Merge branch 'f22' into f21

- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable

.gitignore

@@ -1,7 +1,3 @@
-.build*.log
-clog
-000*.patch
-*.src.rpm
 openssl-1.0.0a-usa.tar.bz2
 /openssl-1.0.0b-usa.tar.bz2
 /openssl-1.0.0c-usa.tar.bz2
@@ -22,30 +18,3 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-1.0.1i-hobbled.tar.xz
 /openssl-1.0.1j-hobbled.tar.xz
 /openssl-1.0.1k-hobbled.tar.xz
-/openssl-1.0.2a-hobbled.tar.xz
-/openssl-1.0.2c-hobbled.tar.xz
-/openssl-1.0.2d-hobbled.tar.xz
-/openssl-1.0.2e-hobbled.tar.xz
-/openssl-1.0.2f-hobbled.tar.xz
-/openssl-1.0.2g-hobbled.tar.xz
-/openssl-1.0.2h-hobbled.tar.xz
-/openssl-1.0.2i-hobbled.tar.xz
-/openssl-1.0.2j-hobbled.tar.xz
-/openssl-1.1.0b-hobbled.tar.xz
-/openssl-1.1.0c-hobbled.tar.xz
-/openssl-1.1.0d-hobbled.tar.xz
-/openssl-1.1.0e-hobbled.tar.xz
-/openssl-1.1.0f-hobbled.tar.xz
-/openssl-1.1.0g-hobbled.tar.xz
-/openssl-1.1.0h-hobbled.tar.xz
-/openssl-1.1.1-pre8-hobbled.tar.xz
-/openssl-1.1.1-pre9-hobbled.tar.xz
-/openssl-1.1.1-hobbled.tar.xz
-/openssl-1.1.1a-hobbled.tar.xz
-/openssl-1.1.1b-hobbled.tar.xz
-/openssl-1.1.1c-hobbled.tar.xz
-/openssl-1.1.1d-hobbled.tar.xz
-/openssl-1.1.1e-hobbled.tar.xz
-/openssl-1.1.1f-hobbled.tar.xz
-/openssl-1.1.1g-hobbled.tar.xz
-/openssl-1.1.1h-hobbled.tar.xz

Makefile.certificate

@@ -1,11 +1,8 @@
 UTF8 := $(shell locale -c LC_CTYPE -k | grep -q charmap.*UTF-8 && echo -utf8)
+SERIAL=0
 DAYS=365
 KEYLEN=2048
 TYPE=rsa:$(KEYLEN)
-EXTRA_FLAGS=
-ifdef SERIAL
-	EXTRA_FLAGS+=-set_serial $(SERIAL)
-endif
 
 .PHONY: usage
 .SUFFIXES: .key .csr .crt .pem
@@ -26,9 +23,8 @@ usage:
 	@echo "To create a CSR for use with Apache, run \"make certreq\"."
 	@echo "To create a test certificate for use with Apache, run \"make testcert\"."
 	@echo
-	@echo "To create a test certificate with serial number other than random, add SERIAL=num"
+	@echo "To create a test certificate with serial number other than zero, add SERIAL=num"
 	@echo "You can also specify key length with KEYLEN=n and expiration in days with DAYS=n"
-	@echo "Any additional options can be passed to openssl req via EXTRA_FLAGS"
 	@echo
 	@echo Examples:
 	@echo "  make server.key"
@@ -39,14 +35,14 @@ usage:
 	@echo "  make certreq"
 	@echo "  make testcert"
 	@echo "  make server.crt SERIAL=1"
-	@echo "  make stunnel.pem EXTRA_FLAGS=-sha384"
-	@echo "  make testcert DAYS=600"
+	@echo "  make stunnel.pem SERIAL=2"
+	@echo "  make testcert SERIAL=3"
 
 %.pem:
 	umask 77 ; \
 	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
 	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
-	/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 $(EXTRA_FLAGS) ; \
+	/usr/bin/openssl req $(UTF8) -newkey $(TYPE) -keyout $$PEM1 -nodes -x509 -days $(DAYS) -out $$PEM2 -set_serial $(SERIAL) ; \
 	cat $$PEM1 >  $@ ; \
 	echo ""    >> $@ ; \
 	cat $$PEM2 >> $@ ; \
@@ -62,7 +58,7 @@ usage:
 
 %.crt: %.key
 	umask 77 ; \
-	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ $(EXTRA_FLAGS)
+	/usr/bin/openssl req $(UTF8) -new -key $^ -x509 -days $(DAYS) -out $@ -set_serial $(SERIAL)
 
 TLSROOT=/etc/pki/tls
 KEY=$(TLSROOT)/private/localhost.key
@@ -79,4 +75,4 @@ $(CSR): $(KEY)
 
 $(CRT): $(KEY)
 	umask 77 ; \
-	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) $(EXTRA_FLAGS)
+	/usr/bin/openssl req $(UTF8) -new -key $(KEY) -x509 -days $(DAYS) -out $(CRT) -set_serial $(SERIAL)

README.FIPS

@@ -6,17 +6,17 @@ Red Hat Enterprise Linux - OPENSSL Module.
 
 The module files
 ================
-/usr/lib[64]/libcrypto.so.1.1.0
-/usr/lib[64]/libssl.so.1.1.0
-/usr/lib[64]/.libcrypto.so.1.1.0.hmac
-/usr/lib[64]/.libssl.so.1.1.0.hmac
+/usr/lib[64]/libcrypto.so.1.0.1e
+/usr/lib[64]/libssl.so.1.0.1e
+/usr/lib[64]/.libcrypto.so.1.0.1e.hmac
+/usr/lib[64]/.libssl.so.1.0.1e.hmac
 
 Dependencies
 ============
 
 The approved mode of operation requires kernel with /dev/urandom RNG running
 with properties as defined in the security policy of the module. This is
-provided by kernel packages with validated Red Hat Enterprise Linux Kernel
+provided by kernel packages with validated Red Hat Enterprise Linux - IPSec
 Crytographic Module.
 
 Installation
@@ -26,8 +26,11 @@ The RPM package of the module can be installed by standard tools recommended
 for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
 rpm, RHN remote management tool).
 
-The RPM package dracut-fips must be installed for the approved mode of
-operation.
+For proper operation of the in-module integrity verification the prelink has to
+be disabled. This can be done with setting PRELINKING=no in the
+/etc/sysconfig/prelink configuration file. If the libraries were already
+prelinked the prelink should be undone on all the system files with the
+'prelink -u -a' command.
 
 Usage and API
 =============

ec_curve.c

@@ -1,582 +1,396 @@
+/* crypto/ec/ec_curve.c */
 /*
- * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
  */
 
-#include <string.h>
-#include "ec_local.h"
+#include "ec_lcl.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
 #include <openssl/opensslconf.h>
-#include "internal/nelem.h"
 
 typedef struct {
-    int field_type,             /* either NID_X9_62_prime_field or
-                                 * NID_X9_62_characteristic_two_field */
-     seed_len, param_len;
-    unsigned int cofactor;      /* promoted to BN_ULONG */
+	int	field_type,	/* either NID_X9_62_prime_field or
+				 * NID_X9_62_characteristic_two_field */
+		seed_len,
+		param_len;
+	unsigned int cofactor;	/* promoted to BN_ULONG */
 } EC_CURVE_DATA;
 
-/* the nist prime curves */
-static const struct {
-    EC_CURVE_DATA h;
-    unsigned char data[20 + 28 * 6];
-} _EC_NIST_PRIME_224 = {
-    {
-        NID_X9_62_prime_field, 20, 28, 1
-    },
-    {
-        /* seed */
-        0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
-        0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
-        /* p */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x01,
-        /* a */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFE,
-        /* b */
-        0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
-        0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
-        0x23, 0x55, 0xFF, 0xB4,
-        /* x */
-        0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
-        0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
-        0x11, 0x5C, 0x1D, 0x21,
-        /* y */
-        0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
-        0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
-        0x85, 0x00, 0x7e, 0x34,
-        /* order */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
-        0x5C, 0x5C, 0x2A, 0x3D
-    }
-};
+static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
+	_EC_NIST_PRIME_384 = {
+	{ NID_X9_62_prime_field,20,48,1 },
+	{ 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,	/* seed */
+	  0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73,
 
-static const struct {
-    EC_CURVE_DATA h;
-    unsigned char data[20 + 48 * 6];
-} _EC_NIST_PRIME_384 = {
-    {
-        NID_X9_62_prime_field, 20, 48, 1
-    },
-    {
-        /* seed */
-        0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
-        0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
-        /* p */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
-        /* a */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
-        /* b */
-        0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
-        0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
-        0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
-        0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
-        /* x */
-        0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
-        0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
-        0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
-        0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
-        /* y */
-        0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
-        0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
-        0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
-        0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
-        /* order */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
-        0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
-    }
-};
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+	  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+	  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC,
+	  0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E,	/* b */
+	  0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E,
+	  0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13,
+	  0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D,
+	  0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF,
+	  0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1,	/* x */
+	  0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62,
+	  0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54,
+	  0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C,
+	  0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7,
+	  0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e,	/* y */
+	  0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd,
+	  0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0,
+	  0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d,
+	  0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37,
+	  0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A,
+	  0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
+	};
 
-static const struct {
-    EC_CURVE_DATA h;
-    unsigned char data[20 + 66 * 6];
-} _EC_NIST_PRIME_521 = {
-    {
-        NID_X9_62_prime_field, 20, 66, 1
-    },
-    {
-        /* seed */
-        0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
-        0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
-        /* p */
-        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        /* a */
-        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-        /* b */
-        0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
-        0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
-        0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
-        0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
-        0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
-        0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
-        /* x */
-        0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
-        0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
-        0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
-        0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
-        0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
-        0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
-        /* y */
-        0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
-        0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
-        0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
-        0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
-        0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
-        0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
-        /* order */
-        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
-        0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
-        0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
-        0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
-    }
-};
+static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
+	_EC_NIST_PRIME_521 = {
+	{ NID_X9_62_prime_field,20,66,1 },
+	{ 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,	/* seed */
+	  0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
 
-static const struct {
-    EC_CURVE_DATA h;
-    unsigned char data[20 + 32 * 6];
-} _EC_X9_62_PRIME_256V1 = {
-    {
-        NID_X9_62_prime_field, 20, 32, 1
-    },
-    {
-        /* seed */
-        0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
-        0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
-        /* p */
-        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        /* a */
-        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-        /* b */
-        0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
-        0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
-        0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
-        /* x */
-        0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
-        0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
-        0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
-        /* y */
-        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
-        0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
-        0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
-        /* order */
-        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
-        0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
-    }
-};
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
+	  0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F,	/* b */
+	  0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
+	  0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
+	  0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
+	  0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
+	  0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
+	  0x1F,0xD4,0x6B,0x50,0x3F,0x00,
+	  0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD,	/* x */
+	  0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
+	  0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
+	  0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
+	  0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
+	  0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
+	  0x7E,0x31,0xC2,0xE5,0xBD,0x66,
+	  0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04,	/* y */
+	  0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
+	  0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
+	  0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
+	  0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
+	  0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
+	  0x94,0x76,0x9f,0xd1,0x66,0x50,
+	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
+	  0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
+	  0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
+	  0xB7,0x1E,0x91,0x38,0x64,0x09 }
+	};
 
-static const struct {
-    EC_CURVE_DATA h;
-    unsigned char data[0 + 32 * 6];
-} _EC_SECG_PRIME_256K1 = {
-    {
-        NID_X9_62_prime_field, 0, 32, 1
-    },
-    {
-        /* no seed */
-        /* p */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
-        /* a */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        /* b */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
-        /* x */
-        0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
-        0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
-        0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
-        /* y */
-        0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
-        0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
-        0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
-        /* order */
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-        0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
-        0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
-    }
-};
+static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
+	_EC_X9_62_PRIME_256V1 = {
+	{ NID_X9_62_prime_field,20,32,1 },
+	{ 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,	/* seed */
+	  0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90,
+
+	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,	/* p */
+	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFF,
+	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,	/* a */
+	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	  0xFF,0xFC,
+	  0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,	/* b */
+	  0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,
+	  0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2,
+	  0x60,0x4B,
+	  0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,	/* x */
+	  0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,
+	  0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,
+	  0xC2,0x96,
+	  0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,	/* y */
+	  0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,
+	  0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,
+	  0x51,0xf5,
+	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,	/* order */
+	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,
+	  0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63,
+	  0x25,0x51 }
+	};
 
 typedef struct _ec_list_element_st {
-    int nid;
-    const EC_CURVE_DATA *data;
-    const EC_METHOD *(*meth) (void);
-    const char *comment;
-} ec_list_element;
+	int	nid;
+	const EC_CURVE_DATA *data;
+	const EC_METHOD *(*meth)(void);
+	const char *comment;
+	} ec_list_element;
 
 static const ec_list_element curve_list[] = {
-    /* prime field curves */
-    /* secg curves */
+	/* prime field curves */
+	/* secg curves */
+	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+	{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
-     "NIST/SECG curve over a 224 bit prime field"},
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
 #else
-    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
-     "NIST/SECG curve over a 224 bit prime field"},
+	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
 #endif
-    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
-     "SECG curve over a 256 bit prime field"},
-    /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
-    {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
-     "NIST/SECG curve over a 384 bit prime field"},
 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-    {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
-     "NIST/SECG curve over a 521 bit prime field"},
+	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
 #else
-    {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
-     "NIST/SECG curve over a 521 bit prime field"},
+	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" },
 #endif
-    /* X9.62 curves */
-    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
-#if defined(ECP_NISTZ256_ASM)
-     EC_GFp_nistz256_method,
-#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
-     EC_GFp_nistp256_method,
-#else
-     0,
-#endif
-     "X9.62/SECG curve over a 256 bit prime field"},
 };
 
-#define curve_list_length OSSL_NELEM(curve_list)
+#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
 
 static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
-{
-    EC_GROUP *group = NULL;
-    EC_POINT *P = NULL;
-    BN_CTX *ctx = NULL;
-    BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
-        NULL;
-    int ok = 0;
-    int seed_len, param_len;
-    const EC_METHOD *meth;
-    const EC_CURVE_DATA *data;
-    const unsigned char *params;
+	{
+	EC_GROUP *group=NULL;
+	EC_POINT *P=NULL;
+	BN_CTX	 *ctx=NULL;
+	BIGNUM	 *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
+	int	 ok=0;
+	int	 seed_len,param_len;
+	const EC_METHOD *meth;
+	const EC_CURVE_DATA *data;
+	const unsigned char *params;
 
-    /* If no curve data curve method must handle everything */
-    if (curve.data == NULL)
-        return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
+	if ((ctx = BN_CTX_new()) == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 
-    if ((ctx = BN_CTX_new()) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
+	data = curve.data;
+	seed_len  = data->seed_len;
+	param_len = data->param_len;
+	params	  = (const unsigned char *)(data+1);	/* skip header */
+	params	 += seed_len;				/* skip seed   */
 
-    data = curve.data;
-    seed_len = data->seed_len;
-    param_len = data->param_len;
-    params = (const unsigned char *)(data + 1); /* skip header */
-    params += seed_len;         /* skip seed */
+	if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
+		|| !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
+		|| !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
 
-    if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
-        || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
-        || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-        goto err;
-    }
-
-    if (curve.meth != 0) {
-        meth = curve.meth();
-        if (((group = EC_GROUP_new(meth)) == NULL) ||
-            (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-            goto err;
-        }
-    } else if (data->field_type == NID_X9_62_prime_field) {
-        if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
+	if (curve.meth != 0)
+		{
+		meth = curve.meth();
+		if (((group = EC_GROUP_new(meth)) == NULL) ||
+			(!(group->meth->group_set_curve(group, p, a, b, ctx))))
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	else if (data->field_type == NID_X9_62_prime_field)
+		{
+		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
 #ifndef OPENSSL_NO_EC2M
-    else {                      /* field_type ==
-                                 * NID_X9_62_characteristic_two_field */
-
-        if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
+	else	/* field_type == NID_X9_62_characteristic_two_field */
+		{
+		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
 #endif
 
-    EC_GROUP_set_curve_name(group, curve.nid);
+	if ((P = EC_POINT_new(group)) == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
 
-    if ((P = EC_POINT_new(group)) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-        goto err;
-    }
-
-    if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
-        || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-        goto err;
-    }
-    if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-        goto err;
-    }
-    if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
-        || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-        goto err;
-    }
-    if (!EC_GROUP_set_generator(group, P, order, x)) {
-        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-        goto err;
-    }
-    if (seed_len) {
-        if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
-            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-            goto err;
-        }
-    }
-    ok = 1;
- err:
-    if (!ok) {
-        EC_GROUP_free(group);
-        group = NULL;
-    }
-    EC_POINT_free(P);
-    BN_CTX_free(ctx);
-    BN_free(p);
-    BN_free(a);
-    BN_free(b);
-    BN_free(order);
-    BN_free(x);
-    BN_free(y);
-    return group;
-}
+	if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
+		|| !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
+		|| !BN_set_word(x, (BN_ULONG)data->cofactor))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+	if (!EC_GROUP_set_generator(group, P, order, x))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (seed_len)
+		{
+		if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	ok=1;
+err:
+	if (!ok)
+		{
+		EC_GROUP_free(group);
+		group = NULL;
+		}
+	if (P)
+		EC_POINT_free(P);
+	if (ctx)
+		BN_CTX_free(ctx);
+	if (p)
+		BN_free(p);
+	if (a)
+		BN_free(a);
+	if (b)
+		BN_free(b);
+	if (order)
+		BN_free(order);
+	if (x)
+		BN_free(x);
+	if (y)
+		BN_free(y);
+	return group;
+	}
 
 EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
-{
-    size_t i;
-    EC_GROUP *ret = NULL;
+	{
+	size_t i;
+	EC_GROUP *ret = NULL;
 
-    if (nid <= 0)
-        return NULL;
+	if (nid <= 0)
+		return NULL;
 
-    for (i = 0; i < curve_list_length; i++)
-        if (curve_list[i].nid == nid) {
-            ret = ec_group_new_from_data(curve_list[i]);
-            break;
-        }
+	for (i=0; i<curve_list_length; i++)
+		if (curve_list[i].nid == nid)
+			{
+			ret = ec_group_new_from_data(curve_list[i]);
+			break;
+			}
 
-    if (ret == NULL) {
-        ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
-        return NULL;
-    }
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+		return NULL;
+		}
 
-    return ret;
-}
+	EC_GROUP_set_curve_name(ret, nid);
+
+	return ret;
+	}
 
 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
-{
-    size_t i, min;
+	{
+	size_t	i, min;
 
-    if (r == NULL || nitems == 0)
-        return curve_list_length;
+	if (r == NULL || nitems == 0)
+		return curve_list_length;
 
-    min = nitems < curve_list_length ? nitems : curve_list_length;
+	min = nitems < curve_list_length ? nitems : curve_list_length;
 
-    for (i = 0; i < min; i++) {
-        r[i].nid = curve_list[i].nid;
-        r[i].comment = curve_list[i].comment;
-    }
+	for (i = 0; i < min; i++)
+		{
+		r[i].nid = curve_list[i].nid;
+		r[i].comment = curve_list[i].comment;
+		}
 
-    return curve_list_length;
-}
-
-/* Functions to translate between common NIST curve names and NIDs */
-
-typedef struct {
-    const char *name;           /* NIST Name of curve */
-    int nid;                    /* Curve NID */
-} EC_NIST_NAME;
-
-static EC_NIST_NAME nist_curves[] = {
-    {"B-163", NID_sect163r2},
-    {"B-233", NID_sect233r1},
-    {"B-283", NID_sect283r1},
-    {"B-409", NID_sect409r1},
-    {"B-571", NID_sect571r1},
-    {"K-163", NID_sect163k1},
-    {"K-233", NID_sect233k1},
-    {"K-283", NID_sect283k1},
-    {"K-409", NID_sect409k1},
-    {"K-571", NID_sect571k1},
-    {"P-192", NID_X9_62_prime192v1},
-    {"P-224", NID_secp224r1},
-    {"P-256", NID_X9_62_prime256v1},
-    {"P-384", NID_secp384r1},
-    {"P-521", NID_secp521r1}
-};
-
-const char *EC_curve_nid2nist(int nid)
-{
-    size_t i;
-    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
-        if (nist_curves[i].nid == nid)
-            return nist_curves[i].name;
-    }
-    return NULL;
-}
-
-int EC_curve_nist2nid(const char *name)
-{
-    size_t i;
-    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
-        if (strcmp(nist_curves[i].name, name) == 0)
-            return nist_curves[i].nid;
-    }
-    return NID_undef;
-}
-
-#define NUM_BN_FIELDS 6
-/*
- * Validates EC domain parameter data for known named curves.
- * This can be used when a curve is loaded explicitly (without a curve
- * name) or to validate that domain parameters have not been modified.
- *
- * Returns: The nid associated with the found named curve, or NID_undef
- *          if not found. If there was an error it returns -1.
- */
-int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
-{
-    int ret = -1, nid, len, field_type, param_len;
-    size_t i, seed_len;
-    const unsigned char *seed, *params_seed, *params;
-    unsigned char *param_bytes = NULL;
-    const EC_CURVE_DATA *data;
-    const EC_POINT *generator = NULL;
-    const EC_METHOD *meth;
-    const BIGNUM *cofactor = NULL;
-    /* An array of BIGNUMs for (p, a, b, x, y, order) */
-    BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
-
-    meth = EC_GROUP_method_of(group);
-    if (meth == NULL)
-        return -1;
-    /* Use the optional named curve nid as a search field */
-    nid = EC_GROUP_get_curve_name(group);
-    field_type = EC_METHOD_get_field_type(meth);
-    seed_len = EC_GROUP_get_seed_len(group);
-    seed = EC_GROUP_get0_seed(group);
-    cofactor = EC_GROUP_get0_cofactor(group);
-
-    BN_CTX_start(ctx);
-
-    /*
-     * The built-in curves contains data fields (p, a, b, x, y, order) that are
-     * all zero-padded to be the same size. The size of the padding is
-     * determined by either the number of bytes in the field modulus (p) or the
-     * EC group order, whichever is larger.
-     */
-    param_len = BN_num_bytes(group->order);
-    len = BN_num_bytes(group->field);
-    if (len > param_len)
-        param_len = len;
-
-    /* Allocate space to store the padded data for (p, a, b, x, y, order)  */
-    param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
-    if (param_bytes == NULL)
-        goto end;
-
-    /* Create the bignums */
-    for (i = 0; i < NUM_BN_FIELDS; ++i) {
-        if ((bn[i] = BN_CTX_get(ctx)) == NULL)
-            goto end;
-    }
-    /*
-     * Fill in the bn array with the same values as the internal curves
-     * i.e. the values are p, a, b, x, y, order.
-     */
-    /* Get p, a & b */
-    if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
-        && ((generator = EC_GROUP_get0_generator(group)) != NULL)
-        /* Get x & y */
-        && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
-        /* Get order */
-        && EC_GROUP_get_order(group, bn[5], ctx)))
-        goto end;
-
-   /*
-     * Convert the bignum array to bytes that are joined together to form
-     * a single buffer that contains data for all fields.
-     * (p, a, b, x, y, order) are all zero padded to be the same size.
-     */
-    for (i = 0; i < NUM_BN_FIELDS; ++i) {
-        if (BN_bn2binpad(bn[i], &param_bytes[i*param_len], param_len) <= 0)
-            goto end;
-    }
-
-    for (i = 0; i < curve_list_length; i++) {
-        const ec_list_element curve = curve_list[i];
-
-        data = curve.data;
-        /* Get the raw order byte data */
-        params_seed = (const unsigned char *)(data + 1); /* skip header */
-        params = params_seed + data->seed_len;
-
-        /* Look for unique fields in the fixed curve data */
-        if (data->field_type == field_type
-            && param_len == data->param_len
-            && (nid <= 0 || nid == curve.nid)
-            /* check the optional cofactor (ignore if its zero) */
-            && (BN_is_zero(cofactor)
-                || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
-            /* Check the optional seed (ignore if its not set) */
-            && (data->seed_len == 0 || seed_len == 0
-                || ((size_t)data->seed_len == seed_len
-                     && memcmp(params_seed, seed, seed_len) == 0))
-            /* Check that the groups params match the built-in curve params */
-            && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
-                             == 0) {
-            ret = curve.nid;
-            goto end;
-        }
-    }
-    /* Gets here if the group was not found */
-    ret = NID_undef;
-end:
-    OPENSSL_free(param_bytes);
-    BN_CTX_end(ctx);
-    return ret;
-}
+	return curve_list_length;
+	}

hobble-openssl

@@ -6,35 +6,48 @@ set -e
 # Clean out patent-or-otherwise-encumbered code.
 # MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
 # IDEA:  5,214,703 07/01/2012 - expired, we do not remove it anymore
-# RC5:   5,724,428 01/11/2015 - expired, we do not remove it anymore
+# RC5:   5,724,428 01/11/2015
 # EC:    ????????? ??/??/2020
-# SRP:   ????????? ??/??/2017 - expired, we do not remove it anymore
+# SRP:   ????????? ??/??/20??
 
