From b825afeee6863006d7325a6226aafd4fc7d5ac99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= <tmraz@fedoraproject.org>
Date: Tue, 30 Mar 2010 11:48:30 +0000
Subject: [PATCH] - update to final 1.0.0 upstream release

---
 .cvsignore                                    |    2 +-
 openssl-1.0.0-beta4-aesni.patch               | 2388 +++++++++++++++++
 openssl-1.0.0-beta4-backports.patch           |   45 -
 openssl-1.0.0-beta4-binutils.patch            |   56 -
 openssl-1.0.0-beta4-client-reneg.patch        |   35 -
 openssl-1.0.0-beta4-dtls-ipv6.patch           |  219 --
 openssl-1.0.0-beta4-redhat.patch              |    2 +-
 openssl-1.0.0-beta4-reneg-err.patch           |   93 -
 openssl-1.0.0-beta4-reneg.patch               |  237 --
 openssl-1.0.0-beta4-version.patch             |   14 -
 ...=> openssl-1.0.0-beta5-cipher-change.patch |   14 +-
 ...ch => openssl-1.0.0-beta5-enginesdir.patch |   24 +-
 ...tch => openssl-1.0.0-beta5-ipv6-apps.patch |  105 +-
 ...> openssl-1.0.0-beta5-readme-warning.patch |   22 +-
 ...ta4-fips.patch => openssl-1.0.0-fips.patch | 1071 ++++----
 openssl-1.0.0-version.patch                   |   13 +
 openssl.spec                                  |   82 +-
 sources                                       |    2 +-
 18 files changed, 3119 insertions(+), 1305 deletions(-)
 create mode 100644 openssl-1.0.0-beta4-aesni.patch
 delete mode 100644 openssl-1.0.0-beta4-backports.patch
 delete mode 100644 openssl-1.0.0-beta4-binutils.patch
 delete mode 100644 openssl-1.0.0-beta4-client-reneg.patch
 delete mode 100644 openssl-1.0.0-beta4-dtls-ipv6.patch
 delete mode 100644 openssl-1.0.0-beta4-reneg-err.patch
 delete mode 100644 openssl-1.0.0-beta4-reneg.patch
 delete mode 100644 openssl-1.0.0-beta4-version.patch
 rename openssl-1.0.0-beta3-cipher-change.patch => openssl-1.0.0-beta5-cipher-change.patch (61%)
 rename openssl-1.0.0-beta4-enginesdir.patch => openssl-1.0.0-beta5-enginesdir.patch (63%)
 rename openssl-1.0.0-beta3-ipv6-apps.patch => openssl-1.0.0-beta5-ipv6-apps.patch (86%)
 rename openssl-0.9.8j-readme-warning.patch => openssl-1.0.0-beta5-readme-warning.patch (55%)
 rename openssl-1.0.0-beta4-fips.patch => openssl-1.0.0-fips.patch (89%)
 create mode 100644 openssl-1.0.0-version.patch

