+* Wed Jun 21 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-3
+- dropped libica and ica engine from build
+
+* Wed Jun 21 2006 Joe Orton <jorton@redhat.com>
+- update to new CA bundle from mozilla.org; adds CA certificates
+  from netlock.hu and startcom.org
+
+* Mon Jun  5 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-2
+- fixed a few rpmlint warnings
+- better fix for #173399 from upstream
+- upstream fix for pkcs12
+
+* Thu May 11 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8b-1
+- upgrade to new version, stays ABI compatible
+- there is no more linux/config.h (it was empty anyway)
+
+* Tue Apr  4 2006 Tomas Mraz <tmraz@redhat.com> - 0.9.8a-6
+- fix stale open handles in libica (#177155)
+- fix build if 'rand' or 'passwd' in buildroot path (#178782)
+- initialize VIA Padlock engine (#186857)
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8a-5.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.9.8a-5.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Thu Dec 15 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-5
+- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+  in SSL_OP_ALL (#175779)
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Tue Nov 29 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-4
+- fix build (-lcrypto was erroneusly dropped) of the updated libica
+- updated ICA engine to 1.3.6-rc3
+
+* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-3
+- disable builtin compression methods for now until they work
+  properly (#173399)
+
+* Wed Nov 16 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-2
+- don't set -rpath for openssl binary
+
+* Tue Nov  8 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-1
+- new upstream version
+- patches partially renumbered
+
+* Fri Oct 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-11
+- updated IBM ICA engine library and patch to latest upstream version
+
+* Wed Oct 12 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-10
+- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which
+  disables the countermeasure against man in the middle attack in SSLv2
+  (#169863)
+- use sha1 as default for CA and cert requests - CAN-2005-2946 (#169803)
+
+* Tue Aug 23 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-9
+- add *.so.soversion as symlinks in /lib (#165264)
+- remove unpackaged symlinks (#159595)
+- fixes from upstream (constant time fixes for DSA,
+  bn assembler div on ppc arch, initialize memory on realloc)
+
+* Thu Aug 11 2005 Phil Knirsch <pknirsch@redhat.com> 0.9.7f-8
+- Updated ICA engine IBM patch to latest upstream version.
+
+* Thu May 19 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-7
+- fix CAN-2005-0109 - use constant time/memory access mod_exp
+  so bits of private key aren't leaked by cache eviction (#157631)
+- a few more fixes from upstream 0.9.7g
+
+* Wed Apr 27 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-6
+- use poll instead of select in rand (#128285)
+- fix Makefile.certificate to point to /etc/pki/tls
+- change the default string mask in ASN1 to PrintableString+UTF8String
+
+* Mon Apr 25 2005 Joe Orton <jorton@redhat.com> 0.9.7f-5
+- update to revision 1.37 of Mozilla CA bundle
+
+* Thu Apr 21 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-4
+- move certificates to _sysconfdir/pki/tls (#143392)
+- move CA directories to _sysconfdir/pki/CA
+- patch the CA script and the default config so it points to the
+  CA directories
+
+* Fri Apr  1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-3
+- uninitialized variable mustn't be used as input in inline
+  assembly
+- reenable the x86_64 assembly again
+
+* Thu Mar 31 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-2
+- add back RC4_CHAR on ia64 and x86_64 so the ABI isn't broken
+- disable broken bignum assembly on x86_64
+
+* Wed Mar 30 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7f-1
+- reenable optimizations on ppc64 and assembly code on ia64
+- upgrade to new upstream version (no soname bump needed)
+- disable thread test - it was testing the backport of the
+  RSA blinding - no longer needed
+- added support for changing serial number to
+  Makefile.certificate (#151188)
+- make ca-bundle.crt a config file (#118903)
+
+* Tue Mar  1 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-3
+- libcrypto shouldn't depend on libkrb5 (#135961)
+
+* Mon Feb 28 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-2
+- rebuild
+
+* Mon Feb 28 2005 Tomas Mraz <tmraz@redhat.com> 0.9.7e-1
+- new upstream source, updated patches
+- added patch so we are hopefully ABI compatible with upcoming
+  0.9.7f
+
+* Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com>
+- Support UTF-8 charset in the Makefile.certificate (#134944)
+- Added cmp to BuildPrereq
+
+* Thu Jan 27 2005 Joe Orton <jorton@redhat.com> 0.9.7a-46
+- generate new ca-bundle.crt from Mozilla certdata.txt (revision 1.32)
+
+* Thu Dec 23 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-45
+- Fixed and updated libica-1.3.4-urandom.patch patch (#122967)
+
+* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-44
+- rebuild
+
+* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-43
+- rebuild
+
+* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-42
+- rebuild
+
+* Fri Nov 19 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-41
+- remove der_chop, as upstream cvs has done (CAN-2004-0975, #140040)
+
+* Tue Oct 05 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-40
+- Include latest libica version with important bugfixes
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Mon Jun 14 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-38
+- Updated ICA engine IBM patch to latest upstream version.