 # Remove assembler portions of IDEA, MDC2, and RC5.
-# (find crypto/rc5/asm -type f | xargs -r rm -fv)
+(find crypto/rc5/asm -type f | xargs -r rm -fv)
+
+# RC5, SRP.
+for a in rc5 srp; do
+  for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
+	echo Destroying $c
+	> $c
+  done
+done
+
+for c in `find crypto/evp -name "*_rc5.c"`; do
+	echo Destroying $c
+	> $c
+done
 
 for c in `find crypto/bn -name "*gf2m.c"`; do
 	echo Destroying $c
 	> $c
 done
 
-for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do
-	echo Destroying $c
-	> $c
-done
-
-for c in `find test -name "ectest.c"`; do
+for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c" -o -name "ecp_nistp?2?.c" -o -name "ectest.c"`; do
 	echo Destroying $c
 	> $c
 done
 
 for h in `find crypto ssl apps test -name "*.h"` ; do
-	echo Removing EC2M references from $h
+	echo Removing RC5, SRP and EC2M references from $h
 	cat $h | \
 	awk    'BEGIN {ech=1;} \
+		/^#[ \t]*ifndef.*NO_SRP/ {ech--; next;} \
+		/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
 		/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
                 /^#[ \t]*if/ {if(ech < 1) ech--;} \
 		{if(ech>0) {;print $0};} \
 		/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
 	mv $h.hobbled $h
 done
+
+# Make the makefiles happy.
+touch crypto/rc5/asm/rc5-586.pl

openssl-0.9.6-x509.patch

@@ -0,0 +1,29 @@
+Do not treat duplicate certs as an error.
+
+--- openssl-0.9.6/crypto/x509/by_file.c	Wed Sep 27 15:09:05 2000
++++ openssl-0.9.6/crypto/x509/by_file.c	Wed Sep 27 14:21:20 2000
+@@ -163,8 +163,12 @@
+ 					}
+ 				}
+ 			i=X509_STORE_add_cert(ctx->store_ctx,x);
+-			if (!i) goto err;
+-			count++;
++			/* ignore any problems with current certificate 
++			    and continue with the next one */
++			if (i)
++			    count++;
++			else
++			    ERR_clear_error();
+ 			X509_free(x);
+ 			x=NULL;
+ 			}
+@@ -179,7 +183,8 @@
+ 			goto err;
+ 			}
+ 		i=X509_STORE_add_cert(ctx->store_ctx,x);
+-		if (!i) goto err;
++		if (!i)
++		  ERR_clear_error();
+ 		ret=i;
+ 		}
+ 	else

openssl-0.9.8a-no-rpath.patch

@@ -0,0 +1,11 @@
+--- openssl-0.9.8a/Makefile.shared.no-rpath	2005-06-23 22:47:54.000000000 +0200
++++ openssl-0.9.8a/Makefile.shared	2005-11-16 22:35:37.000000000 +0100
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to

openssl-0.9.8b-test-use-localhost.patch

@@ -0,0 +1,24 @@
+diff -up openssl-0.9.8b/ssl/ssltest.c.use-localhost openssl-0.9.8b/ssl/ssltest.c
+--- openssl-0.9.8b/ssl/ssltest.c.use-localhost	2006-02-24 18:58:35.000000000 +0100
++++ openssl-0.9.8b/ssl/ssltest.c	2007-08-03 14:06:16.000000000 +0200
+@@ -839,19 +839,8 @@ bad:
+ #ifndef OPENSSL_NO_KRB5
+ 	if (c_ssl  &&  c_ssl->kssl_ctx)
+                 {
+-                char	localhost[MAXHOSTNAMELEN+2];
+-
+-		if (gethostname(localhost, sizeof localhost-1) == 0)
+-                        {
+-			localhost[sizeof localhost-1]='\0';
+-			if(strlen(localhost) == sizeof localhost-1)
+-				{
+-				BIO_printf(bio_err,"localhost name too long\n");
+-				goto end;
+-				}
+ 			kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+-                                localhost);
+-			}
++                                "localhost");
+ 		}
+ #endif    /* OPENSSL_NO_KRB5  */
+ 

openssl-0.9.8j-version-add-engines.patch

@@ -0,0 +1,48 @@
+diff -up openssl-0.9.8j/apps/version.c.version-add-engines openssl-0.9.8j/apps/version.c
+--- openssl-0.9.8j/apps/version.c.version-add-engines	2008-10-20 14:53:33.000000000 +0200
++++ openssl-0.9.8j/apps/version.c	2009-01-13 23:22:03.000000000 +0100
+@@ -131,6 +131,7 @@
+ #ifndef OPENSSL_NO_BF
+ # include <openssl/blowfish.h>
+ #endif
++#include <openssl/engine.h>
+ 
+ #undef PROG
+ #define PROG	version_main
+@@ -140,7 +141,7 @@ int MAIN(int, char **);
+ int MAIN(int argc, char **argv)
+ 	{
+ 	int i,ret=0;
+-	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
++	int cflags=0,version=0,date=0,options=0,platform=0,dir=0,engines=0;
+ 
+ 	apps_startup();
+ 
+@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv)
+ 		else if (strcmp(argv[i],"-d") == 0)
+ 			dir=1;
+ 		else if (strcmp(argv[i],"-a") == 0)
+-			date=version=cflags=options=platform=dir=1;
++			date=version=cflags=options=platform=dir=engines=1;
+ 		else
+ 			{
+ 			BIO_printf(bio_err,"usage:version -[avbofpd]\n");
+@@ -211,6 +212,18 @@ int MAIN(int argc, char **argv)
+ 		}
+ 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+ 	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
++	if (engines)
++		{
++		ENGINE *e;
++		printf("engines:  ");
++		e = ENGINE_get_first();
++		while (e)
++			{
++			printf("%s ", ENGINE_get_id(e));
++			e = ENGINE_get_next(e);
++			}
++		printf("\n");
++		}
+ end:
+ 	apps_shutdown();
+ 	OPENSSL_EXIT(ret);

openssl-1.0.0-beta4-ca-dir.patch

@@ -0,0 +1,36 @@
+diff -up openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir openssl-1.0.0-beta4/apps/CA.pl.in
+--- openssl-1.0.0-beta4/apps/CA.pl.in.ca-dir	2006-04-28 02:30:49.000000000 +0200
++++ openssl-1.0.0-beta4/apps/CA.pl.in	2009-11-12 12:33:13.000000000 +0100
+@@ -53,7 +53,7 @@ $VERIFY="$openssl verify";
+ $X509="$openssl x509";
+ $PKCS12="$openssl pkcs12";
+ 
+-$CATOP="./demoCA";
++$CATOP="/etc/pki/CA";
+ $CAKEY="cakey.pem";
+ $CAREQ="careq.pem";
+ $CACERT="cacert.pem";
+diff -up openssl-1.0.0-beta4/apps/CA.sh.ca-dir openssl-1.0.0-beta4/apps/CA.sh
+--- openssl-1.0.0-beta4/apps/CA.sh.ca-dir	2009-10-15 19:27:47.000000000 +0200
++++ openssl-1.0.0-beta4/apps/CA.sh	2009-11-12 12:35:14.000000000 +0100
+@@ -68,7 +68,7 @@ VERIFY="$OPENSSL verify"
+ X509="$OPENSSL x509"
+ PKCS12="openssl pkcs12"
+ 
+-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
++if [ -z "$CATOP" ] ; then CATOP=/etc/pki/CA ; fi
+ CAKEY=./cakey.pem
+ CAREQ=./careq.pem
+ CACERT=./cacert.pem
+diff -up openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir openssl-1.0.0-beta4/apps/openssl.cnf
+--- openssl-1.0.0-beta4/apps/openssl.cnf.ca-dir	2009-11-12 12:33:13.000000000 +0100
++++ openssl-1.0.0-beta4/apps/openssl.cnf	2009-11-12 12:33:13.000000000 +0100
+@@ -39,7 +39,7 @@ default_ca	= CA_default		# The default c
+ ####################################################################
+ [ CA_default ]
+ 
+-dir		= ./demoCA		# Where everything is kept
++dir		= /etc/pki/CA		# Where everything is kept
+ certs		= $dir/certs		# Where the issued certs are kept
+ crl_dir		= $dir/crl		# Where the issued crl are kept
+ database	= $dir/index.txt	# database index file.

openssl-1.0.0-beta5-enginesdir.patch

@@ -0,0 +1,52 @@
+diff -up openssl-1.0.0-beta5/Configure.enginesdir openssl-1.0.0-beta5/Configure
+--- openssl-1.0.0-beta5/Configure.enginesdir	2010-01-20 18:07:05.000000000 +0100
++++ openssl-1.0.0-beta5/Configure	2010-01-20 18:10:48.000000000 +0100
+@@ -622,6 +622,7 @@ my $idx_multilib = $idx++;
+ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
++my $enginesdir="";
+ my $exe_ext="";
+ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+ my $cross_compile_prefix="";
+@@ -833,6 +834,10 @@ PROCESS_ARGS:
+ 				{
+ 				$openssldir=$1;
+ 				}
++			elsif (/^--enginesdir=(.*)$/)
++				{
++				$enginesdir=$1;
++				}
+ 			elsif (/^--install.prefix=(.*)$/)
+ 				{
+ 				$install_prefix=$1;
+@@ -1053,7 +1058,7 @@ chop $prefix if $prefix =~ /.\/$/;
+ 
+ $openssldir=$prefix . "/ssl" if $openssldir eq "";
+ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+-
++$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
+ 
+ print "IsMK1MF=$IsMK1MF\n";
+ 
+@@ -1673,7 +1678,7 @@ while (<IN>)
+ 		}
+ 	elsif	(/^#define\s+ENGINESDIR/)
+ 		{
+-		my $foo = "$prefix/$libdir/engines";
++		my $foo = "$enginesdir";
+ 		$foo =~ s/\\/\\\\/g;
+ 		print OUT "#define ENGINESDIR \"$foo\"\n";
+ 		}
+diff -up openssl-1.0.0-beta5/engines/Makefile.enginesdir openssl-1.0.0-beta5/engines/Makefile
+--- openssl-1.0.0-beta5/engines/Makefile.enginesdir	2010-01-16 21:06:09.000000000 +0100
++++ openssl-1.0.0-beta5/engines/Makefile	2010-01-20 18:07:05.000000000 +0100
+@@ -124,7 +124,7 @@ install:
+ 				sfx=".so"; \
+ 				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ 			  fi; \
+-			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++			  chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi

openssl-1.0.0-beta5-readme-warning.patch

@@ -0,0 +1,39 @@
+diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
+--- openssl-1.0.0-beta5/README.warning	2010-01-20 16:00:47.000000000 +0100
++++ openssl-1.0.0-beta5/README	2010-01-21 09:06:11.000000000 +0100
+@@ -5,6 +5,35 @@
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+  All rights reserved.
+ 
++ WARNING
++ -------
++
++ This version of OpenSSL is built in a way that supports operation in
++ the so called FIPS mode. Note though that the library as we build it
++ is not FIPS validated and the FIPS mode is present for testing purposes
++ only.
++ 
++ This version also contains a few differences from the upstream code
++ some of which are:
++   * There are added changes forward ported from the upstream OpenSSL
++     0.9.8 FIPS branch however the FIPS integrity verification check
++     is implemented differently from the upstream FIPS validated OpenSSL
++     module. It verifies HMAC-SHA256 checksum of the whole shared
++     libraries. For this reason the changes are ported to files in the
++     crypto directory and not in a separate fips subdirectory. Also
++     note that the FIPS integrity verification check requires unmodified
++     libcrypto and libssl shared library files which means that it will
++     fail if these files are modified for example by prelink.
++   * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
++     tries to initialize the FIPS mode if it is set to 1 aborting if the
++     FIPS mode could not be initialized. It is also possible to force the
++     OpenSSL library to FIPS mode especially for debugging purposes by
++     setting the environment variable OPENSSL_FORCE_FIPS_MODE.
++   * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
++     will not automatically load the built in compression method ZLIB
++     when initialized. Applications can still explicitely ask for ZLIB
++     compression method.
++
+  DESCRIPTION
+  -----------
+ 

openssl-1.0.0-timezone.patch

@@ -0,0 +1,21 @@
+diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org
+--- openssl-1.0.0/Makefile.org.timezone	2010-03-30 11:08:40.000000000 +0200
++++ openssl-1.0.0/Makefile.org	2010-04-06 12:49:21.000000000 +0200
+@@ -609,7 +609,7 @@ install_docs:
+ 		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ 		(cd `$(PERL) util/dirname.pl $$i`; \
+-		sh -c "$$pod2man \
++		sh -c "TZ=UTC $$pod2man \
+ 			--section=$$sec --center=OpenSSL \
+ 			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+@@ -626,7 +626,7 @@ install_docs:
+ 		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ 		(cd `$(PERL) util/dirname.pl $$i`; \
+-		sh -c "$$pod2man \
++		sh -c "TZ=UTC $$pod2man \
+ 			--section=$$sec --center=OpenSSL \
+ 			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \

openssl-1.0.0c-rsa-x931.patch

@@ -0,0 +1,36 @@
+diff -up openssl-1.0.0c/apps/genrsa.c.x931 openssl-1.0.0c/apps/genrsa.c
+--- openssl-1.0.0c/apps/genrsa.c.x931	2010-03-01 15:22:02.000000000 +0100
++++ openssl-1.0.0c/apps/genrsa.c	2011-02-01 18:32:05.000000000 +0100
+@@ -95,6 +95,7 @@ int MAIN(int argc, char **argv)
+ 	int ret=1;
+ 	int i,num=DEFBITS;
+ 	long l;
++	int use_x931 = 0;
+ 	const EVP_CIPHER *enc=NULL;
+ 	unsigned long f4=RSA_F4;
+ 	char *outfile=NULL;
+@@ -138,6 +139,8 @@ int MAIN(int argc, char **argv)
+ 			f4=3;
+ 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
+ 			f4=RSA_F4;
++		else if (strcmp(*argv,"-x931") == 0)
++			use_x931 = 1;
+ #ifndef OPENSSL_NO_ENGINE
+ 		else if (strcmp(*argv,"-engine") == 0)
+ 			{
+@@ -273,7 +276,14 @@ bad:
+ 	if (!rsa)
+ 		goto err;
+ 
+-	if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
++	if (use_x931)
++		{
++		if (!BN_set_word(bn, f4))
++			goto err;
++		if (!RSA_X931_generate_key_ex(rsa, num, bn, &cb))
++			goto err;
++		}
++	else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
+ 		goto err;
+ 		
+ 	app_RAND_write_file(NULL, bio_err);

openssl-1.0.0d-apps-dgst.patch

@@ -0,0 +1,110 @@
+diff -up openssl-1.0.0d/apps/ca.c.dgst openssl-1.0.0d/apps/ca.c
+--- openssl-1.0.0d/apps/ca.c.dgst	2009-12-02 15:41:24.000000000 +0100
++++ openssl-1.0.0d/apps/ca.c	2011-04-05 21:09:42.000000000 +0200
+@@ -157,7 +157,7 @@ static const char *ca_usage[]={
+ " -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",
+ " -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",
+ " -days arg       - number of days to certify the certificate for\n",
+-" -md arg         - md to use, one of md2, md5, sha or sha1\n",
++" -md arg         - md to use, see openssl dgst -h for list\n",
+ " -policy arg     - The CA 'policy' to support\n",
+ " -keyfile arg    - private key file\n",
+ " -keyform arg    - private key file format (PEM or ENGINE)\n",
+diff -up openssl-1.0.0d/apps/enc.c.dgst openssl-1.0.0d/apps/enc.c
+--- openssl-1.0.0d/apps/enc.c.dgst	2010-06-15 19:25:02.000000000 +0200
++++ openssl-1.0.0d/apps/enc.c	2011-04-05 21:11:54.000000000 +0200
+@@ -302,7 +302,7 @@ bad:
+ 			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+ 			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+ 			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
+-			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
++			BIO_printf(bio_err,"%-14s   from a passphrase. See openssl dgst -h for list.\n","");
+ 			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
+ 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+ 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+diff -up openssl-1.0.0d/apps/req.c.dgst openssl-1.0.0d/apps/req.c
+--- openssl-1.0.0d/apps/req.c.dgst	2010-03-10 14:48:21.000000000 +0100
++++ openssl-1.0.0d/apps/req.c	2011-04-05 21:12:33.000000000 +0200
+@@ -421,7 +421,7 @@ bad:
+ #ifndef OPENSSL_NO_ECDSA
+ 		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
+ #endif
+-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
++		BIO_printf(bio_err," -[digest]      Digest to sign with (see openssl dgst -h for list)\n");
+ 		BIO_printf(bio_err," -config file   request template file.\n");
+ 		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
+ 		BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
+diff -up openssl-1.0.0d/apps/ts.c.dgst openssl-1.0.0d/apps/ts.c
+--- openssl-1.0.0d/apps/ts.c.dgst	2009-10-18 16:42:26.000000000 +0200
++++ openssl-1.0.0d/apps/ts.c	2011-04-05 21:16:07.000000000 +0200
+@@ -368,7 +368,7 @@ int MAIN(int argc, char **argv)
+ 	BIO_printf(bio_err, "usage:\n"
+ 		   "ts -query [-rand file%cfile%c...] [-config configfile] "
+ 		   "[-data file_to_hash] [-digest digest_bytes]"
+-		   "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
++		   "[-<hashalg>] "
+ 		   "[-policy object_id] [-no_nonce] [-cert] "
+ 		   "[-in request.tsq] [-out request.tsq] [-text]\n",
+ 		   LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+diff -up openssl-1.0.0d/apps/x509.c.dgst openssl-1.0.0d/apps/x509.c
+--- openssl-1.0.0d/apps/x509.c.dgst	2011-04-05 21:13:42.000000000 +0200
++++ openssl-1.0.0d/apps/x509.c	2011-04-05 21:13:17.000000000 +0200
+@@ -141,7 +141,7 @@ static const char *x509_usage[]={
+ " -set_serial     - serial number to use\n",
+ " -text           - print the certificate in text form\n",
+ " -C              - print out C code forms\n",
+-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
++" -<dgst>         - digest to use, see openssl dgst -h output for list\n",
+ " -extfile        - configuration file with X509V3 extensions to add\n",
+ " -extensions     - section from config file with X509V3 extensions to add\n",
+ " -clrext         - delete extensions before signing and input certificate\n",
+diff -up openssl-1.0.0d/doc/apps/ca.pod.dgst openssl-1.0.0d/doc/apps/ca.pod
+--- openssl-1.0.0d/doc/apps/ca.pod.dgst	2009-04-10 13:25:53.000000000 +0200
++++ openssl-1.0.0d/doc/apps/ca.pod	2011-04-05 21:16:39.000000000 +0200
+@@ -160,7 +160,8 @@ the number of days to certify the certif
+ =item B<-md alg>
+ 
+ the message digest to use. Possible values include md5, sha1 and mdc2.
+-This option also applies to CRLs.
++For full list of digests see openssl dgst -h output. This option also
++applies to CRLs.
+ 
+ =item B<-policy arg>
+ 
+diff -up openssl-1.0.0d/doc/apps/ocsp.pod.dgst openssl-1.0.0d/doc/apps/ocsp.pod
+--- openssl-1.0.0d/doc/apps/ocsp.pod.dgst	2008-02-25 19:11:47.000000000 +0100
++++ openssl-1.0.0d/doc/apps/ocsp.pod	2011-04-05 21:18:17.000000000 +0200
+@@ -210,7 +210,8 @@ check is not performed.
+ =item B<-md5|-sha1|-sha256|-ripemod160|...>
+ 
+ this option sets digest algorithm to use for certificate identification
+-in the OCSP request. By default SHA-1 is used. 
++in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
++the list of available algorithms.
+ 
+ =back
+ 
+diff -up openssl-1.0.0d/doc/apps/req.pod.dgst openssl-1.0.0d/doc/apps/req.pod
+--- openssl-1.0.0d/doc/apps/req.pod.dgst	2009-04-10 18:42:28.000000000 +0200
++++ openssl-1.0.0d/doc/apps/req.pod	2011-04-05 21:20:47.000000000 +0200
+@@ -201,7 +201,8 @@ will not be encrypted.
+ 
+ this specifies the message digest to sign the request with (such as
+ B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
+-the configuration file.
++the configuration file. For full list of possible digests see openssl
++dgst -h output.
+ 
+ Some public key algorithms may override this choice. For instance, DSA
+ signatures always use SHA1, GOST R 34.10 signatures always use
+diff -up openssl-1.0.0d/doc/apps/x509.pod.dgst openssl-1.0.0d/doc/apps/x509.pod
+--- openssl-1.0.0d/doc/apps/x509.pod.dgst	2010-01-12 18:27:11.000000000 +0100
++++ openssl-1.0.0d/doc/apps/x509.pod	2011-04-05 21:19:56.000000000 +0200
+@@ -101,6 +101,7 @@ the digest to use. This affects any sign
+ digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
+ specified then SHA1 is used. If the key being used to sign with is a DSA key
+ then this option has no effect: SHA1 is always used with DSA keys.
++For full list of digests see openssl dgst -h output.
+ 
+ =item B<-engine id>
+ 

openssl-1.0.0d-xmpp-starttls.patch

@@ -0,0 +1,12 @@
+diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c
+--- openssl-1.0.0d.old/apps/s_client.c	2011-07-17 21:05:19.934181169 +0200
++++ openssl-1.0.0d/apps/s_client.c	2011-07-17 21:11:42.747824990 +0200
+@@ -1186,7 +1186,7 @@
+ 		    "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ 		seen = BIO_read(sbio,mbuf,BUFSIZZ);
+ 		mbuf[seen] = 0;
+-		while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
++		while (!strcasestr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && !strcasestr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
+ 			{
+ 			if (strstr(mbuf, "/stream:features>"))
+ 				goto shut;

openssl-1.0.0e-chil-fixes.patch

@@ -0,0 +1,24 @@
+diff -up openssl-1.0.0e/engines/e_chil.c.chil openssl-1.0.0e/engines/e_chil.c
+--- openssl-1.0.0e/engines/e_chil.c.chil	2010-06-15 19:25:12.000000000 +0200
++++ openssl-1.0.0e/engines/e_chil.c	2011-09-21 17:32:03.000000000 +0200
+@@ -1261,6 +1261,11 @@ static int hwcrhk_insert_card(const char
+         UI *ui;
+ 	void *callback_data = NULL;
+         UI_METHOD *ui_method = NULL;
++	/* Despite what the documentation says prompt_info can be
++	 * an empty string.
++	 */
++	if (prompt_info && !*prompt_info)
++		prompt_info = NULL;
+ 
+         if (cactx)
+                 {
+@@ -1287,7 +1292,7 @@ static int hwcrhk_insert_card(const char
+ 
+ 	if (ui)
+ 		{
+-		char answer;
++		char answer = '\0';
+ 		char buf[BUFSIZ];
+ 		/* Despite what the documentation says wrong_info can be
+ 	 	 * an empty string.