diff --git a/.cvsignore b/.cvsignore
index 3819647..3930a9d 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-openssl-1.0.0-beta4-usa.tar.bz2
+openssl-1.0.0-usa.tar.bz2
diff --git a/openssl-1.0.0-beta4-aesni.patch b/openssl-1.0.0-beta4-aesni.patch
new file mode 100644
index 0000000..f57918b
--- /dev/null
+++ b/openssl-1.0.0-beta4-aesni.patch
@@ -0,0 +1,2388 @@
+diff -up openssl-1.0.0-beta4/Configure.aesni openssl-1.0.0-beta4/Configure
+--- openssl-1.0.0-beta4/Configure.aesni	2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/Configure	2010-01-12 22:18:06.000000000 +0100
+@@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket";
+ my $bits1="THIRTY_TWO_BIT ";
+ my $bits2="SIXTY_FOUR_BIT ";
+ 
+-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o";
++my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o";
+ 
+ my $x86_elf_asm="$x86_asm:elf";
+ 
+-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o";
++my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o";
+ my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void";
+ my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void";
+ my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
+@@ -491,7 +491,7 @@ my %table=(
+ #
+ # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+ "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
+-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
++"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+ # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
+ # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
+ "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+@@ -1410,6 +1410,7 @@ if ($rmd160_obj =~ /\.o$/)
+ if ($aes_obj =~ /\.o$/)
+ 	{
+ 	$cflags.=" -DAES_ASM";
++	$aes_obj =~ s/\s*aesni\-x86\.o// if ($no_sse2);
+ 	}
+ else	{
+ 	$aes_obj=$aes_enc;
+diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl
+--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl.aesni	2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86.pl	2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,765 @@
++#!/usr/bin/env perl
++
++# ====================================================================
++# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
++# project. The module is, however, dual licensed under OpenSSL and
++# CRYPTOGAMS licenses depending on where you obtain it. For further
++# details see http://www.openssl.org/~appro/cryptogams/.
++# ====================================================================
++#
++# This module implements support for Intel AES-NI extension. In
++# OpenSSL context it's used with Intel engine, but can also be used as
++# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for
++# details].
++
++$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
++			# generates drop-in replacement for
++			# crypto/aes/asm/aes-586.pl:-)
++
++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
++push(@INC,"${dir}","${dir}../../perlasm");
++require "x86asm.pl";
++
++&asm_init($ARGV[0],$0);
++
++$movekey = eval($RREFIX eq "aseni" ? "*movaps" : "*movups");
++
++$len="eax";
++$rounds="ecx";
++$key="edx";
++$inp="esi";
++$out="edi";
++$rounds_="ebx";	# backup copy for $rounds
++$key_="ebp";	# backup copy for $key
++
++$inout0="xmm0";
++$inout1="xmm1";
++$inout2="xmm2";
++$rndkey0="xmm3";
++$rndkey1="xmm4";
++$ivec="xmm5";
++$in0="xmm6";
++$in1="xmm7";	$inout3="xmm7";
++
++# Inline version of internal aesni_[en|de]crypt1
++sub aesni_inline_generate1
++{ my $p=shift;
++
++    &$movekey		($rndkey0,&QWP(0,$key));
++    &$movekey		($rndkey1,&QWP(16,$key));
++    &lea		($key,&DWP(32,$key));
++    &pxor		($inout0,$rndkey0);
++    &set_label("${p}1_loop");
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&dec		($rounds);
++	&$movekey	($rndkey1,&QWP(0,$key));
++	&lea		($key,&DWP(16,$key));
++    &jnz		(&label("${p}1_loop"));
++    eval"&aes${p}last	($inout0,$rndkey1)";
++}
++
++sub aesni_generate1	# fully unrolled loop
++{ my $p=shift;
++
++    &function_begin_B("_aesni_${p}rypt1");
++	&$movekey	($rndkey0,&QWP(0,$key));
++	&$movekey	($rndkey1,&QWP(0x10,$key));
++	&cmp		($rounds,11);
++	&pxor		($inout0,$rndkey0);
++	&$movekey	($rndkey0,&QWP(0x20,$key));
++	&lea		($key,&DWP(0x30,$key));
++	&jb		(&label("${p}128"));
++	&lea		($key,&DWP(0x20,$key));
++	&je		(&label("${p}192"));
++	&lea		($key,&DWP(0x20,$key));
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(-0x40,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&$movekey	($rndkey0,&QWP(-0x30,$key));
++    &set_label("${p}192");
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(-0x20,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&$movekey	($rndkey0,&QWP(-0x10,$key));
++    &set_label("${p}128");
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(0,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&$movekey	($rndkey0,&QWP(0x10,$key));
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(0x20,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&$movekey	($rndkey0,&QWP(0x30,$key));
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(0x40,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&$movekey	($rndkey0,&QWP(0x50,$key));
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(0x60,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&$movekey	($rndkey0,&QWP(0x70,$key));
++	eval"&aes${p}	($inout0,$rndkey1)";
++    eval"&aes${p}last	($inout0,$rndkey0)";
++    &ret();
++    &function_end_B("_aesni_${p}rypt1");
++}
++
++# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
++# &aesni_generate1("dec");
++&function_begin_B("${PREFIX}_encrypt");
++	&mov	("eax",&wparam(0));
++	&mov	($key,&wparam(2));
++	&movups	($inout0,&QWP(0,"eax"));
++	&mov	($rounds,&DWP(240,$key));
++	&mov	("eax",&wparam(1));
++	&aesni_inline_generate1("enc");	# &call	("_aesni_encrypt1");
++	&movups	(&QWP(0,"eax"),$inout0);
++	&ret	();
++&function_end_B("${PREFIX}_encrypt");
++
++# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
++# &aesni_generate1("dec");
++&function_begin_B("${PREFIX}_decrypt");
++	&mov	("eax",&wparam(0));
++	&mov	($key,&wparam(2));
++	&movups	($inout0,&QWP(0,"eax"));
++	&mov	($rounds,&DWP(240,$key));
++	&mov	("eax",&wparam(1));
++	&aesni_inline_generate1("dec");	# &call	("_aesni_decrypt1");
++	&movups	(&QWP(0,"eax"),$inout0);
++	&ret	();
++&function_end_B("${PREFIX}_decrypt");
++
++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave
++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec]
++# latency is 6, it turned out that it can be scheduled only every
++# *second* cycle. Thus 3x interleave is the one providing optimal
++# utilization, i.e. when subroutine's throughput is virtually same as
++# of non-interleaved subroutine [for number of input blocks up to 3].
++# This is why it makes no sense to implement 2x subroutine. As soon
++# as/if Intel improves throughput by making it possible to schedule
++# the instructions in question *every* cycles I would have to
++# implement 6x interleave and use it in loop...
++sub aesni_generate3
++{ my $p=shift;
++
++    &function_begin_B("_aesni_${p}rypt3");
++	&$movekey	($rndkey0,&QWP(0,$key));
++	&shr		($rounds,1);
++	&$movekey	($rndkey1,&QWP(16,$key));
++	&lea		($key,&DWP(32,$key));
++	&pxor		($inout0,$rndkey0);
++	&pxor		($inout1,$rndkey0);
++	&pxor		($inout2,$rndkey0);
++	&jmp		(&label("${p}3_loop"));
++    &set_label("${p}3_loop",16);
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey0,&QWP(0,$key));
++	eval"&aes${p}	($inout1,$rndkey1)";
++	&dec		($rounds);
++	eval"&aes${p}	($inout2,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(16,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&lea		($key,&DWP(32,$key));
++	eval"&aes${p}	($inout1,$rndkey0)";
++	eval"&aes${p}	($inout2,$rndkey0)";
++	&jnz		(&label("${p}3_loop"));
++    eval"&aes${p}	($inout0,$rndkey1)";
++    &$movekey		($rndkey0,&QWP(0,$key));
++    eval"&aes${p}	($inout1,$rndkey1)";
++    eval"&aes${p}	($inout2,$rndkey1)";
++    eval"&aes${p}last	($inout0,$rndkey0)";
++    eval"&aes${p}last	($inout1,$rndkey0)";
++    eval"&aes${p}last	($inout2,$rndkey0)";
++    &ret();
++    &function_end_B("_aesni_${p}rypt3");
++}
++
++# 4x interleave is implemented to improve small block performance,
++# most notably [and naturally] 4 block by ~30%. One can argue that one
++# should have implemented 5x as well, but improvement  would be <20%,
++# so it's not worth it...
++sub aesni_generate4
++{ my $p=shift;
++
++    &function_begin_B("_aesni_${p}rypt4");
++	&$movekey	($rndkey0,&QWP(0,$key));
++	&$movekey	($rndkey1,&QWP(16,$key));
++	&shr		($rounds,1);
++	&lea		($key,&DWP(32,$key));
++	&pxor		($inout0,$rndkey0);
++	&pxor		($inout1,$rndkey0);
++	&pxor		($inout2,$rndkey0);
++	&pxor		($inout3,$rndkey0);
++	&jmp		(&label("${p}3_loop"));
++    &set_label("${p}3_loop",16);
++	eval"&aes${p}	($inout0,$rndkey1)";
++	&$movekey	($rndkey0,&QWP(0,$key));
++	eval"&aes${p}	($inout1,$rndkey1)";
++	&dec		($rounds);
++	eval"&aes${p}	($inout2,$rndkey1)";
++	eval"&aes${p}	($inout3,$rndkey1)";
++	&$movekey	($rndkey1,&QWP(16,$key));
++	eval"&aes${p}	($inout0,$rndkey0)";
++	&lea		($key,&DWP(32,$key));
++	eval"&aes${p}	($inout1,$rndkey0)";
++	eval"&aes${p}	($inout2,$rndkey0)";
++	eval"&aes${p}	($inout3,$rndkey0)";
++	&jnz		(&label("${p}3_loop"));
++    eval"&aes${p}	($inout0,$rndkey1)";
++    &$movekey		($rndkey0,&QWP(0,$key));
++    eval"&aes${p}	($inout1,$rndkey1)";
++    eval"&aes${p}	($inout2,$rndkey1)";
++    eval"&aes${p}	($inout3,$rndkey1)";
++    eval"&aes${p}last	($inout0,$rndkey0)";
++    eval"&aes${p}last	($inout1,$rndkey0)";
++    eval"&aes${p}last	($inout2,$rndkey0)";
++    eval"&aes${p}last	($inout3,$rndkey0)";
++    &ret();
++    &function_end_B("_aesni_${p}rypt4");
++}
++&aesni_generate3("enc") if ($PREFIX eq "aesni");
++&aesni_generate3("dec");
++&aesni_generate4("enc") if ($PREFIX eq "aesni");
++&aesni_generate4("dec");
++
++if ($PREFIX eq "aesni") {
++# void aesni_ecb_encrypt (const void *in, void *out,
++#                         size_t length, const AES_KEY *key,
++#                         int enc);
++&function_begin("aesni_ecb_encrypt");
++	&mov	($inp,&wparam(0));
++	&mov	($out,&wparam(1));
++	&mov	($len,&wparam(2));
++	&mov	($key,&wparam(3));
++	&mov	($rounds,&wparam(4));
++	&cmp	($len,16);
++	&jb	(&label("ecb_ret"));
++	&and	($len,-16);
++	&test	($rounds,$rounds)
++	&mov	($rounds,&DWP(240,$key));
++	&mov	($key_,$key);		# backup $key
++	&mov	($rounds_,$rounds);	# backup $rounds
++	&jz	(&label("ecb_decrypt"));
++
++	&sub	($len,0x40);
++	&jbe	(&label("ecb_enc_tail"));
++	&jmp	(&label("ecb_enc_loop3"));
++
++&set_label("ecb_enc_loop3",16);
++	&movups	($inout0,&QWP(0,$inp));
++	&movups	($inout1,&QWP(0x10,$inp));
++	&movups	($inout2,&QWP(0x20,$inp));
++	&call	("_aesni_encrypt3");
++	&sub	($len,0x30);
++	&lea	($inp,&DWP(0x30,$inp));
++	&lea	($out,&DWP(0x30,$out));
++	&movups	(&QWP(-0x30,$out),$inout0);
++	&mov	($key,$key_);		# restore $key
++	&movups	(&QWP(-0x20,$out),$inout1);
++	&mov	($rounds,$rounds_);	# restore $rounds
++	&movups	(&QWP(-0x10,$out),$inout2);
++	&ja	(&label("ecb_enc_loop3"));
++
++&set_label("ecb_enc_tail");
++	&add	($len,0x40);
++	&jz	(&label("ecb_ret"));
++
++	&cmp	($len,0x10);
++	&movups	($inout0,&QWP(0,$inp));
++	&je	(&label("ecb_enc_one"));
++	&cmp	($len,0x20);
++	&movups	($inout1,&QWP(0x10,$inp));
++	&je	(&label("ecb_enc_two"));
++	&cmp	($len,0x30);
++	&movups	($inout2,&QWP(0x20,$inp));
++	&je	(&label("ecb_enc_three"));
++	&movups	($inout3,&QWP(0x30,$inp));
++	&call	("_aesni_encrypt4");
++	&movups	(&QWP(0,$out),$inout0);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&movups	(&QWP(0x20,$out),$inout2);
++	&movups	(&QWP(0x30,$out),$inout3);
++	jmp	(&label("ecb_ret"));
++
++&set_label("ecb_enc_one",16);
++	&aesni_inline_generate1("enc");	# &call	("_aesni_encrypt1");
++	&movups	(&QWP(0,$out),$inout0);
++	&jmp	(&label("ecb_ret"));
++
++&set_label("ecb_enc_two",16);
++	&call	("_aesni_encrypt3");
++	&movups	(&QWP(0,$out),$inout0);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&jmp	(&label("ecb_ret"));
++
++&set_label("ecb_enc_three",16);
++	&call	("_aesni_encrypt3");
++	&movups	(&QWP(0,$out),$inout0);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&movups	(&QWP(0x20,$out),$inout2);
++	&jmp	(&label("ecb_ret"));
++
++&set_label("ecb_decrypt",16);
++	&sub	($len,0x40);
++	&jbe	(&label("ecb_dec_tail"));
++	&jmp	(&label("ecb_dec_loop3"));
++
++&set_label("ecb_dec_loop3",16);
++	&movups	($inout0,&QWP(0,$inp));
++	&movups	($inout1,&QWP(0x10,$inp));
++	&movups	($inout2,&QWP(0x20,$inp));
++	&call	("_aesni_decrypt3");
++	&sub	($len,0x30);
++	&lea	($inp,&DWP(0x30,$inp));
++	&lea	($out,&DWP(0x30,$out));
++	&movups	(&QWP(-0x30,$out),$inout0);
++	&mov	($key,$key_);		# restore $key
++	&movups	(&QWP(-0x20,$out),$inout1);
++	&mov	($rounds,$rounds_);	# restore $rounds
++	&movups	(&QWP(-0x10,$out),$inout2);
++	&ja	(&label("ecb_dec_loop3"));
++
++&set_label("ecb_dec_tail");
++	&add	($len,0x40);
++	&jz	(&label("ecb_ret"));
++
++	&cmp	($len,0x10);
++	&movups	($inout0,&QWP(0,$inp));
++	&je	(&label("ecb_dec_one"));
++	&cmp	($len,0x20);
++	&movups	($inout1,&QWP(0x10,$inp));
++	&je	(&label("ecb_dec_two"));
++	&cmp	($len,0x30);
++	&movups	($inout2,&QWP(0x20,$inp));
++	&je	(&label("ecb_dec_three"));
++	&movups	($inout3,&QWP(0x30,$inp));
++	&call	("_aesni_decrypt4");
++	&movups	(&QWP(0,$out),$inout0);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&movups	(&QWP(0x20,$out),$inout2);
++	&movups	(&QWP(0x30,$out),$inout3);
++	&jmp	(&label("ecb_ret"));
++
++&set_label("ecb_dec_one",16);
++	&aesni_inline_generate1("dec");	# &call	("_aesni_decrypt3");
++	&movups	(&QWP(0,$out),$inout0);
++	&jmp	(&label("ecb_ret"));
++
++&set_label("ecb_dec_two",16);
++	&call	("_aesni_decrypt3");
++	&movups	(&QWP(0,$out),$inout0);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&jmp	(&label("ecb_ret"));
++
++&set_label("ecb_dec_three",16);
++	&call	("_aesni_decrypt3");
++	&movups	(&QWP(0,$out),$inout0);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&movups	(&QWP(0x20,$out),$inout2);
++
++&set_label("ecb_ret");
++&function_end("aesni_ecb_encrypt");
++}
++
++# void $PREFIX_cbc_encrypt (const void *inp, void *out,
++#                           size_t length, const AES_KEY *key,
++#                           unsigned char *ivp,const int enc);
++&function_begin("${PREFIX}_cbc_encrypt");
++	&mov	($inp,&wparam(0));
++	&mov	($out,&wparam(1));
++	&mov	($len,&wparam(2));
++	&mov	($key,&wparam(3));
++	&test	($len,$len);
++	&mov	($key_,&wparam(4));
++	&jz	(&label("cbc_ret"));
++
++	&cmp	(&wparam(5),0);
++	&movups	($ivec,&QWP(0,$key_));	# load IV
++	&mov	($rounds,&DWP(240,$key));
++	&mov	($key_,$key);		# backup $key
++	&mov	($rounds_,$rounds);	# backup $rounds
++	&je	(&label("cbc_decrypt"));
++
++	&movaps	($inout0,$ivec);
++	&cmp	($len,16);
++	&jb	(&label("cbc_enc_tail"));
++	&sub	($len,16);
++	&jmp	(&label("cbc_enc_loop"));
++
++&set_label("cbc_enc_loop",16);
++	&movups	($ivec,&QWP(0,$inp));
++	&lea	($inp,&DWP(16,$inp));
++	&pxor	($inout0,$ivec);
++	&aesni_inline_generate1("enc");	# &call	("_aesni_encrypt3");
++	&sub	($len,16);
++	&lea	($out,&DWP(16,$out));
++	&mov	($rounds,$rounds_);	# restore $rounds
++	&mov	($key,$key_);		# restore $key
++	&movups	(&QWP(-16,$out),$inout0);
++	&jnc	(&label("cbc_enc_loop"));
++	&add	($len,16);
++	&jnz	(&label("cbc_enc_tail"));
++	&movaps	($ivec,$inout0);
++	&jmp	(&label("cbc_ret"));
++
++&set_label("cbc_enc_tail");
++	&mov	("ecx",$len);		# zaps $rounds
++	&data_word(0xA4F3F689);		# rep movsb
++	&mov	("ecx",16);		# zero tail
++	&sub	("ecx",$len);
++	&xor	("eax","eax");		# zaps $len
++	&data_word(0xAAF3F689);		# rep stosb
++	&lea	($out,&DWP(-16,$out));	# rewind $out by 1 block
++	&mov	($rounds,$rounds_);	# restore $rounds
++	&mov	($inp,$out);		# $inp and $out are the same
++	&mov	($key,$key_);		# restore $key
++	&jmp	(&label("cbc_enc_loop"));
++
++&set_label("cbc_decrypt",16);
++	&sub	($len,0x40);
++	&jbe	(&label("cbc_dec_tail"));
++	&jmp	(&label("cbc_dec_loop3"));
++
++&set_label("cbc_dec_loop3",16);
++	&movups	($inout0,&QWP(0,$inp));
++	&movups	($inout1,&QWP(0x10,$inp));
++	&movups	($inout2,&QWP(0x20,$inp));
++	&movaps	($in0,$inout0);
++	&movaps	($in1,$inout1);
++	&call	("_aesni_decrypt3");
++	&sub	($len,0x30);
++	&lea	($inp,&DWP(0x30,$inp));
++	&lea	($out,&DWP(0x30,$out));
++	&pxor	($inout0,$ivec);
++	&pxor	($inout1,$in0);
++	&movups	($ivec,&QWP(-0x10,$inp));
++	&pxor	($inout2,$in1);
++	&movups	(&QWP(-0x30,$out),$inout0);
++	&mov	($rounds,$rounds_)	# restore $rounds
++	&movups	(&QWP(-0x20,$out),$inout1);
++	&mov	($key,$key_);		# restore $key
++	&movups	(&QWP(-0x10,$out),$inout2);
++	&ja	(&label("cbc_dec_loop3"));
++
++&set_label("cbc_dec_tail");
++	&add	($len,0x40);
++	&jz	(&label("cbc_ret"));
++
++	&movups	($inout0,&QWP(0,$inp));
++	&cmp	($len,0x10);
++	&movaps	($in0,$inout0);
++	&jbe	(&label("cbc_dec_one"));
++	&movups	($inout1,&QWP(0x10,$inp));
++	&cmp	($len,0x20);
++	&movaps	($in1,$inout1);
++	&jbe	(&label("cbc_dec_two"));
++	&movups	($inout2,&QWP(0x20,$inp));
++	&cmp	($len,0x30);
++	&jbe	(&label("cbc_dec_three"));
++	&movups	($inout3,&QWP(0x30,$inp));
++	&call	("_aesni_decrypt4");
++	&movups	($rndkey0,&QWP(0x10,$inp));
++	&movups	($rndkey1,&QWP(0x20,$inp));
++	&pxor	($inout0,$ivec);
++	&pxor	($inout1,$in0);
++	&movups	($ivec,&QWP(0x30,$inp));
++	&movups	(&QWP(0,$out),$inout0);
++	&pxor	($inout2,$rndkey0);
++	&pxor	($inout3,$rndkey1);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&movups	(&QWP(0x20,$out),$inout2);
++	&movaps	($inout0,$inout3);
++	&lea	($out,&DWP(0x30,$out));
++	&jmp	(&label("cbc_dec_tail_collected"));
++
++&set_label("cbc_dec_one");
++	&aesni_inline_generate1("dec");	# &call	("_aesni_decrypt3");
++	&pxor	($inout0,$ivec);
++	&movaps	($ivec,$in0);
++	&jmp	(&label("cbc_dec_tail_collected"));
++
++&set_label("cbc_dec_two");
++	&call	("_aesni_decrypt3");
++	&pxor	($inout0,$ivec);
++	&pxor	($inout1,$in0);
++	&movups	(&QWP(0,$out),$inout0);
++	&movaps	($inout0,$inout1);
++	&movaps	($ivec,$in1);
++	&lea	($out,&DWP(0x10,$out));
++	&jmp	(&label("cbc_dec_tail_collected"));
++
++&set_label("cbc_dec_three");
++	&call	("_aesni_decrypt3");
++	&pxor	($inout0,$ivec);
++	&pxor	($inout1,$in0);
++	&pxor	($inout2,$in1);
++	&movups	(&QWP(0,$out),$inout0);
++	&movups	(&QWP(0x10,$out),$inout1);
++	&movaps	($inout0,$inout2);
++	&movups	($ivec,&QWP(0x20,$inp));
++	&lea	($out,&DWP(0x20,$out));
++
++&set_label("cbc_dec_tail_collected");
++	&and	($len,15);
++	&jnz	(&label("cbc_dec_tail_partial"));
++	&movups	(&QWP(0,$out),$inout0);
++	&jmp	(&label("cbc_ret"));
++
++&set_label("cbc_dec_tail_partial");
++	&mov	($key_,"esp");
++	&sub	("esp",16);
++	&and	("esp",-16);
++	&movaps	(&QWP(0,"esp"),$inout0);
++	&mov	($inp,"esp");
++	&mov	("ecx",$len);
++	&data_word(0xA4F3F689);		# rep movsb
++	&mov	("esp",$key_);
++
++&set_label("cbc_ret");
++	&mov	($key_,&wparam(4));
++	&movups	(&QWP(0,$key_),$ivec);	# output IV
++&function_end("${PREFIX}_cbc_encrypt");
++
++# Mechanical port from aesni-x86_64.pl.
++#
++# _aesni_set_encrypt_key is private interface,
++# input:
++#	"eax"	const unsigned char *userKey
++#	$rounds	int bits
++#	$key	AES_KEY *key
++# output:
++#	"eax"	return code
++#	$round	rounds
++
++&function_begin_B("_aesni_set_encrypt_key");
++	&test	("eax","eax");
++	&jz	(&label("bad_pointer"));
++	&test	($key,$key);
++	&jz	(&label("bad_pointer"));
++
++	&movups	("xmm0",&QWP(0,"eax"));	# pull first 128 bits of *userKey
++	&pxor	("xmm4","xmm4");	# low dword of xmm4 is assumed 0
++	&lea	($key,&DWP(16,$key));
++	&cmp	($rounds,256);
++	&je	(&label("14rounds"));
++	&cmp	($rounds,192);
++	&je	(&label("12rounds"));
++	&cmp	($rounds,128);
++	&jne	(&label("bad_keybits"));
++
++&set_label("10rounds",16);
++	&mov		($rounds,9);
++	&$movekey	(&QWP(-16,$key),"xmm0");	# round 0
++	&aeskeygenassist("xmm1","xmm0",0x01);		# round 1
++	&call		(&label("key_128_cold"));
++	&aeskeygenassist("xmm1","xmm0",0x2);		# round 2
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x04);		# round 3
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x08);		# round 4
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x10);		# round 5
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x20);		# round 6
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x40);		# round 7
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x80);		# round 8
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x1b);		# round 9
++	&call		(&label("key_128"));
++	&aeskeygenassist("xmm1","xmm0",0x36);		# round 10
++	&call		(&label("key_128"));
++	&$movekey	(&QWP(0,$key),"xmm0");
++	&mov		(&DWP(80,$key),$rounds);
++	&xor		("eax","eax");
++	&ret();
++
++&set_label("key_128",16);
++	&$movekey	(&QWP(0,$key),"xmm0");
++	&lea		($key,&DWP(16,$key));
++&set_label("key_128_cold");
++	&shufps		("xmm4","xmm0",0b00010000);
++	&pxor		("xmm0","xmm4");
++	&shufps		("xmm4","xmm0",0b10001100,);
++	&pxor		("xmm0","xmm4");
++	&pshufd		("xmm1","xmm1",0b11111111);	# critical path
++	&pxor		("xmm0","xmm1");
++	&ret();
++
++&set_label("12rounds",16);
++	&movq		("xmm2",&QWP(16,"eax"));	# remaining 1/3 of *userKey
++	&mov		($rounds,11);
++	&$movekey	(&QWP(-16,$key),"xmm0")		# round 0
++	&aeskeygenassist("xmm1","xmm2",0x01);		# round 1,2
++	&call		(&label("key_192a_cold"));
++	&aeskeygenassist("xmm1","xmm2",0x02);		# round 2,3
++	&call		(&label("key_192b"));
++	&aeskeygenassist("xmm1","xmm2",0x04);		# round 4,5
++	&call		(&label("key_192a"));
++	&aeskeygenassist("xmm1","xmm2",0x08);		# round 5,6
++	&call		(&label("key_192b"));
++	&aeskeygenassist("xmm1","xmm2",0x10);		# round 7,8
++	&call		(&label("key_192a"));
++	&aeskeygenassist("xmm1","xmm2",0x20);		# round 8,9
++	&call		(&label("key_192b"));
++	&aeskeygenassist("xmm1","xmm2",0x40);		# round 10,11
++	&call		(&label("key_192a"));
++	&aeskeygenassist("xmm1","xmm2",0x80);		# round 11,12
++	&call		(&label("key_192b"));
++	&$movekey	(&QWP(0,$key),"xmm0");
++	&mov		(&DWP(48,$key),$rounds);
++	&xor		("eax","eax");
++	&ret();
++
++&set_label("key_192a",16);
++	&$movekey	(&QWP(0,$key),"xmm0");
++	&lea		($key,&DWP(16,$key));
++&set_label("key_192a_cold",16);
++	&movaps		("xmm5","xmm2");
++&set_label("key_192b_warm");
++	&shufps		("xmm4","xmm0",0b00010000);
++	&movaps		("xmm3","xmm2");
++	&pxor		("xmm0","xmm4");
++	&shufps		("xmm4","xmm0",0b10001100);
++	&pslldq		("xmm3",4);
++	&pxor		("xmm0","xmm4");
++	&pshufd		("xmm1","xmm1",0b01010101);	# critical path
++	&pxor		("xmm2","xmm3");
++	&pxor		("xmm0","xmm1");
++	&pshufd		("xmm3","xmm0",0b11111111);
++	&pxor		("xmm2","xmm3");
++	&ret();
++
++&set_label("key_192b",16);
++	&movaps		("xmm3","xmm0");
++	&shufps		("xmm5","xmm0",0b01000100);
++	&$movekey	(&QWP(0,$key),"xmm5");
++	&shufps		("xmm3","xmm2",0b01001110);
++	&$movekey	(&QWP(16,$key),"xmm3");
++	&lea		($key,&DWP(32,$key));
++	&jmp		(&label("key_192b_warm"));
++
++&set_label("14rounds",16);
++	&movups		("xmm2",&QWP(16,"eax"));	# remaining half of *userKey
++	&mov		($rounds,13);
++	&lea		($key,&DWP(16,$key));
++	&$movekey	(&QWP(-32,$key),"xmm0");	# round 0
++	&$movekey	(&QWP(-16,$key),"xmm2");	# round 1
++	&aeskeygenassist("xmm1","xmm2",0x01);		# round 2
++	&call		(&label("key_256a_cold"));
++	&aeskeygenassist("xmm1","xmm0",0x01);		# round 3
++	&call		(&label("key_256b"));
++	&aeskeygenassist("xmm1","xmm2",0x02);		# round 4
++	&call		(&label("key_256a"));
++	&aeskeygenassist("xmm1","xmm0",0x02);		# round 5
++	&call		(&label("key_256b"));
++	&aeskeygenassist("xmm1","xmm2",0x04);		# round 6
++	&call		(&label("key_256a"));
++	&aeskeygenassist("xmm1","xmm0",0x04);		# round 7
++	&call		(&label("key_256b"));
++	&aeskeygenassist("xmm1","xmm2",0x08);		# round 8
++	&call		(&label("key_256a"));
++	&aeskeygenassist("xmm1","xmm0",0x08);		# round 9
++	&call		(&label("key_256b"));
++	&aeskeygenassist("xmm1","xmm2",0x10);		# round 10
++	&call		(&label("key_256a"));
++	&aeskeygenassist("xmm1","xmm0",0x10);		# round 11
++	&call		(&label("key_256b"));
++	&aeskeygenassist("xmm1","xmm2",0x20);		# round 12
++	&call		(&label("key_256a"));
++	&aeskeygenassist("xmm1","xmm0",0x20);		# round 13
++	&call		(&label("key_256b"));
++	&aeskeygenassist("xmm1","xmm2",0x40);		# round 14
++	&call		(&label("key_256a"));
++	&$movekey	(&QWP(0,$key),"xmm0");
++	&mov		(&DWP(16,$key),$rounds);
++	&xor		("eax","eax");
++	&ret();
++
++&set_label("key_256a",16);
++	&$movekey	(&QWP(0,$key),"xmm2");
++	&lea		($key,&DWP(16,$key));
++&set_label("key_256a_cold");
++	&shufps		("xmm4","xmm0",0b00010000);
++	&pxor		("xmm0","xmm4");
++	&shufps		("xmm4","xmm0",0b10001100);
++	&pxor		("xmm0","xmm4");
++	&pshufd		("xmm1","xmm1",0b11111111);	# critical path
++	&pxor		("xmm0","xmm1");
++	&ret();
++
++&set_label("key_256b",16);
++	&$movekey	(&QWP(0,$key),"xmm0");
++	&lea		($key,&DWP(16,$key));
++
++	&shufps		("xmm4","xmm2",0b00010000);
++	&pxor		("xmm2","xmm4");
++	&shufps		("xmm4","xmm2",0b10001100);
++	&pxor		("xmm2","xmm4");
++	&pshufd		("xmm1","xmm1",0b10101010);	# critical path
++	&pxor		("xmm2","xmm1");
++	&ret();
++
++&set_label("bad_pointer",4);
++	&mov	("eax",-1);
++	&ret	();
++&set_label("bad_keybits",4);
++	&mov	("eax",-2);
++	&ret	();
++&function_end_B("_aesni_set_encrypt_key");
++
++# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
++#                              AES_KEY *key)
++&function_begin_B("${PREFIX}_set_encrypt_key");
++	&mov	("eax",&wparam(0));
++	&mov	($rounds,&wparam(1));
++	&mov	($key,&wparam(2));
++	&call	("_aesni_set_encrypt_key");
++	&ret	();
++&function_end_B("${PREFIX}_set_encrypt_key");
++
++# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits,
++#                              AES_KEY *key)
++&function_begin_B("${PREFIX}_set_decrypt_key");
++	&mov	("eax",&wparam(0));
++	&mov	($rounds,&wparam(1));
++	&mov	($key,&wparam(2));
++	&call	("_aesni_set_encrypt_key");
++	&mov	($key,&wparam(2));
++	&shl	($rounds,4)	# rounds-1 after _aesni_set_encrypt_key
++	&test	("eax","eax");
++	&jnz	(&label("dec_key_ret"));
++	&lea	("eax",&DWP(16,$key,$rounds));	# end of key schedule
++
++	&$movekey	("xmm0",&QWP(0,$key));	# just swap
++	&$movekey	("xmm1",&QWP(0,"eax"));
++	&$movekey	(&QWP(0,"eax"),"xmm0");
++	&$movekey	(&QWP(0,$key),"xmm1");
++	&lea		($key,&DWP(16,$key));
++	&lea		("eax",&DWP(-16,"eax"));
++
++&set_label("dec_key_inverse");
++	&$movekey	("xmm0",&QWP(0,$key));	# swap and inverse
++	&$movekey	("xmm1",&QWP(0,"eax"));
++	&aesimc		("xmm0","xmm0");
++	&aesimc		("xmm1","xmm1");
++	&lea		($key,&DWP(16,$key));
++	&lea		("eax",&DWP(-16,"eax"));
++	&cmp		("eax",$key);
++	&$movekey	(&QWP(16,"eax"),"xmm0");
++	&$movekey	(&QWP(-16,$key),"xmm1");
++	&ja		(&label("dec_key_inverse"));
++
++	&$movekey	("xmm0",&QWP(0,$key));	# inverse middle
++	&aesimc		("xmm0","xmm0");
++	&$movekey	(&QWP(0,$key),"xmm0");
++
++	&xor		("eax","eax");		# return success
++&set_label("dec_key_ret");
++	&ret	();
++&function_end_B("${PREFIX}_set_decrypt_key");
++&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
++
++&asm_finish();
+diff -up openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl
+--- openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl.aesni	2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/aes/asm/aesni-x86_64.pl	2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,991 @@
++#!/usr/bin/env perl
++#
++# ====================================================================
++# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
++# project. The module is, however, dual licensed under OpenSSL and
++# CRYPTOGAMS licenses depending on where you obtain it. For further
++# details see http://www.openssl.org/~appro/cryptogams/.
++# ====================================================================
++#
++# This module implements support for Intel AES-NI extension. In
++# OpenSSL context it's used with Intel engine, but can also be used as
++# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for
++# details].
++
++$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
++			# generates drop-in replacement for
++			# crypto/aes/asm/aes-x86_64.pl:-)
++
++$flavour = shift;
++$output  = shift;
++if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
++
++$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
++
++$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
++( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
++( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
++die "can't locate x86_64-xlate.pl";
++
++open STDOUT,"| $^X $xlate $flavour $output";
++
++$movkey = $PREFIX eq "aesni" ? "movaps" : "movups";
++@_4args=$win64?	("%rcx","%rdx","%r8", "%r9") :	# Win64 order
++		("%rdi","%rsi","%rdx","%rcx");	# Unix order
++
++$code=".text\n";
++
++$rounds="%eax";	# input to and changed by aesni_[en|de]cryptN !!!
++# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ...
++$inp="%rdi";
++$out="%rsi";
++$len="%rdx";
++$key="%rcx";	# input to and changed by aesni_[en|de]cryptN !!!
++$ivp="%r8";	# cbc
++
++$rnds_="%r10d";	# backup copy for $rounds
++$key_="%r11";	# backup copy for $key
++
++# %xmm register layout
++$inout0="%xmm0";	$inout1="%xmm1";
++$inout2="%xmm2";	$inout3="%xmm3";
++$rndkey0="%xmm4";	$rndkey1="%xmm5";
++
++$iv="%xmm6";		$in0="%xmm7";	# used in CBC decrypt
++$in1="%xmm8";		$in2="%xmm9";
++
++# Inline version of internal aesni_[en|de]crypt1.
++#
++# Why folded loop? Because aes[enc|dec] is slow enough to accommodate
++# cycles which take care of loop variables...
++{ my $sn;
++sub aesni_generate1 {
++my ($p,$key,$rounds)=@_;
++++$sn;
++$code.=<<___;
++	$movkey	($key),$rndkey0
++	$movkey	16($key),$rndkey1
++	lea	32($key),$key
++	pxor	$rndkey0,$inout0
++.Loop_${p}1_$sn:
++	aes${p}	$rndkey1,$inout0
++	dec	$rounds
++	$movkey	($key),$rndkey1
++	lea	16($key),$key
++	jnz	.Loop_${p}1_$sn	# loop body is 16 bytes
++	aes${p}last	$rndkey1,$inout0
++___
++}}
++# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
++#
++{ my ($inp,$out,$key) = @_4args;
++
++$code.=<<___;
++.globl	${PREFIX}_encrypt
++.type	${PREFIX}_encrypt,\@abi-omnipotent
++.align	16
++${PREFIX}_encrypt:
++	movups	($inp),$inout0		# load input
++	mov	240($key),$rounds	# pull $rounds
++___
++	&aesni_generate1("enc",$key,$rounds);
++$code.=<<___;
++	movups	$inout0,($out)		# output
++	ret
++.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
++
++.globl	${PREFIX}_decrypt
++.type	${PREFIX}_decrypt,\@abi-omnipotent
++.align	16
++${PREFIX}_decrypt:
++	movups	($inp),$inout0		# load input
++	mov	240($key),$rounds	# pull $rounds
++___
++	&aesni_generate1("dec",$key,$rounds);
++$code.=<<___;
++	movups	$inout0,($out)		# output
++	ret
++.size	${PREFIX}_decrypt, .-${PREFIX}_decrypt
++___
++}
++
++# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave
++# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec]
++# latency is 6, it turned out that it can be scheduled only every
++# *second* cycle. Thus 3x interleave is the one providing optimal
++# utilization, i.e. when subroutine's throughput is virtually same as
++# of non-interleaved subroutine [for number of input blocks up to 3].
++# This is why it makes no sense to implement 2x subroutine. As soon
++# as/if Intel improves throughput by making it possible to schedule
++# the instructions in question *every* cycles I would have to
++# implement 6x interleave and use it in loop...
++sub aesni_generate3 {
++my $dir=shift;
++# As already mentioned it takes in $key and $rounds, which are *not*
++# preserved. $inout[0-2] is cipher/clear text...
++$code.=<<___;
++.type	_aesni_${dir}rypt3,\@abi-omnipotent
++.align	16
++_aesni_${dir}rypt3:
++	$movkey	($key),$rndkey0
++	shr	\$1,$rounds
++	$movkey	16($key),$rndkey1
++	lea	32($key),$key
++	pxor	$rndkey0,$inout0
++	pxor	$rndkey0,$inout1
++	pxor	$rndkey0,$inout2
++
++.L${dir}_loop3:
++	aes${dir}	$rndkey1,$inout0
++	$movkey		($key),$rndkey0
++	aes${dir}	$rndkey1,$inout1
++	dec		$rounds
++	aes${dir}	$rndkey1,$inout2
++	aes${dir}	$rndkey0,$inout0
++	$movkey		16($key),$rndkey1
++	aes${dir}	$rndkey0,$inout1
++	lea		32($key),$key
++	aes${dir}	$rndkey0,$inout2
++	jnz		.L${dir}_loop3
++
++	aes${dir}	$rndkey1,$inout0
++	$movkey		($key),$rndkey0
++	aes${dir}	$rndkey1,$inout1
++	aes${dir}	$rndkey1,$inout2
++	aes${dir}last	$rndkey0,$inout0
++	aes${dir}last	$rndkey0,$inout1
++	aes${dir}last	$rndkey0,$inout2
++	ret
++.size	_aesni_${dir}rypt3,.-_aesni_${dir}rypt3
++___
++}
++# 4x interleave is implemented to improve small block performance,
++# most notably [and naturally] 4 block by ~30%. One can argue that one
++# should have implemented 5x as well, but improvement would be <20%,
++# so it's not worth it...
++sub aesni_generate4 {
++my $dir=shift;
++# As already mentioned it takes in $key and $rounds, which are *not*
++# preserved. $inout[0-3] is cipher/clear text...
++$code.=<<___;
++.type	_aesni_${dir}rypt4,\@abi-omnipotent
++.align	16
++_aesni_${dir}rypt4:
++	$movkey	($key),$rndkey0
++	shr	\$1,$rounds
++	$movkey	16($key),$rndkey1
++	lea	32($key),$key
++	pxor	$rndkey0,$inout0
++	pxor	$rndkey0,$inout1
++	pxor	$rndkey0,$inout2
++	pxor	$rndkey0,$inout3
++
++.L${dir}_loop4:
++	aes${dir}	$rndkey1,$inout0
++	$movkey		($key),$rndkey0
++	aes${dir}	$rndkey1,$inout1
++	dec		$rounds
++	aes${dir}	$rndkey1,$inout2
++	aes${dir}	$rndkey1,$inout3
++	aes${dir}	$rndkey0,$inout0
++	$movkey		16($key),$rndkey1
++	aes${dir}	$rndkey0,$inout1
++	lea		32($key),$key
++	aes${dir}	$rndkey0,$inout2
++	aes${dir}	$rndkey0,$inout3
++	jnz		.L${dir}_loop4
++
++	aes${dir}	$rndkey1,$inout0
++	$movkey		($key),$rndkey0
++	aes${dir}	$rndkey1,$inout1
++	aes${dir}	$rndkey1,$inout2
++	aes${dir}	$rndkey1,$inout3
++	aes${dir}last	$rndkey0,$inout0
++	aes${dir}last	$rndkey0,$inout1
++	aes${dir}last	$rndkey0,$inout2
++	aes${dir}last	$rndkey0,$inout3
++	ret
++.size	_aesni_${dir}rypt4,.-_aesni_${dir}rypt4
++___
++}
++&aesni_generate3("enc") if ($PREFIX eq "aesni");
++&aesni_generate3("dec");
++&aesni_generate4("enc") if ($PREFIX eq "aesni");
++&aesni_generate4("dec");
++
++if ($PREFIX eq "aesni") {
++# void aesni_ecb_encrypt (const void *in, void *out,
++#			  size_t length, const AES_KEY *key,
++#			  int enc);
++$code.=<<___;
++.globl	aesni_ecb_encrypt
++.type	aesni_ecb_encrypt,\@function,5
++.align	16
++aesni_ecb_encrypt:
++	cmp	\$16,$len		# check length
++	jb	.Lecb_ret
++
++	mov	240($key),$rounds	# pull $rounds
++	and	\$-16,$len
++	mov	$key,$key_		# backup $key
++	test	%r8d,%r8d		# 5th argument
++	mov	$rounds,$rnds_		# backup $rounds
++	jz	.Lecb_decrypt
++#--------------------------- ECB ENCRYPT ------------------------------#
++	sub	\$0x40,$len
++	jbe	.Lecb_enc_tail
++	jmp	.Lecb_enc_loop3
++.align 16
++.Lecb_enc_loop3:
++	movups	($inp),$inout0
++	movups	0x10($inp),$inout1
++	movups	0x20($inp),$inout2
++	call	_aesni_encrypt3
++	sub	\$0x30,$len
++	lea	0x30($inp),$inp
++	lea	0x30($out),$out
++	movups	$inout0,-0x30($out)
++	mov	$rnds_,$rounds		# restore $rounds
++	movups	$inout1,-0x20($out)
++	mov	$key_,$key		# restore $key
++	movups	$inout2,-0x10($out)
++	ja	.Lecb_enc_loop3
++
++.Lecb_enc_tail:
++	add	\$0x40,$len
++	jz	.Lecb_ret
++
++	cmp	\$0x10,$len
++	movups	($inp),$inout0
++	je	.Lecb_enc_one
++	cmp	\$0x20,$len
++	movups	0x10($inp),$inout1
++	je	.Lecb_enc_two
++	cmp	\$0x30,$len
++	movups	0x20($inp),$inout2
++	je	.Lecb_enc_three
++	movups	0x30($inp),$inout3
++	call	_aesni_encrypt4
++	movups	$inout0,($out)
++	movups	$inout1,0x10($out)
++	movups	$inout2,0x20($out)
++	movups	$inout3,0x30($out)
++	jmp	.Lecb_ret
++.align	16
++.Lecb_enc_one:
++___
++	&aesni_generate1("enc",$key,$rounds);
++$code.=<<___;
++	movups	$inout0,($out)
++	jmp	.Lecb_ret
++.align	16
++.Lecb_enc_two:
++	call	_aesni_encrypt3
++	movups	$inout0,($out)
++	movups	$inout1,0x10($out)
++	jmp	.Lecb_ret
++.align	16
++.Lecb_enc_three:
++	call	_aesni_encrypt3
++	movups	$inout0,($out)
++	movups	$inout1,0x10($out)
++	movups	$inout2,0x20($out)
++	jmp	.Lecb_ret
++#--------------------------- ECB DECRYPT ------------------------------#
++.align	16
++.Lecb_decrypt:
++	sub	\$0x40,$len
++	jbe	.Lecb_dec_tail
++	jmp	.Lecb_dec_loop3
++.align 16
++.Lecb_dec_loop3:
++	movups	($inp),$inout0
++	movups	0x10($inp),$inout1
++	movups	0x20($inp),$inout2
++	call	_aesni_decrypt3
++	sub	\$0x30,$len
++	lea	0x30($inp),$inp
++	lea	0x30($out),$out
++	movups	$inout0,-0x30($out)
++	mov	$rnds_,$rounds		# restore $rounds
++	movups	$inout1,-0x20($out)
++	mov	$key_,$key		# restore $key
++	movups	$inout2,-0x10($out)
++	ja	.Lecb_dec_loop3
++
++.Lecb_dec_tail:
++	add	\$0x40,$len
++	jz	.Lecb_ret
++
++	cmp	\$0x10,$len
++	movups	($inp),$inout0
++	je	.Lecb_dec_one
++	cmp	\$0x20,$len
++	movups	0x10($inp),$inout1
++	je	.Lecb_dec_two
++	cmp	\$0x30,$len
++	movups	0x20($inp),$inout2
++	je	.Lecb_dec_three
++	movups	0x30($inp),$inout3
++	call	_aesni_decrypt4
++	movups	$inout0,($out)
++	movups	$inout1,0x10($out)
++	movups	$inout2,0x20($out)
++	movups	$inout3,0x30($out)
++	jmp	.Lecb_ret
++.align	16
++.Lecb_dec_one:
++___
++	&aesni_generate1("dec",$key,$rounds);
++$code.=<<___;
++	movups	$inout0,($out)
++	jmp	.Lecb_ret
++.align	16
++.Lecb_dec_two:
++	call	_aesni_decrypt3
++	movups	$inout0,($out)
++	movups	$inout1,0x10($out)
++	jmp	.Lecb_ret
++.align	16
++.Lecb_dec_three:
++	call	_aesni_decrypt3
++	movups	$inout0,($out)
++	movups	$inout1,0x10($out)
++	movups	$inout2,0x20($out)
++
++.Lecb_ret:
++	ret
++.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
++___
++}
++
++# void $PREFIX_cbc_encrypt (const void *inp, void *out,
++#			    size_t length, const AES_KEY *key,
++#			    unsigned char *ivp,const int enc);
++$reserved = $win64?0x40:-0x18;	# used in decrypt
++$code.=<<___;
++.globl	${PREFIX}_cbc_encrypt
++.type	${PREFIX}_cbc_encrypt,\@function,6
++.align	16
++${PREFIX}_cbc_encrypt:
++	test	$len,$len		# check length
++	jz	.Lcbc_ret
++
++	mov	240($key),$rnds_	# pull $rounds
++	mov	$key,$key_		# backup $key
++	test	%r9d,%r9d		# 6th argument
++	jz	.Lcbc_decrypt
++#--------------------------- CBC ENCRYPT ------------------------------#
++	movups	($ivp),$inout0		# load iv as initial state
++	cmp	\$16,$len
++	mov	$rnds_,$rounds
++	jb	.Lcbc_enc_tail
++	sub	\$16,$len
++	jmp	.Lcbc_enc_loop
++.align 16
++.Lcbc_enc_loop:
++	movups	($inp),$inout1		# load input
++	lea	16($inp),$inp
++	pxor	$inout1,$inout0
++___
++	&aesni_generate1("enc",$key,$rounds);
++$code.=<<___;
++	sub	\$16,$len
++	lea	16($out),$out
++	mov	$rnds_,$rounds		# restore $rounds
++	mov	$key_,$key		# restore $key
++	movups	$inout0,-16($out)	# store output
++	jnc	.Lcbc_enc_loop
++	add	\$16,$len
++	jnz	.Lcbc_enc_tail
++	movups	$inout0,($ivp)
++	jmp	.Lcbc_ret
++
++.Lcbc_enc_tail:
++	mov	$len,%rcx	# zaps $key
++	xchg	$inp,$out	# $inp is %rsi and $out is %rdi now
++	.long	0x9066A4F3	# rep movsb
++	mov	\$16,%ecx	# zero tail
++	sub	$len,%rcx
++	xor	%eax,%eax
++	.long	0x9066AAF3	# rep stosb
++	lea	-16(%rdi),%rdi	# rewind $out by 1 block
++	mov	$rnds_,$rounds	# restore $rounds
++	mov	%rdi,%rsi	# $inp and $out are the same
++	mov	$key_,$key	# restore $key
++	xor	$len,$len	# len=16
++	jmp	.Lcbc_enc_loop	# one more spin
++#--------------------------- CBC DECRYPT ------------------------------#
++.align	16
++.Lcbc_decrypt:
++___
++$code.=<<___ if ($win64);
++	lea	-0x58(%rsp),%rsp
++	movaps	%xmm6,(%rsp)
++	movaps	%xmm7,0x10(%rsp)
++	movaps	%xmm8,0x20(%rsp)
++	movaps	%xmm9,0x30(%rsp)
++.Lcbc_decrypt_body:
++___
++$code.=<<___;
++	movups	($ivp),$iv
++	sub	\$0x40,$len
++	mov	$rnds_,$rounds
++	jbe	.Lcbc_dec_tail
++	jmp	.Lcbc_dec_loop3
++.align 16
++.Lcbc_dec_loop3:
++	movups	($inp),$inout0
++	movups	0x10($inp),$inout1
++	movups	0x20($inp),$inout2
++	movaps	$inout0,$in0
++	movaps	$inout1,$in1
++	movaps	$inout2,$in2
++	call	_aesni_decrypt3
++	sub	\$0x30,$len
++	lea	0x30($inp),$inp
++	lea	0x30($out),$out
++	pxor	$iv,$inout0
++	pxor	$in0,$inout1
++	movaps	$in2,$iv
++	pxor	$in1,$inout2
++	movups	$inout0,-0x30($out)
++	mov	$rnds_,$rounds	# restore $rounds
++	movups	$inout1,-0x20($out)
++	mov	$key_,$key	# restore $key
++	movups	$inout2,-0x10($out)
++	ja	.Lcbc_dec_loop3
++
++.Lcbc_dec_tail:
++	add	\$0x40,$len
++	movups	$iv,($ivp)
++	jz	.Lcbc_dec_ret
++
++	movups	($inp),$inout0
++	cmp	\$0x10,$len
++	movaps	$inout0,$in0
++	jbe	.Lcbc_dec_one
++	movups	0x10($inp),$inout1
++	cmp	\$0x20,$len
++	movaps	$inout1,$in1
++	jbe	.Lcbc_dec_two
++	movups	0x20($inp),$inout2
++	cmp	\$0x30,$len
++	movaps	$inout2,$in2
++	jbe	.Lcbc_dec_three
++	movups	0x30($inp),$inout3
++	call	_aesni_decrypt4
++	pxor	$iv,$inout0
++	movups	0x30($inp),$iv
++	pxor	$in0,$inout1
++	movups	$inout0,($out)
++	pxor	$in1,$inout2
++	movups	$inout1,0x10($out)
++	pxor	$in2,$inout3
++	movups	$inout2,0x20($out)
++	movaps	$inout3,$inout0
++	lea	0x30($out),$out
++	jmp	.Lcbc_dec_tail_collected
++.align	16
++.Lcbc_dec_one:
++___
++	&aesni_generate1("dec",$key,$rounds);
++$code.=<<___;
++	pxor	$iv,$inout0
++	movaps	$in0,$iv
++	jmp	.Lcbc_dec_tail_collected
++.align	16
++.Lcbc_dec_two:
++	call	_aesni_decrypt3
++	pxor	$iv,$inout0
++	pxor	$in0,$inout1
++	movups	$inout0,($out)
++	movaps	$in1,$iv
++	movaps	$inout1,$inout0
++	lea	0x10($out),$out
++	jmp	.Lcbc_dec_tail_collected
++.align	16
++.Lcbc_dec_three:
++	call	_aesni_decrypt3
++	pxor	$iv,$inout0
++	pxor	$in0,$inout1
++	movups	$inout0,($out)
++	pxor	$in1,$inout2
++	movups	$inout1,0x10($out)
++	movaps	$in2,$iv
++	movaps	$inout2,$inout0
++	lea	0x20($out),$out
++	jmp	.Lcbc_dec_tail_collected
++.align	16
++.Lcbc_dec_tail_collected:
++	and	\$15,$len
++	movups	$iv,($ivp)
++	jnz	.Lcbc_dec_tail_partial
++	movups	$inout0,($out)
++	jmp	.Lcbc_dec_ret
++.Lcbc_dec_tail_partial:
++	movaps	$inout0,$reserved(%rsp)
++	mov	$out,%rdi
++	mov	$len,%rcx
++	lea	$reserved(%rsp),%rsi
++	.long	0x9066A4F3	# rep movsb
++
++.Lcbc_dec_ret:
++___
++$code.=<<___ if ($win64);
++	movaps	(%rsp),%xmm6
++	movaps	0x10(%rsp),%xmm7
++	movaps	0x20(%rsp),%xmm8
++	movaps	0x30(%rsp),%xmm9
++	lea	0x58(%rsp),%rsp
++___
++$code.=<<___;
++.Lcbc_ret:
++	ret
++.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
++___
++
++# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey,
++#				int bits, AES_KEY *key)
++{ my ($inp,$bits,$key) = @_4args;
++  $bits =~ s/%r/%e/;
++
++$code.=<<___;
++.globl	${PREFIX}_set_decrypt_key
++.type	${PREFIX}_set_decrypt_key,\@abi-omnipotent
++.align	16
++${PREFIX}_set_decrypt_key:
++	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
++	call	_aesni_set_encrypt_key
++	shl	\$4,$bits		# rounds-1 after _aesni_set_encrypt_key
++	test	%eax,%eax
++	jnz	.Ldec_key_ret
++	lea	16($key,$bits),$inp	# points at the end of key schedule
++
++	$movkey	($key),%xmm0		# just swap
++	$movkey	($inp),%xmm1
++	$movkey	%xmm0,($inp)
++	$movkey	%xmm1,($key)
++	lea	16($key),$key
++	lea	-16($inp),$inp
++
++.Ldec_key_inverse:
++	$movkey	($key),%xmm0		# swap and inverse
++	$movkey	($inp),%xmm1
++	aesimc	%xmm0,%xmm0
++	aesimc	%xmm1,%xmm1
++	lea	16($key),$key
++	lea	-16($inp),$inp
++	cmp	$key,$inp
++	$movkey	%xmm0,16($inp)
++	$movkey	%xmm1,-16($key)
++	ja	.Ldec_key_inverse
++
++	$movkey	($key),%xmm0		# inverse middle
++	aesimc	%xmm0,%xmm0
++	$movkey	%xmm0,($inp)
++.Ldec_key_ret:
++	add	\$8,%rsp
++	ret
++.LSEH_end_set_decrypt_key:
++.size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
++___
++
++# This is based on submission by
++#
++#	Huang Ying <ying.huang@intel.com>
++#	Vinodh Gopal <vinodh.gopal@intel.com>
++#	Kahraman Akdemir
++#
++# Agressively optimized in respect to aeskeygenassist's critical path
++# and is contained in %xmm0-5 to meet Win64 ABI requirement.
++#
++$code.=<<___;
++.globl	${PREFIX}_set_encrypt_key
++.type	${PREFIX}_set_encrypt_key,\@abi-omnipotent
++.align	16
++${PREFIX}_set_encrypt_key:
++_aesni_set_encrypt_key:
++	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
++	test	$inp,$inp
++	mov	\$-1,%rax
++	jz	.Lenc_key_ret
++	test	$key,$key
++	jz	.Lenc_key_ret
++
++	movups	($inp),%xmm0		# pull first 128 bits of *userKey
++	pxor	%xmm4,%xmm4		# low dword of xmm4 is assumed 0
++	lea	16($key),%rax
++	cmp	\$256,$bits
++	je	.L14rounds
++	cmp	\$192,$bits
++	je	.L12rounds
++	cmp	\$128,$bits
++	jne	.Lbad_keybits
++
++.L10rounds:
++	mov	\$9,$bits			# 10 rounds for 128-bit key
++	$movkey	%xmm0,($key)			# round 0
++	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 1
++	call		.Lkey_expansion_128_cold
++	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 2
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 3
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 4
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 5
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 6
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x40,%xmm0,%xmm1	# round 7
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x80,%xmm0,%xmm1	# round 8
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x1b,%xmm0,%xmm1	# round 9
++	call		.Lkey_expansion_128
++	aeskeygenassist	\$0x36,%xmm0,%xmm1	# round 10
++	call		.Lkey_expansion_128
++	$movkey	%xmm0,(%rax)
++	mov	$bits,80(%rax)	# 240(%rdx)
++	xor	%eax,%eax
++	jmp	.Lenc_key_ret
++
++.align	16
++.L12rounds:
++	movq	16($inp),%xmm2			# remaining 1/3 of *userKey
++	mov	\$11,$bits			# 12 rounds for 192
++	$movkey	%xmm0,($key)			# round 0
++	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 1,2
++	call		.Lkey_expansion_192a_cold
++	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 2,3
++	call		.Lkey_expansion_192b
++	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 4,5
++	call		.Lkey_expansion_192a
++	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 5,6
++	call		.Lkey_expansion_192b
++	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 7,8
++	call		.Lkey_expansion_192a
++	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 8,9
++	call		.Lkey_expansion_192b
++	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 10,11
++	call		.Lkey_expansion_192a
++	aeskeygenassist	\$0x80,%xmm2,%xmm1	# round 11,12
++	call		.Lkey_expansion_192b
++	$movkey	%xmm0,(%rax)
++	mov	$bits,48(%rax)	# 240(%rdx)
++	xor	%rax, %rax
++	jmp	.Lenc_key_ret
++
++.align	16
++.L14rounds:
++	movups	16($inp),%xmm2			# remaning half of *userKey
++	mov	\$13,$bits			# 14 rounds for 256
++	lea	16(%rax),%rax
++	$movkey	%xmm0,($key)			# round 0
++	$movkey	%xmm2,16($key)			# round 1
++	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 2
++	call		.Lkey_expansion_256a_cold
++	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 3
++	call		.Lkey_expansion_256b
++	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 4
++	call		.Lkey_expansion_256a
++	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 5
++	call		.Lkey_expansion_256b
++	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 6
++	call		.Lkey_expansion_256a
++	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 7
++	call		.Lkey_expansion_256b
++	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 8
++	call		.Lkey_expansion_256a
++	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 9
++	call		.Lkey_expansion_256b
++	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 10
++	call		.Lkey_expansion_256a
++	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 11
++	call		.Lkey_expansion_256b
++	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 12
++	call		.Lkey_expansion_256a
++	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 13
++	call		.Lkey_expansion_256b
++	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 14
++	call		.Lkey_expansion_256a
++	$movkey	%xmm0,(%rax)
++	mov	$bits,16(%rax)	# 240(%rdx)
++	xor	%rax,%rax
++	jmp	.Lenc_key_ret
++
++.align	16
++.Lbad_keybits:
++	mov	\$-2,%rax
++.Lenc_key_ret:
++	add	\$8,%rsp
++	ret
++.LSEH_end_set_encrypt_key:
++
++.align	16
++.Lkey_expansion_128:
++	$movkey	%xmm0,(%rax)
++	lea	16(%rax),%rax
++.Lkey_expansion_128_cold:
++	shufps	\$0b00010000,%xmm0,%xmm4
++	pxor	%xmm4, %xmm0
++	shufps	\$0b10001100,%xmm0,%xmm4
++	pxor	%xmm4, %xmm0
++	pshufd	\$0b11111111,%xmm1,%xmm1	# critical path
++	pxor	%xmm1,%xmm0
++	ret
++
++.align 16
++.Lkey_expansion_192a:
++	$movkey	%xmm0,(%rax)
++	lea	16(%rax),%rax
++.Lkey_expansion_192a_cold:
++	movaps	%xmm2, %xmm5
++.Lkey_expansion_192b_warm:
++	shufps	\$0b00010000,%xmm0,%xmm4
++	movaps	%xmm2,%xmm3
++	pxor	%xmm4,%xmm0
++	shufps	\$0b10001100,%xmm0,%xmm4
++	pslldq	\$4,%xmm3
++	pxor	%xmm4,%xmm0
++	pshufd	\$0b01010101,%xmm1,%xmm1	# critical path
++	pxor	%xmm3,%xmm2
++	pxor	%xmm1,%xmm0
++	pshufd	\$0b11111111,%xmm0,%xmm3
++	pxor	%xmm3,%xmm2
++	ret
++
++.align 16
++.Lkey_expansion_192b:
++	movaps	%xmm0,%xmm3
++	shufps	\$0b01000100,%xmm0,%xmm5
++	$movkey	%xmm5,(%rax)
++	shufps	\$0b01001110,%xmm2,%xmm3
++	$movkey	%xmm3,16(%rax)
++	lea	32(%rax),%rax
++	jmp	.Lkey_expansion_192b_warm
++
++.align	16
++.Lkey_expansion_256a:
++	$movkey	%xmm2,(%rax)
++	lea	16(%rax),%rax
++.Lkey_expansion_256a_cold:
++	shufps	\$0b00010000,%xmm0,%xmm4
++	pxor	%xmm4,%xmm0
++	shufps	\$0b10001100,%xmm0,%xmm4
++	pxor	%xmm4,%xmm0
++	pshufd	\$0b11111111,%xmm1,%xmm1	# critical path
++	pxor	%xmm1,%xmm0
++	ret
++
++.align 16
++.Lkey_expansion_256b:
++	$movkey	%xmm0,(%rax)
++	lea	16(%rax),%rax
++
++	shufps	\$0b00010000,%xmm2,%xmm4
++	pxor	%xmm4,%xmm2
++	shufps	\$0b10001100,%xmm2,%xmm4
++	pxor	%xmm4,%xmm2
++	pshufd	\$0b10101010,%xmm1,%xmm1	# critical path
++	pxor	%xmm1,%xmm2
++	ret
++.size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
++___
++}
++
++$code.=<<___;
++.asciz  "AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>"
++.align	64
++___
++
++# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
++#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
++if ($win64) {
++$rec="%rcx";
++$frame="%rdx";
++$context="%r8";
++$disp="%r9";
++
++$code.=<<___;