+
+* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-37
+- build for linux-alpha-gcc instead of alpha-gcc on alpha (Jeff Garzik)
+
+* Tue May 25 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-36
+- handle %%{_arch}=i486/i586/i686/athlon cases in the intermediate
+  header (#124303)
+
+* Thu Mar 25 2004 Joe Orton <jorton@redhat.com> 0.9.7a-35
+- add security fixes for CAN-2004-0079, CAN-2004-0112
+
+* Tue Mar 16 2004 Phil Knirsch <pknirsch@redhat.com>
+- Fixed libica filespec.
+
+* Thu Mar 11 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-34
+- ppc/ppc64 define __powerpc__/__powerpc64__, not __ppc__/__ppc64__, fix
+  the intermediate header
+
+* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-33
+- add an intermediate <openssl/opensslconf.h> which points to the right
+  arch-specific opensslconf.h on multilib arches
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Thu Feb 26 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-32
+- Updated libica to latest upstream version 1.3.5.
+
+* Tue Feb 17 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-31
+- Update ICA crypto engine patch from IBM to latest version.
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-29
+- rebuilt
+
+* Wed Feb 11 2004 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-28
+- Fixed libica build.
+
+* Wed Feb  4 2004 Nalin Dahyabhai <nalin@redhat.com>
+- add "-ldl" to link flags added for Linux-on-ARM (#99313)
+
+* Wed Feb  4 2004 Joe Orton <jorton@redhat.com> 0.9.7a-27
+- updated ca-bundle.crt: removed expired GeoTrust roots, added
+  freessl.com root, removed trustcenter.de Class 0 root
+
+* Sun Nov 30 2003 Tim Waugh <twaugh@redhat.com> 0.9.7a-26
+- Fix link line for libssl (bug #111154).
+
+* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-25
+- add dependency on zlib-devel for the -devel package, which depends on zlib
+  symbols because we enable zlib for libssl (#102962)
+
+* Fri Oct 24 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-24
+- Use /dev/urandom instead of PRNG for libica.
+- Apply libica-1.3.5 fix for /dev/urandom in icalinux.c
+- Use latest ICA engine patch from IBM.
+
+* Sat Oct  4 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22.1
+- rebuild
+
+* Wed Oct  1 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22
+- rebuild (22 wasn't actually built, fun eh?)
+
+* Tue Sep 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-23
+- re-disable optimizations on ppc64
+
+* Tue Sep 30 2003 Joe Orton <jorton@redhat.com>
+- add a_mbstr.c fix for 64-bit platforms from CVS
+
+* Tue Sep 30 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-22
+- add -Wa,--noexecstack to RPM_OPT_FLAGS so that assembled modules get tagged
+  as not needing executable stacks
+
+* Mon Sep 29 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-21
+- rebuild
+
+* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com>
+- re-enable optimizations on ppc64
+
+* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com>
+- remove exclusivearch
+
+* Wed Sep 24 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-20
+- only parse a client cert if one was requested
+- temporarily exclusivearch for %%{ix86}
+
+* Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com>
+- add security fixes for protocol parsing bugs (CAN-2003-0543, CAN-2003-0544)
+  and heap corruption (CAN-2003-0545)
+- update RHNS-CA-CERT files
+- ease back on the number of threads used in the threading test
+
+* Wed Sep 17 2003 Matt Wilson <msw@redhat.com> 0.9.7a-19
+- rebuild to fix gzipped file md5sums (#91211)
+
+* Mon Aug 25 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-18
+- Updated libica to version 1.3.4.