openssl-1.0.1-beta2-fips-md5-allow.patch

@@ -0,0 +1,21 @@
+diff -up openssl-1.0.1-beta2/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.1-beta2/crypto/md5/md5_dgst.c
+--- openssl-1.0.1-beta2/crypto/md5/md5_dgst.c.md5-allow	2012-02-06 20:09:56.000000000 +0100
++++ openssl-1.0.1-beta2/crypto/md5/md5_dgst.c	2012-02-06 20:14:02.332117603 +0100
+@@ -71,7 +71,16 @@ const char MD5_version[]="MD5" OPENSSL_V
+ #define INIT_DATA_C (unsigned long)0x98badcfeL
+ #define INIT_DATA_D (unsigned long)0x10325476L
+ 
+-nonfips_md_init(MD5)
++int MD5_Init(MD5_CTX *c)
++#ifdef OPENSSL_FIPS
++	{
++	if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
++		OpenSSLDie(__FILE__, __LINE__, \
++                "Digest MD5 forbidden in FIPS mode!");
++	return private_MD5_Init(c);
++	}
++int private_MD5_Init(MD5_CTX *c)
++#endif
+ 	{
+ 	memset (c,0,sizeof(*c));
+ 	c->A=INIT_DATA_A;

openssl-1.0.1-pkgconfig-krb5.patch

@@ -0,0 +1,30 @@
+diff -up openssl-1.0.1/Makefile.org.krb5 openssl-1.0.1/Makefile.org
+--- openssl-1.0.1/Makefile.org.krb5	2012-03-14 21:15:04.000000000 +0100
++++ openssl-1.0.1/Makefile.org	2012-04-11 16:28:31.254725422 +0200
+@@ -370,7 +370,7 @@ libcrypto.pc: Makefile
+ 	    echo 'Requires: '; \
+ 	    echo 'Libs: -L$${libdir} -lcrypto'; \
+ 	    echo 'Libs.private: $(EX_LIBS)'; \
+-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
++	    echo 'Cflags: -I$${includedir}' ) > libcrypto.pc
+ 
+ libssl.pc: Makefile
+ 	@ ( echo 'prefix=$(INSTALLTOP)'; \
+@@ -383,7 +383,7 @@ libssl.pc: Makefile
+ 	    echo 'Version: '$(VERSION); \
+ 	    echo 'Requires: '; \
+ 	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+-	    echo 'Libs.private: $(EX_LIBS)'; \
++	    echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
+ 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+ 
+ openssl.pc: Makefile
+@@ -397,7 +397,7 @@ openssl.pc: Makefile
+ 	    echo 'Version: '$(VERSION); \
+ 	    echo 'Requires: '; \
+ 	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+-	    echo 'Libs.private: $(EX_LIBS)'; \
++	    echo 'Libs.private: $(EX_LIBS) $(LIBKRB5)'; \
+ 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+ 
+ Makefile: Makefile.org Configure config

openssl-1.0.1c-aliasing.patch

@@ -0,0 +1,12 @@
+diff -up openssl-1.0.1c/crypto/modes/Makefile.aliasing openssl-1.0.1c/crypto/modes/Makefile
+--- openssl-1.0.1c/crypto/modes/Makefile.aliasing	2011-08-12 00:36:17.000000000 +0200
++++ openssl-1.0.1c/crypto/modes/Makefile	2012-07-13 11:32:10.767829077 +0200
+@@ -12,7 +12,7 @@ AR=		ar r
+ 
+ MODES_ASM_OBJ=
+ 
+-CFLAGS= $(INCLUDES) $(CFLAG)
++CFLAGS= $(INCLUDES) $(CFLAG) -fno-strict-aliasing
+ ASFLAGS= $(INCLUDES) $(ASFLAG)
+ AFLAGS= $(ASFLAGS)
+ 

openssl-1.0.1c-default-paths.patch

@@ -0,0 +1,100 @@
+diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
+--- openssl-1.0.1c/apps/s_client.c.default-paths	2012-03-18 19:16:05.000000000 +0100
++++ openssl-1.0.1c/apps/s_client.c	2012-12-06 18:24:06.425933203 +0100
+@@ -1166,12 +1166,19 @@ bad:
+ 	if (!set_cert_key_stuff(ctx,cert,key))
+ 		goto end;
+ 
+-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(ctx)))
++	if (CAfile == NULL && CApath == NULL)
+ 		{
+-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
+-		ERR_print_errors(bio_err);
+-		/* goto end; */
++		if (!SSL_CTX_set_default_verify_paths(ctx))
++			{
++			ERR_print_errors(bio_err);
++			}
++		}
++	else
++		{
++		if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
+ 		}
+ 
+ #ifndef OPENSSL_NO_TLSEXT
+diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
+--- openssl-1.0.1c/apps/s_server.c.default-paths	2012-03-18 19:16:05.000000000 +0100
++++ openssl-1.0.1c/apps/s_server.c	2012-12-06 18:25:11.199329611 +0100
+@@ -1565,13 +1565,21 @@ bad:
+ 		}
+ #endif
+ 
+-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(ctx)))
++	if (CAfile == NULL && CApath == NULL)
+ 		{
+-		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+-		ERR_print_errors(bio_err);
+-		/* goto end; */
++		if (!SSL_CTX_set_default_verify_paths(ctx))
++			{
++			ERR_print_errors(bio_err);
++			}
++		}
++	else
++		{
++		if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
+ 		}
++
+ 	if (vpm)
+ 		SSL_CTX_set1_param(ctx, vpm);
+ 
+@@ -1622,8 +1630,11 @@ bad:
+ 		else
+ 			SSL_CTX_sess_set_cache_size(ctx2,128);
+ 
+-		if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
+-			(!SSL_CTX_set_default_verify_paths(ctx2)))
++		if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
++		if (!SSL_CTX_set_default_verify_paths(ctx2))
+ 			{
+ 			ERR_print_errors(bio_err);
+ 			}
+diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
+--- openssl-1.0.1c/apps/s_time.c.default-paths	2006-04-17 14:22:13.000000000 +0200
++++ openssl-1.0.1c/apps/s_time.c	2012-12-06 18:27:41.694574044 +0100
+@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
+ 
+ 	SSL_load_error_strings();
+ 
+-	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
++	if (CAfile == NULL && CApath == NULL)
+ 		{
+-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
+-		ERR_print_errors(bio_err);
+-		/* goto end; */
++		if (!SSL_CTX_set_default_verify_paths(tm_ctx))
++			{
++			ERR_print_errors(bio_err);
++			}
++		}
++	else
++		{
++		if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
++			{
++			ERR_print_errors(bio_err);
++			}
+ 		}
+ 
+ 	if (tm_cipher == NULL)

openssl-1.0.1c-dh-1024.patch

@@ -0,0 +1,61 @@
+diff -up openssl-1.0.1c/apps/s_server.c.dh1024 openssl-1.0.1c/apps/s_server.c
+--- openssl-1.0.1c/apps/s_server.c.dh1024	2012-11-14 20:27:50.000000000 +0100
++++ openssl-1.0.1c/apps/s_server.c	2012-11-15 20:56:15.247774465 +0100
+@@ -222,27 +222,31 @@ static void s_server_init(void);
+ #endif
+ 
+ #ifndef OPENSSL_NO_DH
+-static unsigned char dh512_p[]={
+-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+-	0x47,0x74,0xE8,0x33,
+-	};
+-static unsigned char dh512_g[]={
+-	0x02,
+-	};
+-
+-static DH *get_dh512(void)
++static DH *get_dh1024()
+ 	{
+-	DH *dh=NULL;
++	static unsigned char dh1024_p[]={
++		0x99,0x58,0xFA,0x90,0x53,0x2F,0xE0,0x61,0x83,0x9D,0x54,0x63,
++		0xBD,0x35,0x5A,0x31,0xF3,0xC6,0x79,0xE5,0xA0,0x0F,0x66,0x79,
++		0x3C,0xA0,0x7F,0xE8,0xA2,0x5F,0xDF,0x11,0x08,0xA3,0xF0,0x3C,
++		0xC3,0x3C,0x5D,0x50,0x2C,0xD5,0xD6,0x58,0x12,0xDB,0xC1,0xEF,
++		0xB4,0x47,0x4A,0x5A,0x39,0x8A,0x4E,0xEB,0x44,0xE2,0x07,0xFB,
++		0x3D,0xA3,0xC7,0x6E,0x52,0xF3,0x2B,0x7B,0x10,0xA5,0x98,0xE3,
++		0x38,0x2A,0xE2,0x7F,0xA4,0x8F,0x26,0x87,0x9B,0x66,0x7A,0xED,
++		0x2D,0x4C,0xE7,0x33,0x77,0x47,0x94,0x43,0xB6,0xAA,0x97,0x23,
++		0x8A,0xFC,0xA5,0xA6,0x64,0x09,0xC0,0x27,0xC0,0xEF,0xCB,0x05,
++		0x90,0x9D,0xD5,0x75,0xBA,0x00,0xE0,0xFB,0xA8,0x81,0x52,0xA4,
++		0xB2,0x83,0x22,0x5B,0xCB,0xD7,0x16,0x93,
++		};
++	static unsigned char dh1024_g[]={
++		0x02,
++		};
++	DH *dh;
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
+-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+ 	if ((dh->p == NULL) || (dh->g == NULL))
+-		return(NULL);
++		{ DH_free(dh); return(NULL); }
+ 	return(dh);
+ 	}
+ #endif
+@@ -1657,7 +1661,7 @@ bad:
+ 		else
+ 			{
+ 			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+-			dh=get_dh512();
++			dh=get_dh1024();
+ 			}
+ 		(void)BIO_flush(bio_s_out);
+ 

openssl-1.0.1c-perlfind.patch

@@ -0,0 +1,16 @@
+diff -up openssl-1.0.1c/util/perlpath.pl.perlfind openssl-1.0.1c/util/perlpath.pl
+--- openssl-1.0.1c/util/perlpath.pl.perlfind	2012-07-11 22:57:33.000000000 +0200
++++ openssl-1.0.1c/util/perlpath.pl	2012-07-12 00:31:12.102156275 +0200
+@@ -4,10 +4,10 @@
+ # line in all scripts that rely on perl.
+ #
+ 
+-require "find.pl";
++use File::Find;
+ 
+ $#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+-&find(".");
++find(\&wanted, ".");
+ 
+ sub wanted
+ 	{

openssl-1.0.1e-arm-use-elf-auxv-caps.patch

@@ -0,0 +1,93 @@
+diff --git a/crypto/armcap.c b/crypto/armcap.c
+index 5258d2f..efb4009 100644
+--- a/crypto/armcap.c
++++ b/crypto/armcap.c
+@@ -9,11 +9,6 @@
+ 
+ unsigned int OPENSSL_armcap_P;
+ 
+-static sigset_t all_masked;
+-
+-static sigjmp_buf ill_jmp;
+-static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
+-
+ /*
+  * Following subroutines could have been inlined, but it's not all
+  * ARM compilers support inline assembler...
+@@ -29,24 +24,26 @@ unsigned int OPENSSL_rdtsc(void)
+ 		return 0;
+ 	}
+ 
+-#if defined(__GNUC__) && __GNUC__>=2
+-void OPENSSL_cpuid_setup(void) __attribute__((constructor));
+-#endif
+-void OPENSSL_cpuid_setup(void)
++#if defined(__GLIBC__) && __GLIBC__>=2 && __GLIBC_MINOR__>=16
++#include <sys/auxv.h>
++
++void OPENSSL_cpuid_find(void)
++	{
++		unsigned long hwcap = getauxval(AT_HWCAP);
++		char *plat = (char *)getauxval(AT_PLATFORM);
++
++		OPENSSL_armcap_P |= hwcap & HWCAP_ARM_NEON ? ARMV7_NEON : 0;
++		OPENSSL_armcap_P |= plat ? (plat[1] == '7' ? ARMV7_TICK : 0) : 0;
++	}
++#else
++static sigset_t all_masked;
++static sigjmp_buf ill_jmp;
++static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
++
++void OPENSSL_cpuid_find(void)
+ 	{
+-	char *e;
+ 	struct sigaction	ill_oact,ill_act;
+ 	sigset_t		oset;
+-	static int trigger=0;
+-
+-	if (trigger) return;
+-	trigger=1;
+- 
+-	if ((e=getenv("OPENSSL_armcap")))
+-		{
+-		OPENSSL_armcap_P=strtoul(e,NULL,0);
+-		return;
+-		}
+ 
+ 	sigfillset(&all_masked);
+ 	sigdelset(&all_masked,SIGILL);
+@@ -55,8 +52,6 @@ void OPENSSL_cpuid_setup(void)
+ 	sigdelset(&all_masked,SIGBUS);
+ 	sigdelset(&all_masked,SIGSEGV);
+ 
+-	OPENSSL_armcap_P = 0;
+-
+ 	memset(&ill_act,0,sizeof(ill_act));
+ 	ill_act.sa_handler = ill_handler;
+ 	ill_act.sa_mask    = all_masked;
+@@ -78,3 +73,25 @@ void OPENSSL_cpuid_setup(void)
+ 	sigaction (SIGILL,&ill_oact,NULL);
+ 	sigprocmask(SIG_SETMASK,&oset,NULL);
+ 	}
++#endif
++
++#if defined(__GNUC__) && __GNUC__>=2
++void OPENSSL_cpuid_setup(void) __attribute__((constructor));
++#endif
++void OPENSSL_cpuid_setup(void)
++	{
++	char *e;
++	static int trigger=0;
++
++	if (trigger) return;
++	trigger=1;
++
++	if ((e=getenv("OPENSSL_armcap")))
++		{
++		OPENSSL_armcap_P=strtoul(e,NULL,0);
++		return;
++		}
++
++	OPENSSL_armcap_P = 0;
++	OPENSSL_cpuid_find();
++	}

openssl-1.0.1e-cc-reqs.patch

@@ -0,0 +1,25 @@
+diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.cc-reqs	2015-01-13 12:45:51.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_gen.c	2015-01-15 17:35:04.649697922 +0100
+@@ -438,6 +438,10 @@ static int rsa_builtin_keygen(RSA *rsa,
+ 	if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
+ 	if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
+ 
++	/* prepare minimum p and q difference */
++	if (!BN_one(r3)) goto err;
++	if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100)) goto err;
++
+ 	BN_copy(rsa->e, e_value);
+ 
+ 	/* generate p and q */
+@@ -463,7 +467,9 @@ static int rsa_builtin_keygen(RSA *rsa,
+ 			{
+ 			if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+ 				goto err;
+-			} while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
++	       		if (!BN_sub(r2, rsa->q, rsa->p))
++				goto err;
++			} while((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
+ 		if(degenerate == 3)
+ 			{
+ 			ok = 0; /* we set our own err */

openssl-1.0.1e-compat-symbols.patch

@@ -0,0 +1,46 @@
+diff -up openssl-1.0.1e/crypto/dsa/dsa_key.c.compat openssl-1.0.1e/crypto/dsa/dsa_key.c
+--- openssl-1.0.1e/crypto/dsa/dsa_key.c.compat	2013-11-26 14:36:35.000000000 +0100
++++ openssl-1.0.1e/crypto/dsa/dsa_key.c	2013-12-11 16:34:58.638549687 +0100
+@@ -68,6 +68,11 @@
+ #include <openssl/fips.h>
+ #include <openssl/evp.h>
+ 
++/* just a compatibility symbol - no-op */
++void FIPS_corrupt_dsa_keygen(void)
++	{
++	}
++
+ static int fips_check_dsa(DSA *dsa)
+ 	{
+ 	EVP_PKEY *pk;
+diff -up openssl-1.0.1e/crypto/engine/eng_all.c.compat openssl-1.0.1e/crypto/engine/eng_all.c
+--- openssl-1.0.1e/crypto/engine/eng_all.c.compat	2013-11-26 14:36:35.000000000 +0100
++++ openssl-1.0.1e/crypto/engine/eng_all.c	2013-12-11 16:32:13.512820424 +0100
+@@ -62,6 +62,11 @@
+ #include <openssl/fips.h>
+ #endif
+ 
++/* just backwards compatibility symbol - no-op */
++void ENGINE_load_aesni (void)
++{
++}
++
+ void ENGINE_load_builtin_engines(void)
+ 	{
+ 	/* Some ENGINEs need this */
+diff -up openssl-1.0.1e/crypto/fips/fips.c.compat openssl-1.0.1e/crypto/fips/fips.c
+--- openssl-1.0.1e/crypto/fips/fips.c.compat	2013-11-26 14:36:35.000000000 +0100
++++ openssl-1.0.1e/crypto/fips/fips.c	2013-12-11 16:38:52.524831858 +0100
+@@ -111,6 +111,12 @@ int FIPS_module_mode(void)
+ 	return ret;
+ 	}
+ 
++/* just a compat symbol - return NULL */
++const void *FIPS_rand_check(void)
++	{
++	return NULL;
++	}
++
+ int FIPS_selftest_failed(void)
+     {
+     int ret = 0;

openssl-1.0.1e-cve-2015-0286.patch

@@ -0,0 +1,13 @@
+diff -up openssl-1.0.1e/crypto/asn1/a_type.c.bool-cmp openssl-1.0.1e/crypto/asn1/a_type.c
+--- openssl-1.0.1e/crypto/asn1/a_type.c.bool-cmp	2015-03-18 13:02:36.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/a_type.c	2015-03-18 14:38:07.111401390 +0100
+@@ -124,6 +124,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, co
+ 	case V_ASN1_OBJECT:
+ 		result = OBJ_cmp(a->value.object, b->value.object);
+ 		break;
++	case V_ASN1_BOOLEAN:
++		result = a->value.boolean - b->value.boolean;
++		break;
+ 	case V_ASN1_NULL:
+ 		result = 0;	/* They do not have content. */
+ 		break;

openssl-1.0.1e-cve-2015-0287.patch

@@ -0,0 +1,46 @@
+diff -up openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse openssl-1.0.1e/crypto/asn1/tasn_dec.c
+--- openssl-1.0.1e/crypto/asn1/tasn_dec.c.item-reuse	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/tasn_dec.c	2015-03-19 15:46:51.097022616 +0100
+@@ -310,9 +310,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ 		case ASN1_ITYPE_CHOICE:
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+-
+-		/* Allocate structure */
+-		if (!*pval && !ASN1_item_ex_new(pval, it))
++		if (*pval)
++			{
++			/* Free up and zero CHOICE value if initialised */
++			i = asn1_get_choice_selector(pval, it);
++			if ((i >= 0) && (i < it->tcount))
++				{
++				tt = it->templates + i;
++				pchptr = asn1_get_field_ptr(pval, tt);
++				ASN1_template_free(pchptr, tt);
++				asn1_set_choice_selector(pval, -1, it);
++				}
++			}
++		else if (!ASN1_item_ex_new(pval, it))
+ 			{
+ 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ 						ERR_R_NESTED_ASN1_ERROR);
+@@ -407,6 +417,19 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+ 
++		/* Free up and zero any ADB found */
++		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
++			{
++			if (tt->flags & ASN1_TFLG_ADB_MASK)
++				{
++				const ASN1_TEMPLATE *seqtt;
++				ASN1_VALUE **pseqval;
++				seqtt = asn1_do_adb(pval, tt, 1);
++				pseqval = asn1_get_field_ptr(pval, seqtt);
++				ASN1_template_free(pseqval, seqtt);
++				}
++			}
++
+ 		/* Get each field entry */
+ 		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ 			{

openssl-1.0.1e-cve-2015-0288.patch

@@ -0,0 +1,12 @@
+diff -up openssl-1.0.1e/crypto/x509/x509_req.c.req-null-deref openssl-1.0.1e/crypto/x509/x509_req.c
+--- openssl-1.0.1e/crypto/x509/x509_req.c.req-null-deref	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x509_req.c	2015-03-18 18:34:35.732448017 +0100
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_
+ 		goto err;
+ 
+ 	pktmp = X509_get_pubkey(x);
++	if (pktmp == NULL)
++		goto err;
+ 	i=X509_REQ_set_pubkey(ret,pktmp);
+ 	EVP_PKEY_free(pktmp);
+ 	if (!i) goto err;