++.extern	__imp_RtlVirtualUnwind
++.type	cbc_se_handler,\@abi-omnipotent
++.align	16
++cbc_se_handler:
++	push	%rsi
++	push	%rdi
++	push	%rbx
++	push	%rbp
++	push	%r12
++	push	%r13
++	push	%r14
++	push	%r15
++	pushfq
++	sub	\$64,%rsp
++
++	mov	152($context),%rax	# pull context->Rsp
++	mov	248($context),%rbx	# pull context->Rip
++
++	lea	.Lcbc_decrypt(%rip),%r10
++	cmp	%r10,%rbx		# context->Rip<"prologue" label
++	jb	.Lin_prologue
++
++	lea	.Lcbc_decrypt_body(%rip),%r10
++	cmp	%r10,%rbx		# context->Rip<cbc_decrypt_body
++	jb	.Lrestore_rax
++
++	lea	.Lcbc_ret(%rip),%r10
++	cmp	%r10,%rbx		# context->Rip>="epilogue" label
++	jae	.Lin_prologue
++
++	lea	0(%rax),%rsi		# top of stack
++	lea	512($context),%rdi	# &context.Xmm6
++	mov	\$8,%ecx		# 4*sizeof(%xmm0)/sizeof(%rax)
++	.long	0xa548f3fc		# cld; rep movsq
++	lea	0x58(%rax),%rax		# adjust stack pointer
++	jmp	.Lin_prologue
++
++.Lrestore_rax:
++	mov	120($context),%rax
++.Lin_prologue:
++	mov	8(%rax),%rdi
++	mov	16(%rax),%rsi
++	mov	%rax,152($context)	# restore context->Rsp
++	mov	%rsi,168($context)	# restore context->Rsi
++	mov	%rdi,176($context)	# restore context->Rdi
++
++	jmp	.Lcommon_seh_exit
++.size	cbc_se_handler,.-cbc_se_handler
++
++.type	ecb_se_handler,\@abi-omnipotent
++.align	16
++ecb_se_handler:
++	push	%rsi
++	push	%rdi
++	push	%rbx
++	push	%rbp
++	push	%r12
++	push	%r13
++	push	%r14
++	push	%r15
++	pushfq
++	sub	\$64,%rsp
++
++	mov	152($context),%rax	# pull context->Rsp
++	mov	8(%rax),%rdi
++	mov	16(%rax),%rsi
++	mov	%rsi,168($context)	# restore context->Rsi
++	mov	%rdi,176($context)	# restore context->Rdi
++
++.Lcommon_seh_exit:
++
++	mov	40($disp),%rdi		# disp->ContextRecord
++	mov	$context,%rsi		# context
++	mov	\$154,%ecx		# sizeof(CONTEXT)
++	.long	0xa548f3fc		# cld; rep movsq
++
++	mov	$disp,%rsi
++	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
++	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
++	mov	0(%rsi),%r8		# arg3, disp->ControlPc
++	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
++	mov	40(%rsi),%r10		# disp->ContextRecord
++	lea	56(%rsi),%r11		# &disp->HandlerData
++	lea	24(%rsi),%r12		# &disp->EstablisherFrame
++	mov	%r10,32(%rsp)		# arg5
++	mov	%r11,40(%rsp)		# arg6
++	mov	%r12,48(%rsp)		# arg7
++	mov	%rcx,56(%rsp)		# arg8, (NULL)
++	call	*__imp_RtlVirtualUnwind(%rip)
++
++	mov	\$1,%eax		# ExceptionContinueSearch
++	add	\$64,%rsp
++	popfq
++	pop	%r15
++	pop	%r14
++	pop	%r13
++	pop	%r12
++	pop	%rbp
++	pop	%rbx
++	pop	%rdi
++	pop	%rsi
++	ret
++.size	cbc_se_handler,.-cbc_se_handler
++
++.section	.pdata
++.align	4
++	.rva	.LSEH_begin_${PREFIX}_ecb_encrypt
++	.rva	.LSEH_end_${PREFIX}_ecb_encrypt
++	.rva	.LSEH_info_ecb
++
++	.rva	.LSEH_begin_${PREFIX}_cbc_encrypt
++	.rva	.LSEH_end_${PREFIX}_cbc_encrypt
++	.rva	.LSEH_info_cbc
++
++	.rva	${PREFIX}_set_decrypt_key
++	.rva	.LSEH_end_set_decrypt_key
++	.rva	.LSEH_info_key
++
++	.rva	${PREFIX}_set_encrypt_key
++	.rva	.LSEH_end_set_encrypt_key
++	.rva	.LSEH_info_key
++.section	.xdata
++.align	8
++.LSEH_info_ecb:
++	.byte	9,0,0,0
++	.rva	ecb_se_handler
++.LSEH_info_cbc:
++	.byte	9,0,0,0
++	.rva	cbc_se_handler
++.LSEH_info_key:
++	.byte	0x01,0x04,0x01,0x00
++	.byte	0x04,0x02,0x00,0x00
++___
++}
++
++sub rex {
++ local *opcode=shift;
++ my ($dst,$src)=@_;
++
++   if ($dst>=8 || $src>=8) {
++	$rex=0x40;
++	$rex|=0x04 if($dst>=8);
++	$rex|=0x01 if($src>=8);
++	push @opcode,$rex;
++   }
++}
++
++sub aesni {
++  my $line=shift;
++  my @opcode=(0x66);
++
++    if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
++	rex(\@opcode,$4,$3);
++	push @opcode,0x0f,0x3a,0xdf;
++	push @opcode,0xc0|($3&7)|(($4&7)<<3);	# ModR/M
++	my $c=$2;
++	push @opcode,$c=~/^0/?oct($c):$c;
++	return ".byte\t".join(',',@opcode);
++    }
++    elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
++	my %opcodelet = (
++		"aesimc" => 0xdb,
++		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
++		"aesdec" => 0xde,	"aesdeclast" => 0xdf
++	);
++	return undef if (!defined($opcodelet{$1}));
++	rex(\@opcode,$3,$2);
++	push @opcode,0x0f,0x38,$opcodelet{$1};
++	push @opcode,0xc0|($2&7)|(($3&7)<<3);	# ModR/M
++	return ".byte\t".join(',',@opcode);
++    }
++    return $line;
++}
++
++$code =~ s/\`([^\`]*)\`/eval($1)/gem;
++$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
++
++print $code;
++
++close STDOUT;
+diff -up openssl-1.0.0-beta4/crypto/aes/Makefile.aesni openssl-1.0.0-beta4/crypto/aes/Makefile
+--- openssl-1.0.0-beta4/crypto/aes/Makefile.aesni	2008-12-23 12:33:00.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/aes/Makefile	2010-01-12 22:18:06.000000000 +0100
+@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
+ 
+ aes-586.s:	asm/aes-586.pl ../perlasm/x86asm.pl
+ 	$(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
++aesni-x86.s:	asm/aesni-x86.pl ../perlasm/x86asm.pl
++	$(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+ 
+ aes-x86_64.s: asm/aes-x86_64.pl
+ 	$(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
++aesni-x86_64.s: asm/aesni-x86_64.pl
++	$(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
+ 
+ aes-sparcv9.s: asm/aes-sparcv9.pl
+ 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+diff -up openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_aesni.c
+--- openssl-1.0.0-beta4/crypto/engine/eng_aesni.c.aesni	2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/engine/eng_aesni.c	2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,413 @@
++/*
++ * Support for Intel AES-NI intruction set
++ *   Author: Huang Ying <ying.huang@intel.com>
++ *
++ * Intel AES-NI is a new set of Single Instruction Multiple Data
++ * (SIMD) instructions that are going to be introduced in the next
++ * generation of Intel processor, as of 2009. These instructions
++ * enable fast and secure data encryption and decryption, using the
++ * Advanced Encryption Standard (AES), defined by FIPS Publication
++ * number 197.  The architecture introduces six instructions that
++ * offer full hardware support for AES. Four of them support high
++ * performance data encryption and decryption, and the other two
++ * instructions support the AES key expansion procedure.
++ *
++ * The white paper can be downloaded from:
++ *   http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
++ *
++ * This file is based on engines/e_padlock.c
++ */
++
++/* ====================================================================
++ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++
++#include <openssl/opensslconf.h>
++
++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
++
++#include <stdio.h>
++#include "cryptlib.h"
++#include <openssl/dso.h>
++#include <openssl/engine.h>
++#include <openssl/evp.h>
++#include <openssl/aes.h>
++#include <openssl/err.h>
++#include <openssl/modes.h>
++
++/* AES-NI is available *ONLY* on some x86 CPUs.  Not only that it
++   doesn't exist elsewhere, but it even can't be compiled on other
++   platforms! */
++#undef COMPILE_HW_AESNI
++#if (defined(__x86_64) || defined(__x86_64__) || \
++     defined(_M_AMD64) || defined(_M_X64) || \
++     defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM)
++#define COMPILE_HW_AESNI
++static ENGINE *ENGINE_aesni (void);
++#endif
++
++void ENGINE_load_aesni (void)
++{
++/* On non-x86 CPUs it just returns. */
++#ifdef COMPILE_HW_AESNI
++	ENGINE *toadd = ENGINE_aesni();
++	if (!toadd)
++		return;
++	ENGINE_add (toadd);
++	ENGINE_register_complete (toadd);
++	ENGINE_free (toadd);
++	ERR_clear_error ();
++#endif
++}
++
++#ifdef COMPILE_HW_AESNI
++int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
++			      AES_KEY *key);
++int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
++			      AES_KEY *key);
++
++void aesni_encrypt(const unsigned char *in, unsigned char *out,
++		       const AES_KEY *key);
++void aesni_decrypt(const unsigned char *in, unsigned char *out,
++		       const AES_KEY *key);
++
++void aesni_ecb_encrypt(const unsigned char *in,
++			   unsigned char *out,
++			   size_t length,
++			   const AES_KEY *key,
++			   int enc);
++void aesni_cbc_encrypt(const unsigned char *in,
++			   unsigned char *out,
++			   size_t length,
++			   const AES_KEY *key,
++			   unsigned char *ivec, int enc);
++
++/* Function for ENGINE detection and control */
++static int aesni_init(ENGINE *e);
++
++/* Cipher Stuff */
++static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
++				const int **nids, int nid);
++
++#define AESNI_MIN_ALIGN	16
++#define AESNI_ALIGN(x) \
++	((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
++
++/* Engine names */
++static const char   aesni_id[] = "aesni",
++		    aesni_name[] = "Intel AES-NI engine",
++		    no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
++
++/* ===== Engine "management" functions ===== */
++
++#if defined(_WIN32)
++typedef unsigned __int64 IA32CAP;
++#else
++typedef unsigned long long IA32CAP;
++#endif
++
++/* Prepare the ENGINE structure for registration */
++static int
++aesni_bind_helper(ENGINE *e)
++{
++	int engage;
++	if (sizeof(OPENSSL_ia32cap_P) > 4) {
++		engage = (OPENSSL_ia32cap_P >> 57) & 1;
++	} else {
++		IA32CAP OPENSSL_ia32_cpuid(void);
++		engage = (OPENSSL_ia32_cpuid() >> 57) & 1;
++	}
++
++	/* Register everything or return with an error */
++	if (!ENGINE_set_id(e, aesni_id) ||
++	    !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
++
++	    !ENGINE_set_init_function(e, aesni_init) ||
++	    (engage && !ENGINE_set_ciphers (e, aesni_ciphers))
++	    )
++		return 0;
++
++	/* Everything looks good */
++	return 1;
++}
++
++/* Constructor */
++static ENGINE *
++ENGINE_aesni(void)
++{
++	ENGINE *eng = ENGINE_new();
++
++	if (!eng) {
++		return NULL;
++	}
++
++	if (!aesni_bind_helper(eng)) {
++		ENGINE_free(eng);
++		return NULL;
++	}
++
++	return eng;
++}
++
++/* Check availability of the engine */
++static int
++aesni_init(ENGINE *e)
++{
++	return 1;
++}
++
++#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
++#define NID_aes_128_cfb	NID_aes_128_cfb128
++#endif
++
++#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
++#define NID_aes_128_ofb	NID_aes_128_ofb128
++#endif
++
++#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
++#define NID_aes_192_cfb	NID_aes_192_cfb128
++#endif
++
++#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
++#define NID_aes_192_ofb	NID_aes_192_ofb128
++#endif
++
++#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
++#define NID_aes_256_cfb	NID_aes_256_cfb128
++#endif
++
++#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
++#define NID_aes_256_ofb	NID_aes_256_ofb128
++#endif
++
++/* List of supported ciphers. */
++static int aesni_cipher_nids[] = {
++	NID_aes_128_ecb,
++	NID_aes_128_cbc,
++	NID_aes_128_cfb,
++	NID_aes_128_ofb,
++
++	NID_aes_192_ecb,
++	NID_aes_192_cbc,
++	NID_aes_192_cfb,
++	NID_aes_192_ofb,
++
++	NID_aes_256_ecb,
++	NID_aes_256_cbc,
++	NID_aes_256_cfb,
++	NID_aes_256_ofb,
++};
++static int aesni_cipher_nids_num =
++	(sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0]));
++
++typedef struct
++{
++	AES_KEY ks;
++	unsigned int _pad1[3];
++} AESNI_KEY;
++
++static int
++aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
++		    const unsigned char *iv, int enc)
++{
++	int ret;
++	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++
++	if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
++	    || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
++	    || enc)
++		ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
++	else
++		ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
++
++	if(ret < 0) {
++		EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
++		return 0;
++	}
++
++	return 1;
++}
++
++static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
++		 const unsigned char *in, size_t inl)
++{	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++	aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
++	return 1;
++}
++static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
++		 const unsigned char *in, size_t inl)
++{	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++	aesni_cbc_encrypt(in, out, inl, key,
++			      ctx->iv, ctx->encrypt);
++	return 1;
++}
++static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
++		 const unsigned char *in, size_t inl)
++{	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++	CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv,
++				&ctx->num, ctx->encrypt,
++				(block128_f)aesni_encrypt);
++	return 1;
++}
++static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
++		 const unsigned char *in, size_t inl)
++{	AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
++	CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv,
++				&ctx->num, (block128_f)aesni_encrypt);
++	return 1;
++}
++
++#define AES_BLOCK_SIZE		16
++
++#define EVP_CIPHER_block_size_ECB	AES_BLOCK_SIZE
++#define EVP_CIPHER_block_size_CBC	AES_BLOCK_SIZE
++#define EVP_CIPHER_block_size_OFB	1
++#define EVP_CIPHER_block_size_CFB	1
++
++/* Declaring so many ciphers by hand would be a pain.
++   Instead introduce a bit of preprocessor magic :-) */
++#define	DECLARE_AES_EVP(ksize,lmode,umode)	\
++static const EVP_CIPHER aesni_##ksize##_##lmode = {	\
++	NID_aes_##ksize##_##lmode,			\
++	EVP_CIPHER_block_size_##umode,			\
++	ksize / 8,					\
++	AES_BLOCK_SIZE,					\
++	0 | EVP_CIPH_##umode##_MODE,			\
++	aesni_init_key,				\
++	aesni_cipher_##lmode,				\
++	NULL,						\
++	sizeof(AESNI_KEY),				\
++	EVP_CIPHER_set_asn1_iv,				\
++	EVP_CIPHER_get_asn1_iv,				\
++	NULL,						\
++	NULL						\
++}
++
++DECLARE_AES_EVP(128,ecb,ECB);
++DECLARE_AES_EVP(128,cbc,CBC);
++DECLARE_AES_EVP(128,cfb,CFB);
++DECLARE_AES_EVP(128,ofb,OFB);
++
++DECLARE_AES_EVP(192,ecb,ECB);
++DECLARE_AES_EVP(192,cbc,CBC);
++DECLARE_AES_EVP(192,cfb,CFB);
++DECLARE_AES_EVP(192,ofb,OFB);
++
++DECLARE_AES_EVP(256,ecb,ECB);
++DECLARE_AES_EVP(256,cbc,CBC);
++DECLARE_AES_EVP(256,cfb,CFB);
++DECLARE_AES_EVP(256,ofb,OFB);
++
++static int
++aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher,
++		      const int **nids, int nid)
++{
++	/* No specific cipher => return a list of supported nids ... */
++	if (!cipher) {
++		*nids = aesni_cipher_nids;
++		return aesni_cipher_nids_num;
++	}
++
++	/* ... or the requested "cipher" otherwise */
++	switch (nid) {
++	case NID_aes_128_ecb:
++		*cipher = &aesni_128_ecb;
++		break;
++	case NID_aes_128_cbc:
++		*cipher = &aesni_128_cbc;
++		break;
++	case NID_aes_128_cfb:
++		*cipher = &aesni_128_cfb;
++		break;
++	case NID_aes_128_ofb:
++		*cipher = &aesni_128_ofb;
++		break;
++
++	case NID_aes_192_ecb:
++		*cipher = &aesni_192_ecb;
++		break;
++	case NID_aes_192_cbc:
++		*cipher = &aesni_192_cbc;
++		break;
++	case NID_aes_192_cfb:
++		*cipher = &aesni_192_cfb;
++		break;
++	case NID_aes_192_ofb:
++		*cipher = &aesni_192_ofb;
++		break;
++
++	case NID_aes_256_ecb:
++		*cipher = &aesni_256_ecb;
++		break;
++	case NID_aes_256_cbc:
++		*cipher = &aesni_256_cbc;
++		break;
++	case NID_aes_256_cfb:
++		*cipher = &aesni_256_cfb;
++		break;
++	case NID_aes_256_ofb:
++		*cipher = &aesni_256_ofb;
++		break;
++
++	default:
++		/* Sorry, we don't support this NID */
++		*cipher = NULL;
++		return 0;
++	}
++
++	return 1;
++}
++
++#endif /* COMPILE_HW_AESNI */
++#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
+diff -up openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni openssl-1.0.0-beta4/crypto/engine/eng_all.c
+--- openssl-1.0.0-beta4/crypto/engine/eng_all.c.aesni	2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/engine/eng_all.c	2010-01-12 22:18:06.000000000 +0100
+@@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void)
+ #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+ 	ENGINE_load_cryptodev();
+ #endif
++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI)
++	ENGINE_load_aesni();
++#endif
+ 	ENGINE_load_dynamic();
+ #ifndef OPENSSL_NO_STATIC_ENGINE
+ #ifndef OPENSSL_NO_HW
+diff -up openssl-1.0.0-beta4/crypto/engine/engine.h.aesni openssl-1.0.0-beta4/crypto/engine/engine.h
+--- openssl-1.0.0-beta4/crypto/engine/engine.h.aesni	2010-01-07 23:38:30.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/engine/engine.h	2010-01-12 22:18:06.000000000 +0100
+@@ -342,6 +342,7 @@ void ENGINE_load_gost(void);
+ #endif
+ #endif
+ void ENGINE_load_cryptodev(void);
++void ENGINE_load_aesni(void);
+ void ENGINE_load_builtin_engines(void);
+ 
+ /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+diff -up openssl-1.0.0-beta4/crypto/engine/Makefile.aesni openssl-1.0.0-beta4/crypto/engine/Makefile
+--- openssl-1.0.0-beta4/crypto/engine/Makefile.aesni	2008-06-04 13:01:29.000000000 +0200
++++ openssl-1.0.0-beta4/crypto/engine/Makefile	2010-01-12 22:18:06.000000000 +0100
+@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
+ 	eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+ 	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+ 	tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
+-	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
++	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
++	eng_aesni.c
+ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+ 	eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+ 	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+ 	tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
+-	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
++	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
++	eng_aesni.o
+ 
+ SRC= $(LIBSRC)
+ 
+diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni openssl-1.0.0-beta4/crypto/evp/evp_err.c
+--- openssl-1.0.0-beta4/crypto/evp/evp_err.c.aesni	2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/evp/evp_err.c	2010-01-12 22:18:06.000000000 +0100
+@@ -1,6 +1,6 @@
+ /* crypto/evp/evp_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -70,6 +70,7 @@
+ 
+ static ERR_STRING_DATA EVP_str_functs[]=
+ 	{
++{ERR_FUNC(EVP_F_AESNI_INIT_KEY),	"AESNI_INIT_KEY"},
+ {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
+ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
+ {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
+@@ -85,7 +86,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},
+-{ERR_FUNC(EVP_F_EVP_MD_SIZE),	"EVP_MD_SIZE"},
++{ERR_FUNC(EVP_F_EVP_MD_SIZE),	"EVP_MD_size"},
+ {ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},
+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},
+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE),	"EVP_PBE_alg_add_type"},
+diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.aesni openssl-1.0.0-beta4/crypto/evp/evp.h
+--- openssl-1.0.0-beta4/crypto/evp/evp.h.aesni	2010-01-07 23:38:31.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/evp/evp.h	2010-01-12 22:18:06.000000000 +0100
+@@ -1162,6 +1162,7 @@ void ERR_load_EVP_strings(void);
+ /* Error codes for the EVP functions. */
+ 
+ /* Function codes. */
++#define EVP_F_AESNI_INIT_KEY				 163
+ #define EVP_F_AES_INIT_KEY				 133
+ #define EVP_F_CAMELLIA_INIT_KEY				 159
+ #define EVP_F_D2I_PKEY					 100
+diff -up openssl-1.0.0-beta4/test/test_aesni.aesni openssl-1.0.0-beta4/test/test_aesni
+--- openssl-1.0.0-beta4/test/test_aesni.aesni	2010-01-12 22:18:06.000000000 +0100
++++ openssl-1.0.0-beta4/test/test_aesni	2010-01-12 22:18:06.000000000 +0100
+@@ -0,0 +1,69 @@
++#!/bin/sh
++
++PROG=$1
++
++if [ -x $PROG ]; then
++    if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
++	:
++    else
++	echo "$PROG is not OpenSSL executable"
++	exit 1
++    fi
++else
++    echo "$PROG is not executable"
++    exit 1;
++fi
++
++if $PROG engine aesni | grep -v no-aesni; then
++
++    HASH=`cat $PROG | $PROG dgst -hex`
++
++    AES_ALGS="	aes-128-ecb aes-192-ecb aes-256-ecb \
++		aes-128-cbc aes-192-cbc aes-256-cbc \
++		aes-128-cfb aes-192-cfb aes-256-cfb \
++		aes-128-ofb aes-192-ofb aes-256-ofb"
++    BUFSIZE="16 32 48 64 80 96 128 144 999"
++
++    nerr=0
++
++    for alg in $AES_ALGS; do
++	echo $alg
++	for bufsize in $BUFSIZE; do
++	    TEST=`(	cat $PROG | \
++		$PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
++		$PROG enc -d -k "$HASH" -$alg | \
++		$PROG dgst -hex ) 2>/dev/null`
++	    if [ "$TEST" != "$HASH" ]; then
++		echo "-$alg/$bufsize encrypt test failed"
++		nerr=`expr $nerr + 1`
++	    fi
++	done
++	for bufsize in $BUFSIZE; do 
++	    TEST=`(	cat $PROG | \
++		$PROG enc -e -k "$HASH" -$alg | \
++		$PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
++		$PROG dgst -hex ) 2>/dev/null`
++	    if [ "$TEST" != "$HASH" ]; then
++		echo "-$alg/$bufsize decrypt test failed"
++		nerr=`expr $nerr + 1`
++	    fi
++	done
++	TEST=`(	cat $PROG | \
++		$PROG enc -e -k "$HASH" -$alg -engine aesni | \
++		$PROG enc -d -k "$HASH" -$alg -engine aesni | \
++		$PROG dgst -hex ) 2>/dev/null`
++	if [ "$TEST" != "$HASH" ]; then
++		echo "-$alg en/decrypt test failed"
++		nerr=`expr $nerr + 1`
++	fi
++    done
++
++    if [ $nerr -gt 0 ]; then
++	echo "AESNI engine test failed."
++	exit 1;
++    fi
++else
++    echo "AESNI engine is not available"
++fi
++
++exit 0
diff --git a/openssl-1.0.0-beta4-backports.patch b/openssl-1.0.0-beta4-backports.patch
deleted file mode 100644
index ad4c7e4..0000000
--- a/openssl-1.0.0-beta4-backports.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff -up openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c
---- openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c.backports	2008-11-12 04:57:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/asn1/d2i_pu.c	2009-11-18 14:11:14.000000000 +0100
-@@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PK
- 		}
- 	else	ret= *a;
- 
--	ret->save_type=type;
--	ret->type=EVP_PKEY_type(type);
--	switch (ret->type)
-+	if (!EVP_PKEY_set_type(ret, type))
-+		{
-+		ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
-+		goto err;
-+		}
-+
-+	switch (EVP_PKEY_id(ret))
- 		{
- #ifndef OPENSSL_NO_RSA
- 	case EVP_PKEY_RSA:
-diff -up openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports openssl-1.0.0-beta4/crypto/evp/p_lib.c
---- openssl-1.0.0-beta4/crypto/evp/p_lib.c.backports	2006-07-04 22:27:44.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/p_lib.c	2009-11-18 14:11:26.000000000 +0100
-@@ -220,7 +220,10 @@ static int pkey_set_type(EVP_PKEY *pkey,
- #ifndef OPENSSL_NO_ENGINE
- 		/* If we have an ENGINE release it */
- 		if (pkey->engine)
-+			{
- 			ENGINE_finish(pkey->engine);
-+			pkey->engine = NULL;
-+			}
- #endif
- 		}
- 	if (str)
-diff -up openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports openssl-1.0.0-beta4/crypto/x509/x509_vfy.c
---- openssl-1.0.0-beta4/crypto/x509/x509_vfy.c.backports	2009-10-31 20:21:47.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/x509/x509_vfy.c	2009-11-18 14:11:31.000000000 +0100
-@@ -1727,6 +1727,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, 
- 			offset= -offset;
- 		}
- 	atm.type=ctm->type;
-+	atm.flags = 0;
- 	atm.length=sizeof(buff2);
- 	atm.data=(unsigned char *)buff2;
- 
diff --git a/openssl-1.0.0-beta4-binutils.patch b/openssl-1.0.0-beta4-binutils.patch
deleted file mode 100644
index d39b2e6..0000000
--- a/openssl-1.0.0-beta4-binutils.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-diff -up openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl
---- openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl.binutils	2009-11-12 15:17:29.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md5/asm/md5-x86_64.pl	2009-11-12 17:26:08.000000000 +0100
-@@ -19,6 +19,7 @@ my $code;
- sub round1_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
-     $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
-     $code .= <<EOF;
-@@ -43,6 +44,7 @@ EOF
- sub round2_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	1*4(%rsi),	%r10d		/* (NEXT STEP) X[1] */\n" if ($pos == -1);
-     $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
-     $code .= " mov	%edx,		%r12d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
-@@ -69,6 +71,7 @@ EOF
- sub round3_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	5*4(%rsi),	%r10d		/* (NEXT STEP) X[5] */\n" if ($pos == -1);
-     $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
-     $code .= <<EOF;
-@@ -91,6 +94,7 @@ EOF
- sub round4_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
-     $code .= " mov	\$0xffffffff,	%r11d\n" if ($pos == -1);
-     $code .= " xor	%edx,		%r11d		/* (NEXT STEP) not z' = not %edx*/\n"
-diff -up openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl
---- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils	2009-11-12 15:17:29.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl	2009-11-12 17:24:18.000000000 +0100
-@@ -150,7 +150,7 @@ ___
- sub BODY_20_39 {
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
--my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
-+my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
- $code.=<<___ if ($i<79);
- 	lea	$K($xi,$e),$f
- 	mov	`4*($j%16)`(%rsp),$xi
-@@ -187,7 +187,7 @@ sub BODY_40_59 {
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
- $code.=<<___;
--	lea	0x8f1bbcdc($xi,$e),$f
-+	lea	-0x70e44324($xi,$e),$f
- 	mov	`4*($j%16)`(%rsp),$xi
- 	mov	$b,$t0
- 	mov	$b,$t1
diff --git a/openssl-1.0.0-beta4-client-reneg.patch b/openssl-1.0.0-beta4-client-reneg.patch
deleted file mode 100644
index 11b9ab7..0000000
--- a/openssl-1.0.0-beta4-client-reneg.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Do not enforce the renegotiation extension on the client - too many broken servers remain.
-diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.client-reneg openssl-1.0.0-beta4/ssl/t1_lib.c
---- openssl-1.0.0-beta4/ssl/t1_lib.c.client-reneg	2009-11-12 15:17:29.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/t1_lib.c	2009-11-18 14:04:19.000000000 +0100
-@@ -985,6 +985,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 
- 	if (data >= (d+n-2))
- 		{
-+#if 0
- 		/* Because the client does not see any renegotiation during an
- 		   attack, we must enforce this on all server hellos, even the
- 		   first */
-@@ -994,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 			*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
- 			return 0;
- 			}
-+#endif
- 		return 1;
- 		}
- 
-@@ -1126,12 +1128,14 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 		return 0;
- 		}
- 
-+#if 0
- 	if (!renegotiate_seen
- 		&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- 		{
- 		*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
- 		return 0;
- 		}
-+#endif
- 
- 	if (!s->hit && tlsext_servername == 1)
- 		{
diff --git a/openssl-1.0.0-beta4-dtls-ipv6.patch b/openssl-1.0.0-beta4-dtls-ipv6.patch
deleted file mode 100644
index 1173f1a..0000000
--- a/openssl-1.0.0-beta4-dtls-ipv6.patch
+++ /dev/null
@@ -1,219 +0,0 @@
-diff -up openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/b_sock.c
---- openssl-1.0.0-beta4/crypto/bio/b_sock.c.dtls-ipv6	2009-11-09 15:09:53.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bio/b_sock.c	2009-11-23 08:50:45.000000000 +0100
-@@ -822,7 +822,8 @@ int BIO_accept(int sock, char **addr)
- 	if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
- 		{
- 		OPENSSL_assert(sa.len.s<=sizeof(sa.from));
--		sa.len.i = (unsigned int)sa.len.s;
-+		sa.len.i = (int)sa.len.s;
-+		/* use sa.len.i from this point */
- 		}
- 	if (ret == INVALID_SOCKET)
- 		{
-diff -up openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6 openssl-1.0.0-beta4/crypto/bio/bss_dgram.c
---- openssl-1.0.0-beta4/crypto/bio/bss_dgram.c.dtls-ipv6	2009-10-15 19:41:44.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/bio/bss_dgram.c	2009-11-23 08:50:45.000000000 +0100
-@@ -108,11 +108,13 @@ static BIO_METHOD methods_dgramp=
- 
- typedef struct bio_dgram_data_st
- 	{
-+	union {
-+		struct sockaddr sa;
-+		struct sockaddr_in sa_in;
- #if OPENSSL_USE_IPV6
--	struct sockaddr_storage peer;
--#else
--	struct sockaddr_in peer;
-+		struct sockaddr_in6 sa_in6;
- #endif
-+	} peer;
- 	unsigned int connected;
- 	unsigned int _errno;
- 	unsigned int mtu;
-@@ -278,28 +280,38 @@ static int dgram_read(BIO *b, char *out,
- 	int ret=0;
- 	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
- 
-+	struct	{
-+	/*
-+	 * See commentary in b_sock.c. <appro>
-+	 */
-+	union	{ size_t s; int i; } len;
-+	union	{
-+		struct sockaddr sa;
-+		struct sockaddr_in sa_in;
- #if OPENSSL_USE_IPV6
--	struct sockaddr_storage peer;
--#else
--	struct sockaddr_in peer;
-+		struct sockaddr_in6 sa_in6;
- #endif
--	int peerlen = sizeof(peer);
-+		} peer;
-+	} sa;
-+
-+	sa.len.s=0;
-+	sa.len.i=sizeof(sa.peer);
- 
- 	if (out != NULL)
- 		{
- 		clear_socket_error();
--		memset(&peer, 0x00, peerlen);
--		/* Last arg in recvfrom is signed on some platforms and
--		 * unsigned on others. It is of type socklen_t on some
--		 * but this is not universal. Cast to (void *) to avoid
--		 * compiler warnings.
--		 */
-+		memset(&sa.peer, 0x00, sizeof(sa.peer));
- 		dgram_adjust_rcv_timeout(b);
--		ret=recvfrom(b->num,out,outl,0,(struct sockaddr *)&peer,(void *)&peerlen);
-+		ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
-+		if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
-+			{
-+			OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
-+			sa.len.i = (int)sa.len.s;
-+			}
- 		dgram_reset_rcv_timeout(b);
- 
- 		if ( ! data->connected  && ret >= 0)
--			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
-+			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
- 
- 		BIO_clear_retry_flags(b);
- 		if (ret < 0)
-@@ -323,25 +335,10 @@ static int dgram_write(BIO *b, const cha
- 	if ( data->connected )
- 		ret=writesocket(b->num,in,inl);
- 	else
--#if OPENSSL_USE_IPV6
--		if (data->peer.ss_family == AF_INET)
- #if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
--			ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
-+		ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, sizeof(data->peer));
- #else
--			ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
--#endif
--		else
--#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
--			ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
--#else
--			ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in6));
--#endif
--#else
--#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
--		ret=sendto(b->num, (char *)in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
--#else
--		ret=sendto(b->num, in, inl, 0, (const struct sockaddr *)&data->peer, sizeof(struct sockaddr_in));
--#endif
-+		ret=sendto(b->num, in, inl, 0, &data->peer.sa, sizeof(data->peer));
- #endif
- 
- 	BIO_clear_retry_flags(b);
-@@ -428,11 +425,20 @@ static long dgram_ctrl(BIO *b, int cmd, 
- 		else
- 			{
- #endif
-+			switch (to->sa_family)
-+				{
-+				case AF_INET:
-+					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
-+					break;
- #if OPENSSL_USE_IPV6
--			memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
--#else
--			memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
--#endif
-+				case AF_INET6:
-+					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
-+					break;
-+#endif
-+				default:
-+					memcpy(&data->peer,to,sizeof(data->peer.sa));
-+					break;
-+				}
- #if 0
- 			}
- #endif
-@@ -537,41 +543,60 @@ static long dgram_ctrl(BIO *b, int cmd, 
- 		if ( to != NULL)
- 			{
- 			data->connected = 1;
-+			switch (to->sa_family)
-+				{
-+				case AF_INET:
-+					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
-+					break;
- #if OPENSSL_USE_IPV6
--			memcpy(&(data->peer),to, sizeof(struct sockaddr_storage));
--#else
--			memcpy(&(data->peer),to, sizeof(struct sockaddr_in));
--#endif
-+				case AF_INET6:
-+					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
-+					break;
-+#endif
-+				default:
-+					memcpy(&data->peer,to,sizeof(data->peer.sa));
-+					break;
-+				}
- 			}
- 		else
- 			{
- 			data->connected = 0;
--#if OPENSSL_USE_IPV6
--			memset(&(data->peer), 0x00, sizeof(struct sockaddr_storage));
--#else
--			memset(&(data->peer), 0x00, sizeof(struct sockaddr_in));
--#endif
-+			memset(&(data->peer), 0x00, sizeof(data->peer));
- 			}
- 		break;
- 	case BIO_CTRL_DGRAM_GET_PEER:
- 		to = (struct sockaddr *) ptr;
--
-+		switch (to->sa_family)
-+			{
-+			case AF_INET:
-+				memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in)));
-+				break;
- #if OPENSSL_USE_IPV6
--		memcpy(to, &(data->peer), sizeof(struct sockaddr_storage));
--		ret = sizeof(struct sockaddr_storage);
--#else
--		memcpy(to, &(data->peer), sizeof(struct sockaddr_in));
--		ret = sizeof(struct sockaddr_in);
--#endif
-+			case AF_INET6:
-+				memcpy(to,&data->peer,(ret=sizeof(data->peer.sa_in6)));
-+				break;
-+#endif
-+			default:
-+				memcpy(to,&data->peer,(ret=sizeof(data->peer.sa)));
-+				break;
-+			}
- 		break;
- 	case BIO_CTRL_DGRAM_SET_PEER:
- 		to = (struct sockaddr *) ptr;
--
-+		switch (to->sa_family)
-+			{
-+			case AF_INET:
-+				memcpy(&data->peer,to,sizeof(data->peer.sa_in));
-+				break;
- #if OPENSSL_USE_IPV6
--		memcpy(&(data->peer), to, sizeof(struct sockaddr_storage));
--#else
--		memcpy(&(data->peer), to, sizeof(struct sockaddr_in));
--#endif
-+			case AF_INET6:
-+				memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
-+				break;
-+#endif
-+			default:
-+				memcpy(&data->peer,to,sizeof(data->peer.sa));
-+				break;
-+			}
- 		break;
- 	case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
- 		memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
diff --git a/openssl-1.0.0-beta4-redhat.patch b/openssl-1.0.0-beta4-redhat.patch
index ad61bf8..4356e41 100644
--- a/openssl-1.0.0-beta4-redhat.patch
+++ b/openssl-1.0.0-beta4-redhat.patch
@@ -22,7 +22,7 @@ diff -up openssl-1.0.0-beta4/Configure.redhat openssl-1.0.0-beta4/Configure
 -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 -"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):\$(SHLIB_SONAMEVER)",
++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 +"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
 +"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
  "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/openssl-1.0.0-beta4-reneg-err.patch b/openssl-1.0.0-beta4-reneg-err.patch
deleted file mode 100644
index 271dbe7..0000000
--- a/openssl-1.0.0-beta4-reneg-err.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-Better error reporting for unsafe renegotiation.
-diff -up openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err openssl-1.0.0-beta4/ssl/ssl_err.c
---- openssl-1.0.0-beta4/ssl/ssl_err.c.reneg-err	2009-11-09 19:45:42.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/ssl_err.c	2009-11-20 17:56:57.000000000 +0100
-@@ -226,7 +226,9 @@ static ERR_STRING_DATA SSL_str_functs[]=
- {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),	"SSL_load_client_CA_file"},
- {ERR_FUNC(SSL_F_SSL_NEW),	"SSL_new"},
- {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
-+{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),	"SSL_PARSE_CLIENTHELLO_TLSEXT"},
- {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
-+{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),	"SSL_PARSE_SERVERHELLO_TLSEXT"},
- {ERR_FUNC(SSL_F_SSL_PEEK),	"SSL_peek"},
- {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),	"SSL_PREPARE_CLIENTHELLO_TLSEXT"},
- {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),	"SSL_PREPARE_SERVERHELLO_TLSEXT"},
-@@ -526,6 +528,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
- {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION)   ,"unknown ssl version"},
- {ERR_REASON(SSL_R_UNKNOWN_STATE)         ,"unknown state"},
-+{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
- {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
- {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
- {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
-diff -up openssl-1.0.0-beta4/ssl/ssl.h.reneg-err openssl-1.0.0-beta4/ssl/ssl.h
---- openssl-1.0.0-beta4/ssl/ssl.h.reneg-err	2009-11-12 15:17:29.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/ssl.h	2009-11-20 17:56:57.000000000 +0100
-@@ -1934,7 +1934,9 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
- #define SSL_F_SSL_NEW					 186
- #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT	 300
-+#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT		 302
- #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT	 301
-+#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT		 303
- #define SSL_F_SSL_PEEK					 270
- #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 281
- #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 282
-@@ -2231,6 +2233,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
- #define SSL_R_UNKNOWN_SSL_VERSION			 254
- #define SSL_R_UNKNOWN_STATE				 255
-+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED	 338
- #define SSL_R_UNSUPPORTED_CIPHER			 256
- #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
- #define SSL_R_UNSUPPORTED_DIGEST_TYPE			 326
-diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err openssl-1.0.0-beta4/ssl/s23_srvr.c
---- openssl-1.0.0-beta4/ssl/s23_srvr.c.reneg-err	2009-11-12 15:17:29.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/s23_srvr.c	2009-11-20 17:57:23.000000000 +0100
-@@ -497,6 +497,11 @@ int ssl23_get_client_hello(SSL *s)
- 		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- 		goto err;
- #else
-+		if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-+			{
-+			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-+			goto err;
-+			}
- 		/* we are talking sslv2 */
- 		/* we need to clean up the SSLv3/TLSv1 setup and put in the
- 		 * sslv2 stuff. */
-diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err openssl-1.0.0-beta4/ssl/t1_lib.c
---- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg-err	2009-11-18 14:04:19.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/t1_lib.c	2009-11-20 17:56:57.000000000 +0100
-@@ -636,6 +636,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
- 			{
- 			/* We should always see one extension: the renegotiate extension */
- 			*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-+			SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- 			return 0;
- 			}
- 		return 1;
-@@ -965,6 +966,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
-  	if (s->new_session && !renegotiate_seen
-  		&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-  		{
-+		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-  		*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-  		return 0;
-  		}
-@@ -993,6 +995,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 			{
- 			/* We should always see one extension: the renegotiate extension */
- 			*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-+			SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- 			return 0;
- 			}
- #endif
-@@ -1133,6 +1136,7 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 		&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- 		{
- 		*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-+		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- 		return 0;
- 		}
- #endif
diff --git a/openssl-1.0.0-beta4-reneg.patch b/openssl-1.0.0-beta4-reneg.patch
deleted file mode 100644
index 92e206d..0000000
--- a/openssl-1.0.0-beta4-reneg.patch
+++ /dev/null
@@ -1,237 +0,0 @@
-diff -up openssl-1.0.0-beta4/apps/s_cb.c.reneg openssl-1.0.0-beta4/apps/s_cb.c
---- openssl-1.0.0-beta4/apps/s_cb.c.reneg	2009-10-15 20:48:47.000000000 +0200
-+++ openssl-1.0.0-beta4/apps/s_cb.c	2009-11-12 15:02:30.000000000 +0100
-@@ -669,6 +669,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int c
- 		extname = "server ticket";
- 		break;
- 
-+		case TLSEXT_TYPE_renegotiate:
-+		extname = "renegotiate";
-+		break;
-+
- #ifdef TLSEXT_TYPE_opaque_prf_input
- 		case TLSEXT_TYPE_opaque_prf_input:
- 		extname = "opaque PRF input";
-diff -up openssl-1.0.0-beta4/apps/s_client.c.reneg openssl-1.0.0-beta4/apps/s_client.c
---- openssl-1.0.0-beta4/apps/s_client.c.reneg	2009-11-12 14:57:48.000000000 +0100
-+++ openssl-1.0.0-beta4/apps/s_client.c	2009-11-12 15:01:48.000000000 +0100
-@@ -343,6 +343,7 @@ static void sc_usage(void)
- 	BIO_printf(bio_err," -status           - request certificate status from server\n");
- 	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
- #endif
-+	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
- 	}
- 
- #ifndef OPENSSL_NO_TLSEXT
-@@ -657,6 +658,8 @@ int MAIN(int argc, char **argv)
- #endif
- 		else if (strcmp(*argv,"-serverpref") == 0)
- 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
-+		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
-+			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- 		else if	(strcmp(*argv,"-cipher") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-diff -up openssl-1.0.0-beta4/apps/s_server.c.reneg openssl-1.0.0-beta4/apps/s_server.c
---- openssl-1.0.0-beta4/apps/s_server.c.reneg	2009-11-12 14:57:48.000000000 +0100
-+++ openssl-1.0.0-beta4/apps/s_server.c	2009-11-12 15:01:48.000000000 +0100
-@@ -491,6 +491,7 @@ static void sv_usage(void)
- 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
- 	BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
- 	BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
-+	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
- #endif
- 	}
- 
-@@ -1013,6 +1014,8 @@ int MAIN(int argc, char *argv[])
- 			verify_return_error = 1;
- 		else if	(strcmp(*argv,"-serverpref") == 0)
- 			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
-+		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
-+			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- 		else if	(strcmp(*argv,"-cipher") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-diff -up openssl-1.0.0-beta4/ssl/tls1.h.reneg openssl-1.0.0-beta4/ssl/tls1.h
---- openssl-1.0.0-beta4/ssl/tls1.h.reneg	2009-11-12 14:57:47.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/tls1.h	2009-11-12 15:02:30.000000000 +0100
-@@ -201,6 +201,9 @@ extern "C" {
- # define TLSEXT_TYPE_opaque_prf_input		?? */
- #endif
- 
-+/* Temporary extension type */
-+#define TLSEXT_TYPE_renegotiate                 0xff01
-+
- /* NameType value from RFC 3546 */
- #define TLSEXT_NAMETYPE_host_name 0
- /* status request value from RFC 3546 */
-diff -up openssl-1.0.0-beta4/ssl/t1_lib.c.reneg openssl-1.0.0-beta4/ssl/t1_lib.c
---- openssl-1.0.0-beta4/ssl/t1_lib.c.reneg	2009-11-08 15:36:32.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/t1_lib.c	2009-11-12 15:02:30.000000000 +0100
-@@ -315,6 +315,30 @@ unsigned char *ssl_add_clienthello_tlsex
- 		ret+=size_str;
- 		}
- 
-+        /* Add the renegotiation option: TODOEKR switch */
-+        {
-+          int el;
-+          
-+          if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
-+              {
-+              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-+              return NULL;
-+              }
-+
-+          if((limit - p - 4 - el) < 0) return NULL;
-+          
-+          s2n(TLSEXT_TYPE_renegotiate,ret);
-+          s2n(el,ret);
-+
-+          if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
-+              {
-+              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-+              return NULL;
-+              }
-+
-+          ret += el;
-+        }
-+
- #ifndef OPENSSL_NO_EC
- 	if (s->tlsext_ecpointformatlist != NULL)
- 		{
-@@ -490,6 +514,31 @@ unsigned char *ssl_add_serverhello_tlsex
- 		s2n(TLSEXT_TYPE_server_name,ret);
- 		s2n(0,ret);
- 		}
-+
-+        if(s->s3->send_connection_binding)
-+        {
-+          int el;
-+          
-+          if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
-+              {
-+              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-+              return NULL;
-+              }
-+
-+          if((limit - p - 4 - el) < 0) return NULL;
-+          
-+          s2n(TLSEXT_TYPE_renegotiate,ret);
-+          s2n(el,ret);
-+
-+          if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
-+              {
-+              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-+              return NULL;
-+              }
-+
-+          ret += el;
-+        }
-+
- #ifndef OPENSSL_NO_EC
- 	if (s->tlsext_ecpointformatlist != NULL)
- 		{
-@@ -574,11 +623,23 @@ int ssl_parse_clienthello_tlsext(SSL *s,
- 	unsigned short size;
- 	unsigned short len;
- 	unsigned char *data = *p;
-+	int renegotiate_seen = 0;
-+
- 	s->servername_done = 0;
- 	s->tlsext_status_type = -1;
-+	s->s3->send_connection_binding = 0;
- 
- 	if (data >= (d+n-2))
-+		{
-+		if (s->new_session
-+			&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-+			{
-+			/* We should always see one extension: the renegotiate extension */
-+			*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-+			return 0;
-+			}
- 		return 1;
-+		}
- 	n2s(data,len);
- 
- 	if (data > (d+n-len)) 
-@@ -790,6 +851,12 @@ int ssl_parse_clienthello_tlsext(SSL *s,
- 				return 0;
- 				}
- 			}
-+		else if (type == TLSEXT_TYPE_renegotiate)
-+			{
-+			if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
-+				return 0;
-+			renegotiate_seen = 1;
-+			}
- 		else if (type == TLSEXT_TYPE_status_request
- 						&& s->ctx->tlsext_status_cb)
- 			{
-@@ -894,6 +961,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
- 		/* session ticket processed earlier */
- 		data+=size;
- 		}
-+  
-+ 	if (s->new_session && !renegotiate_seen
-+ 		&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-+ 		{
-+ 		*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-+ 		return 0;
-+ 		}
-+ 
- 				
- 	*p = data;
- 	return 1;
-@@ -905,11 +980,22 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 	unsigned short size;
- 	unsigned short len;  
- 	unsigned char *data = *p;
--
- 	int tlsext_servername = 0;
-+	int renegotiate_seen = 0;
- 
- 	if (data >= (d+n-2))
-+		{
-+		/* Because the client does not see any renegotiation during an
-+		   attack, we must enforce this on all server hellos, even the
-+		   first */
-+		if (!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-+			{
-+			/* We should always see one extension: the renegotiate extension */
-+			*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-+			return 0;
-+			}
- 		return 1;
-+		}
- 
- 	n2s(data,len);
- 
-@@ -1025,7 +1111,12 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 			/* Set flag to expect CertificateStatus message */
- 			s->tlsext_status_expected = 1;
- 			}
--
-+		else if (type == TLSEXT_TYPE_renegotiate)
-+			{
-+			if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-+				return 0;
-+			renegotiate_seen = 1;
-+			}
- 		data+=size;		
- 		}
- 
-@@ -1035,6 +1126,13 @@ int ssl_parse_serverhello_tlsext(SSL *s,
- 		return 0;
- 		}
- 
-+	if (!renegotiate_seen
-+		&& !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-+		{
-+		*al = SSL_AD_ILLEGAL_PARAMETER; /* is this the right alert? */
-+		return 0;
-+		}
-+
- 	if (!s->hit && tlsext_servername == 1)
- 		{
-  		if (s->tlsext_hostname)
diff --git a/openssl-1.0.0-beta4-version.patch b/openssl-1.0.0-beta4-version.patch
deleted file mode 100644
index ab12be0..0000000
--- a/openssl-1.0.0-beta4-version.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-We have to keep the beta status on 3 as some applications (OpenSSH) incorrectly insist
-on having the same beta status of OpenSSL library as they were built against.
-diff -up openssl-1.0.0-beta4/crypto/opensslv.h.version openssl-1.0.0-beta4/crypto/opensslv.h
---- openssl-1.0.0-beta4/crypto/opensslv.h.version	2009-11-12 15:17:28.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/opensslv.h	2009-11-13 12:39:08.000000000 +0100
-@@ -25,7 +25,7 @@
-  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
-  *  major minor fix final patch/beta)
-  */
--#define OPENSSL_VERSION_NUMBER	0x10000004L
-+#define OPENSSL_VERSION_NUMBER	0x10000003L
- #ifdef OPENSSL_FIPS
- #define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-fips-beta4 10 Nov 2009"
- #else
diff --git a/openssl-1.0.0-beta3-cipher-change.patch b/openssl-1.0.0-beta5-cipher-change.patch
similarity index 61%
rename from openssl-1.0.0-beta3-cipher-change.patch
rename to openssl-1.0.0-beta5-cipher-change.patch
index 8fe7ada..2e8343b 100644
--- a/openssl-1.0.0-beta3-cipher-change.patch
+++ b/openssl-1.0.0-beta5-cipher-change.patch
@@ -1,16 +1,16 @@
-diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h
---- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change	2009-08-05 18:22:45.000000000 +0200
-+++ openssl-1.0.0-beta3/ssl/ssl.h	2009-08-05 18:27:32.000000000 +0200
-@@ -511,7 +511,7 @@ typedef struct ssl_session_st
- 
- #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
+diff -up openssl-1.0.0-beta5/ssl/ssl.h.cipher-change openssl-1.0.0-beta5/ssl/ssl.h
+--- openssl-1.0.0-beta5/ssl/ssl.h.cipher-change	2010-01-20 18:12:07.000000000 +0100
++++ openssl-1.0.0-beta5/ssl/ssl.h	2010-01-20 18:13:04.000000000 +0100
+@@ -513,7 +513,7 @@ typedef struct ssl_session_st
  #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
+ /* Allow initial connection to servers that don't support RI */
+ #define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
 -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L /* can break some security expectations */
  #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
  #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
  #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
-@@ -528,7 +528,7 @@ typedef struct ssl_session_st
+@@ -530,7 +530,7 @@ typedef struct ssl_session_st
  