+
+* Thu Jul 17 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-17
+- rebuild
+
+* Tue Jul 15 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10.9
+- free the kssl_ctx structure when we free an SSL structure (#99066)
+
+* Fri Jul 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-16
+- rebuild
+
+* Thu Jul 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-15
+- lower thread test count on s390x
+
+* Tue Jul  8 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-14
+- rebuild
+
+* Thu Jun 26 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-13
+- disable assembly on arches where it seems to conflict with threading
+
+* Thu Jun 26 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-12
+- Updated libica to latest upstream version 1.3.0
+
+* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9.9
+- rebuild
+
+* Wed Jun 11 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-11
+- rebuild
+
+* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-10
+- ubsec: don't stomp on output data which might also be input data
+
+* Tue Jun 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-9
+- temporarily disable optimizations on ppc64
+
+* Mon Jun  9 2003 Nalin Dahyabhai <nalin@redhat.com>
+- backport fix for engine-used-for-everything from 0.9.7b
+- backport fix for prng not being seeded causing problems, also from 0.9.7b
+- add a check at build-time to ensure that RSA is thread-safe
+- keep perlpath from stomping on the libica configure scripts
+
+* Fri Jun  6 2003 Nalin Dahyabhai <nalin@redhat.com>
+- thread-safety fix for RSA blinding
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> 0.9.7a-8
+- rebuilt
+
+* Fri May 30 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7a-7
+- Added libica-1.2 to openssl (featurerequest).
+
+* Wed Apr 16 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-6
+- fix building with incorrect flags on ppc64
+
+* Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-5
+- add patch to harden against Klima-Pokorny-Rosa extension of Bleichenbacher's
+  attack (CAN-2003-0131)
+
+* Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com>  0.9.7a-4
+- add patch to enable RSA blinding by default, closing a timing attack
+  (CAN-2003-0147)
+
+* Wed Mar  5 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-3
+- disable use of BN assembly module on x86_64, but continue to allow inline
+  assembly (#83403)
+
+* Thu Feb 27 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-2
+- disable EC algorithms
+
+* Wed Feb 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7a-1
+- update to 0.9.7a
+
+* Wed Feb 19 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-8
+- add fix to guard against attempts to allocate negative amounts of memory
+- add patch for CAN-2003-0078, fixing a timing attack
+
+* Thu Feb 13 2003 Elliot Lee <sopwith@redhat.com> 0.9.7-7
+- Add openssl-ppc64.patch
+
+* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-6
+- EVP_DecryptInit should call EVP_CipherInit() instead of EVP_CipherInit_ex(),
+  to get the right behavior when passed uninitialized context structures
+  (#83766)
+- build with -mcpu=ev5 on alpha family (#83828)
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Fri Jan 17 2003 Phil Knirsch <pknirsch@redhat.com> 0.9.7-4
+- Added IBM hw crypto support patch.
+
+* Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com>
+- add missing builddep on sed
+
+* Thu Jan  9 2003 Bill Nottingham <notting@redhat.com> 0.9.7-3
+- debloat
+- fix broken manpage symlinks
+
+* Wed Jan  8 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-2
+- fix double-free in 'openssl ca'
+
+* Fri Jan  3 2003 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-1
+- update to 0.9.7 final
+
+* Tue Dec 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.7-0
+- update to 0.9.7 beta6 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)
+
+* Wed Dec 11 2002 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.7 beta5 (DO NOT USE UNTIL UPDATED TO FINAL 0.9.7)
+
+* Tue Oct 22 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-30
+- add configuration stanza for x86_64 and use it on x86_64
+- build for linux-ppc on ppc
+- start running the self-tests again
+
+* Wed Oct 02 2002 Elliot Lee <sopwith@redhat.com> 0.9.6b-29hammer.3
+- Merge fixes from previous hammer packages, including general x86-64 and
+  multilib
+
+* Tue Aug  6 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-29
+- rebuild
+
+* Thu Aug  1 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-28
+- update asn patch to fix accidental reversal of a logic check
+
+* Wed Jul 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-27
+- update asn patch to reduce chance that compiler optimization will remove
+  one of the added tests
+
+* Wed Jul 31 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-26
+- rebuild
+
+* Mon Jul 29 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-25
+- add patch to fix ASN.1 vulnerabilities
+
+* Thu Jul 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-24
+- add backport of Ben Laurie's patches for OpenSSL 0.9.6d
+
+* Wed Jul 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-23
+- own {_datadir}/ssl/misc
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Sun May 26 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-20
+- free ride through the build system (whee!)