openssl-1.0.1e-cve-2015-0293.patch

@@ -0,0 +1,102 @@
+diff -up openssl-1.0.1e/ssl/s2_lib.c.ssl2-assert openssl-1.0.1e/ssl/s2_lib.c
+--- openssl-1.0.1e/ssl/s2_lib.c.ssl2-assert	2015-03-18 13:02:36.000000000 +0100
++++ openssl-1.0.1e/ssl/s2_lib.c	2015-03-18 18:22:20.195322489 +0100
+@@ -488,7 +488,7 @@ int ssl2_generate_key_material(SSL *s)
+ 
+ 		OPENSSL_assert(s->session->master_key_length >= 0
+ 		    && s->session->master_key_length
+-		    < (int)sizeof(s->session->master_key));
++		    <= (int)sizeof(s->session->master_key));
+ 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ 		EVP_DigestUpdate(&ctx,&c,1);
+ 		c++;
+diff -up openssl-1.0.1e/ssl/s2_srvr.c.ssl2-assert openssl-1.0.1e/ssl/s2_srvr.c
+--- openssl-1.0.1e/ssl/s2_srvr.c.ssl2-assert	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/s2_srvr.c	2015-03-18 18:30:11.403974038 +0100
+@@ -446,9 +446,6 @@ static int get_client_master_key(SSL *s)
+ 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ 		return(-1);
+ 		}
+-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+ 
+ 	is_export=SSL_C_IS_EXPORT(s->session->cipher);
+ 	
+@@ -467,21 +464,61 @@ static int get_client_master_key(SSL *s)
+ 	else
+ 		ek=5;
+ 
++	/*
++	 * The format of the CLIENT-MASTER-KEY message is
++	 * 1 byte message type
++	 * 3 bytes cipher
++	 * 2-byte clear key length (stored in s->s2->tmp.clear)
++	 * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++	 * 2-byte key args length (IV etc)
++	 * clear key
++	 * encrypted key
++	 * key args
++	 *
++	 * If the cipher is an export cipher, then the encrypted key bytes
++	 * are a fixed portion of the total key (5 or 8 bytes). The size of
++	 * this portion is in |ek|. If the cipher is not an export cipher,
++	 * then the entire key material is encrypted (i.e., clear key length
++	 * must be zero).
++	 */
++	 if ((!is_export && s->s2->tmp.clear != 0) ||
++		(is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c)))
++		{
++		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++		return -1;
++		}
++	/*
++	 * The encrypted blob must decrypt to the encrypted portion of the key.
++	 * Decryption can't be expanding, so if we don't have enough encrypted
++	 * bytes to fit the key in the buffer, stop now.
++	 */
++	if ((is_export && s->s2->tmp.enc < ek) ||
++		(!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c)))
++		{
++		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++		return -1;
++		}
++
++	i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++		&(p[s->s2->tmp.clear]),
++		&(p[s->s2->tmp.clear]),
++		(s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : RSA_PKCS1_PADDING);
++
+ 	/* bad decrypt */
+ #if 1
+ 	/* If a bad decrypt, continue with protocol but with a
+ 	 * random master secret (Bleichenbacher attack) */
+-	if ((i < 0) ||
+-		((!is_export && (i != EVP_CIPHER_key_length(c)))
+-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+-			(unsigned int)EVP_CIPHER_key_length(c))))))
++	if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++		|| (is_export && i != ek)))
+ 		{
+ 		ERR_clear_error();
+ 		if (is_export)
+ 			i=ek;
+ 		else
+ 			i=EVP_CIPHER_key_length(c);
+-		if (RAND_pseudo_bytes(p,i) <= 0)
++		if (RAND_pseudo_bytes(&p[s->s2->tmp.clear],i) <= 0)
+ 			return 0;
+ 		}
+ #else
+@@ -505,7 +542,8 @@ static int get_client_master_key(SSL *s)
+ 		}
+ #endif
+ 
+-	if (is_export) i+=s->s2->tmp.clear;
++	if (is_export)
++		i = EVP_CIPHER_key_length(c);
+ 
+ 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ 		{

openssl-1.0.1e-cve-2015-1789.patch

@@ -0,0 +1,103 @@
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.oob-read openssl-1.0.1e/crypto/x509/x509_vfy.c
+--- openssl-1.0.1e/crypto/x509/x509_vfy.c.oob-read	2015-05-25 12:03:41.000000000 +0200
++++ openssl-1.0.1e/crypto/x509/x509_vfy.c	2015-06-09 15:01:51.688640453 +0200
+@@ -1702,49 +1702,92 @@ int X509_cmp_time(const ASN1_TIME *ctm,
+ 	ASN1_TIME atm;
+ 	long offset;
+ 	char buff1[24],buff2[24],*p;
+-	int i,j;
++	int i, j, remaining;
+ 
+ 	p=buff1;
+-	i=ctm->length;
++	remaining=ctm->length;
+ 	str=(char *)ctm->data;
++	/*
++	 * Note that the following (historical) code allows much more slack in the
++	 * time format than RFC5280. In RFC5280, the representation is fixed:
++	 * UTCTime: YYMMDDHHMMSSZ
++	 * GeneralizedTime: YYYYMMDDHHMMSSZ
++	 */
+ 	if (ctm->type == V_ASN1_UTCTIME)
+ 		{
+-		if ((i < 11) || (i > 17)) return 0;
++		/* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
++		int min_length = sizeof("YYMMDDHHMMZ") - 1;
++		int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
++		if (remaining < min_length || remaining > max_length)
++			return 0;
+ 		memcpy(p,str,10);
+ 		p+=10;
+ 		str+=10;
++		remaining -= 10;
+ 		}
+ 	else
+ 		{
+-		if (i < 13) return 0;
++		/* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
++		int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
++		int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
++		if (remaining < min_length || remaining > max_length)
++			return 0;
+ 		memcpy(p,str,12);
+ 		p+=12;
+ 		str+=12;
++		remaining -= 12;
+ 		}
+ 
+ 	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+ 		{ *(p++)='0'; *(p++)='0'; }
+ 	else
+ 		{ 
++		/* SS (seconds) */
++		if (remaining < 2)
++			return 0;
+ 		*(p++)= *(str++);
+ 		*(p++)= *(str++);
+-		/* Skip any fractional seconds... */
+-		if (*str == '.')
++		remaining -= 2;
++		/*
++		 * Skip any (up to three) fractional seconds...
++		 * TODO(emilia): in RFC5280, fractional seconds are forbidden.
++		 * Can we just kill them altogether?
++		 */
++		if (remaining && *str == '.')
+ 			{
+ 			str++;
+-			while ((*str >= '0') && (*str <= '9')) str++;
++			remaining--;
++			for (i = 0; i < 3 && remaining; i++, str++, remaining--)
++				{
++				if (*str < '0' || *str > '9')
++					break;
++				}
+ 			}
+ 		
+ 		}
+ 	*(p++)='Z';
+ 	*(p++)='\0';
+ 
++	/* We now need either a terminating 'Z' or an offset. */
++	if (!remaining)
++		return 0;
+ 	if (*str == 'Z')
++		{
++		if (remaining != 1)
++			return 0;
+ 		offset=0;
++		}
+ 	else
+ 		{
++	        /* (+-)HHMM */
+ 		if ((*str != '+') && (*str != '-'))
+ 			return 0;
++		/* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
++		if (remaining != 5)
++			return 0;
++		if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
++			str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
++			return 0;
+ 		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
+ 		offset+=(str[3]-'0')*10+(str[4]-'0');
+ 		if (*str == '-')

openssl-1.0.1e-cve-2015-1790.patch

@@ -0,0 +1,55 @@
+diff -up openssl-1.0.1e/crypto/pkcs7/pk7_doit.c.missing-content openssl-1.0.1e/crypto/pkcs7/pk7_doit.c
+--- openssl-1.0.1e/crypto/pkcs7/pk7_doit.c.missing-content	2015-05-25 12:03:41.000000000 +0200
++++ openssl-1.0.1e/crypto/pkcs7/pk7_doit.c	2015-06-09 15:21:21.377951520 +0200
+@@ -472,6 +472,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ 	switch (i)
+ 		{
+ 	case NID_pkcs7_signed:
++		/*
++		 * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
++		 * field and optional content.
++		 * data_body is NULL if that structure has no (=detached) content
++		 * or if the contentType is wrong (i.e., not "data").
++		 */
+ 		data_body=PKCS7_get_octet_string(p7->d.sign->contents);
+ 		if (!PKCS7_is_detached(p7) && data_body == NULL)
+ 			{
+@@ -484,6 +490,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ 	case NID_pkcs7_signedAndEnveloped:
+ 		rsk=p7->d.signed_and_enveloped->recipientinfo;
+ 		md_sk=p7->d.signed_and_enveloped->md_algs;
++		/* data_body is NULL if the optional EncryptedContent is missing. */
+ 		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
+ 		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
+ 		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
+@@ -496,6 +503,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ 	case NID_pkcs7_enveloped:
+ 		rsk=p7->d.enveloped->recipientinfo;
+ 		enc_alg=p7->d.enveloped->enc_data->algorithm;
++		/* data_body is NULL if the optional EncryptedContent is missing. */
+ 		data_body=p7->d.enveloped->enc_data->enc_data;
+ 		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
+ 		if (evp_cipher == NULL)
+@@ -509,6 +517,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ 	        goto err;
+ 		}
+ 
++	/* Detached content must be supplied via in_bio instead. */
++	if (data_body == NULL && in_bio == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++		goto err;
++		}
++
+ 	/* We will be checking the signature */
+ 	if (md_sk != NULL)
+ 		{
+@@ -665,7 +680,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ 		}
+ 
+ #if 1
+-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
++	if (in_bio != NULL)
+ 		{
+ 		bio=in_bio;
+ 		}

openssl-1.0.1e-cve-2015-1792.patch

@@ -0,0 +1,12 @@
+diff -up openssl-1.0.1e/crypto/cms/cms_smime.c.unknown-hash openssl-1.0.1e/crypto/cms/cms_smime.c
+--- openssl-1.0.1e/crypto/cms/cms_smime.c.unknown-hash	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/cms/cms_smime.c	2015-06-09 16:07:16.001516190 +0200
+@@ -141,7 +141,7 @@ static void do_free_upto(BIO *f, BIO *up
+ 			BIO_free(f);
+ 			f = tbio;
+ 			}
+-		while (f != upto);
++		while (f && f != upto);
+ 		}
+ 	else
+ 		BIO_free_all(f);

openssl-1.0.1e-defaults.patch

@@ -1,7 +1,7 @@
-diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cnf
---- openssl-1.1.1a/apps/openssl.cnf.defaults	2018-11-20 14:35:37.000000000 +0100
-+++ openssl-1.1.1a/apps/openssl.cnf	2019-01-15 13:56:50.841719776 +0100
-@@ -74,7 +74,7 @@ cert_opt 	= ca_default		# Certificate fi
+diff -up openssl-1.0.1e/apps/openssl.cnf.defaults openssl-1.0.1e/apps/openssl.cnf
+--- openssl-1.0.1e/apps/openssl.cnf.defaults	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/apps/openssl.cnf	2014-02-06 18:00:00.170929334 +0100
+@@ -72,7 +72,7 @@ cert_opt 	= ca_default		# Certificate fi
  
  default_days	= 365			# how long to certify for
  default_crl_days= 30			# how long before next CRL
@@ -10,15 +10,17 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
  preserve	= no			# keep passed DN ordering
  
  # A few difference way of specifying how similar the request should look
-@@ -106,6 +106,7 @@ emailAddress		= optional
+@@ -103,7 +103,8 @@ emailAddress		= optional
+ 
  ####################################################################
  [ req ]
- default_bits		= 2048
+-default_bits		= 1024
++default_bits		= 2048
 +default_md		= sha256
  default_keyfile 	= privkey.pem
  distinguished_name	= req_distinguished_name
  attributes		= req_attributes
-@@ -128,17 +129,18 @@ string_mask = utf8only
+@@ -126,17 +127,18 @@ string_mask = utf8only
  
  [ req_distinguished_name ]
  countryName			= Country Name (2 letter code)
@@ -40,7 +42,7 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
  
  # we can do this but it is not needed normally :-)
  #1.organizationName		= Second Organization Name (eg, company)
-@@ -147,7 +149,7 @@ localityName			= Locality Name (eg, city
+@@ -145,7 +147,7 @@ localityName			= Locality Name (eg, city
  organizationalUnitName		= Organizational Unit Name (eg, section)
  #organizationalUnitName_default	=
  
@@ -49,3 +51,12 @@ diff -up openssl-1.1.1a/apps/openssl.cnf.defaults openssl-1.1.1a/apps/openssl.cn
  commonName_max			= 64
  
  emailAddress			= Email Address
+@@ -339,7 +341,7 @@ signer_key	= $dir/private/tsakey.pem # T
+ default_policy	= tsa_policy1		# Policy if request did not specify it
+ 					# (optional)
+ other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+-digests		= md5, sha1		# Acceptable message digests (mandatory)
++digests		= sha1, sha256, sha384, sha512	# Acceptable message digests (mandatory)
+ accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+ clock_precision_digits  = 0	# number of digits after dot. (optional)
+ ordering		= yes	# Is ordering defined for timestamps?

openssl-1.0.1e-enc-fail.patch

@@ -0,0 +1,39 @@
+diff -up openssl-1.0.1e/crypto/evp/bio_enc.c.enc-fail openssl-1.0.1e/crypto/evp/bio_enc.c
+--- openssl-1.0.1e/crypto/evp/bio_enc.c.enc-fail	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/evp/bio_enc.c	2014-03-04 15:21:12.185821738 +0100
+@@ -198,10 +198,15 @@ static int enc_read(BIO *b, char *out, i
+ 			}
+ 		else
+ 			{
+-			EVP_CipherUpdate(&(ctx->cipher),
++			if (!EVP_CipherUpdate(&(ctx->cipher),
+ 				(unsigned char *)ctx->buf,&ctx->buf_len,
+-				(unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
+-			ctx->cont=1;
++				(unsigned char *)&(ctx->buf[BUF_OFFSET]),i))
++				{
++				ctx->ok = 0;
++				ctx->cont = 0;
++				}
++			else
++				ctx->cont=1;
+ 			/* Note: it is possible for EVP_CipherUpdate to
+ 			 * decrypt zero bytes because this is or looks like
+ 			 * the final block: if this happens we should retry
+@@ -257,9 +262,14 @@ static int enc_write(BIO *b, const char
+ 	while (inl > 0)
+ 		{
+ 		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+-		EVP_CipherUpdate(&(ctx->cipher),
++		if (!EVP_CipherUpdate(&(ctx->cipher),
+ 			(unsigned char *)ctx->buf,&ctx->buf_len,
+-			(unsigned char *)in,n);
++			(unsigned char *)in,n))
++			{
++			BIO_copy_next_retry(b);
++			ctx->ok = 0;
++			return ret - inl;
++			}
+ 		inl-=n;
+ 		in+=n;
+ 

openssl-1.0.1e-env-zlib.patch

@@ -0,0 +1,38 @@
+diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
+--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib	2013-02-11 16:02:48.000000000 +0100
++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod	2013-02-19 16:32:51.000000000 +0100
+@@ -47,6 +47,13 @@ Once the identities of the compression m
+ been standardized, the compression API will most likely be changed. Using
+ it in the current state is not recommended.
+ 
++It is also not recommended to use compression if data transfered contain
++untrusted parts that can be manipulated by an attacker as he could then
++get information about the encrypted data. See the CRIME attack. For
++that reason the default loading of the zlib compression method is
++disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB>
++is present during the library initialization.
++
+ =head1 RETURN VALUES
+ 
+ SSL_COMP_add_compression_method() may return the following values:
+diff -up openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib openssl-1.0.1e/ssl/ssl_ciph.c
+--- openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/ssl/ssl_ciph.c	2013-02-19 16:37:36.163545085 +0100
+@@ -140,6 +140,8 @@
+  * OTHERWISE.
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <openssl/objects.h>
+ #ifndef OPENSSL_NO_COMP
+@@ -455,7 +457,7 @@ static void load_builtin_compressions(vo
+ 
+ 			MemCheck_off();
+ 			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+-			if (ssl_comp_methods != NULL)
++			if (ssl_comp_methods != NULL && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL)
+ 				{
+ 				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+ 				if (comp != NULL)

openssl-1.0.1e-fips-ctor.patch

@@ -0,0 +1,179 @@
+diff -up openssl-1.0.1e/crypto/fips/fips.c.fips-ctor openssl-1.0.1e/crypto/fips/fips.c
+--- openssl-1.0.1e/crypto/fips/fips.c.fips-ctor	2013-09-26 13:52:30.767885457 +0200
++++ openssl-1.0.1e/crypto/fips/fips.c	2013-09-26 14:01:29.406010187 +0200
+@@ -60,6 +60,8 @@
+ #include <dlfcn.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <unistd.h>
++#include <errno.h>
+ #include "fips_locl.h"
+ 
+ #ifdef OPENSSL_FIPS
+@@ -198,8 +200,10 @@ bin2hex(void *buf, size_t len)
+ 	return hex;
+ }
+ 
+-#define HMAC_PREFIX "." 
+-#define HMAC_SUFFIX ".hmac" 
++#define HMAC_PREFIX "."
++#ifndef HMAC_SUFFIX
++#define HMAC_SUFFIX ".hmac"
++#endif
+ #define READ_BUFFER_LENGTH 16384
+ 
+ static char *
+@@ -279,19 +283,13 @@ end:
+ }
+ 
+ static int
+-FIPSCHECK_verify(const char *libname, const char *symbolname)
++FIPSCHECK_verify(const char *path)
+ {
+-	char path[PATH_MAX+1];
+-	int rv;
++	int rv = 0;
+ 	FILE *hf;
+ 	char *hmacpath, *p;
+ 	char *hmac = NULL;
+ 	size_t n;
+-	
+-	rv = get_library_path(libname, symbolname, path, sizeof(path));
+-
+-	if (rv < 0)
+-		return 0;
+ 
+ 	hmacpath = make_hmac_path(path);
+ 	if (hmacpath == NULL)
+@@ -341,6 +339,53 @@ end:
+ 	return 1;	
+ }
+ 
++static int
++verify_checksums(void)
++    {
++	int rv;
++	char path[PATH_MAX+1];
++	char *p;
++
++	/* we need to avoid dlopening libssl, assume both libcrypto and libssl
++	   are in the same directory */
++
++	rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER, "FIPS_mode_set", path, sizeof(path));
++	if (rv < 0)
++		return 0;
++
++	rv = FIPSCHECK_verify(path);
++	if (!rv)
++		return 0;
++
++	/* replace libcrypto with libssl */
++	while ((p = strstr(path, "libcrypto.so")) != NULL)
++	    {
++		p = stpcpy(p, "libssl");
++                memmove(p, p+3, strlen(p+2));
++	    }
++
++	rv = FIPSCHECK_verify(path);
++	if (!rv)
++		return 0;
++	return 1;
++    }
++
++#ifndef FIPS_MODULE_PATH
++#define FIPS_MODULE_PATH "/etc/system-fips"
++#endif
++
++int
++FIPS_module_installed(void)
++    {
++    int rv;
++    rv = access(FIPS_MODULE_PATH, F_OK);
++    if (rv < 0 && errno != ENOENT)
++	rv = 0;
++
++    /* Installed == true */
++    return !rv;
++    }
++
+ int FIPS_module_mode_set(int onoff, const char *auth)
+     {
+     int ret = 0;
+@@ -379,15 +424,7 @@ int FIPS_module_mode_set(int onoff, cons
+ 	}
+ #endif
+ 
+-	if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
+-	    {
+-	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+-	    fips_selftest_fail = 1;
+-	    ret = 0;
+-	    goto end;
+-	    }
+-
+-	if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
++	if(!verify_checksums())
+ 	    {
+ 	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ 	    fips_selftest_fail = 1;
+diff -up openssl-1.0.1e/crypto/fips/fips.h.fips-ctor openssl-1.0.1e/crypto/fips/fips.h
+--- openssl-1.0.1e/crypto/fips/fips.h.fips-ctor	2013-09-26 13:52:30.814886515 +0200
++++ openssl-1.0.1e/crypto/fips/fips.h	2013-09-26 13:52:30.816886560 +0200
+@@ -74,6 +74,7 @@ struct hmac_ctx_st;
+ 
+ int FIPS_module_mode_set(int onoff, const char *auth);
+ int FIPS_module_mode(void);
++int FIPS_module_installed(void);
+ const void *FIPS_rand_check(void);
+ int FIPS_selftest(void);
+ int FIPS_selftest_failed(void);
+diff -up openssl-1.0.1e/crypto/o_init.c.fips-ctor openssl-1.0.1e/crypto/o_init.c
+--- openssl-1.0.1e/crypto/o_init.c.fips-ctor	2013-09-26 13:52:30.807886357 +0200
++++ openssl-1.0.1e/crypto/o_init.c	2013-09-26 14:00:21.000000000 +0200
+@@ -71,6 +71,9 @@ static void init_fips_mode(void)
+ 	char buf[2] = "0";
+ 	int fd;
+ 	
++	/* Ensure the selftests always run */
++	FIPS_mode_set(1);
++
+ 	if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ 		{
+ 		buf[0] = '1';
+@@ -85,9 +88,15 @@ static void init_fips_mode(void)
+ 	 * otherwise. 
+ 	 */
+ 	
+-	if (buf[0] == '1')
++	if (buf[0] != '1')
++		{
++		/* drop down to non-FIPS mode if it is not requested */
++		FIPS_mode_set(0);
++		}
++	else
+ 		{
+-		FIPS_mode_set(1);
++		/* abort if selftest failed */
++		FIPS_selftest_check();
+ 		}
+ 	}
+ #endif
+@@ -96,13 +105,17 @@ static void init_fips_mode(void)
+  * Currently only sets FIPS callbacks
+  */
+ 
+-void OPENSSL_init_library(void)
++void __attribute__ ((constructor)) OPENSSL_init_library(void)
+ 	{
+ 	static int done = 0;
+ 	if (done)
+ 		return;
+ 	done = 1;
+ #ifdef OPENSSL_FIPS
++	if (!FIPS_module_installed())
++		{
++		return;
++		}
+ 	RAND_init_fips();
+ 	init_fips_mode();
+ 	if (!FIPS_mode())

openssl-1.0.1e-issuer-hash.patch

@@ -0,0 +1,11 @@
+diff -up openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash openssl-1.0.1e/crypto/x509/x509_cmp.c
+--- openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x509_cmp.c	2013-02-19 12:46:11.315788592 +0100
+@@ -85,6 +85,7 @@ unsigned long X509_issuer_and_serial_has
+ 	char *f;
+ 
+ 	EVP_MD_CTX_init(&ctx);
++	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ 	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+ 	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
+ 		goto err;