  /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
   *             This used to be 0x000FFFFFL before 0.9.7. */
diff --git a/openssl-1.0.0-beta4-enginesdir.patch b/openssl-1.0.0-beta5-enginesdir.patch
similarity index 63%
rename from openssl-1.0.0-beta4-enginesdir.patch
rename to openssl-1.0.0-beta5-enginesdir.patch
index 0a304ce..d942d6e 100644
--- a/openssl-1.0.0-beta4-enginesdir.patch
+++ b/openssl-1.0.0-beta5-enginesdir.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
---- openssl-1.0.0-beta4/Configure.enginesdir	2009-11-12 12:17:59.000000000 +0100
-+++ openssl-1.0.0-beta4/Configure	2009-11-12 12:19:45.000000000 +0100
+diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure
+--- openssl-1.0.0-beta5/Configure.enginesdir	2010-01-20 18:07:05.000000000 +0100
++++ openssl-1.0.0-beta5/Configure	2010-01-20 18:10:48.000000000 +0100
 @@ -622,6 +622,7 @@ my $idx_multilib = $idx++;
  my $prefix="";
  my $libdir="";
@@ -20,7 +20,7 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
  			elsif (/^--install.prefix=(.*)$/)
  				{
  				$install_prefix=$1;
-@@ -1055,7 +1060,7 @@ chop $prefix if $prefix =~ /.\/$/;
+@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/;
  