+
+* Thu May 16 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-19
+- rebuild in new environment
+
+* Thu Apr  4 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-17, 0.9.6b-18
+- merge RHL-specific bits into stronghold package, rename
+
+* Tue Apr 02 2002 Gary Benson <gbenson@redhat.com> stronghold-0.9.6c-2
+- add support for Chrysalis Luna token
+
+* Tue Mar 26 2002 Gary Benson <gbenson@redhat.com>
+- disable AEP random number generation, other AEP fixes
+
+* Fri Mar 15 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-15
+- only build subpackages on primary arches
+
+* Thu Mar 14 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-13
+- on ia32, only disable use of assembler on i386
+- enable assembly on ia64
+
+* Mon Jan  7 2002 Florian La Roche <Florian.LaRoche@redhat.de> 0.9.6b-11
+- fix sparcv9 entry
+
+* Mon Jan  7 2002 Gary Benson <gbenson@redhat.com> stronghold-0.9.6c-1
+- upgrade to 0.9.6c
+- bump BuildArch to i686 and enable assembler on all platforms
+- synchronise with shrimpy and rawhide
+- bump soversion to 3
+
+* Wed Oct 10 2001 Florian La Roche <Florian.LaRoche@redhat.de>
+- delete BN_LLONG for s390x, patch from Oliver Paukstadt
+
+* Mon Sep 17 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-9
+- update AEP driver patch
+
+* Mon Sep 10 2001 Nalin Dahyabhai <nalin@redhat.com>
+- adjust RNG disabling patch to match version of patch from Broadcom
+
+* Fri Sep  7 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-8
+- disable the RNG in the ubsec engine driver
+
+* Tue Aug 28 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-7
+- tweaks to the ubsec engine driver
+
+* Fri Aug 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-6
+- tweaks to the ubsec engine driver
+
+* Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-5
+- update ubsec engine driver from Broadcom
+
+* Fri Aug 10 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-4
+- move man pages back to %%{_mandir}/man?/foo.?ssl from
+  %%{_mandir}/man?ssl/foo.?
+- add an [ engine ] section to the default configuration file
+
+* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
+- add a patch for selecting a default engine in SSL_library_init()
+
+* Mon Jul 23 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-3
+- add patches for AEP hardware support
+- add patch to keep trying when we fail to load a cert from a file and
+  there are more in the file
+- add missing prototype for ENGINE_ubsec() in engine_int.h
+
+* Wed Jul 18 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-2
+- actually add hw_ubsec to the engine list
+
+* Tue Jul 17 2001 Nalin Dahyabhai <nalin@redhat.com>
+- add in the hw_ubsec driver from CVS
+
+* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-1
+- update to 0.9.6b
+
+* Thu Jul  5 2001 Nalin Dahyabhai <nalin@redhat.com>
+- move .so symlinks back to %%{_libdir}
+
+* Tue Jul  3 2001 Nalin Dahyabhai <nalin@redhat.com>
+- move shared libraries to /lib (#38410)
+
+* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
+- switch to engine code base
+
+* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
+- add a script for creating dummy certificates
+- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.?
+
+* Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de>
+- add s390x support
+
+* Fri Jun  1 2001 Nalin Dahyabhai <nalin@redhat.com>
+- change two memcpy() calls to memmove()
+- don't define L_ENDIAN on alpha
+
+* Wed May 23 2001 Joe Orton <jorton@redhat.com> stronghold-0.9.6a-1
+- Add 'stronghold-' prefix to package names.
+- Obsolete standard openssl packages.