openssl-1.0.1e-no-md5-verify.patch

@@ -0,0 +1,25 @@
+diff -up openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify openssl-1.0.1e/crypto/asn1/a_verify.c
+--- openssl-1.0.1e/crypto/asn1/a_verify.c.no-md5-verify	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/a_verify.c	2013-11-13 16:30:04.628791616 +0100
+@@ -56,6 +56,9 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
++
+ #include <stdio.h>
+ #include <time.h>
+ 
+@@ -171,6 +174,11 @@ int ASN1_item_verify(const ASN1_ITEM *it
+ 			goto err;
+ 		ret = -1;
+ 		}
++	else if (mdnid == NID_md5 && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL)
++		{
++		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
++		goto err;
++		}
+ 	else
+ 		{
+ 		const EVP_MD *type;

openssl-1.0.1e-rpmbuild.patch

@@ -0,0 +1,112 @@
+diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure
+--- openssl-1.0.1e/Configure.rpmbuild	2014-08-13 19:19:53.211005598 +0200
++++ openssl-1.0.1e/Configure	2014-08-13 19:29:21.704099285 +0200
+@@ -345,24 +345,24 @@ my %table=(
+ ####
+ # *-generic* is endian-neutral target, but ./config is free to
+ # throw in -D[BL]_ENDIAN, whichever appropriate...
+-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # It's believed that majority of ARM toolchains predefine appropriate -march.
+ # If you compiler does not, do complement config command line with one!
+-"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-armv4",	"gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ #### IA-32 targets...
+ "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+ ####
+-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+-"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+ # /proc/cpuinfo. The idea is to preserve most significant bits of
+@@ -376,16 +376,17 @@ my %table=(
+ # ldconfig and run-time linker to autodiscover. Unfortunately it
+ # doesn't work just yet, because of couple of bugs in glibc
+ # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+-"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
++"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+ # assisted with debugging of following two configs.
+-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # it's a real mess with -mcpu=ultrasparc option under Linux, but
+ # -Wa,-Av8plus should do the trick no matter what.
+-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ # GCC 3.1 is a requirement
+-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
++"linux-aarch64","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
+ #### Alpha Linux with GNU C and Compaq C setups
+ # Special notes:
+ # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+@@ -399,8 +400,8 @@ my %table=(
+ #
+ #					<appro@fy.chalmers.se>
+ #
+-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
++"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ 
+@@ -1675,7 +1676,7 @@ while (<IN>)
+ 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+ 		{
+ 		my $sotmp = $1;
+-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
+ 		}
+ 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+ 		{
+diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
+--- openssl-1.0.1e/Makefile.org.rpmbuild	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/Makefile.org	2014-08-13 19:19:53.218005759 +0200
+@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
+ SHLIB_MAJOR=
+ SHLIB_MINOR=
+ SHLIB_EXT=
++SHLIB_SONAMEVER=10
+ PLATFORM=dist
+ OPTIONS=
+ CONFIGURE_ARGS=
+@@ -333,10 +334,9 @@ clean-shared:
+ link-shared:
+ 	@ set -e; for i in $(SHLIBDIRS); do \
+ 		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ 			symlink.$(SHLIB_TARGET); \
+-		libs="$$libs -l$$i"; \
+ 	done
+ 
+ build-shared: do_$(SHLIB_TARGET) link-shared
+@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
+ 			libs="$(LIBKRB5) $$libs"; \
+ 		fi; \
+ 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ 			LIBDEPS="$$libs $(EX_LIBS)" \
+ 			link_a.$(SHLIB_TARGET); \

openssl-1.0.1e-secure-getenv.patch

@@ -0,0 +1,244 @@
+diff -up openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_api.c
+--- openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/conf/conf_api.c	2013-02-19 13:02:02.531188124 +0100
+@@ -63,6 +63,8 @@
+ # define NDEBUG
+ #endif
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <assert.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -142,7 +144,7 @@ char *_CONF_get_string(const CONF *conf,
+ 			if (v != NULL) return(v->value);
+ 			if (strcmp(section,"ENV") == 0)
+ 				{
+-				p=getenv(name);
++				p=secure_getenv(name);
+ 				if (p != NULL) return(p);
+ 				}
+ 			}
+@@ -155,7 +157,7 @@ char *_CONF_get_string(const CONF *conf,
+ 			return(NULL);
+ 		}
+ 	else
+-		return(getenv(name));
++		return (secure_getenv(name));
+ 	}
+ 
+ #if 0 /* There's no way to provide error checking with this function, so
+diff -up openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_mod.c
+--- openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/conf/conf_mod.c	2013-02-19 13:02:02.531188124 +0100
+@@ -56,6 +56,8 @@
+  *
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <ctype.h>
+ #include <openssl/crypto.h>
+@@ -548,8 +550,8 @@ char *CONF_get1_default_config_file(void
+ 	char *file;
+ 	int len;
+ 
+-	file = getenv("OPENSSL_CONF");
+-	if (file) 
++	file = secure_getenv("OPENSSL_CONF");
++	if (file)
+ 		return BUF_strdup(file);
+ 
+ 	len = strlen(X509_get_default_cert_area());
+diff -up openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1e/crypto/engine/eng_list.c
+--- openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/engine/eng_list.c	2013-02-19 13:02:02.536188233 +0100
+@@ -61,6 +61,8 @@
+  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include "eng_int.h"
+ 
+ /* The linked-list of pointers to engine types. engine_list_head
+@@ -399,9 +401,9 @@ ENGINE *ENGINE_by_id(const char *id)
+ 	if (strcmp(id, "dynamic"))
+ 		{
+ #ifdef OPENSSL_SYS_VMS
+-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
++		if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+ #else
+-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
++		if((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
+ #endif
+ 		iterator = ENGINE_by_id("dynamic");
+ 		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1e/crypto/md5/md5_dgst.c
+--- openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv	2013-02-19 13:02:02.492187275 +0100
++++ openssl-1.0.1e/crypto/md5/md5_dgst.c	2013-02-19 13:02:02.537188254 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include "md5_locl.h"
+ #include <openssl/opensslv.h>
+@@ -74,7 +76,7 @@ const char MD5_version[]="MD5" OPENSSL_V
+ int MD5_Init(MD5_CTX *c)
+ #ifdef OPENSSL_FIPS
+ 	{
+-	if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
++	if (FIPS_mode() && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
+ 		OpenSSLDie(__FILE__, __LINE__, \
+                 "Digest MD5 forbidden in FIPS mode!");
+ 	return private_MD5_Init(c);
+diff -up openssl-1.0.1e/crypto/o_init.c.secure-getenv openssl-1.0.1e/crypto/o_init.c
+--- openssl-1.0.1e/crypto/o_init.c.secure-getenv	2013-02-19 13:02:02.428185882 +0100
++++ openssl-1.0.1e/crypto/o_init.c	2013-02-19 13:02:02.538188276 +0100
+@@ -52,6 +52,8 @@
+  *
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <e_os.h>
+ #include <openssl/err.h>
+ #ifdef OPENSSL_FIPS
+@@ -71,7 +73,7 @@ static void init_fips_mode(void)
+ 	char buf[2] = "0";
+ 	int fd;
+ 	
+-	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
++	if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+ 		{
+ 		buf[0] = '1';
+ 		}
+diff -up openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv openssl-1.0.1e/crypto/rand/randfile.c
+--- openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/rand/randfile.c	2013-02-19 13:03:06.971591052 +0100
+@@ -60,6 +60,8 @@
+ #if !defined(OPENSSL_SYS_VXWORKS)
+ #define _XOPEN_SOURCE 500
+ #endif
++/* for secure_getenv */
++#define _GNU_SOURCE
+ 
+ #include <errno.h>
+ #include <stdio.h>
+@@ -277,8 +279,7 @@ const char *RAND_file_name(char *buf, si
+ 	struct stat sb;
+ #endif
+ 
+-	if (OPENSSL_issetugid() == 0)
+-		s=getenv("RANDFILE");
++	s=secure_getenv("RANDFILE");
+ 	if (s != NULL && *s && strlen(s) + 1 < size)
+ 		{
+ 		if (BUF_strlcpy(buf,s,size) >= size)
+@@ -286,8 +287,7 @@ const char *RAND_file_name(char *buf, si
+ 		}
+ 	else
+ 		{
+-		if (OPENSSL_issetugid() == 0)
+-			s=getenv("HOME");
++		s=secure_getenv("HOME");
+ #ifdef DEFAULT_HOME
+ 		if (s == NULL)
+ 			{
+diff -up openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1e/crypto/x509/by_dir.c
+--- openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/by_dir.c	2013-02-19 13:02:02.539188298 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -135,7 +137,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
+ 	case X509_L_ADD_DIR:
+ 		if (argl == X509_FILETYPE_DEFAULT)
+ 			{
+-			dir=(char *)getenv(X509_get_default_cert_dir_env());
++			dir=(char *)secure_getenv(X509_get_default_cert_dir_env());
+ 			if (dir)
+ 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
+ 			else
+diff -up openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv openssl-1.0.1e/crypto/x509/by_file.c
+--- openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv	2013-02-19 13:02:02.236181701 +0100
++++ openssl-1.0.1e/crypto/x509/by_file.c	2013-02-19 13:02:02.554188624 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -100,7 +102,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
+ 	case X509_L_FILE_LOAD:
+ 		if (argl == X509_FILETYPE_DEFAULT)
+ 			{
+-			file = (char *)getenv(X509_get_default_cert_file_env());
++			file = (char *)secure_getenv(X509_get_default_cert_file_env());
+ 			if (file)
+ 				ok = (X509_load_cert_crl_file(ctx,file,
+ 					      X509_FILETYPE_PEM) != 0);
+diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1e/crypto/x509/x509_vfy.c
+--- openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/x509/x509_vfy.c	2013-02-19 13:02:02.556188668 +0100
+@@ -56,6 +56,8 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <time.h>
+ #include <errno.h>
+@@ -481,7 +483,7 @@ static int check_chain_extensions(X509_S
+ 			!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+ 		/* A hack to keep people who don't want to modify their
+ 		   software happy */
+-		if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
++		if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ 			allow_proxy_certs = 1;
+ 		purpose = ctx->param->purpose;
+ 		}
+diff -up openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1e/engines/ccgost/gost_ctl.c
+--- openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/engines/ccgost/gost_ctl.c	2013-02-19 13:02:02.557188690 +0100
+@@ -6,6 +6,8 @@
+  *        Implementation of control commands for GOST engine          *
+  *            OpenSSL 0.9.9 libraries required                        *
+  **********************************************************************/            
++/* for secure_getenv */
++#define _GNU_SOURCE
+ #include <stdlib.h>
+ #include <string.h>
+ #include <openssl/crypto.h>
+@@ -65,7 +67,7 @@ const char *get_gost_engine_param(int pa
+ 		{
+ 		return gost_params[param];
+ 		}
+-	tmp = getenv(gost_envnames[param]);
++	tmp = secure_getenv(gost_envnames[param]);
+ 	if (tmp) 
+ 		{
+ 		if (gost_params[param]) OPENSSL_free(gost_params[param]);
+@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co
+ 	{
+ 	const char *tmp;
+ 	if (param <0 || param >GOST_PARAM_MAX) return 0;
+-	tmp = getenv(gost_envnames[param]);
++	tmp = secure_getenv(gost_envnames[param]);
+ 	/* if there is value in the environment, use it, else -passed string * */
+ 	if (!tmp) tmp=value;
+ 	if (gost_params[param]) OPENSSL_free(gost_params[param]);

openssl-1.0.1e-version.patch

@@ -0,0 +1,63 @@
+diff -up openssl-1.0.1e/crypto/cversion.c.version openssl-1.0.1e/crypto/cversion.c
+--- openssl-1.0.1e/crypto/cversion.c.version	2013-02-11 16:02:47.000000000 +0100
++++ openssl-1.0.1e/crypto/cversion.c	2013-07-26 12:28:12.739161925 +0200
+@@ -62,7 +62,7 @@
+ #include "buildinf.h"
+ #endif
+ 
+-const char *SSLeay_version(int t)
++const char *_current_SSLeay_version(int t)
+ 	{
+ 	if (t == SSLEAY_VERSION)
+ 		return OPENSSL_VERSION_TEXT;
+@@ -110,8 +110,25 @@ const char *SSLeay_version(int t)
+ 	return("not available");
+ 	}
+ 
+-unsigned long SSLeay(void)
++const char *_original_SSLeay_version(int t)
++	{
++	if (t == SSLEAY_VERSION)
++		return "OpenSSL 1.0.0-fips 29 Mar 2010";
++	else
++		return _current_SSLeay_version(t);
++	}
++
++unsigned long _original_SSLeay(void)
++	{
++	return(0x10000003);
++	}
++
++unsigned long _current_SSLeay(void)
+ 	{
+ 	return(SSLEAY_VERSION_NUMBER);
+ 	}
+ 
++__asm__(".symver _original_SSLeay,SSLeay@");
++__asm__(".symver _original_SSLeay_version,SSLeay_version@");
++__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1");
++__asm__(".symver _current_SSLeay_version,SSLeay_version@@OPENSSL_1.0.1");
+diff -up openssl-1.0.1e/Makefile.shared.version openssl-1.0.1e/Makefile.shared
+--- openssl-1.0.1e/Makefile.shared.version	2013-07-26 12:23:43.615545603 +0200
++++ openssl-1.0.1e/Makefile.shared	2013-07-26 12:23:43.701547398 +0200
+@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
+ 	SHLIB_SUFFIX=; \
+ 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+diff -up openssl-1.0.1e/version.map.version openssl-1.0.1e/version.map
+--- openssl-1.0.1e/version.map.version	2013-07-26 12:23:43.701547398 +0200
++++ openssl-1.0.1e/version.map	2013-07-26 12:29:10.698371472 +0200
+@@ -0,0 +1,8 @@
++OPENSSL_1.0.1 {
++    global:
++	    SSLeay;
++	    SSLeay_version;
++    local:
++	    _original*;
++	    _current*;
++};

openssl-1.0.1e-weak-ciphers.patch

@@ -0,0 +1,12 @@
+diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
+--- openssl-1.0.1e/ssl/ssl.h.weak-ciphers	2013-12-18 15:50:40.881620314 +0100
++++ openssl-1.0.1e/ssl/ssl.h	2013-12-18 14:25:25.596566704 +0100
+@@ -331,7 +331,7 @@ extern "C" {
+ /* The following cipher list is used by default.
+  * It also is substituted when an application-defined cipher list string
+  * starts with 'DEFAULT'. */
+-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
++#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
+ /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+  * starts with a reasonable order, and all we have to do for DEFAULT is
+  * throwing out anonymous and unencrypted ciphersuites!

openssl-1.0.1h-disable-sslv2v3.patch

@@ -0,0 +1,13 @@
+diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
+--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3	2014-06-11 16:02:52.000000000 +0200
++++ openssl-1.0.1h/ssl/ssl_lib.c	2014-06-30 14:18:04.290248080 +0200
+@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ 	 */
+ 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ 
++	/* Disable SSLv2 by default (affects the SSLv23_method() only) */
++	ret->options |= SSL_OP_NO_SSLv2;
++
+ 	return(ret);
+ err:
+ 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);