  $openssldir=$prefix . "/ssl" if $openssldir eq "";
  $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
@@ -29,18 +29,18 @@ diff -up openssl-1.0.0-beta4/Configure.enginesdir openssl-1.0.0-beta4/Configure
  
  print "IsMK1MF=$IsMK1MF\n";
  
-@@ -1676,7 +1681,7 @@ while (<IN>)
- 		# $foo is to become "$prefix/lib$multilib/engines";
- 		# as Makefile.org and engines/Makefile are adapted for
- 		# $multilib suffix.
--		my $foo = "$prefix/lib/engines";
+@@ -1673,7 +1678,7 @@ while (<IN>)
+ 		}
+ 	elsif	(/^#define\s+ENGINESDIR/)
+ 		{
+-		my $foo = "$prefix/$libdir/engines";
 +		my $foo = "$enginesdir";
  		$foo =~ s/\\/\\\\/g;
  		print OUT "#define ENGINESDIR \"$foo\"\n";
  		}
-diff -up openssl-1.0.0-beta4/engines/Makefile.enginesdir openssl-1.0.0-beta4/engines/Makefile
---- openssl-1.0.0-beta4/engines/Makefile.enginesdir	2009-11-10 02:52:52.000000000 +0100
-+++ openssl-1.0.0-beta4/engines/Makefile	2009-11-12 12:23:06.000000000 +0100
+diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile
+--- openssl-1.0.0-beta5/engines/Makefile.enginesdir	2010-01-16 21:06:09.000000000 +0100
++++ openssl-1.0.0-beta5/engines/Makefile	2010-01-20 18:07:05.000000000 +0100
 @@ -124,7 +124,7 @@ install:
  				sfx=".so"; \
  				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
diff --git a/openssl-1.0.0-beta3-ipv6-apps.patch b/openssl-1.0.0-beta5-ipv6-apps.patch
similarity index 86%
rename from openssl-1.0.0-beta3-ipv6-apps.patch
rename to openssl-1.0.0-beta5-ipv6-apps.patch
index 690bc98..4304c01 100644
--- a/openssl-1.0.0-beta3-ipv6-apps.patch
+++ b/openssl-1.0.0-beta5-ipv6-apps.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h
---- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps	2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_apps.h	2009-08-05 21:29:58.000000000 +0200
+diff -up openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta5/apps/s_apps.h
+--- openssl-1.0.0-beta5/apps/s_apps.h.ipv6-apps	2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_apps.h	2010-02-03 09:43:49.000000000 +0100
 @@ -148,7 +148,7 @@ typedef fd_mask fd_set;
  #define PORT_STR        "4433"
  #define PROTOCOL        "tcp"
@@ -23,10 +23,10 @@ diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_
  
  long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
  				   int argi, long argl, long ret);
-diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c
---- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps	2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_client.c	2009-08-05 22:33:44.000000000 +0200
-@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv)
+diff -up openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps openssl-1.0.0-beta5/apps/s_client.c
+--- openssl-1.0.0-beta5/apps/s_client.c.ipv6-apps	2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_client.c	2010-02-03 09:43:49.000000000 +0100
+@@ -389,7 +389,7 @@ int MAIN(int argc, char **argv)
  	int cbuf_len,cbuf_off;
  	int sbuf_len,sbuf_off;
  	fd_set readfds,writefds;
@@ -35,7 +35,7 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/
  	int full_log=1;
  	char *host=SSL_HOST_NAME;
  	char *cert_file=NULL,*key_file=NULL;
-@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv)
+@@ -488,13 +488,12 @@ int MAIN(int argc, char **argv)
  		else if	(strcmp(*argv,"-port") == 0)
  			{
  			if (--argc < 1) goto bad;
@@ -51,7 +51,7 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/
  				goto bad;
  			}
  		else if	(strcmp(*argv,"-verify") == 0)
-@@ -956,7 +955,7 @@ bad:
+@@ -967,7 +966,7 @@ bad:
  
  re_start:
  
@@ -60,10 +60,10 @@ diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/
  		{
  		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
  		SHUTDOWN(s);
-diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c
---- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps	2009-08-05 21:29:58.000000000 +0200
-+++ openssl-1.0.0-beta3/apps/s_server.c	2009-08-05 21:29:58.000000000 +0200
-@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[])
+diff -up openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps openssl-1.0.0-beta5/apps/s_server.c
+--- openssl-1.0.0-beta5/apps/s_server.c.ipv6-apps	2010-02-03 09:43:49.000000000 +0100
++++ openssl-1.0.0-beta5/apps/s_server.c	2010-02-03 09:43:49.000000000 +0100
+@@ -838,7 +838,7 @@ int MAIN(int argc, char *argv[])
  	{
  	X509_VERIFY_PARAM *vpm = NULL;
  	int badarg = 0;
@@ -72,7 +72,7 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/
  	char *CApath=NULL,*CAfile=NULL;
  	unsigned char *context = NULL;
  	char *dhfile = NULL;
-@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[])
+@@ -909,8 +909,7 @@ int MAIN(int argc, char *argv[])
  			 (strcmp(*argv,"-accept") == 0))
  			{
  			if (--argc < 1) goto bad;
@@ -82,7 +82,7 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/
  			}
  		else if	(strcmp(*argv,"-verify") == 0)
  			{
-@@ -1685,9 +1684,9 @@ bad:
+@@ -1700,9 +1699,9 @@ bad:
  	BIO_printf(bio_s_out,"ACCEPT\n");
  	(void)BIO_flush(bio_s_out);
  	if (www)
@@ -94,10 +94,10 @@ diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/
  	print_stats(bio_s_out,ctx);
  	ret=0;
  end:
-diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c
---- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps	2008-11-12 04:57:47.000000000 +0100
-+++ openssl-1.0.0-beta3/apps/s_socket.c	2009-08-05 21:29:58.000000000 +0200
-@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
+diff -up openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta5/apps/s_socket.c
+--- openssl-1.0.0-beta5/apps/s_socket.c.ipv6-apps	2009-08-26 13:21:50.000000000 +0200
++++ openssl-1.0.0-beta5/apps/s_socket.c	2010-02-03 10:00:30.000000000 +0100
+@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
  static void ssl_sock_cleanup(void);
  #endif
  static int ssl_sock_init(void);
@@ -108,7 +108,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
  static int do_accept(int acc_sock, int *sock, char **host);
  static int host_ip(char *str, unsigned char ip[4]);
  
-@@ -228,58 +226,70 @@ static int ssl_sock_init(void)
+@@ -234,58 +232,70 @@ static int ssl_sock_init(void)
  	return(1);
  	}
  
@@ -217,7 +217,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
  	{
  	int sock;
  	char *name = NULL;
-@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r
+@@ -323,33 +333,38 @@ int do_server(int port, int type, int *r
  		}
  	}
  
@@ -277,7 +277,7 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
  #if defined SOL_SOCKET && defined SO_REUSEADDR
  		{
  		int j = 1;
-@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i
+@@ -357,36 +372,39 @@ static int init_server_long(int *sock, i
  			   (void *) &j, sizeof j);
  		}
  #endif
@@ -337,11 +337,10 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
  	int len;
  /*	struct linger ling; */
  
-@@ -425,137 +443,62 @@ redoit:
- 	if (i < 0) { perror("keepalive"); return(0); }
+@@ -432,136 +450,58 @@ redoit:
  */
  
--	if (host == NULL) goto end;
+ 	if (host == NULL) goto end;
 -#ifndef BIT_FIELD_LIMITS
 -	/* I should use WSAAsyncGetHostByName() under windows */
 -	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
@@ -351,50 +350,44 @@ diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/
 -		sizeof(struct in_addr),AF_INET);
 -#endif
 -	if (h1 == NULL)
-+	if (host == NULL)
- 		{
--		BIO_printf(bio_err,"bad gethostbyaddr\n");
--		*host=NULL;
--		/* return(0); */
--		}
--	else
--		{
--		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
--			{
--			perror("OPENSSL_malloc");
-+		*sock=ret;
- 			return(0);
- 			}
--		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
--		if (h2 == NULL)
++
 +	if (getnameinfo((struct sockaddr *)&from, sizeof(from),
 +		buffer, sizeof(buffer),
 +		NULL, 0, 0))
- 			{
--			BIO_printf(bio_err,"gethostbyname failure\n");
+ 		{
+-		BIO_printf(bio_err,"bad gethostbyaddr\n");
 +		BIO_printf(bio_err,"getnameinfo failed\n");
-+		*host=NULL;
+ 		*host=NULL;
+ 		/* return(0); */
+ 		}
+ 	else
+ 		{
+-		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
++		if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+ 			{
+ 			perror("OPENSSL_malloc");
  			return(0);
  			}
+-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+-
+-		h2=GetHostByName(*host);
+-		if (h2 == NULL)
+-			{
+-			BIO_printf(bio_err,"gethostbyname failure\n");
+-			return(0);
+-			}
 -		i=0;
 -		if (h2->h_addrtype != AF_INET)
-+	else
- 			{
+-			{
 -			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+		if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
-+			{
-+			perror("OPENSSL_malloc");
- 			return(0);
- 			}
--		}
--end:
+-			return(0);
+-			}
 +		strcpy(*host, buffer);
+ 		}
+ end:
  	*sock=ret;
  	return(1);
  	}
-+	}
  
 -int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
 -	     short *port_ptr)
diff --git a/openssl-0.9.8j-readme-warning.patch b/openssl-1.0.0-beta5-readme-warning.patch
similarity index 55%
rename from openssl-0.9.8j-readme-warning.patch
rename to openssl-1.0.0-beta5-readme-warning.patch
index 411e6bd..0d89720 100644
--- a/openssl-0.9.8j-readme-warning.patch
+++ b/openssl-1.0.0-beta5-readme-warning.patch
@@ -1,7 +1,7 @@
-diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
---- openssl-0.9.8j/README.warning	2009-01-07 11:50:53.000000000 +0100
-+++ openssl-0.9.8j/README	2009-01-14 17:43:02.000000000 +0100
-@@ -5,6 +5,31 @@
+diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
+--- openssl-1.0.0-beta5/README.warning	2010-01-20 16:00:47.000000000 +0100
++++ openssl-1.0.0-beta5/README	2010-01-21 09:06:11.000000000 +0100
+@@ -5,6 +5,35 @@
   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
   All rights reserved.
  
@@ -15,9 +15,15 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
 + 
 + This version also contains a few differences from the upstream code
 + some of which are:
-+   * The FIPS integrity verification check is implemented differently
-+     from the upstream FIPS validated OpenSSL module. It verifies
-+     HMAC-SHA256 checksum of the whole libcrypto shared library.
++   * There are added changes forward ported from the upstream OpenSSL
++     0.9.8 FIPS branch however the FIPS integrity verification check
++     is implemented differently from the upstream FIPS validated OpenSSL
++     module. It verifies HMAC-SHA256 checksum of the whole shared
++     libraries. For this reason the changes are ported to files in the
++     crypto directory and not in a separate fips subdirectory. Also
++     note that the FIPS integrity verification check requires unmodified
++     libcrypto and libssl shared library files which means that it will
++     fail if these files are modified for example by prelink.
 +   * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
 +     tries to initialize the FIPS mode if it is set to 1 aborting if the
 +     FIPS mode could not be initialized. It is also possible to force the
@@ -27,8 +33,6 @@ diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
 +     will not automatically load the built in compression method ZLIB
 +     when initialized. Applications can still explicitely ask for ZLIB
 +     compression method.
-+   * There is added a support for EAP-FAST through TLS extension. This code
-+     is backported from OpenSSL upstream development branch.
 +
   DESCRIPTION
   -----------
diff --git a/openssl-1.0.0-beta4-fips.patch b/openssl-1.0.0-fips.patch
similarity index 89%
rename from openssl-1.0.0-beta4-fips.patch
rename to openssl-1.0.0-fips.patch
index bc81d71..e5b6de7 100644
--- a/openssl-1.0.0-beta4-fips.patch
+++ b/openssl-1.0.0-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure
---- openssl-1.0.0-beta4/Configure.fips	2009-11-12 12:36:50.000000000 +0100
-+++ openssl-1.0.0-beta4/Configure	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/Configure.fips openssl-1.0.0/Configure
+--- openssl-1.0.0/Configure.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/Configure	2010-03-30 10:33:46.000000000 +0200
 @@ -660,6 +660,7 @@ my $cmll_enc="camellia.o cmll_misc.o cml
  my $processor="";
  my $default_ranlib;
@@ -43,9 +43,9 @@ diff -up openssl-1.0.0-beta4/Configure.fips openssl-1.0.0-beta4/Configure
  	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
  	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
  	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
-diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto/bf/bf_skey.c
---- openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips	2008-11-12 04:57:52.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bf/bf_skey.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/bf/bf_skey.c.fips openssl-1.0.0/crypto/bf/bf_skey.c
+--- openssl-1.0.0/crypto/bf/bf_skey.c.fips	2008-11-12 04:57:52.000000000 +0100
++++ openssl-1.0.0/crypto/bf/bf_skey.c	2010-03-30 10:33:46.000000000 +0200
 @@ -59,10 +59,15 @@
  #include <stdio.h>
  #include <string.h>
@@ -63,9 +63,9 @@ diff -up openssl-1.0.0-beta4/crypto/bf/bf_skey.c.fips openssl-1.0.0-beta4/crypto
  	{
  	int i;
  	BF_LONG *p,ri,in[2];
-diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypto/bf/blowfish.h
---- openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bf/blowfish.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/bf/blowfish.h.fips openssl-1.0.0/crypto/bf/blowfish.h
+--- openssl-1.0.0/crypto/bf/blowfish.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/bf/blowfish.h	2010-03-30 10:33:46.000000000 +0200
 @@ -104,7 +104,9 @@ typedef struct bf_key_st
  	BF_LONG S[4*256];
  	} BF_KEY;
@@ -77,9 +77,9 @@ diff -up openssl-1.0.0-beta4/crypto/bf/blowfish.h.fips openssl-1.0.0-beta4/crypt
  void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
  
  void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/bn.h
---- openssl-1.0.0-beta4/crypto/bn/bn.h.fips	2009-11-12 12:36:50.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bn/bn.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/bn/bn.h.fips openssl-1.0.0/crypto/bn/bn.h
+--- openssl-1.0.0/crypto/bn/bn.h.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/bn/bn.h	2010-03-30 10:33:46.000000000 +0200
 @@ -540,6 +540,17 @@ int	BN_is_prime_ex(const BIGNUM *p,int n
  int	BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
  		int do_trial_division, BN_GENCB *cb);
@@ -98,9 +98,9 @@ diff -up openssl-1.0.0-beta4/crypto/bn/bn.h.fips openssl-1.0.0-beta4/crypto/bn/b
  BN_MONT_CTX *BN_MONT_CTX_new(void );
  void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
  int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
-diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/bn/bn_x931p.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/bn/bn_x931p.c.fips openssl-1.0.0/crypto/bn/bn_x931p.c
+--- openssl-1.0.0/crypto/bn/bn_x931p.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/bn/bn_x931p.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,272 @@
 +/* bn_x931p.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -374,9 +374,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/bn/bn_x931p.c
 +
 +	}
 +
-diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/bn/Makefile
---- openssl-1.0.0-beta4/crypto/bn/Makefile.fips	2008-11-12 09:19:02.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/bn/Makefile	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/bn/Makefile.fips openssl-1.0.0/crypto/bn/Makefile
+--- openssl-1.0.0/crypto/bn/Makefile.fips	2008-11-12 09:19:02.000000000 +0100
++++ openssl-1.0.0/crypto/bn/Makefile	2010-03-30 10:33:46.000000000 +0200
 @@ -26,13 +26,13 @@ LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_li
  	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
  	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
@@ -393,9 +393,9 @@ diff -up openssl-1.0.0-beta4/crypto/bn/Makefile.fips openssl-1.0.0-beta4/crypto/
  
  SRC= $(LIBSRC)
  
-diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl
---- openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips	2009-04-06 16:25:02.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl
+--- openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl.fips	2009-04-06 16:25:02.000000000 +0200
++++ openssl-1.0.0/crypto/camellia/asm/cmll-x86.pl	2010-03-30 10:33:46.000000000 +0200
 @@ -722,12 +722,15 @@ my $bias=int(@T[0])?shift(@T):0;
  }
  &function_end("Camellia_Ekeygen");
@@ -422,9 +422,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/asm/cmll-x86.pl.fips openssl-1.0.0-
  }
  
  @SBOX=(
-diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4/crypto/camellia/camellia.h
---- openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/camellia.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/camellia/camellia.h.fips openssl-1.0.0/crypto/camellia/camellia.h
+--- openssl-1.0.0/crypto/camellia/camellia.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/camellia/camellia.h	2010-03-30 10:33:46.000000000 +0200
 @@ -88,6 +88,11 @@ struct camellia_key_st 
  	};
  typedef struct camellia_key_st CAMELLIA_KEY;
@@ -437,9 +437,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/camellia.h.fips openssl-1.0.0-beta4
  int Camellia_set_key(const unsigned char *userKey, const int bits,
  	CAMELLIA_KEY *key);
  
-diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips openssl-1.0.0/crypto/camellia/cmll_fblk.c
+--- openssl-1.0.0/crypto/camellia/cmll_fblk.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/camellia/cmll_fblk.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,68 @@
 +/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
 +/* ====================================================================
@@ -509,9 +509,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/camellia/cmll_fblk.c
 +	return private_Camellia_set_key(userKey, bits, key);
 +	}
 +#endif
-diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c
---- openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips	2008-10-28 13:13:52.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/camellia/cmll_misc.c.fips openssl-1.0.0/crypto/camellia/cmll_misc.c
+--- openssl-1.0.0/crypto/camellia/cmll_misc.c.fips	2008-10-28 13:13:52.000000000 +0100
++++ openssl-1.0.0/crypto/camellia/cmll_misc.c	2010-03-30 10:33:46.000000000 +0200
 @@ -52,11 +52,20 @@
  #include <openssl/opensslv.h>
  #include <openssl/camellia.h>
@@ -533,9 +533,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/cmll_misc.c.fips openssl-1.0.0-beta
  	{
  	if(!userKey || !key)
  		return -1;
-diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/crypto/camellia/Makefile
---- openssl-1.0.0-beta4/crypto/camellia/Makefile.fips	2008-12-23 12:33:00.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/camellia/Makefile	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/camellia/Makefile.fips openssl-1.0.0/crypto/camellia/Makefile
+--- openssl-1.0.0/crypto/camellia/Makefile.fips	2008-12-23 12:33:00.000000000 +0100
++++ openssl-1.0.0/crypto/camellia/Makefile	2010-03-30 10:33:46.000000000 +0200
 @@ -23,9 +23,9 @@ APPS=
  
  LIB=$(TOP)/libcrypto.a
@@ -548,9 +548,9 @@ diff -up openssl-1.0.0-beta4/crypto/camellia/Makefile.fips openssl-1.0.0-beta4/c
  
  SRC= $(LIBSRC)
  
-diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/cast/cast.h
---- openssl-1.0.0-beta4/crypto/cast/cast.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/cast/cast.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/cast/cast.h.fips openssl-1.0.0/crypto/cast/cast.h
+--- openssl-1.0.0/crypto/cast/cast.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/cast/cast.h	2010-03-30 10:33:46.000000000 +0200
 @@ -83,7 +83,9 @@ typedef struct cast_key_st
  	int short_key;	/* Use reduced rounds for short key */
  	} CAST_KEY;
@@ -560,11 +560,11 @@ diff -up openssl-1.0.0-beta4/crypto/cast/cast.h.fips openssl-1.0.0-beta4/crypto/
 +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 +#endif
  void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
- void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
  		      int enc);
-diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypto/cast/c_skey.c
---- openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips	2000-06-03 16:13:35.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/cast/c_skey.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/cast/c_skey.c.fips openssl-1.0.0/crypto/cast/c_skey.c
+--- openssl-1.0.0/crypto/cast/c_skey.c.fips	2000-06-03 16:13:35.000000000 +0200
++++ openssl-1.0.0/crypto/cast/c_skey.c	2010-03-30 10:33:46.000000000 +0200
 @@ -57,6 +57,11 @@
   */
  
@@ -586,13 +586,14 @@ diff -up openssl-1.0.0-beta4/crypto/cast/c_skey.c.fips openssl-1.0.0-beta4/crypt
  	{
  	CAST_LONG x[16];
  	CAST_LONG z[16];
-diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/crypto.h
---- openssl-1.0.0-beta4/crypto/crypto.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/crypto.h	2009-11-12 12:36:50.000000000 +0100
-@@ -546,12 +546,69 @@ void OpenSSLDie(const char *file,int lin
- unsigned long *OPENSSL_ia32cap_loc(void);
+diff -up openssl-1.0.0/crypto/crypto.h.fips openssl-1.0.0/crypto/crypto.h
+--- openssl-1.0.0/crypto/crypto.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/crypto.h	2010-03-30 10:36:06.000000000 +0200
+@@ -547,12 +547,70 @@ unsigned long *OPENSSL_ia32cap_loc(void)
  #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+ int OPENSSL_isservice(void);
  
++
 +#ifdef OPENSSL_FIPS
 +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
 +		alg " previous FIPS forbidden algorithm error ignored");
@@ -659,9 +660,9 @@ diff -up openssl-1.0.0-beta4/crypto/crypto.h.fips openssl-1.0.0-beta4/crypto/cry
  /* Error codes for the CRYPTO functions. */
  
  /* Function codes. */
-diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/dh/dh_err.c
---- openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips	2006-11-21 22:29:37.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dh/dh_err.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/dh/dh_err.c.fips openssl-1.0.0/crypto/dh/dh_err.c
+--- openssl-1.0.0/crypto/dh/dh_err.c.fips	2006-11-21 22:29:37.000000000 +0100
++++ openssl-1.0.0/crypto/dh/dh_err.c	2010-03-30 10:33:46.000000000 +0200
 @@ -73,6 +73,8 @@ static ERR_STRING_DATA DH_str_functs[]=
  {ERR_FUNC(DH_F_COMPUTE_KEY),	"COMPUTE_KEY"},
  {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),	"DHparams_print_fp"},
@@ -679,9 +680,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_err.c.fips openssl-1.0.0-beta4/crypto/
  {ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
  {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
  {ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
-diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/dh/dh_gen.c
---- openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips	2005-04-26 20:53:15.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dh/dh_gen.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/dh/dh_gen.c.fips openssl-1.0.0/crypto/dh/dh_gen.c
+--- openssl-1.0.0/crypto/dh/dh_gen.c.fips	2005-04-26 20:53:15.000000000 +0200
++++ openssl-1.0.0/crypto/dh/dh_gen.c	2010-03-30 10:33:46.000000000 +0200
 @@ -65,6 +65,10 @@
  #include "cryptlib.h"
  #include <openssl/bn.h>
@@ -714,9 +715,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_gen.c.fips openssl-1.0.0-beta4/crypto/
  	ctx=BN_CTX_new();
  	if (ctx == NULL) goto err;
  	BN_CTX_start(ctx);
-diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/dh.h
---- openssl-1.0.0-beta4/crypto/dh/dh.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dh/dh.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/dh/dh.h.fips openssl-1.0.0/crypto/dh/dh.h
+--- openssl-1.0.0/crypto/dh/dh.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/dh/dh.h	2010-03-30 10:33:46.000000000 +0200
 @@ -77,6 +77,8 @@
  # define OPENSSL_DH_MAX_MODULUS_BITS	10000
  #endif
@@ -743,9 +744,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh.h.fips openssl-1.0.0-beta4/crypto/dh/d
  
  #ifdef  __cplusplus
  }
-diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/dh/dh_key.c
---- openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips	2007-03-28 02:15:23.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dh/dh_key.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/dh/dh_key.c.fips openssl-1.0.0/crypto/dh/dh_key.c
+--- openssl-1.0.0/crypto/dh/dh_key.c.fips	2007-03-28 02:15:23.000000000 +0200
++++ openssl-1.0.0/crypto/dh/dh_key.c	2010-03-30 10:33:46.000000000 +0200
 @@ -61,6 +61,9 @@
  #include <openssl/bn.h>
  #include <openssl/rand.h>
@@ -795,9 +796,9 @@ diff -up openssl-1.0.0-beta4/crypto/dh/dh_key.c.fips openssl-1.0.0-beta4/crypto/
  	dh->flags |= DH_FLAG_CACHE_MONT_P;
  	return(1);
  	}
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c
---- openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips	2008-12-26 18:17:21.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/dsa/dsa_gen.c.fips openssl-1.0.0/crypto/dsa/dsa_gen.c
+--- openssl-1.0.0/crypto/dsa/dsa_gen.c.fips	2008-12-26 18:17:21.000000000 +0100
++++ openssl-1.0.0/crypto/dsa/dsa_gen.c	2010-03-30 10:33:46.000000000 +0200
 @@ -77,8 +77,12 @@
  #include "cryptlib.h"
  #include <openssl/evp.h>
@@ -833,9 +834,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_gen.c.fips openssl-1.0.0-beta4/crypt
  	if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
  	    qsize != SHA256_DIGEST_LENGTH)
  		/* invalid q size */
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/dsa/dsa.h
---- openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/dsa/dsa.h.fips openssl-1.0.0/crypto/dsa/dsa.h
+--- openssl-1.0.0/crypto/dsa/dsa.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/dsa/dsa.h	2010-03-30 10:33:46.000000000 +0200
 @@ -88,6 +88,8 @@
  # define OPENSSL_DSA_MAX_MODULUS_BITS	10000
  #endif
@@ -892,16 +893,18 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa.h.fips openssl-1.0.0-beta4/crypto/ds
  #define DSA_R_PARAMETER_ENCODING_ERROR			 105
  
  #ifdef  __cplusplus
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_key.c
---- openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips	2007-03-28 02:15:25.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa_key.c	2009-11-12 12:36:50.000000000 +0100
-@@ -63,9 +63,53 @@
+diff -up openssl-1.0.0/crypto/dsa/dsa_key.c.fips openssl-1.0.0/crypto/dsa/dsa_key.c
+--- openssl-1.0.0/crypto/dsa/dsa_key.c.fips	2007-03-28 02:15:25.000000000 +0200
++++ openssl-1.0.0/crypto/dsa/dsa_key.c	2010-03-30 10:33:46.000000000 +0200
+@@ -63,9 +63,55 @@
  #include <openssl/bn.h>
  #include <openssl/dsa.h>
  #include <openssl/rand.h>
 +#include <openssl/err.h>
 +#include <openssl/evp.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include "fips_locl.h"
  
  static int dsa_builtin_keygen(DSA *dsa);
@@ -949,7 +952,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt
  int DSA_generate_key(DSA *dsa)
  	{
  	if(dsa->meth->dsa_keygen)
-@@ -79,6 +123,14 @@ static int dsa_builtin_keygen(DSA *dsa)
+@@ -79,6 +125,14 @@ static int dsa_builtin_keygen(DSA *dsa)
  	BN_CTX *ctx=NULL;
  	BIGNUM *pub_key=NULL,*priv_key=NULL;
  