+
+* Wed May 16 2001 Joe Orton <jorton@redhat.com>
+- Add BuildArch: i586 as per Nalin's advice.
+
+* Tue May 15 2001 Joe Orton <jorton@redhat.com>
+- Enable assembler on ix86 (using new .tar.bz2 which does
+  include the asm directories).
+
+* Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
+- make subpackages depend on the main package
+
+* Tue May  1 2001 Nalin Dahyabhai <nalin@redhat.com>
+- adjust the hobble script to not disturb symlinks in include/ (fix from
+  Joe Orton)
+
+* Fri Apr 27 2001 Nalin Dahyabhai <nalin@redhat.com>
+- drop the m2crypo patch we weren't using
+
+* Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com>
+- configure using "shared" as well
+
+* Sun Apr  8 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.6a
+- use the build-shared target to build shared libraries
+- bump the soversion to 2 because we're no longer compatible with
+  our 0.9.5a packages or our 0.9.6 packages
+- drop the patch for making rsatest a no-op when rsa null support is used
+- put all man pages into <section>ssl instead of <section>
+- break the m2crypto modules into a separate package
+
+* Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
+- use BN_LLONG on s390
+
+* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
+- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)
+
+* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
+- move c_rehash to the perl subpackage, because it's a perl script now
+
+* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.6
+- enable MD2
+- use the libcrypto.so and libssl.so targets to build shared libs with
+- bump the soversion to 1 because we're no longer compatible with any of
+  the various 0.9.5a packages circulating around, which provide lib*.so.0
+
+* Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
+- change hobble-openssl for disabling MD2 again
+
+* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
+- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
+  bytes or so, causing EVP_DigestInit() to zero out stack variables in
+  apps built against a version of the library without it
+
+* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
+- disable some inline assembly, which on x86 is Pentium-specific
+- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)
+
+* Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
+- fix s390 patch
+
+* Fri Dec 8 2000 Than Ngo <than@redhat.com>
+- added support s390
+
+* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
+- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)
+- add the CA.pl man page to the perl subpackage
+
+* Thu Nov  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- always build with -mcpu=ev5 on alpha
+
+* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add a symlink from cert.pem to ca-bundle.crt
+
+* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add a ca-bundle file for packages like Samba to reference for CA certificates
+
+* Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
+- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)
+
+* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add unzip as a buildprereq (#17662)
+- update m2crypto to 0.05-snap4
+
+* Tue Sep 26 2000 Bill Nottingham <notting@redhat.com>
+- fix some issues in building when it's not installed
+
+* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
+- make sure the headers we include are the ones we built with (aaaaarrgh!)
+
+* Fri Sep  1 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add Richard Henderson's patch for BN on ia64
+- clean up the changelog
+
+* Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix the building of python modules without openssl-devel already installed
+
+* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
+- byte-compile python extensions without the build-root
+- adjust the makefile to not remove temporary files (like .key files when
+  building .csr files) by marking them as .PRECIOUS
+
+* Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com>
+- break out python extensions into a subpackage
+
+* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
+- tweak the makefile some more
+
+* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
+- disable MD2 support
+
+* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
+- disable MDC2 support
+
+* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- tweak the disabling of RC5, IDEA support
+- tweak the makefile
+
+* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
+- strip binaries and libraries
+- rework certificate makefile to have the right parts for Apache
+
+* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
+- use %%{_perl} instead of /usr/bin/perl
+- disable alpha until it passes its own test suite
+
+* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
+- move the passwd.1 man page out of the passwd package's way
+
+* Fri Jun  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.5a, modified for U.S.
+- add perl as a build-time requirement
+- move certificate makefile to another package
+- disable RC5, IDEA, RSA support
+- remove optimizations for now
+
+* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
+- Bero told me to move the Makefile into this package
+
+* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
+- add lib*.so symlinks to link dynamically against shared libs
+
+* Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 0.9.5
+- run ldconfig directly in post/postun
+- add FAQ
+
+* Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
+- Fix build on non-x86 platforms
+
+* Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
+- move /usr/share/ssl/* from -devel to main package
+
+* Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
+- inital packaging
+- changes from base:
+  - Move /usr/local/ssl to /usr/share/ssl for FHS compliance
+  - handle RPM_OPT_FLAGS