openssl-1.0.1h-ipv6-apps.patch

@@ -0,0 +1,529 @@
+diff -up openssl-1.0.1h/apps/s_apps.h.ipv6-apps openssl-1.0.1h/apps/s_apps.h
+--- openssl-1.0.1h/apps/s_apps.h.ipv6-apps	2014-06-05 14:33:38.515668750 +0200
++++ openssl-1.0.1h/apps/s_apps.h	2014-06-05 14:33:38.540669335 +0200
+@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
+ #define PORT_STR        "4433"
+ #define PROTOCOL        "tcp"
+ 
+-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
++int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, char *port, int type);
+ int should_retry(int i);
+-int extract_port(char *str, short *port_ptr);
+-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
++int extract_host_port(char *str,char **host_ptr,char **port_ptr);
+ 
+ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ 				   int argi, long argl, long ret);
+diff -up openssl-1.0.1h/apps/s_client.c.ipv6-apps openssl-1.0.1h/apps/s_client.c
+--- openssl-1.0.1h/apps/s_client.c.ipv6-apps	2014-06-05 14:33:38.533669171 +0200
++++ openssl-1.0.1h/apps/s_client.c	2014-06-05 14:33:38.540669335 +0200
+@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
+ 	int cbuf_len,cbuf_off;
+ 	int sbuf_len,sbuf_off;
+ 	fd_set readfds,writefds;
+-	short port=PORT;
++	char *port_str = PORT_STR;
+ 	int full_log=1;
+ 	char *host=SSL_HOST_NAME;
+ 	char *cert_file=NULL,*key_file=NULL;
+@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
+ 		else if	(strcmp(*argv,"-port") == 0)
+ 			{
+ 			if (--argc < 1) goto bad;
+-			port=atoi(*(++argv));
+-			if (port == 0) goto bad;
++			port_str= *(++argv);
+ 			}
+ 		else if (strcmp(*argv,"-connect") == 0)
+ 			{
+ 			if (--argc < 1) goto bad;
+-			if (!extract_host_port(*(++argv),&host,NULL,&port))
++			if (!extract_host_port(*(++argv),&host,&port_str))
+ 				goto bad;
+ 			}
+ 		else if	(strcmp(*argv,"-verify") == 0)
+@@ -1267,7 +1266,7 @@ bad:
+ 
+ re_start:
+ 
+-	if (init_client(&s,host,port,socket_type) == 0)
++	if (init_client(&s,host,port_str,socket_type) == 0)
+ 		{
+ 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+ 		SHUTDOWN(s);
+diff -up openssl-1.0.1h/apps/s_server.c.ipv6-apps openssl-1.0.1h/apps/s_server.c
+--- openssl-1.0.1h/apps/s_server.c.ipv6-apps	2014-06-05 14:33:38.533669171 +0200
++++ openssl-1.0.1h/apps/s_server.c	2014-06-05 14:33:38.541669358 +0200
+@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
+ 	{
+ 	X509_VERIFY_PARAM *vpm = NULL;
+ 	int badarg = 0;
+-	short port=PORT;
++	char *port_str = PORT_STR;
+ 	char *CApath=NULL,*CAfile=NULL;
+ 	unsigned char *context = NULL;
+ 	char *dhfile = NULL;
+@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
+ 			 (strcmp(*argv,"-accept") == 0))
+ 			{
+ 			if (--argc < 1) goto bad;
+-			if (!extract_port(*(++argv),&port))
+-				goto bad;
++			port_str= *(++argv);
+ 			}
+ 		else if	(strcmp(*argv,"-verify") == 0)
+ 			{
+@@ -1892,9 +1891,9 @@ bad:
+ 	BIO_printf(bio_s_out,"ACCEPT\n");
+ 	(void)BIO_flush(bio_s_out);
+ 	if (www)
+-		do_server(port,socket_type,&accept_socket,www_body, context);
++		do_server(port_str,socket_type,&accept_socket,www_body, context);
+ 	else
+-		do_server(port,socket_type,&accept_socket,sv_body, context);
++		do_server(port_str,socket_type,&accept_socket,sv_body, context);
+ 	print_stats(bio_s_out,ctx);
+ 	ret=0;
+ end:
+diff -up openssl-1.0.1h/apps/s_socket.c.ipv6-apps openssl-1.0.1h/apps/s_socket.c
+--- openssl-1.0.1h/apps/s_socket.c.ipv6-apps	2014-06-05 11:44:33.000000000 +0200
++++ openssl-1.0.1h/apps/s_socket.c	2014-06-05 14:39:53.226442195 +0200
+@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
+ static void ssl_sock_cleanup(void);
+ #endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port,char *ip, int type);
++static int init_server(int *sock, char *port, int type);
+ static int do_accept(int acc_sock, int *sock, char **host);
+ static int host_ip(char *str, unsigned char ip[4]);
+ 
+@@ -234,57 +232,71 @@ static int ssl_sock_init(void)
+ 	return(1);
+ 	}
+ 
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, char *port, int type)
+ 	{
+-	unsigned char ip[4];
+-
+-	memset(ip, '\0', sizeof ip);
+-	if (!host_ip(host,&(ip[0])))
+-		return 0;
+-	return init_client_ip(sock,ip,port,type);
+-	}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-	{
+-	unsigned long addr;
+-	struct sockaddr_in them;
+-	int s,i;
++	struct addrinfo *res, *res0, hints;
++	char * failed_call = NULL;
++	int s;
++	int e;
+ 
+ 	if (!ssl_sock_init()) return(0);
+ 
+-	memset((char *)&them,0,sizeof(them));
+-	them.sin_family=AF_INET;
+-	them.sin_port=htons((unsigned short)port);
+-	addr=(unsigned long)
+-		((unsigned long)ip[0]<<24L)|
+-		((unsigned long)ip[1]<<16L)|
+-		((unsigned long)ip[2]<< 8L)|
+-		((unsigned long)ip[3]);
+-	them.sin_addr.s_addr=htonl(addr);
+-
+-	if (type == SOCK_STREAM)
+-		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+-	else /* ( type == SOCK_DGRAM) */
+-		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
+-			
+-	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
++	memset(&hints, '\0', sizeof(hints));
++	hints.ai_socktype = type;
++	hints.ai_flags = AI_ADDRCONFIG;
++
++	e = getaddrinfo(host, port, &hints, &res);
++	if (e)
++	{
++		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++		if (e == EAI_SYSTEM)
++			perror("getaddrinfo");
++		return (0);
++		}
+ 
++	res0 = res;
++	while (res)
++		{
++		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++		if (s == INVALID_SOCKET)
++			{
++			failed_call = "socket";
++			goto nextres;
++			}
+ #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
+ 	if (type == SOCK_STREAM)
+ 		{
+-		i=0;
+-		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+-		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
++			int i=0;
++			i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
++				(char *)&i,sizeof(i));
++			if (i < 0) {
++				failed_call = "keepalive";
++				goto nextres;
++				}
+ 		}
+ #endif
+-
+-	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+-		{ closesocket(s); perror("connect"); return(0); }
++		if (connect(s,(struct sockaddr *)res->ai_addr,
++			res->ai_addrlen) == 0)
++			{
++			freeaddrinfo(res0);
+ 	*sock=s;
+ 	return(1);
+ 	}
+ 
+-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
++		failed_call = "socket";
++nextres:
++		if (s != INVALID_SOCKET)
++			close(s);
++		res = res->ai_next;
++		}
++	freeaddrinfo(res0);
++	closesocket(s);
++
++	perror(failed_call);
++	return(0);
++	}
++
++int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
+ 	{
+ 	int sock;
+ 	char *name = NULL;
+@@ -322,33 +334,50 @@ int do_server(int port, int type, int *r
+ 		}
+ 	}
+ 
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server(int *sock, char *port, int type)
+ 	{
+-	int ret=0;
+-	struct sockaddr_in server;
+-	int s= -1;
++	struct addrinfo *res, *res0 = NULL, hints;
++	char * failed_call = NULL;
++	int s = INVALID_SOCKET;
++	int e;
+ 
+ 	if (!ssl_sock_init()) return(0);
+ 
+-	memset((char *)&server,0,sizeof(server));
+-	server.sin_family=AF_INET;
+-	server.sin_port=htons((unsigned short)port);
+-	if (ip == NULL)
+-		server.sin_addr.s_addr=INADDR_ANY;
+-	else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-#ifndef BIT_FIELD_LIMITS
+-		memcpy(&server.sin_addr.s_addr,ip,4);
+-#else
+-		memcpy(&server.sin_addr,ip,4);
+-#endif
++	memset(&hints, '\0', sizeof(hints));
++	hints.ai_family = AF_INET6;
++tryipv4:
++	hints.ai_socktype = type;
++	hints.ai_flags = AI_PASSIVE;
+ 	
+-		if (type == SOCK_STREAM)
+-			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+-		else /* type == SOCK_DGRAM */
+-			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
++	e = getaddrinfo(NULL, port, &hints, &res);
++	if (e)
++		{
++		if (hints.ai_family == AF_INET)
++			{
++			fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++			if (e == EAI_SYSTEM)
++				perror("getaddrinfo");
++			return (0);
++			}
++			else
++				res = NULL;
++		}
+ 
+-	if (s == INVALID_SOCKET) goto err;
++	res0 = res;
++	while (res)
++		{
++		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
++		if (s == INVALID_SOCKET)
++			{
++			failed_call = "socket";
++			goto nextres;
++			}
++		if (hints.ai_family == AF_INET6)
++			{
++			int j = 0;
++			setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++				   (void *) &j, sizeof j);
++			}
+ #if defined SOL_SOCKET && defined SO_REUSEADDR
+ 		{
+ 		int j = 1;
+@@ -356,35 +385,49 @@ static int init_server_long(int *sock, i
+ 			   (void *) &j, sizeof j);
+ 		}
+ #endif
+-	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
++
++		if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
+ 		{
+-#ifndef OPENSSL_SYS_WINDOWS
+-		perror("bind");
+-#endif
+-		goto err;
++			failed_call = "bind";
++			goto nextres;
+ 		}
+-	/* Make it 128 for linux */
+-	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
+-	*sock=s;
+-	ret=1;
+-err:
+-	if ((ret == 0) && (s != -1))
++		if (type==SOCK_STREAM && listen(s,128) == -1)
+ 		{
+-		SHUTDOWN(s);
++			failed_call = "listen";
++			goto nextres;
+ 		}
+-	return(ret);
++
++		*sock=s;
++		return(1);
++
++nextres:
++		if (s != INVALID_SOCKET)
++			close(s);
++		res = res->ai_next;
+ 	}
++	if (res0)
++		freeaddrinfo(res0);
+ 
+-static int init_server(int *sock, int port, int type)
++	if (s == INVALID_SOCKET)
+ 	{
+-	return(init_server_long(sock, port, NULL, type));
++		if (hints.ai_family == AF_INET6)
++		{
++			hints.ai_family = AF_INET;
++			goto tryipv4;
++		}
++		perror("socket");
++		return(0);
++	}
++
++	perror(failed_call);
++	return(0);
+ 	}
+ 
+ static int do_accept(int acc_sock, int *sock, char **host)
+ 	{
++	static struct sockaddr_storage from;
++	char buffer[NI_MAXHOST];
+ 	int ret;
+-	struct hostent *h1,*h2;
+-	static struct sockaddr_in from;
+ 	int len;
+ /*	struct linger ling; */
+ 
+@@ -424,145 +467,66 @@ redoit:
+ 	ling.l_onoff=1;
+ 	ling.l_linger=0;
+ 	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+-	if (i < 0) { perror("linger"); return(0); }
++	if (i < 0) { closesocket(ret); perror("linger"); return(0); }
+ 	i=0;
+ 	i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+-	if (i < 0) { perror("keepalive"); return(0); }
++	if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
+ */
+ 
+ 	if (host == NULL) goto end;
+-#ifndef BIT_FIELD_LIMITS
+-	/* I should use WSAAsyncGetHostByName() under windows */
+-	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+-		sizeof(from.sin_addr.s_addr),AF_INET);
+-#else
+-	h1=gethostbyaddr((char *)&from.sin_addr,
+-		sizeof(struct in_addr),AF_INET);
+-#endif
+-	if (h1 == NULL)
++
++	if (getnameinfo((struct sockaddr *)&from, sizeof(from),
++		buffer, sizeof(buffer),
++		NULL, 0, 0))
+ 		{
+-		BIO_printf(bio_err,"bad gethostbyaddr\n");
++		BIO_printf(bio_err,"getnameinfo failed\n");
+ 		*host=NULL;
+ 		/* return(0); */
+ 		}
+ 	else
+ 		{
+-		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
++		if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
+ 			{
+ 			perror("OPENSSL_malloc");
+ 			closesocket(ret);
+ 			return(0);
+ 			}
+-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+-
+-		h2=GetHostByName(*host);
+-		if (h2 == NULL)
+-			{
+-			BIO_printf(bio_err,"gethostbyname failure\n");
+-			closesocket(ret);
+-			return(0);
+-			}
+-		if (h2->h_addrtype != AF_INET)
+-			{
+-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+-			closesocket(ret);
+-			return(0);
+-			}
++		strcpy(*host, buffer);
+ 		}
+ end:
+ 	*sock=ret;
+ 	return(1);
+ 	}
+ 
+-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+-	     short *port_ptr)
++int extract_host_port(char *str, char **host_ptr, 
++	     char **port_ptr)
+ 	{
+-	char *h,*p;
++	char *h,*p,*x;
+ 
+-	h=str;
+-	p=strchr(str,':');
++	x=h=str;
++	if (*h == '[')
++		{
++		h++;
++		p=strchr(h,']');
+ 	if (p == NULL)
+ 		{
+-		BIO_printf(bio_err,"no port defined\n");
++			BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
+ 		return(0);
+ 		}
+ 	*(p++)='\0';
+-
+-	if ((ip != NULL) && !host_ip(str,ip))
+-		goto err;
+-	if (host_ptr != NULL) *host_ptr=h;
+-
+-	if (!extract_port(p,port_ptr))
+-		goto err;
+-	return(1);
+-err:
+-	return(0);
++		x = p;
+ 	}
+-
+-static int host_ip(char *str, unsigned char ip[4])
+-	{
+-	unsigned int in[4]; 
+-	int i;
+-
+-	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+-		{
+-		for (i=0; i<4; i++)
+-			if (in[i] > 255)
+-				{
+-				BIO_printf(bio_err,"invalid IP address\n");
+-				goto err;
+-				}
+-		ip[0]=in[0];
+-		ip[1]=in[1];
+-		ip[2]=in[2];
+-		ip[3]=in[3];
+-		}
+-	else
+-		{ /* do a gethostbyname */
+-		struct hostent *he;
+-
+-		if (!ssl_sock_init()) return(0);
+-
+-		he=GetHostByName(str);
+-		if (he == NULL)
+-			{
+-			BIO_printf(bio_err,"gethostbyname failure\n");
+-			goto err;
+-			}
+-		/* cast to short because of win16 winsock definition */
+-		if ((short)he->h_addrtype != AF_INET)
++	p=strchr(x,':');
++	if (p == NULL)
+ 			{
+-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+-			return(0);
+-			}
+-		ip[0]=he->h_addr_list[0][0];
+-		ip[1]=he->h_addr_list[0][1];
+-		ip[2]=he->h_addr_list[0][2];
+-		ip[3]=he->h_addr_list[0][3];
+-		}
+-	return(1);
+-err:
++		BIO_printf(bio_err,"no port defined\n");
+ 	return(0);
+ 	}
++	*(p++)='\0';
+ 
+-int extract_port(char *str, short *port_ptr)
+-	{
+-	int i;
+-	struct servent *s;
++	if (host_ptr != NULL) *host_ptr=h;
++	if (port_ptr != NULL) *port_ptr=p;
+ 
+-	i=atoi(str);
+-	if (i != 0)
+-		*port_ptr=(unsigned short)i;
+-	else
+-		{
+-		s=getservbyname(str,"tcp");
+-		if (s == NULL)
+-			{
+-			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
+-			return(0);
+-			}
+-		*port_ptr=ntohs((unsigned short)s->s_port);
+-		}
+ 	return(1);
+ 	}
+ 

openssl-1.0.1h-system-cipherlist.patch

@@ -0,0 +1,289 @@
+diff -up openssl-1.0.1h/Configure.system openssl-1.0.1h/Configure
+--- openssl-1.0.1h/Configure.system	2014-06-05 14:47:37.509312875 +0200
++++ openssl-1.0.1h/Configure	2014-06-11 14:05:28.560359069 +0200
+@@ -10,7 +10,7 @@ use strict;
+ 
+ # see INSTALL for instructions.
+ 
+-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
++my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+ 
+ # Options:
+ #
+@@ -35,6 +35,9 @@ my $usage="Usage: Configure [no-<cipher>
+ # --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
+ #		supported values are "MIT" and "Heimdal".  A value is required.
+ #
++# --system-ciphers-file  A file to read cipher string from when the PROFILE=SYSTEM
++#		cipher is specified (default).
++#
+ # --test-sanity Make a number of sanity checks on the data in this file.
+ #               This is a debugging tool for OpenSSL developers.
+ #
+@@ -663,6 +666,7 @@ my $prefix="";
+ my $libdir="";
+ my $openssldir="";
+ my $enginesdir="";
++my $system_ciphers_file="";
+ my $exe_ext="";
+ my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+ my $cross_compile_prefix="";
+@@ -895,6 +899,10 @@ PROCESS_ARGS:
+ 				{
+ 				$enginesdir=$1;
+ 				}
++			elsif (/^--system-ciphers-file=(.*)$/)
++				{
++				$system_ciphers_file=$1;
++				}
+ 			elsif (/^--install.prefix=(.*)$/)
+ 				{
+ 				$install_prefix=$1;
+@@ -1053,6 +1061,7 @@ print "Configuring for $target\n";
+ 
+ &usage if (!defined($table{$target}));
+ 
++chop $system_ciphers_file if $system_ciphers_file =~ /\/$/;
+ 
+ foreach (sort (keys %disabled))
+ 	{
+@@ -1607,6 +1616,7 @@ while (<IN>)
+ 	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+ 	s/^MULTILIB=.*$/MULTILIB=$multilib/;
+ 	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
++	s/^SYSTEM_CIPHERS_FILE=.*$/SYSTEM_CIPHERS_FILE=$system_ciphers_file/;
+ 	s/^LIBDIR=.*$/LIBDIR=$libdir/;
+ 	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
+ 	s/^PLATFORM=.*$/PLATFORM=$target/;
+@@ -1812,6 +1822,14 @@ while (<IN>)
+ 		$foo =~ s/\\/\\\\/g;
+ 		print OUT "#define ENGINESDIR \"$foo\"\n";
+ 		}
++	elsif	(/^#((define)|(undef))\s+SYSTEM_CIPHERS_FILE/)
++		{
++		my $foo = "$system_ciphers_file";
++		if ($foo ne '') {
++			$foo =~ s/\\/\\\\/g;
++			print OUT "#define SYSTEM_CIPHERS_FILE \"$foo\"\n";
++		}
++		}
+ 	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+ 		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+ 			if $export_var_as_fn;
+diff -up openssl-1.0.1h/crypto/opensslconf.h.in.system openssl-1.0.1h/crypto/opensslconf.h.in
+--- openssl-1.0.1h/crypto/opensslconf.h.in.system	2014-06-05 14:47:37.437311188 +0200
++++ openssl-1.0.1h/crypto/opensslconf.h.in	2014-06-11 13:31:44.497722345 +0200
+@@ -25,6 +25,8 @@
+ #endif
+ #endif
+ 
++#undef SYSTEM_CIPHERS_FILE
++
+ #undef OPENSSL_UNISTD
+ #define OPENSSL_UNISTD <unistd.h>
+ 
+diff -up openssl-1.0.1h/ssl/ssl_ciph.c.system openssl-1.0.1h/ssl/ssl_ciph.c
+--- openssl-1.0.1h/ssl/ssl_ciph.c.system	2014-06-05 14:47:37.441311282 +0200
++++ openssl-1.0.1h/ssl/ssl_ciph.c	2014-06-11 13:55:28.194381937 +0200
+@@ -1352,6 +1352,54 @@ static int ssl_cipher_process_rulestr(co
+ 	return(retval);
+ 	}
+ 
++#ifdef SYSTEM_CIPHERS_FILE
++static char* load_system_str(const char* suffix)
++	{
++	FILE* fp;
++	char buf[1024];
++	char *new_rules;
++	unsigned len, slen;
++
++	fp = fopen(SYSTEM_CIPHERS_FILE, "r");
++	if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL)
++		{
++		/* cannot open or file is empty */
++		snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
++		}
++
++	if (fp)
++		fclose(fp);
++
++	slen = strlen(suffix);
++	len = strlen(buf);
++
++	if (buf[len-1] == '\n')
++		{
++		len--;
++		buf[len] = 0;
++		}
++	if (buf[len-1] == '\r')
++		{
++		len--;
++		buf[len] = 0;
++		}
++
++	new_rules = OPENSSL_malloc(len + slen + 1);
++	if (new_rules == 0)
++		return NULL;
++
++	memcpy(new_rules, buf, len);
++	if (slen > 0)
++		{
++		memcpy(&new_rules[len], suffix, slen);
++		len += slen;
++		}
++	new_rules[len] = 0;
++
++	return new_rules;
++	}
++#endif
++
+ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+ 		STACK_OF(SSL_CIPHER) **cipher_list,
+ 		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+@@ -1359,16 +1407,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ 	{
+ 	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
+ 	unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
+-	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
++	STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list;
+ 	const char *rule_p;
+ 	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+ 	const SSL_CIPHER **ca_list = NULL;
++#ifdef SYSTEM_CIPHERS_FILE
++	char *new_rules = NULL;
++
++	if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0)
++		{
++		char *p = rule_str + 14;
++
++		new_rules = load_system_str(p);
++		rule_str = new_rules;
++		}
++#endif
+ 
+ 	/*
+ 	 * Return with error if nothing to do.
+ 	 */
+ 	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+-		return NULL;
++		{
++		goto end;
++		}
+ 
+ 	/*
+ 	 * To reduce the work to do we only want to process the compiled
+@@ -1389,7 +1450,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ 	if (co_list == NULL)
+ 		{
+ 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+-		return(NULL);	/* Failure */
++		goto end;
+ 		}
+ 
+ 	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+@@ -1431,8 +1492,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ 	 * in force within each class */
+ 	if (!ssl_cipher_strength_sort(&head, &tail))
+ 		{
+-		OPENSSL_free(co_list);
+-		return NULL;
++		goto end;
+ 		}
+ 
+ 	/* Now disable everything (maintaining the ordering!) */
+@@ -1452,9 +1512,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ 	ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+ 	if (ca_list == NULL)
+ 		{
+-		OPENSSL_free(co_list);
+ 		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+-		return(NULL);	/* Failure */
++		goto end;
+ 		}
+ 	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+ 	                           disabled_mkey, disabled_auth, disabled_enc,
+@@ -1482,8 +1541,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ 
+ 	if (!ok)
+ 		{	/* Rule processing failure */
+-		OPENSSL_free(co_list);
+-		return(NULL);
++		goto end;
+ 		}
+ 	
+ 	/*
+@@ -1492,8 +1550,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ 	 */
+ 	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
+ 		{
+-		OPENSSL_free(co_list);
+-		return(NULL);
++		goto end;
+ 		}
+ 
+ 	/*
+@@ -1514,13 +1571,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ #endif
+ 			}
+ 		}
+-	OPENSSL_free(co_list);	/* Not needed any longer */
+ 
+ 	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+ 	if (tmp_cipher_list == NULL)
+ 		{
+ 		sk_SSL_CIPHER_free(cipherstack);
+-		return NULL;
++		cipherstack = NULL;
++		goto end;
+ 		}
+ 	if (*cipher_list != NULL)
+ 		sk_SSL_CIPHER_free(*cipher_list);
+@@ -1531,6 +1588,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+ 	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+ 
+ 	sk_SSL_CIPHER_sort(*cipher_list_by_id);
++
++end:
++	OPENSSL_free(co_list);
++#ifdef SYSTEM_CIPHERS_FILE
++	OPENSSL_free(new_rules);
++#endif
+ 	return(cipherstack);
+ 	}
+ 
+diff -up openssl-1.0.1h/ssl/ssl.h.system openssl-1.0.1h/ssl/ssl.h
+--- openssl-1.0.1h/ssl/ssl.h.system	2014-06-05 14:47:37.000000000 +0200
++++ openssl-1.0.1h/ssl/ssl.h	2014-06-11 14:08:35.243461447 +0200
+@@ -338,6 +338,11 @@ extern "C" {
+  * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
+  * some of them.)
+  */
++#ifdef SYSTEM_CIPHERS_FILE
++#define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
++#else
++#define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
++#endif
+ 
+ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+ #define SSL_SENT_SHUTDOWN	1
+diff -up openssl-1.0.1h/ssl/ssl_lib.c.system openssl-1.0.1h/ssl/ssl_lib.c
+--- openssl-1.0.1h/ssl/ssl_lib.c.system	2014-06-05 11:44:33.000000000 +0200
++++ openssl-1.0.1h/ssl/ssl_lib.c	2014-06-11 13:59:40.696578139 +0200
+@@ -263,7 +263,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
+ 
+ 	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
+ 		&(ctx->cipher_list_by_id),
+-		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
++		meth->version == SSL2_VERSION ? "SSLv2" : SSL_SYSTEM_DEFAULT_CIPHER_LIST);
+ 	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
+ 		{
+ 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+@@ -1767,7 +1767,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ 
+ 	ssl_create_cipher_list(ret->method,
+ 		&ret->cipher_list,&ret->cipher_list_by_id,
+-		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
++		meth->version == SSL2_VERSION ? "SSLv2" : SSL_SYSTEM_DEFAULT_CIPHER_LIST);
+ 	if (ret->cipher_list == NULL
+ 	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
+ 		{

openssl-1.0.1i-algo-doc.patch

@@ -0,0 +1,77 @@
+diff -up openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod
+--- openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc	2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod	2014-08-07 11:18:01.290773970 +0200
+@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
+ 
+ EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+ B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
++function. B<type> will typically be supplied by a function such as EVP_sha1().
+ If B<impl> is NULL then the default implementation of digest B<type> is used.
+ 
+ EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+@@ -164,7 +164,8 @@ corresponding OBJECT IDENTIFIER or NID_u
+ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
+ EVP_MD_CTX_block_size() return the digest or block size in bytes.
+ 
+-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
++EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
++EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
+ EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+ corresponding EVP_MD structures.
+ 
+diff -up openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod
+--- openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc	2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod	2014-08-07 10:55:25.100638252 +0200
+@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
+  int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+  int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ 
++ const EVP_CIPHER *EVP_des_ede3(void);
++ const EVP_CIPHER *EVP_des_ede3_ecb(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
++ const EVP_CIPHER *EVP_des_ede3_ofb(void);
++ const EVP_CIPHER *EVP_des_ede3_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_ecb(void);
++ const EVP_CIPHER *EVP_aes_128_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_cfb1(void);
++ const EVP_CIPHER *EVP_aes_128_cfb8(void);
++ const EVP_CIPHER *EVP_aes_128_cfb128(void);
++ const EVP_CIPHER *EVP_aes_128_ofb(void);
++ const EVP_CIPHER *EVP_aes_192_ecb(void);
++ const EVP_CIPHER *EVP_aes_192_cbc(void);
++ const EVP_CIPHER *EVP_aes_192_cfb1(void);
++ const EVP_CIPHER *EVP_aes_192_cfb8(void);
++ const EVP_CIPHER *EVP_aes_192_cfb128(void);
++ const EVP_CIPHER *EVP_aes_192_ofb(void);
++ const EVP_CIPHER *EVP_aes_256_ecb(void);
++ const EVP_CIPHER *EVP_aes_256_cbc(void);
++ const EVP_CIPHER *EVP_aes_256_cfb1(void);
++ const EVP_CIPHER *EVP_aes_256_cfb8(void);
++ const EVP_CIPHER *EVP_aes_256_cfb128(void);
++ const EVP_CIPHER *EVP_aes_256_ofb(void);
++
+ =head1 DESCRIPTION
+ 
+ The EVP cipher routines are a high level interface to certain
+@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
+ 
+ DESX algorithm in CBC mode.
+ 
++=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
++
++AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
++
++AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
++
++AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
+ =item EVP_rc4(void)
+ 
+ RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.