@@ -964,7 +967,7 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt
  	if ((ctx=BN_CTX_new()) == NULL) goto err;
  
  	if (dsa->priv_key == NULL)
-@@ -117,6 +169,15 @@ static int dsa_builtin_keygen(DSA *dsa)
+@@ -117,6 +171,15 @@ static int dsa_builtin_keygen(DSA *dsa)
  
  	dsa->priv_key=priv_key;
  	dsa->pub_key=pub_key;
@@ -980,9 +983,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_key.c.fips openssl-1.0.0-beta4/crypt
  	ok=1;
  
  err:
-diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c
---- openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips	2007-03-28 02:15:26.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0/crypto/dsa/dsa_ossl.c
+--- openssl-1.0.0/crypto/dsa/dsa_ossl.c.fips	2007-03-28 02:15:26.000000000 +0200
++++ openssl-1.0.0/crypto/dsa/dsa_ossl.c	2010-03-30 10:33:46.000000000 +0200
 @@ -65,6 +65,9 @@
  #include <openssl/dsa.h>
  #include <openssl/rand.h>
@@ -1054,9 +1057,9 @@ diff -up openssl-1.0.0-beta4/crypto/dsa/dsa_ossl.c.fips openssl-1.0.0-beta4/cryp
  	dsa->flags|=DSA_FLAG_CACHE_MONT_P;
  	return(1);
  }
-diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypto/err/err_all.c
---- openssl-1.0.0-beta4/crypto/err/err_all.c.fips	2009-08-09 16:58:05.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/err/err_all.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/err/err_all.c.fips openssl-1.0.0/crypto/err/err_all.c
+--- openssl-1.0.0/crypto/err/err_all.c.fips	2009-08-09 16:58:05.000000000 +0200
++++ openssl-1.0.0/crypto/err/err_all.c	2010-03-30 10:33:46.000000000 +0200
 @@ -96,6 +96,9 @@
  #include <openssl/ocsp.h>
  #include <openssl/err.h>
@@ -1077,9 +1080,9 @@ diff -up openssl-1.0.0-beta4/crypto/err/err_all.c.fips openssl-1.0.0-beta4/crypt
  #ifndef OPENSSL_NO_CMS
  	ERR_load_CMS_strings();
  #endif
-diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto/evp/digest.c
---- openssl-1.0.0-beta4/crypto/evp/digest.c.fips	2008-11-04 13:06:09.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/digest.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/digest.c.fips openssl-1.0.0/crypto/evp/digest.c
+--- openssl-1.0.0/crypto/evp/digest.c.fips	2010-03-05 14:33:43.000000000 +0100
++++ openssl-1.0.0/crypto/evp/digest.c	2010-03-30 10:33:46.000000000 +0200
 @@ -116,6 +116,7 @@
  #ifndef OPENSSL_NO_ENGINE
  #include <openssl/engine.h>
@@ -1088,7 +1091,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
  
  void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
  	{
-@@ -137,9 +138,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
+@@ -138,9 +139,50 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
  	return EVP_DigestInit_ex(ctx, type, NULL);
  	}
  
@@ -1139,7 +1142,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
  #ifndef OPENSSL_NO_ENGINE
  	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
  	 * so this context may already have an ENGINE! Try to avoid releasing
-@@ -195,6 +237,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+@@ -197,6 +239,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
  #endif
  	if (ctx->digest != type)
  		{
@@ -1158,7 +1161,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
  		if (ctx->digest && ctx->digest->ctx_size)
  			OPENSSL_free(ctx->md_data);
  		ctx->digest=type;
-@@ -222,6 +276,9 @@ skip_to_init:
+@@ -230,6 +284,9 @@ skip_to_init:
  
  int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
  	{
@@ -1168,7 +1171,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
  	return ctx->update(ctx,data,count);
  	}
  
-@@ -238,6 +295,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
+@@ -246,6 +303,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, uns
  int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
  	{
  	int ret;
@@ -1178,9 +1181,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/digest.c.fips openssl-1.0.0-beta4/crypto
  
  	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
  	ret=ctx->digest->final(ctx,md);
-diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/evp/e_aes.c
---- openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips	2004-01-28 20:05:33.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/e_aes.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/e_aes.c.fips openssl-1.0.0/crypto/evp/e_aes.c
+--- openssl-1.0.0/crypto/evp/e_aes.c.fips	2004-01-28 20:05:33.000000000 +0100
++++ openssl-1.0.0/crypto/evp/e_aes.c	2010-03-30 10:33:46.000000000 +0200
 @@ -69,32 +69,29 @@ typedef struct
  
  IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
@@ -1233,9 +1236,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_aes.c.fips openssl-1.0.0-beta4/crypto/
  
  static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  		   const unsigned char *iv, int enc)
-diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/crypto/evp/e_camellia.c
---- openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips	2006-08-31 22:56:20.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/e_camellia.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/e_camellia.c.fips openssl-1.0.0/crypto/evp/e_camellia.c
+--- openssl-1.0.0/crypto/evp/e_camellia.c.fips	2006-08-31 22:56:20.000000000 +0200
++++ openssl-1.0.0/crypto/evp/e_camellia.c	2010-03-30 10:33:46.000000000 +0200
 @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks,
  	EVP_CIPHER_get_asn1_iv,
  	NULL)
@@ -1245,9 +1248,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_camellia.c.fips openssl-1.0.0-beta4/cr
  
  IMPLEMENT_CAMELLIA_CFBR(128,1)
  IMPLEMENT_CAMELLIA_CFBR(192,1)
-diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto/evp/e_des3.c
---- openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips	2008-12-29 13:35:47.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/e_des3.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/e_des3.c.fips openssl-1.0.0/crypto/evp/e_des3.c
+--- openssl-1.0.0/crypto/evp/e_des3.c.fips	2008-12-29 13:35:47.000000000 +0100
++++ openssl-1.0.0/crypto/evp/e_des3.c	2010-03-30 10:33:46.000000000 +0200
 @@ -206,9 +206,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPH
      }
  
@@ -1292,9 +1295,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_des3.c.fips openssl-1.0.0-beta4/crypto
  		     des3_ctrl)
  
  static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto/evp/e_null.c
---- openssl-1.0.0-beta4/crypto/evp/e_null.c.fips	2008-10-31 20:48:24.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/e_null.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/e_null.c.fips openssl-1.0.0/crypto/evp/e_null.c
+--- openssl-1.0.0/crypto/evp/e_null.c.fips	2008-10-31 20:48:24.000000000 +0100
++++ openssl-1.0.0/crypto/evp/e_null.c	2010-03-30 10:33:46.000000000 +0200
 @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
  	{
  	NID_undef,
@@ -1304,9 +1307,20 @@ diff -up openssl-1.0.0-beta4/crypto/evp/e_null.c.fips openssl-1.0.0-beta4/crypto
  	null_init_key,
  	null_cipher,
  	NULL,
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypto/evp/evp_enc.c
---- openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips	2008-11-12 04:58:00.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp_enc.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/e_rc4.c.fips openssl-1.0.0/crypto/evp/e_rc4.c
+--- openssl-1.0.0/crypto/evp/e_rc4.c.fips	2008-10-31 20:48:24.000000000 +0100
++++ openssl-1.0.0/crypto/evp/e_rc4.c	2010-03-30 10:33:46.000000000 +0200
+@@ -64,6 +64,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ #include <openssl/rc4.h>
++#include "evp_locl.h"
+ 
+ /* FIXME: surely this is available elsewhere? */
+ #define EVP_RC4_KEY_SIZE		16
+diff -up openssl-1.0.0/crypto/evp/evp_enc.c.fips openssl-1.0.0/crypto/evp/evp_enc.c
+--- openssl-1.0.0/crypto/evp/evp_enc.c.fips	2010-03-01 02:52:47.000000000 +0100
++++ openssl-1.0.0/crypto/evp/evp_enc.c	2010-03-30 10:33:46.000000000 +0200
 @@ -68,8 +68,53 @@
  
  const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
@@ -1399,10 +1413,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_enc.c.fips openssl-1.0.0-beta4/crypt
  	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
  		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
  	}
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypto/evp/evp_err.c
---- openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips	2008-12-29 17:11:54.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp_err.c	2009-11-12 12:36:50.000000000 +0100
-@@ -154,6 +154,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+diff -up openssl-1.0.0/crypto/evp/evp_err.c.fips openssl-1.0.0/crypto/evp/evp_err.c
+--- openssl-1.0.0/crypto/evp/evp_err.c.fips	2010-02-07 14:41:23.000000000 +0100
++++ openssl-1.0.0/crypto/evp/evp_err.c	2010-03-30 10:33:46.000000000 +0200
+@@ -155,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
  {ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
  {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
  {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
@@ -1410,9 +1424,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_err.c.fips openssl-1.0.0-beta4/crypt
  {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
  {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
  {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
-diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/evp/evp.h
---- openssl-1.0.0-beta4/crypto/evp/evp.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/evp.h.fips openssl-1.0.0/crypto/evp/evp.h
+--- openssl-1.0.0/crypto/evp/evp.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/evp/evp.h	2010-03-30 10:40:12.000000000 +0200
 @@ -75,6 +75,10 @@
  #include <openssl/bio.h>
  #endif
@@ -1455,33 +1469,26 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/ev
  
  #define EVP_MD_CTX_FLAG_NO_INIT		0x0100 /* Don't initialize md_data */
  
-@@ -330,6 +336,14 @@ struct evp_cipher_st
+@@ -330,12 +336,16 @@ struct evp_cipher_st
  #define 	EVP_CIPH_NO_PADDING		0x100
  /* cipher handles random key generation */
  #define 	EVP_CIPH_RAND_KEY		0x200
+-/* cipher has its own additional copying logic */
+-#define 	EVP_CIPH_CUSTOM_COPY		0x400
 +/* Note if suitable for use in FIPS mode */
 +#define		EVP_CIPH_FLAG_FIPS		0x400
 +/* Allow non FIPS cipher in FIPS mode */
 +#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x800
-+/* Allow use default ASN1 get/set iv */
-+#define		EVP_CIPH_FLAG_DEFAULT_ASN1	0x1000
-+/* Buffer length in bits not bytes: CFB1 mode only */
-+#define		EVP_CIPH_FLAG_LENGTH_BITS	0x2000
+ /* Allow use default ASN1 get/set iv */
+ #define		EVP_CIPH_FLAG_DEFAULT_ASN1	0x1000
+ /* Buffer length in bits not bytes: CFB1 mode only */
+ #define		EVP_CIPH_FLAG_LENGTH_BITS	0x2000
++/* cipher has its own additional copying logic */
++#define 	EVP_CIPH_CUSTOM_COPY		0x4000
  
  /* ctrl() values */
  
-@@ -507,6 +521,10 @@ int	EVP_BytesToKey(const EVP_CIPHER *typ
- 		const unsigned char *salt, const unsigned char *data,
- 		int datal, int count, unsigned char *key,unsigned char *iv);
- 
-+void	EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
-+void	EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
-+int 	EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
-+
- int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
- 		const unsigned char *key, const unsigned char *iv);
- int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-@@ -1225,6 +1243,7 @@ void ERR_load_EVP_strings(void);
+@@ -1239,6 +1249,7 @@ void ERR_load_EVP_strings(void);
  #define EVP_R_DECODE_ERROR				 114
  #define EVP_R_DIFFERENT_KEY_TYPES			 101
  #define EVP_R_DIFFERENT_PARAMETERS			 153
@@ -1489,9 +1496,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp.h.fips openssl-1.0.0-beta4/crypto/ev
  #define EVP_R_ENCODE_ERROR				 115
  #define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
  #define EVP_R_EXPECTING_AN_RSA_KEY			 127
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypto/evp/evp_lib.c
---- openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips	2009-04-10 12:30:27.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/evp_lib.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/evp_lib.c.fips openssl-1.0.0/crypto/evp/evp_lib.c
+--- openssl-1.0.0/crypto/evp/evp_lib.c.fips	2010-01-26 15:33:51.000000000 +0100
++++ openssl-1.0.0/crypto/evp/evp_lib.c	2010-03-30 10:33:46.000000000 +0200
 @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_
  
  	if (c->cipher->set_asn1_parameters != NULL)
@@ -1510,7 +1517,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypt
  	else
  		ret=-1;
  	return(ret);
-@@ -180,6 +184,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
+@@ -186,6 +190,9 @@ int EVP_CIPHER_CTX_block_size(const EVP_
  
  int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
  	{
@@ -1520,43 +1527,10 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_lib.c.fips openssl-1.0.0-beta4/crypt
  	return ctx->cipher->do_cipher(ctx,out,in,inl);
  	}
  
-@@ -289,3 +296,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_C
- 	{
- 	return (ctx->flags & flags);
- 	}
-+
-+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
-+	{
-+	ctx->flags |= flags;
-+	}
-+
-+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
-+	{
-+	ctx->flags &= ~flags;
-+	}
-+
-+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
-+	{
-+	return (ctx->flags & flags);
-+	}
-diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/crypto/evp/evp_locl.h
---- openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/evp_locl.h	2009-11-12 12:36:50.000000000 +0100
-@@ -111,11 +111,11 @@ static int cname##_cbc_cipher(EVP_CIPHER
- static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
- {\
- 	size_t chunk=EVP_MAXCHUNK;\
--	if (cbits==1)  chunk>>=3;\
-+	if (cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS))  chunk>>=3;\
- 	if (inl<chunk) chunk=inl;\
- 	while(inl && inl>=chunk)\
- 	    {\
--	    cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
-+	    cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1 && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS)?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
- 	    inl-=chunk;\
- 	    in +=chunk;\
- 	    out+=chunk;\
-@@ -254,14 +254,29 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
+diff -up openssl-1.0.0/crypto/evp/evp_locl.h.fips openssl-1.0.0/crypto/evp/evp_locl.h
+--- openssl-1.0.0/crypto/evp/evp_locl.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/evp/evp_locl.h	2010-03-30 10:33:46.000000000 +0200
+@@ -254,14 +254,32 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
  
  #define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)
  
@@ -1578,6 +1552,7 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/cryp
 +#define CAST_set_key	private_CAST_set_key
 +#define RC5_32_set_key	private_RC5_32_set_key
 +#define BF_set_key	private_BF_set_key
++#define SEED_set_key	private_SEED_set_key
 +#define Camellia_set_key private_Camellia_set_key
 +#define idea_set_encrypt_key private_idea_set_encrypt_key
 +
@@ -1586,14 +1561,16 @@ diff -up openssl-1.0.0-beta4/crypto/evp/evp_locl.h.fips openssl-1.0.0-beta4/cryp
 +#define MD2_Init	private_MD2_Init
 +#define MDC2_Init	private_MDC2_Init
 +#define SHA_Init	private_SHA_Init
++#define RIPEMD160_Init	private_RIPEMD160_Init
++#define WHIRLPOOL_Init	private_WHIRLPOOL_Init
 +
 +#endif
  
  struct evp_pkey_ctx_st
  	{
-diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss.c
---- openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips	2006-04-19 19:05:57.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/m_dss.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/m_dss.c.fips openssl-1.0.0/crypto/evp/m_dss.c
+--- openssl-1.0.0/crypto/evp/m_dss.c.fips	2006-04-19 19:05:57.000000000 +0200
++++ openssl-1.0.0/crypto/evp/m_dss.c	2010-03-30 10:33:46.000000000 +0200
 @@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
  	NID_dsaWithSHA,
  	NID_dsaWithSHA,
@@ -1603,9 +1580,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss.c.fips openssl-1.0.0-beta4/crypto/
  	init,
  	update,
  	final,
-diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto/evp/m_dss1.c
---- openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips	2006-04-19 19:05:57.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/m_dss1.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/m_dss1.c.fips openssl-1.0.0/crypto/evp/m_dss1.c
+--- openssl-1.0.0/crypto/evp/m_dss1.c.fips	2006-04-19 19:05:57.000000000 +0200
++++ openssl-1.0.0/crypto/evp/m_dss1.c	2010-03-30 10:33:46.000000000 +0200
 @@ -82,7 +82,7 @@ static const EVP_MD dss1_md=
  	NID_dsa,
  	NID_dsaWithSHA1,
@@ -1615,9 +1592,64 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_dss1.c.fips openssl-1.0.0-beta4/crypto
  	init,
  	update,
  	final,
-diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto/evp/m_sha1.c
---- openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips	2008-03-12 22:14:24.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/m_sha1.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/m_mdc2.c.fips openssl-1.0.0/crypto/evp/m_mdc2.c
+--- openssl-1.0.0/crypto/evp/m_mdc2.c.fips	2010-02-02 14:36:05.000000000 +0100
++++ openssl-1.0.0/crypto/evp/m_mdc2.c	2010-03-30 10:57:02.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return MDC2_Init(ctx->md_data); }
+diff -up openssl-1.0.0/crypto/evp/m_md2.c.fips openssl-1.0.0/crypto/evp/m_md2.c
+--- openssl-1.0.0/crypto/evp/m_md2.c.fips	2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0/crypto/evp/m_md2.c	2010-03-30 10:33:46.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return MD2_Init(ctx->md_data); }
+diff -up openssl-1.0.0/crypto/evp/m_md4.c.fips openssl-1.0.0/crypto/evp/m_md4.c
+--- openssl-1.0.0/crypto/evp/m_md4.c.fips	2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0/crypto/evp/m_md4.c	2010-03-30 10:33:46.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return MD4_Init(ctx->md_data); }
+diff -up openssl-1.0.0/crypto/evp/m_md5.c.fips openssl-1.0.0/crypto/evp/m_md5.c
+--- openssl-1.0.0/crypto/evp/m_md5.c.fips	2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0/crypto/evp/m_md5.c	2010-03-30 10:33:46.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return MD5_Init(ctx->md_data); }
+diff -up openssl-1.0.0/crypto/evp/m_ripemd.c.fips openssl-1.0.0/crypto/evp/m_ripemd.c
+--- openssl-1.0.0/crypto/evp/m_ripemd.c.fips	2005-07-16 14:37:32.000000000 +0200
++++ openssl-1.0.0/crypto/evp/m_ripemd.c	2010-03-30 10:33:46.000000000 +0200
+@@ -68,6 +68,7 @@
+ #ifndef OPENSSL_NO_RSA
+ #include <openssl/rsa.h>
+ #endif
++#include "evp_locl.h"
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return RIPEMD160_Init(ctx->md_data); }
+diff -up openssl-1.0.0/crypto/evp/m_sha1.c.fips openssl-1.0.0/crypto/evp/m_sha1.c
+--- openssl-1.0.0/crypto/evp/m_sha1.c.fips	2008-03-12 22:14:24.000000000 +0100
++++ openssl-1.0.0/crypto/evp/m_sha1.c	2010-03-30 10:33:46.000000000 +0200
 @@ -82,7 +82,8 @@ static const EVP_MD sha1_md=
  	NID_sha1,
  	NID_sha1WithRSAEncryption,
@@ -1668,9 +1700,20 @@ diff -up openssl-1.0.0-beta4/crypto/evp/m_sha1.c.fips openssl-1.0.0-beta4/crypto
  	init512,
  	update512,
  	final512,
-diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/evp/names.c
---- openssl-1.0.0-beta4/crypto/evp/names.c.fips	2009-04-10 12:30:27.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/names.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/m_wp.c.fips openssl-1.0.0/crypto/evp/m_wp.c
+--- openssl-1.0.0/crypto/evp/m_wp.c.fips	2005-11-30 21:57:23.000000000 +0100
++++ openssl-1.0.0/crypto/evp/m_wp.c	2010-03-30 10:33:46.000000000 +0200
+@@ -9,6 +9,7 @@
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
+ #include <openssl/whrlpool.h>
++#include "evp_locl.h"
+ 
+ static int init(EVP_MD_CTX *ctx)
+ 	{ return WHIRLPOOL_Init(ctx->md_data); }
+diff -up openssl-1.0.0/crypto/evp/names.c.fips openssl-1.0.0/crypto/evp/names.c
+--- openssl-1.0.0/crypto/evp/names.c.fips	2010-03-06 21:47:45.000000000 +0100
++++ openssl-1.0.0/crypto/evp/names.c	2010-03-30 10:33:46.000000000 +0200
 @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
  	{
  	int r;
@@ -1693,9 +1736,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/names.c.fips openssl-1.0.0-beta4/crypto/
  	name=OBJ_nid2sn(md->type);
  	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
  	if (r == 0) return(0);
-diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto/evp/p_sign.c
---- openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips	2006-05-24 15:29:30.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/evp/p_sign.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/p_sign.c.fips openssl-1.0.0/crypto/evp/p_sign.c
+--- openssl-1.0.0/crypto/evp/p_sign.c.fips	2006-05-24 15:29:30.000000000 +0200
++++ openssl-1.0.0/crypto/evp/p_sign.c	2010-03-30 10:33:46.000000000 +0200
 @@ -61,6 +61,7 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -1727,9 +1770,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_sign.c.fips openssl-1.0.0-beta4/crypto
  		if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
  			goto err;
  		*siglen = sltmp;
-diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/crypto/evp/p_verify.c
---- openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips	2008-11-12 04:58:01.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/evp/p_verify.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/evp/p_verify.c.fips openssl-1.0.0/crypto/evp/p_verify.c
+--- openssl-1.0.0/crypto/evp/p_verify.c.fips	2008-11-12 04:58:01.000000000 +0100
++++ openssl-1.0.0/crypto/evp/p_verify.c	2010-03-30 10:33:46.000000000 +0200
 @@ -61,6 +61,7 @@
  #include <openssl/evp.h>
  #include <openssl/objects.h>
@@ -1761,9 +1804,9 @@ diff -up openssl-1.0.0-beta4/crypto/evp/p_verify.c.fips openssl-1.0.0-beta4/cryp
  		i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
  		err:
  		EVP_PKEY_CTX_free(pkctx);
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_aesavs.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,939 @@
 +/* ====================================================================
 + * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -2704,9 +2747,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_aesavs.c
 +    }
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_desmovs.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,702 @@
 +/* ====================================================================
 + * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -3410,9 +3453,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_desmovs.c
 +    }
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_dssvs.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,537 @@
 +#include <openssl/opensslconf.h>
 +
@@ -3951,9 +3994,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_dssvs.c
 +    }
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_rngvs.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,230 @@
 +/*
 + * Crude test driver for processing the VST and MCT testvector files
@@ -4185,9 +4228,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rngvs.c
 +    return 0;
 +    }
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_rsagtest.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,390 @@
 +/* fips_rsagtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4579,9 +4622,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsagtest.c
 +	}
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_rsastest.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,370 @@
 +/* fips_rsastest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -4953,9 +4996,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsastest.c
 +	return ret;
 +	}
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_rsavtest.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,377 @@
 +/* fips_rsavtest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5334,9 +5377,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_rsavtest.c
 +	return ret;
 +	}
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips openssl-1.0.0/crypto/fips/cavs/fips_shatest.c
+--- openssl-1.0.0/crypto/fips/cavs/fips_shatest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_shatest.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,388 @@
 +/* fips_shatest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -5726,9 +5769,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_shatest.c
 +	}
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips openssl-1.0.0/crypto/fips/cavs/fips_utl.h
+--- openssl-1.0.0/crypto/fips/cavs/fips_utl.h.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/cavs/fips_utl.h	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,343 @@
 +/* ====================================================================
 + * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
@@ -6073,9 +6116,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/cavs/fips_utl.h
 +#endif
 +    }
 +
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips_err.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips_err.c.fips openssl-1.0.0/crypto/fips_err.c
+--- openssl-1.0.0/crypto/fips_err.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips_err.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,7 @@
 +#include <openssl/opensslconf.h>
 +
@@ -6084,9 +6127,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.c
 +#else
 +static void *dummy=&dummy;
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips_err.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips_err.h.fips openssl-1.0.0/crypto/fips_err.h
+--- openssl-1.0.0/crypto/fips_err.h.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips_err.h	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,137 @@
 +/* crypto/fips_err.h */
 +/* ====================================================================
@@ -6225,10 +6268,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_err.h
 +		}
 +#endif
 +	}
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,101 @@
+diff -up openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips openssl-1.0.0/crypto/fips/fips_aes_selftest.c
+--- openssl-1.0.0/crypto/fips/fips_aes_selftest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_aes_selftest.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,103 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 + *
@@ -6280,7 +6323,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c
 +
 +#include <string.h>
 +#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include <openssl/evp.h>
 +
 +#ifdef OPENSSL_FIPS
@@ -6330,9 +6375,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_aes_selftest.c
 +    return ret;
 +    }
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/fips.c.fips openssl-1.0.0/crypto/fips/fips.c
+--- openssl-1.0.0/crypto/fips/fips.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,419 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -6753,10 +6798,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.c
 +
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,137 @@
+diff -up openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips openssl-1.0.0/crypto/fips/fips_des_selftest.c
+--- openssl-1.0.0/crypto/fips/fips_des_selftest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_des_selftest.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,139 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 + *
@@ -6808,7 +6853,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c
 +
 +#include <string.h>
 +#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include <openssl/evp.h>
 +#include <openssl/opensslconf.h>
 +
@@ -6894,10 +6941,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_des_selftest.c
 +    return ret;
 +    }
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,184 @@
+diff -up openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_dsa_selftest.c
+--- openssl-1.0.0/crypto/fips/fips_dsa_selftest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_dsa_selftest.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,186 @@
 +/* crypto/dsa/dsatest.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 + * All rights reserved.
@@ -6959,7 +7006,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c
 +#include <string.h>
 +#include <openssl/crypto.h>
 +#include <openssl/dsa.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include <openssl/err.h>
 +#include <openssl/evp.h>
 +#include <openssl/bn.h>
@@ -7082,9 +7131,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_dsa_selftest.c
 +    return ret;
 +    }
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/fips.h.fips openssl-1.0.0/crypto/fips/fips.h
+--- openssl-1.0.0/crypto/fips/fips.h.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips.h	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,163 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -7249,10 +7298,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips.h
 +}
 +#endif
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,135 @@
+diff -up openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips openssl-1.0.0/crypto/fips/fips_hmac_selftest.c
+--- openssl-1.0.0/crypto/fips/fips_hmac_selftest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_hmac_selftest.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,137 @@
 +/* ====================================================================
 + * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
 + *
@@ -7304,7 +7353,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c
 +
 +#include <string.h>
 +#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include <openssl/hmac.h>
 +
 +#ifdef OPENSSL_FIPS
@@ -7388,10 +7439,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_hmac_selftest.c
 +    return 1;
 +    }
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,410 @@
+diff -up openssl-1.0.0/crypto/fips/fips_rand.c.fips openssl-1.0.0/crypto/fips/fips_rand.c
+--- openssl-1.0.0/crypto/fips/fips_rand.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_rand.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,412 @@
 +/* ====================================================================
 + * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 + *
@@ -7470,7 +7521,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c
 +# endif
 +#endif
 +#include <string.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include "fips_locl.h"
 +
 +#ifdef OPENSSL_FIPS
@@ -7802,9 +7855,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.c
 +}
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/fips_rand.h.fips openssl-1.0.0/crypto/fips/fips_rand.h
+--- openssl-1.0.0/crypto/fips/fips_rand.h.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_rand.h	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,77 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -7883,10 +7936,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand.h
 +#endif
 +#endif
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,371 @@
+diff -up openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rand_selftest.c
+--- openssl-1.0.0/crypto/fips/fips_rand_selftest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_rand_selftest.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,373 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 + *
@@ -7938,7 +7991,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c
 +
 +#include <string.h>
 +#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include <openssl/rand.h>
 +#include <openssl/fips_rand.h>
 +
@@ -8258,9 +8313,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rand_selftest.c
 +	}
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_randtest.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/fips_randtest.c.fips openssl-1.0.0/crypto/fips/fips_randtest.c
+--- openssl-1.0.0/crypto/fips/fips_randtest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_randtest.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,248 @@
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 + * All rights reserved.
@@ -8510,10 +8565,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_randtest.c
 +	}
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,439 @@
+diff -up openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips openssl-1.0.0/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.0/crypto/fips/fips_rsa_selftest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_rsa_selftest.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,441 @@
 +/* ====================================================================
 + * Copyright (c) 2003-2007 The OpenSSL Project.  All rights reserved.
 + *
@@ -8565,7 +8620,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c
 +
 +#include <string.h>
 +#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include <openssl/rsa.h>
 +#include <openssl/evp.h>
 +#include <openssl/bn.h>
@@ -8953,9 +9010,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_selftest.c
 +	}
 +
 +#endif /* def OPENSSL_FIPS */
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips openssl-1.0.0/crypto/fips/fips_rsa_x931g.c
+--- openssl-1.0.0/crypto/fips/fips_rsa_x931g.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_rsa_x931g.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,281 @@
 +/* crypto/rsa/rsa_gen.c */
 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@@ -9238,10 +9295,10 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_rsa_x931g.c
 +	return 0;
 +
 +	}
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -0,0 +1,97 @@
+diff -up openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips openssl-1.0.0/crypto/fips/fips_sha1_selftest.c
+--- openssl-1.0.0/crypto/fips/fips_sha1_selftest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_sha1_selftest.c	2010-03-30 10:33:46.000000000 +0200
+@@ -0,0 +1,99 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
 + *
@@ -9293,7 +9350,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c
 +
 +#include <string.h>
 +#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
 +#include <openssl/evp.h>
 +#include <openssl/sha.h>
 +
@@ -9339,9 +9398,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_sha1_selftest.c
 +    }
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips openssl-1.0.0/crypto/fips/fips_standalone_sha1.c
+--- openssl-1.0.0/crypto/fips/fips_standalone_sha1.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_standalone_sha1.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,173 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -9516,9 +9575,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_standalone_sha1.c
 +    }
 +
 +
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/fips_test_suite.c.fips openssl-1.0.0/crypto/fips/fips_test_suite.c
+--- openssl-1.0.0/crypto/fips/fips_test_suite.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/fips_test_suite.c	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,588 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -10108,9 +10167,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/fips_test_suite.c
 +    }
 +
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips_locl.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips_locl.h.fips openssl-1.0.0/crypto/fips_locl.h
+--- openssl-1.0.0/crypto/fips_locl.h.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips_locl.h	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,72 @@
 +/* ====================================================================
 + * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -10184,9 +10243,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips_locl.h
 +}
 +#endif
 +#endif
-diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/fips/Makefile	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/fips/Makefile.fips openssl-1.0.0/crypto/fips/Makefile
+--- openssl-1.0.0/crypto/fips/Makefile.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/fips/Makefile	2010-03-30 10:33:46.000000000 +0200
 @@ -0,0 +1,81 @@
 +#
 +# OpenSSL/crypto/fips/Makefile
@@ -10269,9 +10328,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/fips/Makefile
 +
 +# DO NOT DELETE THIS LINE -- make depend depends on it.
 +
-diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/hmac/hmac.c
---- openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips	2008-11-12 04:58:02.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/hmac/hmac.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/hmac/hmac.c.fips openssl-1.0.0/crypto/hmac/hmac.c
+--- openssl-1.0.0/crypto/hmac/hmac.c.fips	2010-01-26 15:33:52.000000000 +0100
++++ openssl-1.0.0/crypto/hmac/hmac.c	2010-03-30 10:33:46.000000000 +0200
 @@ -77,6 +77,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
  
  	if (key != NULL)
@@ -10286,31 +10345,9 @@ diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.c.fips openssl-1.0.0-beta4/crypto/
  		reset=1;
  		j=EVP_MD_block_size(md);
  		OPENSSL_assert(j <= (int)sizeof(ctx->key));
-@@ -209,3 +216,10 @@ unsigned char *HMAC(const EVP_MD *evp_md
- 	return NULL;
- 	}
- 
-+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-+	{
-+	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-+	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-+	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-+	}
-+
-diff -up openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips openssl-1.0.0-beta4/crypto/hmac/hmac.h
---- openssl-1.0.0-beta4/crypto/hmac/hmac.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/hmac/hmac.h	2009-11-12 12:36:50.000000000 +0100
-@@ -101,6 +101,7 @@ unsigned char *HMAC(const EVP_MD *evp_md
- 		    unsigned int *md_len);
- int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
- 
-+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
- 
- #ifdef  __cplusplus
- }
-diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Makefile
---- openssl-1.0.0-beta4/crypto/Makefile.fips	2009-04-06 16:31:35.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/Makefile	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/Makefile.fips openssl-1.0.0/crypto/Makefile
+--- openssl-1.0.0/crypto/Makefile.fips	2009-04-06 16:31:35.000000000 +0200
++++ openssl-1.0.0/crypto/Makefile	2010-03-30 10:34:41.000000000 +0200
 @@ -34,14 +34,14 @@ GENERAL=Makefile README crypto-lib.com i
  