openssl-1.0.1i-manfix.patch

@@ -0,0 +1,86 @@
+diff -up openssl-1.0.1i/doc/apps/ec.pod.manfix openssl-1.0.1i/doc/apps/ec.pod
+--- openssl-1.0.1i/doc/apps/ec.pod.manfix	2014-07-22 21:41:23.000000000 +0200
++++ openssl-1.0.1i/doc/apps/ec.pod	2014-08-07 11:21:57.258887741 +0200
+@@ -93,10 +93,6 @@ prints out the public, private key compo
+ 
+ this option prevents output of the encoded version of the key.
+ 
+-=item B<-modulus>
+-
+-this option prints out the value of the public key component of the key.
+-
+ =item B<-pubin>
+ 
+ by default a private key is read from the input file: with this option a
+diff -up openssl-1.0.1i/doc/apps/openssl.pod.manfix openssl-1.0.1i/doc/apps/openssl.pod
+--- openssl-1.0.1i/doc/apps/openssl.pod.manfix	2014-07-22 21:43:11.000000000 +0200
++++ openssl-1.0.1i/doc/apps/openssl.pod	2014-08-07 11:21:57.259887746 +0200
+@@ -163,7 +163,7 @@ Create or examine a netscape certificate
+ 
+ Online Certificate Status Protocol utility.
+ 
+-=item L<B<passwd>|passwd(1)>
++=item L<B<passwd>|sslpasswd(1)>
+ 
+ Generation of hashed passwords.
+ 
+@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
+ 
+ Public key algorithm cryptographic operation utility.
+ 
+-=item L<B<rand>|rand(1)>
++=item L<B<rand>|sslrand(1)>
+ 
+ Generate pseudo-random bytes.
+ 
+@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
+ L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+ L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
+ L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+-L<passwd(1)|passwd(1)>,
++L<sslpasswd(1)|sslpasswd(1)>,
+ L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
++L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
+ L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
+ L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+diff -up openssl-1.0.1i/doc/apps/s_client.pod.manfix openssl-1.0.1i/doc/apps/s_client.pod
+--- openssl-1.0.1i/doc/apps/s_client.pod.manfix	2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/apps/s_client.pod	2014-08-07 11:24:28.736604443 +0200
+@@ -34,9 +34,14 @@ B<openssl> B<s_client>
+ [B<-ssl2>]
+ [B<-ssl3>]
+ [B<-tls1>]
++[B<-tls1_1>]
++[B<-tls1_2>]
++[B<-dtls1>]
+ [B<-no_ssl2>]
+ [B<-no_ssl3>]
+ [B<-no_tls1>]
++[B<-no_tls1_1>]
++[B<-no_tls1_2>]
+ [B<-bugs>]
+ [B<-cipher cipherlist>]
+ [B<-serverpref>]
+@@ -196,7 +201,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+ 
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+ 
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+diff -up openssl-1.0.1i/doc/apps/s_server.pod.manfix openssl-1.0.1i/doc/apps/s_server.pod
+--- openssl-1.0.1i/doc/apps/s_server.pod.manfix	2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/apps/s_server.pod	2014-08-07 11:21:57.259887746 +0200
+@@ -216,7 +216,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+ 
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+ 
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all

openssl-1.0.1k-alt-chains.patch

@@ -0,0 +1,407 @@
+diff -up openssl-1.0.1k/apps/apps.c.alt-chains openssl-1.0.1k/apps/apps.c
+--- openssl-1.0.1k/apps/apps.c.alt-chains	2015-07-09 14:58:55.949753674 +0200
++++ openssl-1.0.1k/apps/apps.c	2015-07-09 14:58:55.970754174 +0200
+@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
+ 		flags |= X509_V_FLAG_NOTIFY_POLICY;
+ 	else if (!strcmp(arg, "-check_ss_sig"))
+ 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++	else if (!strcmp(arg, "-no_alt_chains"))
++		flags |= X509_V_FLAG_NO_ALT_CHAINS;
+ 	else if (!strcmp(arg, "-trusted_first"))
+ 		flags |= X509_V_FLAG_TRUSTED_FIRST;
+ 	else
+diff -up openssl-1.0.1k/apps/cms.c.alt-chains openssl-1.0.1k/apps/cms.c
+--- openssl-1.0.1k/apps/cms.c.alt-chains	2015-07-09 14:58:55.949753674 +0200
++++ openssl-1.0.1k/apps/cms.c	2015-07-09 14:58:55.970754174 +0200
+@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+ 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++		BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
+ 		BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+ 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+diff -up openssl-1.0.1k/apps/ocsp.c.alt-chains openssl-1.0.1k/apps/ocsp.c
+--- openssl-1.0.1k/apps/ocsp.c.alt-chains	2015-07-09 14:58:55.949753674 +0200
++++ openssl-1.0.1k/apps/ocsp.c	2015-07-09 14:58:55.971754198 +0200
+@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-path                path to use in OCSP request\n");
+ 		BIO_printf (bio_err, "-CApath dir          trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file         trusted certificates file\n");
++		BIO_printf (bio_err, "-no_alt_chains       only ever use the first certificate chain found\n");
+ 		BIO_printf (bio_err, "-trusted_first       use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-VAfile file         validator certificates file\n");
+ 		BIO_printf (bio_err, "-validity_period n   maximum validity discrepancy in seconds\n");
+diff -up openssl-1.0.1k/apps/s_client.c.alt-chains openssl-1.0.1k/apps/s_client.c
+--- openssl-1.0.1k/apps/s_client.c.alt-chains	2015-07-09 14:58:55.956753841 +0200
++++ openssl-1.0.1k/apps/s_client.c	2015-07-09 14:58:55.971754198 +0200
+@@ -299,6 +299,7 @@ static void sc_usage(void)
+ 	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
+ 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+ 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
++	BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
+ 	BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
+ 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+diff -up openssl-1.0.1k/apps/smime.c.alt-chains openssl-1.0.1k/apps/smime.c
+--- openssl-1.0.1k/apps/smime.c.alt-chains	2015-07-09 14:58:55.950753698 +0200
++++ openssl-1.0.1k/apps/smime.c	2015-07-09 14:58:55.971754198 +0200
+@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+ 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++		BIO_printf (bio_err, "-no_alt_chains only ever use the first certificate chain found\n");
+ 		BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+ 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+diff -up openssl-1.0.1k/apps/s_server.c.alt-chains openssl-1.0.1k/apps/s_server.c
+--- openssl-1.0.1k/apps/s_server.c.alt-chains	2015-07-09 14:58:55.950753698 +0200
++++ openssl-1.0.1k/apps/s_server.c	2015-07-09 14:58:55.971754198 +0200
+@@ -502,6 +502,7 @@ static void sv_usage(void)
+ 	BIO_printf(bio_err," -state        - Print the SSL states\n");
+ 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+ 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
++	BIO_printf(bio_err," -no_alt_chains - only ever use the first certificate chain found\n");
+ 	BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
+ 	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+diff -up openssl-1.0.1k/apps/verify.c.alt-chains openssl-1.0.1k/apps/verify.c
+--- openssl-1.0.1k/apps/verify.c.alt-chains	2015-07-09 14:58:55.951753722 +0200
++++ openssl-1.0.1k/apps/verify.c	2015-07-09 14:58:55.972754221 +0200
+@@ -238,7 +238,7 @@ int MAIN(int argc, char **argv)
+ end:
+ 	if (ret == 1) {
+ 		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
+-		BIO_printf(bio_err," [-attime timestamp]");
++		BIO_printf(bio_err," [-no_alt_chains] [-attime timestamp]");
+ #ifndef OPENSSL_NO_ENGINE
+ 		BIO_printf(bio_err," [-engine e]");
+ #endif
+diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.alt-chains openssl-1.0.1k/crypto/x509/x509_vfy.c
+--- openssl-1.0.1k/crypto/x509/x509_vfy.c.alt-chains	2015-07-09 14:58:55.951753722 +0200
++++ openssl-1.0.1k/crypto/x509/x509_vfy.c	2015-07-09 15:28:03.630442145 +0200
+@@ -154,11 +154,11 @@ static int x509_subject_cmp(X509 **a, X5
+ 
+ int X509_verify_cert(X509_STORE_CTX *ctx)
+ 	{
+-	X509 *x,*xtmp,*chain_ss=NULL;
++	X509 *x,*xtmp,*xtmp2,*chain_ss=NULL;
+ 	int bad_chain = 0;
+ 	X509_VERIFY_PARAM *param = ctx->param;
+ 	int depth,i,ok=0;
+-	int num;
++	int num, j, retry;
+ 	int (*cb)(int xok,X509_STORE_CTX *xctx);
+ 	STACK_OF(X509) *sktmp=NULL;
+ 	if (ctx->cert == NULL)
+@@ -167,21 +167,27 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ 		return -1;
+ 		}
+ 
++        if (ctx->chain != NULL) {
++            /*
++             * This X509_STORE_CTX has already been used to verify a cert. We
++             * cannot do another one.
++             */
++            X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
++            return -1;
++        }
++ 
+ 	cb=ctx->verify_cb;
+ 
+ 	/* first we make sure the chain we are going to build is
+ 	 * present and that the first entry is in place */
+-	if (ctx->chain == NULL)
++	if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
++		(!sk_X509_push(ctx->chain,ctx->cert)))
+ 		{
+-		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
+-			(!sk_X509_push(ctx->chain,ctx->cert)))
+-			{
+-			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+-			goto end;
+-			}
+-		CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
+-		ctx->last_untrusted=1;
++		X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
++		goto end;
+ 		}
++	CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
++	ctx->last_untrusted=1;
+ 
+ 	/* We use a temporary STACK so we can chop and hack at it */
+ 	if (ctx->untrusted != NULL
+@@ -247,10 +253,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ 		break;
+ 		}
+ 
++	/* Remember how many untrusted certs we have */
++	j = num;
++
+ 	/* at this point, chain should contain a list of untrusted
+ 	 * certificates.  We now need to add at least one trusted one,
+ 	 * if possible, otherwise we complain. */
+ 
++	do {
+ 	/* Examine last certificate in chain and see if it
+  	 * is self signed.
+  	 */
+@@ -294,6 +304,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ 			chain_ss=sk_X509_pop(ctx->chain);
+ 			ctx->last_untrusted--;
+ 			num--;
++			j--;
+ 			x=sk_X509_value(ctx->chain,num-1);
+ 			}
+ 		}
+@@ -322,7 +333,42 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ 		num++;
+ 		}
+ 
+-	/* we now have our chain, lets check it... */
++        /*
++         * If we haven't got a least one certificate from our store then check
++         * if there is an alternative chain that could be used.  We only do this
++         * if the user hasn't switched off alternate chain checking
++         */
++        retry = 0;
++        if (num == ctx->last_untrusted &&
++            !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
++            while (j-- > 1) {
++                xtmp2 = sk_X509_value(ctx->chain, j - 1);
++                ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
++                if (ok < 0)
++                    goto end;
++                /* Check if we found an alternate chain */
++                if (ok > 0) {
++                    /*
++                     * Free up the found cert we'll add it again later
++                     */
++                    X509_free(xtmp);
++
++                    /*
++                     * Dump all the certs above this point - we've found an
++                     * alternate chain
++                     */
++                    while (num > j) {
++                        xtmp = sk_X509_pop(ctx->chain);
++                        X509_free(xtmp);
++                        num--;
++                    }
++                    ctx->last_untrusted = j;
++                    retry = 1;
++                    break;
++                }
++            }
++        }
++	} while (retry);
+ 
+ 	/* Is last certificate looked up self signed? */
+ 	if (!ctx->check_issued(ctx,x,x))
+diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.alt-chains openssl-1.0.1k/crypto/x509/x509_vfy.h
+--- openssl-1.0.1k/crypto/x509/x509_vfy.h.alt-chains	2015-07-09 14:58:55.951753722 +0200
++++ openssl-1.0.1k/crypto/x509/x509_vfy.h	2015-07-09 14:58:55.972754221 +0200
+@@ -391,7 +391,12 @@ void X509_STORE_CTX_set_depth(X509_STORE
+ #define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
+ /* Use trusted store first */
+ #define X509_V_FLAG_TRUSTED_FIRST		0x8000
+-
++/*
++ * If the initial chain is not trusted, do not attempt to build an alternative
++ * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting
++ * this flag will force the behaviour to match that of previous versions.
++ */
++#define X509_V_FLAG_NO_ALT_CHAINS               0x100000
+ 
+ #define X509_VP_FLAG_DEFAULT			0x1
+ #define X509_VP_FLAG_OVERWRITE			0x2
+diff -up openssl-1.0.1k/doc/apps/cms.pod.alt-chains openssl-1.0.1k/doc/apps/cms.pod
+--- openssl-1.0.1k/doc/apps/cms.pod.alt-chains	2015-07-09 14:58:55.951753722 +0200
++++ openssl-1.0.1k/doc/apps/cms.pod	2015-07-09 14:58:55.972754221 +0200
+@@ -35,6 +35,7 @@ B<openssl> B<cms>
+ [B<-print>]
+ [B<-CAfile file>]
+ [B<-CApath dir>]
++[B<-no_alt_chains>]
+ [B<-trusted_first>]
+ [B<-md digest>]
+ [B<-[cipher]>]
+@@ -413,7 +414,7 @@ portion of a message so they may be incl
+ then many S/MIME mail clients check the signers certificate's email
+ address matches that specified in the From: address.
+ 
+-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
++=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
+ 
+ Set various certificate chain valiadition option. See the
+ L<B<verify>|verify(1)> manual page for details.
+diff -up openssl-1.0.1k/doc/apps/ocsp.pod.alt-chains openssl-1.0.1k/doc/apps/ocsp.pod
+--- openssl-1.0.1k/doc/apps/ocsp.pod.alt-chains	2015-07-09 14:58:55.951753722 +0200
++++ openssl-1.0.1k/doc/apps/ocsp.pod	2015-07-09 14:58:55.973754245 +0200
+@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
+ [B<-path>]
+ [B<-CApath dir>]
+ [B<-CAfile file>]
++[B<-no_alt_chains>]]
+ [B<-trusted_first>]
+ [B<-VAfile file>]
+ [B<-validity_period n>]
+@@ -143,6 +144,10 @@ connection timeout to the OCSP responder
+ file or pathname containing trusted CA certificates. These are used to verify
+ the signature on the OCSP response.
+ 
++=item B<-no_alt_chains>
++
++See L<B<verify>|verify(1)> manual page for details.
++
+ =item B<-trusted_first>
+ 
+ Use certificates in CA file or CA directory over certificates provided
+diff -up openssl-1.0.1k/doc/apps/s_client.pod.alt-chains openssl-1.0.1k/doc/apps/s_client.pod
+--- openssl-1.0.1k/doc/apps/s_client.pod.alt-chains	2015-07-09 14:58:55.952753746 +0200
++++ openssl-1.0.1k/doc/apps/s_client.pod	2015-07-09 14:58:55.973754245 +0200
+@@ -19,6 +19,7 @@ B<openssl> B<s_client>
+ [B<-pass arg>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-no_alt_chains>]
+ [B<-trusted_first>]
+ [B<-reconnect>]
+ [B<-pause>]
+@@ -122,7 +123,7 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+ 
+-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
++=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
+ 
+ Set various certificate chain valiadition option. See the
+ L<B<verify>|verify(1)> manual page for details.
+diff -up openssl-1.0.1k/doc/apps/smime.pod.alt-chains openssl-1.0.1k/doc/apps/smime.pod
+--- openssl-1.0.1k/doc/apps/smime.pod.alt-chains	2015-07-09 14:58:55.952753746 +0200
++++ openssl-1.0.1k/doc/apps/smime.pod	2015-07-09 14:58:55.973754245 +0200
+@@ -17,6 +17,7 @@ B<openssl> B<smime>
+ [B<-in file>]
+ [B<-CAfile file>]
+ [B<-CApath dir>]
++[B<-no_alt_chains>]
+ [B<-trusted_first>]
+ [B<-certfile file>]
+ [B<-signer file>]
+@@ -268,7 +269,7 @@ portion of a message so they may be incl
+ then many S/MIME mail clients check the signers certificate's email
+ address matches that specified in the From: address.
+ 
+-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
++=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>
+ 
+ Set various options of certificate chain verification. See
+ L<B<verify>|verify(1)> manual page for details.
+diff -up openssl-1.0.1k/doc/apps/s_server.pod.alt-chains openssl-1.0.1k/doc/apps/s_server.pod
+--- openssl-1.0.1k/doc/apps/s_server.pod.alt-chains	2015-07-09 14:58:55.952753746 +0200
++++ openssl-1.0.1k/doc/apps/s_server.pod	2015-07-09 14:58:55.973754245 +0200
+@@ -33,6 +33,7 @@ B<openssl> B<s_server>
+ [B<-state>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-no_alt_chains>]
+ [B<-trusted_first>]
+ [B<-nocert>]
+ [B<-cipher cipherlist>]
+@@ -179,6 +180,10 @@ and to use when attempting to build the
+ is also used in the list of acceptable client CAs passed to the client when
+ a certificate is requested.
+ 
++=item B<-no_alt_chains>
++
++See the L<B<verify>|verify(1)> manual page for details.
++
+ =item B<-trusted_first>
+ 
+ Use certificates in CA file or CA directory before other certificates 
+diff -up openssl-1.0.1k/doc/apps/verify.pod.alt-chains openssl-1.0.1k/doc/apps/verify.pod
+--- openssl-1.0.1k/doc/apps/verify.pod.alt-chains	2015-07-09 14:58:55.952753746 +0200
++++ openssl-1.0.1k/doc/apps/verify.pod	2015-07-09 14:58:55.973754245 +0200
+@@ -23,6 +23,7 @@ B<openssl> B<verify>
+ [B<-extended_crl>]
+ [B<-use_deltas>]
+ [B<-policy_print>]
++[B<-no_alt_chains>]
+ [B<-untrusted file>]
+ [B<-help>]
+ [B<-issuer_checks>]
+@@ -115,6 +116,14 @@ Set policy variable inhibit-any-policy (
+ 
+ Set policy variable inhibit-policy-mapping (see RFC5280).
+ 
++=item B<-no_alt_chains>
++
++When building a certificate chain, if the first certificate chain found is not
++trusted, then OpenSSL will continue to check to see if an alternative chain can
++be found that is trusted. With this option that behaviour is suppressed so that
++only the first chain found is ever used. Using this option will force the
++behaviour to match that of previous OpenSSL versions.
++
+ =item B<-policy_print>
+ 
+ Print out diagnostics related to policy processing.
+diff -up openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod.alt-chains openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod
+--- openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod.alt-chains	2014-10-15 15:49:15.000000000 +0200
++++ openssl-1.0.1k/doc/crypto/X509_STORE_CTX_new.pod	2015-07-09 15:29:16.461174414 +0200
+@@ -39,10 +39,15 @@ X509_STORE_CTX_free() completely frees u
+ is no longer valid.
+ 
+ X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
+-The trusted certificate store is set to B<store>, the end entity certificate
+-to be verified is set to B<x509> and a set of additional certificates (which
+-will be untrusted but may be used to build the chain) in B<chain>. Any or
+-all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
++It must be called before each call to X509_verify_cert(), i.e. a B<ctx> is only
++good for one call to X509_verify_cert(); if you want to verify a second
++certificate with the same B<ctx> then you must call X509_XTORE_CTX_cleanup()
++and then X509_STORE_CTX_init() again before the second call to
++X509_verify_cert(). The trusted certificate store is set to B<store>, the end
++entity certificate to be verified is set to B<x509> and a set of additional
++certificates (which will be untrusted but may be used to build the chain) in
++B<chain>. Any or all of the B<store>, B<x509> and B<chain> parameters can be
++B<NULL>.
+ 
+ X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
+ to B<sk>. This is an alternative way of specifying trusted certificates 
+diff -up openssl-1.0.1k/doc/crypto/X509_verify_cert.pod.alt-chains openssl-1.0.1k/doc/crypto/X509_verify_cert.pod
+--- openssl-1.0.1k/doc/crypto/X509_verify_cert.pod.alt-chains	2014-10-15 15:49:15.000000000 +0200
++++ openssl-1.0.1k/doc/crypto/X509_verify_cert.pod	2015-07-09 15:29:16.461174414 +0200
+@@ -32,7 +32,8 @@ OpenSSL internally for certificate valid
+ SSL/TLS code.
+ 
+ The negative return value from X509_verify_cert() can only occur if no
+-certificate is set in B<ctx> (due to a programming error) or if a retry
++certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
++twice without reinitialising B<ctx> in between; or if a retry
+ operation is requested during internal lookups (which never happens with
+ standard lookup methods). It is however recommended that application check
+ for <= 0 return value on error.
+diff -up openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod.alt-chains openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+--- openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod.alt-chains	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/crypto/X509_VERIFY_PARAM_set_flags.pod	2015-07-09 14:58:55.973754245 +0200
+@@ -133,6 +133,12 @@ verification. If this flag is set then a
+ to the verification callback and it B<must> be prepared to handle such cases
+ without assuming they are hard errors.
+ 
++The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative
++chains. By default, when building a certificate chain, if the first certificate
++chain found is not trusted, then OpenSSL will continue to check to see if an
++alternative chain can be found that is trusted. With this flag set the behaviour
++will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b.
++
+ =head1 NOTES
+ 
+ The above functions should be used to manipulate verification parameters
+@@ -166,6 +172,6 @@ L<X509_verify_cert(3)|X509_verify_cert(3
+ 
+ =head1 HISTORY
+ 
+-TBA
++The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in upstream OpenSSL 1.0.1n and 1.0.2b
+ 
+ =cut

openssl-1.0.1k-cve-2015-0209.patch

@@ -0,0 +1,82 @@
+diff -up openssl-1.0.1e/crypto/asn1/x_x509.c.use-after-free openssl-1.0.1e/crypto/asn1/x_x509.c
+--- openssl-1.0.1e/crypto/asn1/x_x509.c.use-after-free	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/crypto/asn1/x_x509.c	2015-06-11 11:14:52.581856349 +0200
+@@ -170,8 +170,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
+ {
+ 	const unsigned char *q;
+ 	X509 *ret;
++	int freeret = 0;
++
+ 	/* Save start position */
+ 	q = *pp;
++
++	if(!a || *a == NULL) {
++		freeret = 1;
++	}
+ 	ret = d2i_X509(a, pp, length);
+ 	/* If certificate unreadable then forget it */
+ 	if(!ret) return NULL;
+@@ -181,7 +187,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsig
+ 	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+ 	return ret;
+ 	err:
+-	X509_free(ret);
++	if(freeret) {
++		X509_free(ret);
++		if (a)
++			*a = NULL;
++	}
+ 	return NULL;
+ }
+ 
+diff -up openssl-1.0.1k/crypto/ec/ec_asn1.c.use-after-free openssl-1.0.1k/crypto/ec/ec_asn1.c
+--- openssl-1.0.1k/crypto/ec/ec_asn1.c.use-after-free	2014-10-15 15:49:54.000000000 +0200
++++ openssl-1.0.1k/crypto/ec/ec_asn1.c	2015-03-19 17:28:03.349627040 +0100
+@@ -1142,8 +1142,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+                                  ERR_R_MALLOC_FAILURE);
+ 			goto err;
+ 			}
+-		if (a)
+-			*a = ret;
+ 		}
+ 	else
+ 		ret = *a;
+@@ -1225,11 +1223,13 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, con
+ 		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+ 		}
+ 
++	if (a)
++		*a = ret;
+ 	ok = 1;
+ err:
+ 	if (!ok)
+ 		{
+-		if (ret)
++		if (ret && (a == NULL || *a != ret))
+ 			EC_KEY_free(ret);
+ 		ret = NULL;
+ 		}
+@@ -1377,8 +1377,6 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, con
+ 			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+ 			return NULL;
+ 			}
+-		if (a)
+-			*a = ret;
+ 		}
+ 	else
+ 		ret = *a;
+@@ -1386,9 +1384,14 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, con
+ 	if (!d2i_ECPKParameters(&ret->group, in, len))
+ 		{
+ 		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
++		if (a == NULL || *a != ret)
++			EC_KEY_free(ret);
+ 		return NULL;
+ 		}
+ 
++	if (a)
++		*a = ret;
++
+ 	return ret;
+ 	}
+ 