  LIB= $(TOP)/libcrypto.a
@@ -10329,9 +10366,9 @@ diff -up openssl-1.0.0-beta4/crypto/Makefile.fips openssl-1.0.0-beta4/crypto/Mak
  
  ALL=    $(GENERAL) $(SRC) $(HEADER)
  
-diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c
---- openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips	2004-07-25 21:10:41.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0/crypto/mdc2/mdc2dgst.c
+--- openssl-1.0.0/crypto/mdc2/mdc2dgst.c.fips	2004-07-25 21:10:41.000000000 +0200
++++ openssl-1.0.0/crypto/mdc2/mdc2dgst.c	2010-03-30 10:34:41.000000000 +0200
 @@ -61,6 +61,11 @@
  #include <string.h>
  #include <openssl/des.h>
@@ -10353,9 +10390,9 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2dgst.c.fips openssl-1.0.0-beta4/cry
  	{
  	c->num=0;
  	c->pad_type=1;
-diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/mdc2/mdc2.h
---- openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips	2009-11-12 12:36:50.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/mdc2/mdc2.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/mdc2/mdc2.h.fips openssl-1.0.0/crypto/mdc2/mdc2.h
+--- openssl-1.0.0/crypto/mdc2/mdc2.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/mdc2/mdc2.h	2010-03-30 10:34:41.000000000 +0200
 @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st
  	int pad_type; /* either 1 or 2, default 1 */
  	} MDC2_CTX;
@@ -10367,9 +10404,9 @@ diff -up openssl-1.0.0-beta4/crypto/mdc2/mdc2.h.fips openssl-1.0.0-beta4/crypto/
  int MDC2_Init(MDC2_CTX *c);
  int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
  int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/crypto/md2/md2_dgst.c
---- openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips	2007-08-31 12:12:35.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/md2/md2_dgst.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/md2/md2_dgst.c.fips openssl-1.0.0/crypto/md2/md2_dgst.c
+--- openssl-1.0.0/crypto/md2/md2_dgst.c.fips	2007-08-31 12:12:35.000000000 +0200
++++ openssl-1.0.0/crypto/md2/md2_dgst.c	2010-03-30 10:34:41.000000000 +0200
 @@ -62,6 +62,11 @@
  #include <openssl/md2.h>
  #include <openssl/opensslv.h>
@@ -10391,9 +10428,9 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2_dgst.c.fips openssl-1.0.0-beta4/cryp
  	{
  	c->num=0;
  	memset(c->state,0,sizeof c->state);
-diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md2/md2.h
---- openssl-1.0.0-beta4/crypto/md2/md2.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md2/md2.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/md2/md2.h.fips openssl-1.0.0/crypto/md2/md2.h
+--- openssl-1.0.0/crypto/md2/md2.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/md2/md2.h	2010-03-30 10:34:41.000000000 +0200
 @@ -81,6 +81,9 @@ typedef struct MD2state_st
  	} MD2_CTX;
  
@@ -10404,9 +10441,9 @@ diff -up openssl-1.0.0-beta4/crypto/md2/md2.h.fips openssl-1.0.0-beta4/crypto/md
  int MD2_Init(MD2_CTX *c);
  int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
  int MD2_Final(unsigned char *md, MD2_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/crypto/md4/md4_dgst.c
---- openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips	2007-01-21 14:07:11.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md4/md4_dgst.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/md4/md4_dgst.c.fips openssl-1.0.0/crypto/md4/md4_dgst.c
+--- openssl-1.0.0/crypto/md4/md4_dgst.c.fips	2007-01-21 14:07:11.000000000 +0100
++++ openssl-1.0.0/crypto/md4/md4_dgst.c	2010-03-30 10:34:41.000000000 +0200
 @@ -59,6 +59,11 @@
  #include <stdio.h>
  #include "md4_locl.h"
@@ -10428,9 +10465,9 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4_dgst.c.fips openssl-1.0.0-beta4/cryp
  	{
  	memset (c,0,sizeof(*c));
  	c->A=INIT_DATA_A;
-diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md4/md4.h
---- openssl-1.0.0-beta4/crypto/md4/md4.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md4/md4.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/md4/md4.h.fips openssl-1.0.0/crypto/md4/md4.h
+--- openssl-1.0.0/crypto/md4/md4.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/md4/md4.h	2010-03-30 10:34:41.000000000 +0200
 @@ -105,6 +105,9 @@ typedef struct MD4state_st
  	unsigned int num;
  	} MD4_CTX;
@@ -10441,9 +10478,9 @@ diff -up openssl-1.0.0-beta4/crypto/md4/md4.h.fips openssl-1.0.0-beta4/crypto/md
  int MD4_Init(MD4_CTX *c);
  int MD4_Update(MD4_CTX *c, const void *data, size_t len);
  int MD4_Final(unsigned char *md, MD4_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/crypto/md5/md5_dgst.c
---- openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips	2007-01-21 14:07:11.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md5/md5_dgst.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/md5/md5_dgst.c.fips openssl-1.0.0/crypto/md5/md5_dgst.c
+--- openssl-1.0.0/crypto/md5/md5_dgst.c.fips	2007-01-21 14:07:11.000000000 +0100
++++ openssl-1.0.0/crypto/md5/md5_dgst.c	2010-03-30 10:34:41.000000000 +0200
 @@ -59,6 +59,11 @@
  #include <stdio.h>
  #include "md5_locl.h"
@@ -10465,9 +10502,9 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5_dgst.c.fips openssl-1.0.0-beta4/cryp
  	{
  	memset (c,0,sizeof(*c));
  	c->A=INIT_DATA_A;
-diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md5/md5.h
---- openssl-1.0.0-beta4/crypto/md5/md5.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/md5/md5.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/md5/md5.h.fips openssl-1.0.0/crypto/md5/md5.h
+--- openssl-1.0.0/crypto/md5/md5.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/md5/md5.h	2010-03-30 10:34:41.000000000 +0200
 @@ -105,6 +105,9 @@ typedef struct MD5state_st
  	unsigned int num;
  	} MD5_CTX;
@@ -10478,9 +10515,9 @@ diff -up openssl-1.0.0-beta4/crypto/md5/md5.h.fips openssl-1.0.0-beta4/crypto/md
  int MD5_Init(MD5_CTX *c);
  int MD5_Update(MD5_CTX *c, const void *data, size_t len);
  int MD5_Final(unsigned char *md, MD5_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c
---- openssl-1.0.0-beta4/crypto/mem.c.fips	2008-11-12 04:57:47.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/mem.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/mem.c.fips openssl-1.0.0/crypto/mem.c
+--- openssl-1.0.0/crypto/mem.c.fips	2008-11-12 04:57:47.000000000 +0100
++++ openssl-1.0.0/crypto/mem.c	2010-03-30 10:34:41.000000000 +0200
 @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) 
  
  /* may be changed as long as 'allow_customize_debug' is set */
@@ -10490,9 +10527,9 @@ diff -up openssl-1.0.0-beta4/crypto/mem.c.fips openssl-1.0.0-beta4/crypto/mem.c
  /* use default functions from mem_dbg.c */
  static void (*malloc_debug_func)(void *,int,const char *,int,int)
  	= CRYPTO_dbg_malloc;
-diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/o_init.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/o_init.c.fips openssl-1.0.0/crypto/o_init.c
+--- openssl-1.0.0/crypto/o_init.c.fips	2010-03-30 10:34:41.000000000 +0200
++++ openssl-1.0.0/crypto/o_init.c	2010-03-30 10:34:41.000000000 +0200
 @@ -0,0 +1,80 @@
 +/* o_init.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -10574,9 +10611,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/o_init.c
 +	}
 +		
 +
-diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/crypto/opensslconf.h.in
---- openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips	2005-12-16 11:37:23.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/opensslconf.h.in	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/opensslconf.h.in.fips openssl-1.0.0/crypto/opensslconf.h.in
+--- openssl-1.0.0/crypto/opensslconf.h.in.fips	2005-12-16 11:37:23.000000000 +0100
++++ openssl-1.0.0/crypto/opensslconf.h.in	2010-03-30 10:34:41.000000000 +0200
 @@ -1,5 +1,20 @@
  /* crypto/opensslconf.h.in */
  
@@ -10598,9 +10635,9 @@ diff -up openssl-1.0.0-beta4/crypto/opensslconf.h.in.fips openssl-1.0.0-beta4/cr
  /* Generate 80386 code? */
  #undef I386_ONLY
  
-diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c
---- openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips	2009-03-09 14:08:04.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0/crypto/pkcs12/p12_crt.c
+--- openssl-1.0.0/crypto/pkcs12/p12_crt.c.fips	2009-03-09 14:08:04.000000000 +0100
++++ openssl-1.0.0/crypto/pkcs12/p12_crt.c	2010-03-30 10:34:41.000000000 +0200
 @@ -59,6 +59,10 @@
  #include <stdio.h>
  #include "cryptlib.h"
@@ -10627,9 +10664,9 @@ diff -up openssl-1.0.0-beta4/crypto/pkcs12/p12_crt.c.fips openssl-1.0.0-beta4/cr
  	if (!nid_key)
  		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
  	if (!iter)
-diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/crypto/rand/md_rand.c
---- openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips	2009-01-03 10:25:32.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/md_rand.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rand/md_rand.c.fips openssl-1.0.0/crypto/rand/md_rand.c
+--- openssl-1.0.0/crypto/rand/md_rand.c.fips	2009-01-03 10:25:32.000000000 +0100
++++ openssl-1.0.0/crypto/rand/md_rand.c	2010-03-30 10:34:41.000000000 +0200
 @@ -126,6 +126,10 @@
  
  #include <openssl/crypto.h>
@@ -10656,9 +10693,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/md_rand.c.fips openssl-1.0.0-beta4/cryp
  #ifdef PREDICT
  	if (rand_predictable)
  		{
-diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/crypto/rand/rand_err.c
---- openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips	2006-11-21 22:29:41.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/rand_err.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rand/rand_err.c.fips openssl-1.0.0/crypto/rand/rand_err.c
+--- openssl-1.0.0/crypto/rand/rand_err.c.fips	2006-11-21 22:29:41.000000000 +0100
++++ openssl-1.0.0/crypto/rand/rand_err.c	2010-03-30 10:34:41.000000000 +0200
 @@ -70,6 +70,13 @@
  
  static ERR_STRING_DATA RAND_str_functs[]=
@@ -10691,9 +10728,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_err.c.fips openssl-1.0.0-beta4/cry
  {0,NULL}
  	};
  
-diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/rand/rand.h
---- openssl-1.0.0-beta4/crypto/rand/rand.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/rand.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rand/rand.h.fips openssl-1.0.0/crypto/rand/rand.h
+--- openssl-1.0.0/crypto/rand/rand.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/rand/rand.h	2010-03-30 10:34:41.000000000 +0200
 @@ -128,11 +128,28 @@ void ERR_load_RAND_strings(void);
  /* Error codes for the RAND functions. */
  
@@ -10723,9 +10760,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand.h.fips openssl-1.0.0-beta4/crypto/
  
  #ifdef  __cplusplus
  }
-diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/crypto/rand/rand_lib.c
---- openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips	2008-11-12 04:58:04.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rand/rand_lib.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rand/rand_lib.c.fips openssl-1.0.0/crypto/rand/rand_lib.c
+--- openssl-1.0.0/crypto/rand/rand_lib.c.fips	2008-11-12 04:58:04.000000000 +0100
++++ openssl-1.0.0/crypto/rand/rand_lib.c	2010-03-30 10:34:41.000000000 +0200
 @@ -60,6 +60,12 @@
  #include <time.h>
  #include "cryptlib.h"
@@ -10759,9 +10796,9 @@ diff -up openssl-1.0.0-beta4/crypto/rand/rand_lib.c.fips openssl-1.0.0-beta4/cry
  	return default_RAND_meth;
  	}
  
-diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc2/rc2.h
---- openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc2/rc2.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc2/rc2.h.fips openssl-1.0.0/crypto/rc2/rc2.h
+--- openssl-1.0.0/crypto/rc2/rc2.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/rc2/rc2.h	2010-03-30 10:34:41.000000000 +0200
 @@ -79,7 +79,9 @@ typedef struct rc2_key_st
  	RC2_INT data[64];
  	} RC2_KEY;
@@ -10773,9 +10810,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2.h.fips openssl-1.0.0-beta4/crypto/rc
  void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
  void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
  		     int enc);
-diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c
---- openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips	2007-09-18 23:10:32.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc2/rc2_skey.c.fips openssl-1.0.0/crypto/rc2/rc2_skey.c
+--- openssl-1.0.0/crypto/rc2/rc2_skey.c.fips	2007-09-18 23:10:32.000000000 +0200
++++ openssl-1.0.0/crypto/rc2/rc2_skey.c	2010-03-30 10:34:41.000000000 +0200
 @@ -57,6 +57,11 @@
   */
  
@@ -10809,9 +10846,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc2/rc2_skey.c.fips openssl-1.0.0-beta4/cryp
  	int i,j;
  	unsigned char *k;
  	RC2_INT *ki;
-diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl
---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips	2009-02-12 15:48:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl
+--- openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl.fips	2009-02-12 15:48:49.000000000 +0100
++++ openssl-1.0.0/crypto/rc4/asm/rc4-s390x.pl	2010-03-30 10:34:41.000000000 +0200
 @@ -202,4 +202,6 @@ RC4_options:
  .string	"rc4(8x,char)"
  ___
@@ -10819,9 +10856,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-s390x.pl.fips openssl-1.0.0-beta
 +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPS} ne "");
 +
  print $code;
-diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl
---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips	2009-04-27 21:31:04.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl
+--- openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl.fips	2009-04-27 21:31:04.000000000 +0200
++++ openssl-1.0.0/crypto/rc4/asm/rc4-x86_64.pl	2010-03-30 10:34:41.000000000 +0200
 @@ -499,6 +499,8 @@ ___
  
  $code =~ s/#([bwd])/$1/gm;
@@ -10831,9 +10868,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-x86_64.pl.fips openssl-1.0.0-bet
  print $code;
  
  close STDOUT;
-diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl
---- openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips	2007-12-02 22:32:03.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0/crypto/rc4/asm/rc4-586.pl
+--- openssl-1.0.0/crypto/rc4/asm/rc4-586.pl.fips	2007-12-02 22:32:03.000000000 +0100
++++ openssl-1.0.0/crypto/rc4/asm/rc4-586.pl	2010-03-30 10:34:41.000000000 +0200
 @@ -166,8 +166,12 @@ $idx="edx";
  
  &external_label("OPENSSL_ia32cap_P");
@@ -10857,9 +10894,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/asm/rc4-586.pl.fips openssl-1.0.0-beta4/
  
  # const char *RC4_options(void);
  &function_begin_B("RC4_options");
-diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto/rc4/Makefile
---- openssl-1.0.0-beta4/crypto/rc4/Makefile.fips	2009-02-11 11:01:36.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/Makefile	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc4/Makefile.fips openssl-1.0.0/crypto/rc4/Makefile
+--- openssl-1.0.0/crypto/rc4/Makefile.fips	2009-02-11 11:01:36.000000000 +0100
++++ openssl-1.0.0/crypto/rc4/Makefile	2010-03-30 10:34:41.000000000 +0200
 @@ -21,8 +21,8 @@ TEST=rc4test.c
  APPS=
  
@@ -10871,9 +10908,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/Makefile.fips openssl-1.0.0-beta4/crypto
  
  SRC= $(LIBSRC)
  
-diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c
---- /dev/null	2009-11-04 12:00:58.801002276 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips openssl-1.0.0/crypto/rc4/rc4_fblk.c
+--- openssl-1.0.0/crypto/rc4/rc4_fblk.c.fips	2010-03-30 10:34:41.000000000 +0200
++++ openssl-1.0.0/crypto/rc4/rc4_fblk.c	2010-03-30 10:34:41.000000000 +0200
 @@ -0,0 +1,75 @@
 +/* crypto/rc4/rc4_fblk.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@@ -10950,9 +10987,9 @@ diff -up /dev/null openssl-1.0.0-beta4/crypto/rc4/rc4_fblk.c
 +	}
 +#endif
 +
-diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc4/rc4.h
---- openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips	2009-11-12 12:36:50.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/rc4.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc4/rc4.h.fips openssl-1.0.0/crypto/rc4/rc4.h
+--- openssl-1.0.0/crypto/rc4/rc4.h.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/crypto/rc4/rc4.h	2010-03-30 10:34:41.000000000 +0200
 @@ -78,6 +78,9 @@ typedef struct rc4_key_st
  
   
@@ -10963,9 +11000,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4.h.fips openssl-1.0.0-beta4/crypto/rc
  void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
  void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
  		unsigned char *outdata);
-diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c
---- openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips	2007-01-21 14:07:13.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rc4/rc4_skey.c.fips openssl-1.0.0/crypto/rc4/rc4_skey.c
+--- openssl-1.0.0/crypto/rc4/rc4_skey.c.fips	2007-01-21 14:07:13.000000000 +0100
++++ openssl-1.0.0/crypto/rc4/rc4_skey.c	2010-03-30 10:34:41.000000000 +0200
 @@ -59,6 +59,11 @@
  #include <openssl/rc4.h>
  #include "rc4_locl.h"
@@ -11003,9 +11040,9 @@ diff -up openssl-1.0.0-beta4/crypto/rc4/rc4_skey.c.fips openssl-1.0.0-beta4/cryp
  			unsigned char *cp=(unsigned char *)d;
  
  			for (i=0;i<256;i++) cp[i]=i;
-diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/crypto/ripemd/ripemd.h
---- openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips	2009-11-12 12:36:50.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/ripemd/ripemd.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/ripemd/ripemd.h.fips openssl-1.0.0/crypto/ripemd/ripemd.h
+--- openssl-1.0.0/crypto/ripemd/ripemd.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/ripemd/ripemd.h	2010-03-30 10:34:41.000000000 +0200
 @@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st
  	unsigned int   num;
  	} RIPEMD160_CTX;
@@ -11016,9 +11053,9 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/ripemd.h.fips openssl-1.0.0-beta4/cry
  int RIPEMD160_Init(RIPEMD160_CTX *c);
  int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
  int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c
---- openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips	2007-01-21 14:07:13.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0/crypto/ripemd/rmd_dgst.c
+--- openssl-1.0.0/crypto/ripemd/rmd_dgst.c.fips	2007-01-21 14:07:13.000000000 +0100
++++ openssl-1.0.0/crypto/ripemd/rmd_dgst.c	2010-03-30 10:34:41.000000000 +0200
 @@ -59,6 +59,11 @@
  #include <stdio.h>
  #include "rmd_locl.h"
@@ -11040,19 +11077,21 @@ diff -up openssl-1.0.0-beta4/crypto/ripemd/rmd_dgst.c.fips openssl-1.0.0-beta4/c
  	{
  	memset (c,0,sizeof(*c));
  	c->A=RIPEMD160_A;
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips	2008-09-14 15:51:44.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c	2009-11-12 12:36:50.000000000 +0100
-@@ -114,6 +114,8 @@
+diff -up openssl-1.0.0/crypto/rsa/rsa_eay.c.fips openssl-1.0.0/crypto/rsa/rsa_eay.c
+--- openssl-1.0.0/crypto/rsa/rsa_eay.c.fips	2008-09-14 15:51:44.000000000 +0200
++++ openssl-1.0.0/crypto/rsa/rsa_eay.c	2010-03-30 10:34:41.000000000 +0200
+@@ -114,6 +114,10 @@
  #include <openssl/bn.h>
  #include <openssl/rsa.h>
  #include <openssl/rand.h>
 +#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
++#endif
  
  #ifndef RSA_NULL
  
-@@ -138,7 +140,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
+@@ -138,7 +142,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
  	BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
  	RSA_eay_init,
  	RSA_eay_finish,
@@ -11061,7 +11100,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  	NULL,
  	0, /* rsa_sign */
  	0, /* rsa_verify */
-@@ -150,6 +152,16 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
+@@ -150,6 +154,16 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
  	return(&rsa_pkcs1_eay_meth);
  	}
  
@@ -11078,7 +11117,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
  	     unsigned char *to, RSA *rsa, int padding)
  	{
-@@ -158,6 +170,23 @@ static int RSA_eay_public_encrypt(int fl
+@@ -158,6 +172,23 @@ static int RSA_eay_public_encrypt(int fl
  	unsigned char *buf=NULL;
  	BN_CTX *ctx=NULL;
  
@@ -11102,7 +11141,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
  		{
  		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
-@@ -223,9 +252,7 @@ static int RSA_eay_public_encrypt(int fl
+@@ -223,9 +254,7 @@ static int RSA_eay_public_encrypt(int fl
  		goto err;
  		}
  
@@ -11113,7 +11152,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  
  	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
  		rsa->_method_mod_n)) goto err;
-@@ -355,6 +382,23 @@ static int RSA_eay_private_encrypt(int f
+@@ -355,6 +384,23 @@ static int RSA_eay_private_encrypt(int f
  	int local_blinding = 0;
  	BN_BLINDING *blinding = NULL;
  
@@ -11137,7 +11176,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  	if ((ctx=BN_CTX_new()) == NULL) goto err;
  	BN_CTX_start(ctx);
  	f   = BN_CTX_get(ctx);
-@@ -432,9 +476,7 @@ static int RSA_eay_private_encrypt(int f
+@@ -432,9 +478,7 @@ static int RSA_eay_private_encrypt(int f
  		else
  			d= rsa->d;
  
@@ -11148,7 +11187,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  
  		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
  				rsa->_method_mod_n)) goto err;
-@@ -488,6 +530,23 @@ static int RSA_eay_private_decrypt(int f
+@@ -488,6 +532,23 @@ static int RSA_eay_private_decrypt(int f
  	int local_blinding = 0;
  	BN_BLINDING *blinding = NULL;
  
@@ -11172,7 +11211,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  	if((ctx = BN_CTX_new()) == NULL) goto err;
  	BN_CTX_start(ctx);
  	f   = BN_CTX_get(ctx);
-@@ -555,9 +614,7 @@ static int RSA_eay_private_decrypt(int f
+@@ -555,9 +616,7 @@ static int RSA_eay_private_decrypt(int f
  		else
  			d = rsa->d;
  
@@ -11183,7 +11222,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
  				rsa->_method_mod_n))
  		  goto err;
-@@ -617,6 +674,23 @@ static int RSA_eay_public_decrypt(int fl
+@@ -617,6 +676,23 @@ static int RSA_eay_public_decrypt(int fl
  	unsigned char *buf=NULL;
  	BN_CTX *ctx=NULL;
  
@@ -11207,7 +11246,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
  		{
  		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
-@@ -667,9 +741,7 @@ static int RSA_eay_public_decrypt(int fl
+@@ -667,9 +743,7 @@ static int RSA_eay_public_decrypt(int fl
  		goto err;
  		}
  
@@ -11218,7 +11257,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  
  	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
  		rsa->_method_mod_n)) goto err;
-@@ -717,6 +789,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
+@@ -717,6 +791,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
  	BIGNUM *r1,*m1,*vrfy;
  	BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
  	BIGNUM *dmp1,*dmq1,*c,*pr1;
@@ -11226,7 +11265,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  	int ret=0;
  
  	BN_CTX_start(ctx);
-@@ -724,41 +797,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
+@@ -724,41 +799,31 @@ static int RSA_eay_mod_exp(BIGNUM *r0, c
  	m1 = BN_CTX_get(ctx);
  	vrfy = BN_CTX_get(ctx);
  
@@ -11291,7 +11330,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  
  	/* compute I mod q */
  	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-@@ -875,6 +938,9 @@ err:
+@@ -875,6 +940,9 @@ err:
  
  static int RSA_eay_init(RSA *rsa)
  	{
@@ -11301,9 +11340,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_eay.c.fips openssl-1.0.0-beta4/crypt
  	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
  	return(1);
  	}
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_err.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips	2008-12-29 17:11:56.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_err.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rsa/rsa_err.c.fips openssl-1.0.0/crypto/rsa/rsa_err.c
+--- openssl-1.0.0/crypto/rsa/rsa_err.c.fips	2008-12-29 17:11:56.000000000 +0100
++++ openssl-1.0.0/crypto/rsa/rsa_err.c	2010-03-30 10:34:41.000000000 +0200
 @@ -111,8 +111,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
  {ERR_FUNC(RSA_F_RSA_PRINT_FP),	"RSA_print_fp"},
  {ERR_FUNC(RSA_F_RSA_PRIV_DECODE),	"RSA_PRIV_DECODE"},
@@ -11330,9 +11369,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_err.c.fips openssl-1.0.0-beta4/crypt
  {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
  {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
  {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips	2007-03-28 02:15:27.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rsa/rsa_gen.c.fips openssl-1.0.0/crypto/rsa/rsa_gen.c
+--- openssl-1.0.0/crypto/rsa/rsa_gen.c.fips	2007-03-28 02:15:27.000000000 +0200
++++ openssl-1.0.0/crypto/rsa/rsa_gen.c	2010-03-30 10:34:41.000000000 +0200
 @@ -67,6 +67,82 @@
  #include "cryptlib.h"
  #include <openssl/bn.h>
@@ -11458,9 +11497,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_gen.c.fips openssl-1.0.0-beta4/crypt
  	ok=1;
  err:
  	if (ok == -1)
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rsa/rsa.h
---- openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rsa/rsa.h.fips openssl-1.0.0/crypto/rsa/rsa.h
+--- openssl-1.0.0/crypto/rsa/rsa.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/rsa/rsa.h	2010-03-30 10:34:41.000000000 +0200
 @@ -74,6 +74,21 @@
  #error RSA is disabled.
  #endif
@@ -11530,9 +11569,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa.h.fips openssl-1.0.0-beta4/crypto/rs
  #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
  #define RSA_R_PADDING_CHECK_FAILED			 114
  #define RSA_R_P_NOT_PRIME				 128
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips	2009-08-05 17:04:16.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rsa/rsa_lib.c.fips openssl-1.0.0/crypto/rsa/rsa_lib.c
+--- openssl-1.0.0/crypto/rsa/rsa_lib.c.fips	2009-12-09 14:38:20.000000000 +0100
++++ openssl-1.0.0/crypto/rsa/rsa_lib.c	2010-03-30 10:34:41.000000000 +0200
 @@ -80,6 +80,13 @@ RSA *RSA_new(void)
  
  void RSA_set_default_method(const RSA_METHOD *meth)
@@ -11580,7 +11619,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt
  
  	ret->pad=0;
  	ret->version=0;
-@@ -285,6 +311,13 @@ int RSA_public_encrypt(int flen, const u
+@@ -294,6 +320,13 @@ int RSA_public_encrypt(int flen, const u
  int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
  	     RSA *rsa, int padding)
  	{
@@ -11594,7 +11633,7 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt
  	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
  	}
  
-@@ -297,6 +330,13 @@ int RSA_private_decrypt(int flen, const 
+@@ -306,6 +339,13 @@ int RSA_private_decrypt(int flen, const 
  int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
  	     RSA *rsa, int padding)
  	{
@@ -11608,9 +11647,9 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_lib.c.fips openssl-1.0.0-beta4/crypt
  	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
  	}
  
-diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c
---- openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips	2007-04-24 03:05:42.000000000 +0200
-+++ openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/rsa/rsa_sign.c.fips openssl-1.0.0/crypto/rsa/rsa_sign.c
+--- openssl-1.0.0/crypto/rsa/rsa_sign.c.fips	2007-04-24 03:05:42.000000000 +0200
++++ openssl-1.0.0/crypto/rsa/rsa_sign.c	2010-03-30 10:34:41.000000000 +0200
 @@ -130,7 +130,8 @@ int RSA_sign(int type, const unsigned ch
  		i2d_X509_SIG(&sig,&p);
  		s=tmps;
@@ -11642,9 +11681,54 @@ diff -up openssl-1.0.0-beta4/crypto/rsa/rsa_sign.c.fips openssl-1.0.0-beta4/cryp
  
  	if (i <= 0) goto err;
  
-diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha_dgst.c
---- openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips	2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha_dgst.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/seed/seed.c.fips openssl-1.0.0/crypto/seed/seed.c
+--- openssl-1.0.0/crypto/seed/seed.c.fips	2008-12-16 08:41:21.000000000 +0100
++++ openssl-1.0.0/crypto/seed/seed.c	2010-03-30 10:34:41.000000000 +0200
+@@ -34,6 +34,9 @@
+ 
+ #include <openssl/seed.h>
+ #include "seed_locl.h"
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+ static const seed_word SS[4][256] = {	{
+ 	0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+@@ -193,7 +196,18 @@ static const seed_word KC[] = {
+ 	KC8,	KC9,	KC10,	KC11,	KC12,	KC13,	KC14,	KC15	};
+ #endif
+ 
++#ifdef OPENSSL_FIPS
+ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
++        {
++        if (FIPS_mode())
++                FIPS_BAD_ABORT(SEED)
++        private_SEED_set_key(rawkey, ks);
++        }
++
++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
++#else
++void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
++#endif
+ {
+ 	seed_word x1, x2, x3, x4;
+ 	seed_word t0, t1;
+diff -up openssl-1.0.0/crypto/seed/seed.h.fips openssl-1.0.0/crypto/seed/seed.h
+--- openssl-1.0.0/crypto/seed/seed.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/seed/seed.h	2010-03-30 10:34:41.000000000 +0200
+@@ -117,6 +117,9 @@ typedef struct seed_key_st {
+ } SEED_KEY_SCHEDULE;
+ 
+ 
++#ifdef OPENSSL_FIPS
++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
++#endif
+ void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+ 
+ void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+diff -up openssl-1.0.0/crypto/sha/sha_dgst.c.fips openssl-1.0.0/crypto/sha/sha_dgst.c
+--- openssl-1.0.0/crypto/sha/sha_dgst.c.fips	2007-01-21 14:07:14.000000000 +0100
++++ openssl-1.0.0/crypto/sha/sha_dgst.c	2010-03-30 10:34:41.000000000 +0200
 @@ -57,6 +57,12 @@
   */
  
@@ -11658,9 +11742,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_dgst.c.fips openssl-1.0.0-beta4/cryp
  #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
  
  #undef  SHA_1
-diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sha/sha.h
---- openssl-1.0.0-beta4/crypto/sha/sha.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/sha/sha.h.fips openssl-1.0.0/crypto/sha/sha.h
+--- openssl-1.0.0/crypto/sha/sha.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/sha/sha.h	2010-03-30 10:34:41.000000000 +0200
 @@ -106,6 +106,9 @@ typedef struct SHAstate_st
  	} SHA_CTX;
  
@@ -11671,9 +11755,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha.h.fips openssl-1.0.0-beta4/crypto/sh
  int SHA_Init(SHA_CTX *c);
  int SHA_Update(SHA_CTX *c, const void *data, size_t len);
  int SHA_Final(unsigned char *md, SHA_CTX *c);
-diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/crypto/sha/sha_locl.h
---- openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips	2009-11-12 12:36:49.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha_locl.h	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/sha/sha_locl.h.fips openssl-1.0.0/crypto/sha/sha_locl.h
+--- openssl-1.0.0/crypto/sha/sha_locl.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/sha/sha_locl.h	2010-03-30 10:34:41.000000000 +0200
 @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, 
  #define INIT_DATA_h3 0x10325476UL
  #define INIT_DATA_h4 0xc3d2e1f0UL
@@ -11690,9 +11774,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha_locl.h.fips openssl-1.0.0-beta4/cryp
  	memset (c,0,sizeof(*c));
  	c->h0=INIT_DATA_h0;
  	c->h1=INIT_DATA_h1;
-diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/crypto/sha/sha1dgst.c
---- openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips	2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha1dgst.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/sha/sha1dgst.c.fips openssl-1.0.0/crypto/sha/sha1dgst.c
+--- openssl-1.0.0/crypto/sha/sha1dgst.c.fips	2007-01-21 14:07:14.000000000 +0100
++++ openssl-1.0.0/crypto/sha/sha1dgst.c	2010-03-30 10:34:41.000000000 +0200
 @@ -63,6 +63,10 @@
  #define SHA_1
  
@@ -11704,9 +11788,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha1dgst.c.fips openssl-1.0.0-beta4/cryp
  
  const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
  
-diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto/sha/sha256.c
---- openssl-1.0.0-beta4/crypto/sha/sha256.c.fips	2007-01-21 14:07:14.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha256.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/sha/sha256.c.fips openssl-1.0.0/crypto/sha/sha256.c
+--- openssl-1.0.0/crypto/sha/sha256.c.fips	2007-01-21 14:07:14.000000000 +0100
++++ openssl-1.0.0/crypto/sha/sha256.c	2010-03-30 10:34:41.000000000 +0200
 @@ -12,12 +12,19 @@
  
  #include <openssl/crypto.h>
@@ -11737,9 +11821,9 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha256.c.fips openssl-1.0.0-beta4/crypto
  	memset (c,0,sizeof(*c));
  	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;
  	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
-diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto/sha/sha512.c
---- openssl-1.0.0-beta4/crypto/sha/sha512.c.fips	2008-12-29 13:35:48.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/sha512.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/sha/sha512.c.fips openssl-1.0.0/crypto/sha/sha512.c
+--- openssl-1.0.0/crypto/sha/sha512.c.fips	2009-12-30 12:53:33.000000000 +0100
++++ openssl-1.0.0/crypto/sha/sha512.c	2010-03-30 10:34:41.000000000 +0200
 @@ -5,6 +5,10 @@
   * ====================================================================
   */
@@ -11771,18 +11855,39 @@ diff -up openssl-1.0.0-beta4/crypto/sha/sha512.c.fips openssl-1.0.0-beta4/crypto
  #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
  	/* maintain dword order required by assembler module */
  	unsigned int *h = (unsigned int *)c->h;
-@@ -380,7 +390,7 @@ static const SHA_LONG64 K512[80] = {
- 				((SHA_LONG64)hi)<<32|lo;	})
- #   endif
- #  elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
--#   define ROTR(a,n)	({ unsigned long ret;		\
-+#   define ROTR(a,n)	({ SHA_LONG64 ret;		\
- 				asm ("rotrdi %0,%1,%2"	\
- 				: "=r"(ret)		\
- 				: "r"(a),"K"(n)); ret;	})
-diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org
---- openssl-1.0.0-beta4/Makefile.org.fips	2009-11-12 12:36:50.000000000 +0100
-+++ openssl-1.0.0-beta4/Makefile.org	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips openssl-1.0.0/crypto/whrlpool/whrlpool.h
+--- openssl-1.0.0/crypto/whrlpool/whrlpool.h.fips	2010-03-30 10:33:45.000000000 +0200
++++ openssl-1.0.0/crypto/whrlpool/whrlpool.h	2010-03-30 10:34:41.000000000 +0200
+@@ -24,6 +24,9 @@ typedef struct	{
+ 	} WHIRLPOOL_CTX;
+ 
+ #ifndef OPENSSL_NO_WHIRLPOOL
++#ifdef OPENSSL_FIPS
++int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
++#endif
+ int WHIRLPOOL_Init	(WHIRLPOOL_CTX *c);
+ int WHIRLPOOL_Update	(WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
+ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
+diff -up openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips openssl-1.0.0/crypto/whrlpool/wp_dgst.c
+--- openssl-1.0.0/crypto/whrlpool/wp_dgst.c.fips	2008-12-29 13:35:49.000000000 +0100
++++ openssl-1.0.0/crypto/whrlpool/wp_dgst.c	2010-03-30 10:34:41.000000000 +0200
+@@ -53,8 +53,12 @@
+ 
+ #include "wp_locl.h"
+ #include <string.h>
++#include <openssl/err.h>
++#ifdef OPENSSL_FIPS
++#include <openssl/fips.h>
++#endif
+ 
+-int WHIRLPOOL_Init	(WHIRLPOOL_CTX *c)
++FIPS_NON_FIPS_MD_Init(WHIRLPOOL)
+ 	{
+ 	memset (c,0,sizeof(*c));
+ 	return(1);
+diff -up openssl-1.0.0/Makefile.org.fips openssl-1.0.0/Makefile.org
+--- openssl-1.0.0/Makefile.org.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/Makefile.org	2010-03-30 10:34:41.000000000 +0200
 @@ -110,6 +110,9 @@ LIBKRB5=
  ZLIB_INCLUDE=
  LIBZLIB=
@@ -11810,9 +11915,9 @@ diff -up openssl-1.0.0-beta4/Makefile.org.fips openssl-1.0.0-beta4/Makefile.org
  		THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
  # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
  # which in turn eliminates ambiguities in variable treatment with -e.
-diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_ciph.c
---- openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips	2009-09-13 01:18:09.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/ssl_ciph.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/ssl/ssl_ciph.c.fips openssl-1.0.0/ssl/ssl_ciph.c
+--- openssl-1.0.0/ssl/ssl_ciph.c.fips	2009-09-13 01:18:09.000000000 +0200
++++ openssl-1.0.0/ssl/ssl_ciph.c	2010-03-30 10:34:41.000000000 +0200
 @@ -727,6 +727,9 @@ static void ssl_cipher_collect_ciphers(c
  		    !(c->algorithm_auth & disabled_auth) &&
  		    !(c->algorithm_enc & disabled_enc) &&
@@ -11835,10 +11940,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_ciph.c.fips openssl-1.0.0-beta4/ssl/ssl_cip
  			{
  			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
  #ifdef CIPHER_DEBUG
-diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib.c
---- openssl-1.0.0-beta4/ssl/ssl_lib.c.fips	2009-10-16 15:41:52.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/ssl_lib.c	2009-11-12 12:36:50.000000000 +0100
-@@ -1471,6 +1471,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+diff -up openssl-1.0.0/ssl/ssl_lib.c.fips openssl-1.0.0/ssl/ssl_lib.c
+--- openssl-1.0.0/ssl/ssl_lib.c.fips	2010-02-17 20:43:46.000000000 +0100
++++ openssl-1.0.0/ssl/ssl_lib.c	2010-03-30 10:34:41.000000000 +0200
+@@ -1521,6 +1521,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
  		return(NULL);
  		}
  
@@ -11853,10 +11958,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssl_lib.c.fips openssl-1.0.0-beta4/ssl/ssl_lib.
  	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
  		{
  		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
-diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.c
---- openssl-1.0.0-beta4/ssl/ssltest.c.fips	2009-11-12 12:36:50.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/ssltest.c	2009-11-12 12:36:50.000000000 +0100
-@@ -265,6 +265,9 @@ static void sv_usage(void)
+diff -up openssl-1.0.0/ssl/ssltest.c.fips openssl-1.0.0/ssl/ssltest.c
+--- openssl-1.0.0/ssl/ssltest.c.fips	2010-03-30 10:33:46.000000000 +0200
++++ openssl-1.0.0/ssl/ssltest.c	2010-03-30 10:34:41.000000000 +0200
+@@ -268,6 +268,9 @@ static void sv_usage(void)
  	{
  	fprintf(stderr,"usage: ssltest [args ...]\n");
  	fprintf(stderr,"\n");
@@ -11866,7 +11971,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
  	fprintf(stderr," -server_auth  - check server certificate\n");
  	fprintf(stderr," -client_auth  - do client authentication\n");
  	fprintf(stderr," -proxy        - allow proxy certificates\n");
-@@ -484,6 +487,9 @@ int main(int argc, char *argv[])
+@@ -487,6 +490,9 @@ int main(int argc, char *argv[])
  #endif
  	STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
  	int test_cipherlist = 0;
@@ -11876,7 +11981,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
  
  	verbose = 0;
  	debug = 0;
-@@ -515,7 +521,16 @@ int main(int argc, char *argv[])
+@@ -518,7 +524,16 @@ int main(int argc, char *argv[])
  
  	while (argc >= 1)
  		{
@@ -11894,7 +11999,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
  			server_auth=1;
  		else if	(strcmp(*argv,"-client_auth") == 0)
  			client_auth=1;
-@@ -711,6 +726,20 @@ bad:
+@@ -714,6 +729,20 @@ bad:
  		EXIT(1);
  		}
  
@@ -11915,7 +12020,7 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
  	if (print_time)
  		{
  		if (!bio_pair)
-@@ -2153,12 +2182,12 @@ static int MS_CALLBACK app_verify_callba
+@@ -2156,12 +2185,12 @@ static int MS_CALLBACK app_verify_callba
  		}
  
  #ifndef OPENSSL_NO_X509_VERIFY
@@ -11930,10 +12035,10 @@ diff -up openssl-1.0.0-beta4/ssl/ssltest.c.fips openssl-1.0.0-beta4/ssl/ssltest.
  	if(s->version == TLS1_VERSION)
  		FIPS_allow_md5(0);
  # endif
-diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_clnt.c
---- openssl-1.0.0-beta4/ssl/s23_clnt.c.fips	2009-08-05 17:29:14.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/s23_clnt.c	2009-11-12 12:36:50.000000000 +0100
-@@ -335,6 +335,14 @@ static int ssl23_client_hello(SSL *s)
+diff -up openssl-1.0.0/ssl/s23_clnt.c.fips openssl-1.0.0/ssl/s23_clnt.c
+--- openssl-1.0.0/ssl/s23_clnt.c.fips	2010-02-16 15:20:40.000000000 +0100
++++ openssl-1.0.0/ssl/s23_clnt.c	2010-03-30 10:34:41.000000000 +0200
+@@ -334,6 +334,14 @@ static int ssl23_client_hello(SSL *s)
  			version_major = TLS1_VERSION_MAJOR;
  			version_minor = TLS1_VERSION_MINOR;
  			}
@@ -11948,7 +12053,7 @@ diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_cln
  		else if (version == SSL3_VERSION)
  			{
  			version_major = SSL3_VERSION_MAJOR;
-@@ -618,6 +626,14 @@ static int ssl23_get_server_hello(SSL *s
+@@ -617,6 +625,14 @@ static int ssl23_get_server_hello(SSL *s
  		if ((p[2] == SSL3_VERSION_MINOR) &&
  			!(s->options & SSL_OP_NO_SSLv3))
  			{
@@ -11963,10 +12068,10 @@ diff -up openssl-1.0.0-beta4/ssl/s23_clnt.c.fips openssl-1.0.0-beta4/ssl/s23_cln
  			s->version=SSL3_VERSION;
  			s->method=SSLv3_client_method();
  			}
-diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srvr.c
---- openssl-1.0.0-beta4/ssl/s23_srvr.c.fips	2008-06-03 04:48:34.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/s23_srvr.c	2009-11-12 12:36:50.000000000 +0100
-@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s)
+diff -up openssl-1.0.0/ssl/s23_srvr.c.fips openssl-1.0.0/ssl/s23_srvr.c
+--- openssl-1.0.0/ssl/s23_srvr.c.fips	2010-02-16 15:20:40.000000000 +0100
++++ openssl-1.0.0/ssl/s23_srvr.c	2010-03-30 10:34:41.000000000 +0200
+@@ -393,6 +393,15 @@ int ssl23_get_client_hello(SSL *s)
  			}
  		}
  
@@ -11982,9 +12087,9 @@ diff -up openssl-1.0.0-beta4/ssl/s23_srvr.c.fips openssl-1.0.0-beta4/ssl/s23_srv
  	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
  		{
  		/* we have SSLv3/TLSv1 in an SSLv2 header
-diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.c
---- openssl-1.0.0-beta4/ssl/s3_clnt.c.fips	2009-10-30 15:06:18.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/s3_clnt.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/ssl/s3_clnt.c.fips openssl-1.0.0/ssl/s3_clnt.c
+--- openssl-1.0.0/ssl/s3_clnt.c.fips	2010-02-28 01:24:24.000000000 +0100
++++ openssl-1.0.0/ssl/s3_clnt.c	2010-03-30 10:34:41.000000000 +0200
 @@ -156,6 +156,10 @@
  #include <openssl/objects.h>
  #include <openssl/evp.h>
@@ -11996,7 +12101,7 @@ diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.
  #ifndef OPENSSL_NO_DH
  #include <openssl/dh.h>
  #endif
-@@ -1530,6 +1534,8 @@ int ssl3_get_key_exchange(SSL *s)
+@@ -1546,6 +1550,8 @@ int ssl3_get_key_exchange(SSL *s)
  			q=md_buf;
  			for (num=2; num > 0; num--)
  				{
@@ -12005,9 +12110,9 @@ diff -up openssl-1.0.0-beta4/ssl/s3_clnt.c.fips openssl-1.0.0-beta4/ssl/s3_clnt.
  				EVP_DigestInit_ex(&md_ctx,(num == 2)
  					?s->ctx->md5:s->ctx->sha1, NULL);
  				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c
---- openssl-1.0.0-beta4/ssl/s3_enc.c.fips	2009-04-16 19:22:50.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/s3_enc.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/ssl/s3_enc.c.fips openssl-1.0.0/ssl/s3_enc.c
+--- openssl-1.0.0/ssl/s3_enc.c.fips	2009-04-16 19:22:50.000000000 +0200
++++ openssl-1.0.0/ssl/s3_enc.c	2010-03-30 10:34:41.000000000 +0200
 @@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *
  #endif
  	k=0;
@@ -12033,10 +12138,10 @@ diff -up openssl-1.0.0-beta4/ssl/s3_enc.c.fips openssl-1.0.0-beta4/ssl/s3_enc.c
  	EVP_MD_CTX_copy_ex(&ctx,d);
  	n=EVP_MD_CTX_size(&ctx);
  	if (n < 0)
-diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr.c
---- openssl-1.0.0-beta4/ssl/s3_srvr.c.fips	2009-10-30 14:22:44.000000000 +0100
-+++ openssl-1.0.0-beta4/ssl/s3_srvr.c	2009-11-12 12:36:50.000000000 +0100
-@@ -1679,6 +1679,8 @@ int ssl3_send_server_key_exchange(SSL *s
+diff -up openssl-1.0.0/ssl/s3_srvr.c.fips openssl-1.0.0/ssl/s3_srvr.c
+--- openssl-1.0.0/ssl/s3_srvr.c.fips	2010-02-28 00:04:10.000000000 +0100
++++ openssl-1.0.0/ssl/s3_srvr.c	2010-03-30 10:34:41.000000000 +0200
+@@ -1752,6 +1752,8 @@ int ssl3_send_server_key_exchange(SSL *s
  				j=0;
  				for (num=2; num > 0; num--)
  					{
@@ -12045,9 +12150,9 @@ diff -up openssl-1.0.0-beta4/ssl/s3_srvr.c.fips openssl-1.0.0-beta4/ssl/s3_srvr.
  					EVP_DigestInit_ex(&md_ctx,(num == 2)
  						?s->ctx->md5:s->ctx->sha1, NULL);
  					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-diff -up openssl-1.0.0-beta4/ssl/t1_enc.c.fips openssl-1.0.0-beta4/ssl/t1_enc.c
---- openssl-1.0.0-beta4/ssl/t1_enc.c.fips	2009-04-19 20:03:13.000000000 +0200
-+++ openssl-1.0.0-beta4/ssl/t1_enc.c	2009-11-12 12:36:50.000000000 +0100
+diff -up openssl-1.0.0/ssl/t1_enc.c.fips openssl-1.0.0/ssl/t1_enc.c
+--- openssl-1.0.0/ssl/t1_enc.c.fips	2009-04-19 20:03:13.000000000 +0200
++++ openssl-1.0.0/ssl/t1_enc.c	2010-03-30 10:34:41.000000000 +0200
 @@ -169,6 +169,8 @@ static void tls1_P_hash(const EVP_MD *md
  
  	HMAC_CTX_init(&ctx);
diff --git a/openssl-1.0.0-version.patch b/openssl-1.0.0-version.patch
new file mode 100644
index 0000000..adaea6a
--- /dev/null
+++ b/openssl-1.0.0-version.patch
@@ -0,0 +1,13 @@
+diff -up openssl-1.0.0/crypto/opensslv.h.version openssl-1.0.0/crypto/opensslv.h
+--- openssl-1.0.0/crypto/opensslv.h.version	2010-03-30 10:59:26.000000000 +0200
++++ openssl-1.0.0/crypto/opensslv.h	2010-03-30 11:00:52.000000000 +0200
+@@ -25,7 +25,8 @@
+  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+  *  major minor fix final patch/beta)
+  */
+-#define OPENSSL_VERSION_NUMBER	0x1000000fL
++/* we have to keep the version number to not break the abi */
++#define OPENSSL_VERSION_NUMBER	0x10000003L
+ #ifdef OPENSSL_FIPS
+ #define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0-fips 29 Mar 2010"
+ #else
diff --git a/openssl.spec b/openssl.spec
index 2729e7e..e946180 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -11,8 +11,6 @@
 # 1.0.0 soversion = 10
 %define soversion 10
 
-%define beta beta4
-
 # Number of threads to spawn when testing some threading fixes.
 %define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
 
@@ -23,10 +21,10 @@
 Summary: A general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.0
-Release: 0.16.%{beta}%{?dist}
+Release: 1%{?dist}
 # We remove certain patented algorithms from the openssl source tarball
 # with the hobble-openssl script which is included below.
-Source: openssl-%{version}-%{beta}-usa.tar.bz2
+Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
 Source6: make-dummy-cert
@@ -38,36 +36,30 @@ Source11: README.FIPS
 Patch0: openssl-1.0.0-beta4-redhat.patch
 Patch1: openssl-1.0.0-beta3-defaults.patch
 Patch3: openssl-1.0.0-beta3-soversion.patch
-Patch4: openssl-1.0.0-beta4-enginesdir.patch
+Patch4: openssl-1.0.0-beta5-enginesdir.patch
 Patch5: openssl-0.9.8a-no-rpath.patch
 Patch6: openssl-0.9.8b-test-use-localhost.patch
 # Bug fixes
 Patch23: openssl-1.0.0-beta4-default-paths.patch
-Patch24: openssl-1.0.0-beta4-binutils.patch
+Patch24: openssl-0.9.8j-bad-mime.patch
 # Functionality changes
 Patch32: openssl-0.9.8g-ia64.patch
 Patch33: openssl-1.0.0-beta4-ca-dir.patch
 Patch34: openssl-0.9.6-x509.patch
 Patch35: openssl-0.9.8j-version-add-engines.patch
-Patch38: openssl-1.0.0-beta3-cipher-change.patch
-Patch39: openssl-1.0.0-beta3-ipv6-apps.patch
-Patch40: openssl-1.0.0-beta4-fips.patch
+Patch38: openssl-1.0.0-beta5-cipher-change.patch
+Patch39: openssl-1.0.0-beta5-ipv6-apps.patch
+Patch40: openssl-1.0.0-fips.patch
 Patch41: openssl-1.0.0-beta3-fipscheck.patch
 Patch43: openssl-1.0.0-beta3-fipsmode.patch
 Patch44: openssl-1.0.0-beta3-fipsrng.patch
 Patch45: openssl-0.9.8j-env-nozlib.patch
-Patch47: openssl-0.9.8j-readme-warning.patch
-Patch48: openssl-0.9.8j-bad-mime.patch
+Patch47: openssl-1.0.0-beta5-readme-warning.patch
 Patch49: openssl-1.0.0-beta4-algo-doc.patch
 Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
-Patch51: openssl-1.0.0-beta4-version.patch
+Patch51: openssl-1.0.0-version.patch
+Patch52: openssl-1.0.0-beta4-aesni.patch
 # Backported fixes including security fixes
-Patch60: openssl-1.0.0-beta4-reneg.patch
-# This one is not backported but has to be applied after reneg patch
-Patch61: openssl-1.0.0-beta4-client-reneg.patch
-Patch62: openssl-1.0.0-beta4-backports.patch
-Patch63: openssl-1.0.0-beta4-reneg-err.patch
-Patch64: openssl-1.0.0-beta4-dtls-ipv6.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -117,7 +109,7 @@ package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.
 
 %prep
-%setup -q -n %{name}-%{version}-%{beta}
+%setup -q -n %{name}-%{version}
 
 %{SOURCE1} > /dev/null
 %patch0 -p1 -b .redhat
@@ -128,7 +120,7 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch6 -p1 -b .use-localhost
 
 %patch23 -p1 -b .default-paths
-%patch24 -p1 -b .binutils
+%patch24 -p1 -b .bad-mime
 
 %patch32 -p1 -b .ia64
 %patch33 -p1 -b .ca-dir
@@ -142,16 +134,10 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch44 -p1 -b .fipsrng
 %patch45 -p1 -b .env-nozlib
 %patch47 -p1 -b .warning
-%patch48 -p1 -b .bad-mime
 %patch49 -p1 -b .algo-doc
 %patch50 -p1 -b .dtls1-abi
 %patch51 -p1 -b .version
-
-%patch60 -p1 -b .reneg
-%patch61 -p1 -b .client-reneg
-%patch62 -p1 -b .backports
-%patch63 -p1 -b .reneg-err
-%patch64 -p1 -b .dtls-ipv6
+%patch52 -p1 -b .aesni
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -160,7 +146,7 @@ perl util/perlpath.pl `dirname %{__perl}`
 touch Makefile
 make TABLE PERL=%{__perl}
 
-%build 
+%build
 # Figure out which flags we want to use.
 # default
 sslarch=%{_os}-%{_arch}
@@ -250,12 +236,9 @@ make -C test apps tests
 install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
 make INSTALL_PREFIX=$RPM_BUILD_ROOT install
 make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs
-# OpenSSL install doesn't use correct _libdir on 64 bit archs
-[ "%{_libdir}" != /usr/lib ] && mv $RPM_BUILD_ROOT/usr/lib/lib*.so.%{soversion} $RPM_BUILD_ROOT%{_libdir}/
-mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl
+mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
 mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/
 rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
-mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
 rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
 for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
 	chmod 755 ${lib}
@@ -347,7 +330,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
-%files 
+%files
 %defattr(-,root,root)
 %doc FAQ LICENSE CHANGES NEWS INSTALL README
 %doc doc/c-indentation.el doc/openssl.txt
@@ -400,6 +383,33 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Mar 30 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
+- update to final 1.0.0 upstream release
+
+* Tue Feb 16 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.22.beta5
+- make TLS work in the FIPS mode
+
+* Fri Feb 12 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.21.beta5
+- gracefully handle zero length in assembler implementations of
+  OPENSSL_cleanse (#564029)
+- do not fail in s_server if client hostname not resolvable (#561260)
+
+* Wed Jan 20 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.20.beta5
+- new upstream release
+
+* Thu Jan 14 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.19.beta4
+- fix CVE-2009-4355 - leak in applications incorrectly calling
+  CRYPTO_free_all_ex_data() before application exit (#546707)
+- upstream fix for future TLS protocol version handling
+
+* Wed Jan 13 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.18.beta4
+- add support for Intel AES-NI
+
+* Thu Jan  7 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.17.beta4
+- upstream fix compression handling on session resumption
+- various null checks and other small fixes from upstream
+- upstream changes for the renegotiation info according to the latest draft
+
 * Mon Nov 23 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.16.beta4
 - fix non-fips mingw build (patch by Kalev Lember)
 - add IPV6 fix for DTLS
@@ -419,7 +429,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
   openssh and possibly other dependencies with too strict version check
 
 * Thu Nov 12 2009 Tomas Mraz <tmraz@redhat.com> 1.0.0-0.11.beta4
-- update to new upstream version, no soname bump needed 
+- update to new upstream version, no soname bump needed
 - fix CVE-2009-3555 - note that the fix is bypassed if SSL_OP_ALL is used
   so the compatibility with unfixed clients is not broken. The
   protocol extension is also not final.
@@ -525,7 +535,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 - temporarily provide symlink to old soname to make it possible to rebuild
   the dependent packages in rawhide
 - add eap-fast support (#428181)
-- add possibility to disable zlib by setting 
+- add possibility to disable zlib by setting
 - add fips mode support for testing purposes
 - do not null dereference on some invalid smime files
 - add buildrequires pkgconfig (#479493)
@@ -732,7 +742,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 - upgrade to new upstream version (no soname bump needed)
 - disable thread test - it was testing the backport of the
   RSA blinding - no longer needed
-- added support for changing serial number to 
+- added support for changing serial number to
   Makefile.certificate (#151188)
 - make ca-bundle.crt a config file (#118903)
 
diff --git a/sources b/sources
index 8a2c648..dadae2c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1fc0e41c230d0698f834413dfba864ad  openssl-1.0.0-beta4-usa.tar.bz2
+f1d0d73327d74b302f503763bddf1cf8  openssl-1.0.0-usa.tar.bz2