openssl-1.0.1k-cve-2015-0289.patch

@@ -0,0 +1,163 @@
+diff -up openssl-1.0.1k/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref openssl-1.0.1k/crypto/pkcs7/pk7_doit.c
+--- openssl-1.0.1k/crypto/pkcs7/pk7_doit.c.pkcs7-null-deref	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/crypto/pkcs7/pk7_doit.c	2015-03-19 17:30:36.797650980 +0100
+@@ -272,6 +272,27 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+ 	PKCS7_RECIP_INFO *ri=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++		return NULL;
++		}
++	/*
++	 * The content field in the PKCS7 ContentInfo is optional, but that really
++	 * only applies to inner content (precisely, detached signatures).
++	 *
++	 * When reading content, missing outer content is therefore treated as an
++	 * error.
++	 *
++	 * When creating content, PKCS7_content_new() must be called before
++	 * calling this method, so a NULL p7->d is always an error.
++	 */
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++		return NULL;
++		}
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -433,6 +454,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+        unsigned char *ek = NULL, *tkey = NULL;
+        int eklen = 0, tkeylen = 0;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++		return NULL;
++		}
++
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++		return NULL;
++		}
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -752,6 +785,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++		return 0;
++		}
++
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++		return 0;
++		}
++
+ 	EVP_MD_CTX_init(&ctx_tmp);
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+@@ -796,6 +841,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		/* If detached data then the content is excluded */
+ 		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.sign->contents->d.data = NULL;
+ 		}
+ 		break;
+@@ -806,6 +852,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ 			{
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.digest->contents->d.data = NULL;
+ 			}
+ 		break;
+@@ -878,23 +925,32 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+ 		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ 		}
+ 
+-	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
++	if (!PKCS7_is_detached(p7))
+ 		{
+-		char *cont;
+-		long contlen;
+-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+-		if (btmp == NULL)
+-			{
+-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++		/*
++		 * NOTE(emilia): I think we only reach os == NULL here because detached
++		 * digested data support is broken.
++		 */
++		if (os == NULL)
+ 			goto err;
++		if (!(os->flags & ASN1_STRING_FLAG_NDEF))
++			{
++			char *cont;
++			long contlen;
++			btmp=BIO_find_type(bio,BIO_TYPE_MEM);
++			if (btmp == NULL)
++				{
++				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++				goto err;
++				}
++			contlen = BIO_get_mem_data(btmp, &cont);
++			/* Mark the BIO read only then we can use its copy of the data
++			 * instead of making an extra copy.
++			 */
++			BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
++			BIO_set_mem_eof_return(btmp, 0);
++			ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+ 			}
+-		contlen = BIO_get_mem_data(btmp, &cont);
+-		/* Mark the BIO read only then we can use its copy of the data
+-		 * instead of making an extra copy.
+-		 */
+-		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+-		BIO_set_mem_eof_return(btmp, 0);
+-		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+ 		}
+ 	ret=1;
+ err:
+@@ -971,6 +1027,18 @@ int PKCS7_dataVerify(X509_STORE *cert_st
+ 	STACK_OF(X509) *cert;
+ 	X509 *x509;
+ 
++	if (p7 == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++		return 0;
++		}
++
++	if (p7->d.ptr == NULL)
++		{
++		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++		return 0;
++		}
++
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		cert=p7->d.sign->cert;
+diff -up openssl-1.0.1k/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref openssl-1.0.1k/crypto/pkcs7/pk7_lib.c
+--- openssl-1.0.1k/crypto/pkcs7/pk7_lib.c.pkcs7-null-deref	2014-10-15 15:49:15.000000000 +0200
++++ openssl-1.0.1k/crypto/pkcs7/pk7_lib.c	2015-03-19 17:30:36.797650980 +0100
+@@ -459,6 +459,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EV
+ 
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ 	{
++	if (p7 == NULL || p7->d.ptr == NULL)
++		return NULL;
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		return(p7->d.sign->signer_info);

openssl-1.0.1k-cve-2015-1791.patch

@@ -0,0 +1,231 @@
+diff -up openssl-1.0.1k/ssl/ssl_err.c.ticket-race openssl-1.0.1k/ssl/ssl_err.c
+--- openssl-1.0.1k/ssl/ssl_err.c.ticket-race	2015-06-15 17:06:22.699702477 +0200
++++ openssl-1.0.1k/ssl/ssl_err.c	2015-06-15 17:06:22.704702592 +0200
+@@ -245,6 +245,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL_READ),	"SSL_read"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),	"SSL_RSA_PRIVATE_DECRYPT"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),	"SSL_RSA_PUBLIC_ENCRYPT"},
++{ERR_FUNC(SSL_F_SSL_SESSION_DUP),	"ssl_session_dup"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_NEW),	"SSL_SESSION_new"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),	"SSL_SESSION_print_fp"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),	"SSL_SESSION_set1_id_context"},
+diff -up openssl-1.0.1k/ssl/ssl.h.ticket-race openssl-1.0.1k/ssl/ssl.h
+--- openssl-1.0.1k/ssl/ssl.h.ticket-race	2015-06-15 17:06:22.700702500 +0200
++++ openssl-1.0.1k/ssl/ssl.h	2015-06-15 17:06:22.704702592 +0200
+@@ -2203,6 +2203,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_READ					 223
+ #define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
+ #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
++#define SSL_F_SSL_SESSION_DUP				 348
+ #define SSL_F_SSL_SESSION_NEW				 189
+ #define SSL_F_SSL_SESSION_PRINT_FP			 190
+ #define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 312
+diff -up openssl-1.0.1k/ssl/ssl_locl.h.ticket-race openssl-1.0.1k/ssl/ssl_locl.h
+--- openssl-1.0.1k/ssl/ssl_locl.h.ticket-race	2015-06-15 17:06:22.543698865 +0200
++++ openssl-1.0.1k/ssl/ssl_locl.h	2015-06-15 17:06:22.705702616 +0200
+@@ -831,6 +831,7 @@ void ssl_sess_cert_free(SESS_CERT *sc);
+ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+ int ssl_get_new_session(SSL *s, int session);
+ int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+ int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+ DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+ 				  ssl_cipher_id);
+diff -up openssl-1.0.1k/ssl/ssl_sess.c.ticket-race openssl-1.0.1k/ssl/ssl_sess.c
+--- openssl-1.0.1k/ssl/ssl_sess.c.ticket-race	2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/ssl/ssl_sess.c	2015-06-15 17:06:22.705702616 +0200
+@@ -224,6 +224,146 @@ SSL_SESSION *SSL_SESSION_new(void)
+ 	return(ss);
+ 	}
+ 
++/*
++ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
++ * ticket == 0 then no ticket information is duplicated, otherwise it is.
++ */
++SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
++{
++	SSL_SESSION *dest;
++
++	dest = OPENSSL_malloc(sizeof(*src));
++	if (dest == NULL)
++		{
++		goto err;
++		}
++	memcpy(dest, src, sizeof(*dest));
++
++	/*
++	 * Set the various pointers to NULL so that we can call SSL_SESSION_free in
++	 * the case of an error whilst halfway through constructing dest
++	 */
++#ifndef OPENSSL_NO_PSK
++	dest->psk_identity_hint = NULL;
++	dest->psk_identity = NULL;
++#endif
++	dest->ciphers = NULL;
++#ifndef OPENSSL_NO_TLSEXT
++	dest->tlsext_hostname = NULL;
++# ifndef OPENSSL_NO_EC
++	dest->tlsext_ecpointformatlist = NULL;
++	dest->tlsext_ellipticcurvelist = NULL;
++# endif
++#endif
++	dest->tlsext_tick = NULL;
++#ifndef OPENSSL_NO_SRP
++	dest->srp_username = NULL;
++#endif
++	memset(&dest->ex_data, 0, sizeof(dest->ex_data));
++
++	/* We deliberately don't copy the prev and next pointers */
++	dest->prev = NULL;
++	dest->next = NULL;
++
++	dest->references = 1;
++
++	if (src->sess_cert != NULL)
++		CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
++
++	if (src->peer != NULL)
++		CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
++
++#ifndef OPENSSL_NO_PSK
++	if (src->psk_identity_hint)
++		{
++		dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
++		if (dest->psk_identity_hint == NULL)
++			{
++			goto err;
++			}
++		}
++	if (src->psk_identity)
++		{
++		dest->psk_identity = BUF_strdup(src->psk_identity);
++		if (dest->psk_identity == NULL)
++			{
++			goto err;
++			}
++		}
++#endif
++
++	if(src->ciphers != NULL)
++		{
++		dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
++		if (dest->ciphers == NULL)
++			goto err;
++		}
++
++	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
++				&dest->ex_data, &src->ex_data))
++		{
++		goto err;
++		}
++
++#ifndef OPENSSL_NO_TLSEXT
++	if (src->tlsext_hostname)
++		{
++		dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
++		if (dest->tlsext_hostname == NULL)
++			{
++			goto err;
++			}
++		}
++# ifndef OPENSSL_NO_EC
++	if (src->tlsext_ecpointformatlist)
++		{
++		dest->tlsext_ecpointformatlist =
++			BUF_memdup(src->tlsext_ecpointformatlist,
++				src->tlsext_ecpointformatlist_length);
++		if (dest->tlsext_ecpointformatlist == NULL)
++			goto err;
++		}
++	if (src->tlsext_ellipticcurvelist)
++		{
++		dest->tlsext_ellipticcurvelist =
++			BUF_memdup(src->tlsext_ellipticcurvelist,
++				src->tlsext_ellipticcurvelist_length);
++		if (dest->tlsext_ellipticcurvelist == NULL)
++			goto err;
++		}
++# endif
++#endif
++
++	if (ticket != 0)
++		{
++		dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
++        	if(dest->tlsext_tick == NULL)
++			goto err;
++		}
++	else
++		{
++		dest->tlsext_tick_lifetime_hint = 0;
++		dest->tlsext_ticklen = 0;
++		}
++
++#ifndef OPENSSL_NO_SRP
++	if (src->srp_username)
++		{
++		dest->srp_username = BUF_strdup(src->srp_username);
++		if (dest->srp_username == NULL)
++			{
++			goto err;
++			}
++		}
++#endif
++
++	return dest;
++err:
++	SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
++	SSL_SESSION_free(dest);
++	return NULL;
++}
++
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+ 	{
+ 	if(len)
+diff -up openssl-1.0.1k/ssl/s3_clnt.c.ticket-race openssl-1.0.1k/ssl/s3_clnt.c
+--- openssl-1.0.1k/ssl/s3_clnt.c.ticket-race	2015-06-15 17:06:22.700702500 +0200
++++ openssl-1.0.1k/ssl/s3_clnt.c	2015-06-15 17:06:37.434043557 +0200
+@@ -2191,6 +2191,44 @@ int ssl3_get_new_session_ticket(SSL *s)
+ 		}
+ 
+ 	p=d=(unsigned char *)s->init_msg;
++
++	if (s->session->session_id_length > 0)
++		{
++		int i = s->session_ctx->session_cache_mode;
++		SSL_SESSION *new_sess;
++		/*
++		 * We reused an existing session, so we need to replace it with a new
++		 * one
++		 */
++		if (i & SSL_SESS_CACHE_CLIENT)
++			{
++			/*
++			 * Remove the old session from the cache
++			 */
++			if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
++				{
++				if (s->session_ctx->remove_session_cb != NULL)
++					s->session_ctx->remove_session_cb(s->session_ctx,
++						s->session);
++				}
++			else
++				{
++				/* We carry on if this fails */
++				SSL_CTX_remove_session(s->session_ctx, s->session);
++				}
++			}
++
++		if ((new_sess = ssl_session_dup(s->session, 0)) == 0)
++			{
++			al = SSL_AD_INTERNAL_ERROR;
++			SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
++			goto f_err;
++			}
++
++		SSL_SESSION_free(s->session);
++		s->session = new_sess;
++		}
++
+ 	n2l(p, s->session->tlsext_tick_lifetime_hint);
+ 	n2s(p, ticklen);
+ 	/* ticket_lifetime_hint + ticket_length + ticket */

openssl-1.0.1k-cve-2015-4000.patch

@@ -0,0 +1,208 @@
+diff -up openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod.logjam openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+--- openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod.logjam	2015-05-29 16:02:33.335187143 +0200
++++ openssl-1.0.1k/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	2015-05-29 16:05:16.611940775 +0200
+@@ -61,12 +61,12 @@ negotiation is being saved.
+ 
+ If "strong" primes were used to generate the DH parameters, it is not strictly
+ necessary to generate a new key for each handshake but it does improve forward
+-secrecy. If it is not assured, that "strong" primes were used (see especially
+-the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
+-in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
+-has an impact on the computer time needed during negotiation, but it is not
+-very large, so application authors/users should consider to always enable
+-this option.
++secrecy. If it is not assured that "strong" primes were used,
++SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
++attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
++computer time needed during negotiation, but it is not very large, so
++application authors/users should consider always enabling this option.
++The option is required to implement perfect forward secrecy (PFS).
+ 
+ As generating DH parameters is extremely time consuming, an application
+ should not generate the parameters on the fly but supply the parameters.
+@@ -74,82 +74,62 @@ DH parameters can be reused, as the actu
+ the negotiation. The risk in reusing DH parameters is that an attacker
+ may specialize on a very often used DH group. Applications should therefore
+ generate their own DH parameters during the installation process using the
+-openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
+-time needed for this generation, it is possible to use DSA parameters
+-instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
+-is mandatory.
++openssl L<dhparam(1)|dhparam(1)> application. This application
++guarantees that "strong" primes are used.
+ 
+-Application authors may compile in DH parameters. Files dh512.pem,
+-dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
++Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current
+ version of the OpenSSL distribution contain the 'SKIP' DH parameters,
+ which use safe primes and were generated verifiably pseudo-randomly.
+ These files can be converted into C code using the B<-C> option of the
+-L<dhparam(1)|dhparam(1)> application.
+-Authors may also generate their own set of parameters using
+-L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
+-generated. The generation of DH parameters during installation is therefore
+-recommended.
++L<dhparam(1)|dhparam(1)> application. Generation of custom DH
++parameters during installation should still be preferred to stop an
++attacker from specializing on a commonly used group. Files dh1024.pem
++and dh512.pem contain old parameters that must not be used by
++applications.
+ 
+ An application may either directly specify the DH parameters or
+-can supply the DH parameters via a callback function. The callback approach
+-has the advantage, that the callback may supply DH parameters for different
+-key lengths.
+-
+-The B<tmp_dh_callback> is called with the B<keylength> needed and
+-the B<is_export> information. The B<is_export> flag is set, when the
+-ephemeral DH key exchange is performed with an export cipher.
++can supply the DH parameters via a callback function.
++
++Previous versions of the callback used B<is_export> and B<keylength>
++parameters to control parameter generation for export and non-export
++cipher suites. Modern servers that do not support export ciphersuites
++are advised to either use SSL_CTX_set_tmp_dh() in combination with
++SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
++B<keylength> and B<is_export> and simply supply at least 2048-bit
++parameters in the callback.
+ 
+ =head1 EXAMPLES
+ 
+-Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
++Setup DH parameters with a key length of 2048 bits. (Error handling
+ partly left out.)
+ 
+- ...
+- /* Set up ephemeral DH stuff */
+- DH *dh_512 = NULL;
+- DH *dh_1024 = NULL;
+- FILE *paramfile;
++ Command-line parameter generation:
++ $ openssl dhparam -out dh_param_2048.pem 2048
++
++ Code for setting up parameters during server initialization:
+ 
+  ...
+- /* "openssl dhparam -out dh_param_512.pem -2 512" */
+- paramfile = fopen("dh_param_512.pem", "r");
++ SSL_CTX ctx = SSL_CTX_new();
++ ...
++
++ /* Set up ephemeral DH parameters. */
++ DH *dh_2048 = NULL;
++ FILE *paramfile;
++ paramfile = fopen("dh_param_2048.pem", "r");
+  if (paramfile) {
+-   dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
++   dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+    fclose(paramfile);
++ } else {
++   /* Error. */
+  }
+- /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
+- paramfile = fopen("dh_param_1024.pem", "r");
+- if (paramfile) {
+-   dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+-   fclose(paramfile);
++ if (dh_2048 == NULL) {
++  /* Error. */
+  }
+- ...
+-
+- /* "openssl dhparam -C -2 512" etc... */
+- DH *get_dh512() { ... }
+- DH *get_dh1024() { ... }
+-
+- DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
+- {
+-    DH *dh_tmp=NULL;
+-
+-    switch (keylength) {
+-    case 512:
+-      if (!dh_512)
+-        dh_512 = get_dh512();
+-      dh_tmp = dh_512;
+-      break;
+-    case 1024:
+-      if (!dh_1024)
+-        dh_1024 = get_dh1024();
+-      dh_tmp = dh_1024;
+-      break;
+-    default:
+-      /* Generating a key on the fly is very costly, so use what is there */
+-      setup_dh_parameters_like_above();
++ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
++   /* Error. */
+     }
+-    return(dh_tmp);
+- }
++ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
++ ...
+ 
+ =head1 RETURN VALUES
+ 
+diff -up openssl-1.0.1k/ssl/ssl_err.c.logjam openssl-1.0.1k/ssl/ssl_err.c
+--- openssl-1.0.1k/ssl/ssl_err.c.logjam	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/ssl/ssl_err.c	2015-05-29 16:02:33.336187166 +0200
+@@ -362,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
+ {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
++{ERR_REASON(SSL_R_DH_KEY_TOO_SMALL)      ,"dh key too small"},
+ {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
+ {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},
+ {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG)  ,"dtls message too big"},
+diff -up openssl-1.0.1k/ssl/ssl.h.logjam openssl-1.0.1k/ssl/ssl.h
+--- openssl-1.0.1k/ssl/ssl.h.logjam	2015-05-29 16:02:19.210862433 +0200
++++ openssl-1.0.1k/ssl/ssl.h	2015-05-29 16:02:33.337187189 +0200
+@@ -2317,6 +2317,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_R_DATA_LENGTH_TOO_LONG			 146
+ #define SSL_R_DECRYPTION_FAILED				 147
+ #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281
++#define SSL_R_DH_KEY_TOO_SMALL                           372
+ #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
+ #define SSL_R_DIGEST_CHECK_FAILED			 149
+ #define SSL_R_DTLS_MESSAGE_TOO_BIG			 334
+diff -up openssl-1.0.1k/ssl/s3_clnt.c.logjam openssl-1.0.1k/ssl/s3_clnt.c
+--- openssl-1.0.1k/ssl/s3_clnt.c.logjam	2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/ssl/s3_clnt.c	2015-05-29 16:02:33.338187212 +0200
+@@ -3393,24 +3393,34 @@ int ssl3_check_cert_and_algorithm(SSL *s
+ 		}
+ #endif
+ #ifndef OPENSSL_NO_DH
+-	if ((alg_k & SSL_kEDH) &&
+-		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
++	if ((alg_k & SSL_kEDH) && dh == NULL)
+ 		{
+-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
++		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
+ 		goto f_err;
+ 		}
+-	else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
++	if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
+ 		{
+ 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
+ 		goto f_err;
+ 		}
+ #ifndef OPENSSL_NO_DSA
+-	else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
++	if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
+ 		{
+ 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
+ 		goto f_err;
+ 		}
+ #endif
++	/* Check DHE only: static DH not implemented. */
++	if (alg_k & SSL_kEDH)
++		{
++		int dh_size = BN_num_bits(dh->p);
++		if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768)
++		    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512))
++			{
++			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL);
++			goto f_err;
++			}
++		}
+ #endif
+ 
+ 	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))

openssl-1.0.1k-dtls1-abi.patch

@@ -0,0 +1,26 @@
+diff -up openssl-1.0.1k/ssl/dtls1.h.dtls1-abi openssl-1.0.1k/ssl/dtls1.h
+--- openssl-1.0.1k/ssl/dtls1.h.dtls1-abi	2015-01-09 09:58:59.332596897 +0100
++++ openssl-1.0.1k/ssl/dtls1.h	2015-01-09 10:02:34.908472320 +0100
+@@ -231,10 +231,6 @@ typedef struct dtls1_state_st
+ 	 */
+ 	record_pqueue buffered_app_data;
+ 
+-	/* Is set when listening for new connections with dtls1_listen() */
+-	unsigned int listen;
+-
+-	unsigned int link_mtu; /* max on-the-wire DTLS packet size */
+ 	unsigned int mtu; /* max DTLS packet size */
+ 
+ 	struct hm_header_st w_msg_hdr;
+@@ -262,6 +258,11 @@ typedef struct dtls1_state_st
+ 	 */
+ 	unsigned int change_cipher_spec_ok;
+ 
++	/* Is set when listening for new connections with dtls1_listen() */
++	unsigned int listen;
++
++	unsigned int link_mtu; /* max on-the-wire DTLS packet size */
++
+ #ifndef OPENSSL_NO_SCTP
+ 	/* used when SSL_ST_XX_FLUSH is entered */
+ 	int next_state;

openssl-1.0.1k-ecc-suiteb.patch

@@ -0,0 +1,130 @@
+diff -up openssl-1.0.1k/apps/speed.c.suiteb openssl-1.0.1k/apps/speed.c
+--- openssl-1.0.1k/apps/speed.c.suiteb	2015-01-09 10:03:38.406908388 +0100
++++ openssl-1.0.1k/apps/speed.c	2015-01-09 10:03:38.602912821 +0100
+@@ -966,49 +966,23 @@ int MAIN(int argc, char **argv)
+ 		else
+ #endif
+ #ifndef OPENSSL_NO_ECDSA
+-		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
+-		else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
+-		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
+-		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
++		if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
+ 		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
+ 		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
+-		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
+-		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
+-		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
+-		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
+-		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
+-		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
+-		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
+-		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
+-		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
+-		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
+ 		else if (strcmp(*argv,"ecdsa") == 0)
+ 			{
+-			for (i=0; i < EC_NUM; i++)
++			for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 				ecdsa_doit[i]=1;
+ 			}
+ 		else
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+-		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
+-		else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
+-		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
+-		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
++		if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
+ 		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
+ 		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
+-		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
+-		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
+-		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
+-		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
+-		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
+-		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
+-		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
+-		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
+-		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
+-		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
+ 		else if (strcmp(*argv,"ecdh") == 0)
+ 			{
+-			for (i=0; i < EC_NUM; i++)
++			for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 				ecdh_doit[i]=1;
+ 			}
+ 		else
+@@ -1097,15 +1071,11 @@ int MAIN(int argc, char **argv)
+ 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
+ #endif
+ #ifndef OPENSSL_NO_ECDSA
+-			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+-			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+-			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
++			BIO_printf(bio_err,"ecdsap256 ecdsap384 ecdsap521\n");
+ 			BIO_printf(bio_err,"ecdsa\n");
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+-			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
+-			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
+-			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
++			BIO_printf(bio_err,"ecdhp256  ecdhp384 ecdhp521\n");
+ 			BIO_printf(bio_err,"ecdh\n");
+ #endif
+ 
+@@ -1184,11 +1154,11 @@ int MAIN(int argc, char **argv)
+ 		    if (!FIPS_mode() || i != R_DSA_512)
+ 			dsa_doit[i]=1;
+ #ifndef OPENSSL_NO_ECDSA
+-		for (i=0; i<EC_NUM; i++)
++		for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 			ecdsa_doit[i]=1;
+ #endif
+ #ifndef OPENSSL_NO_ECDH
+-		for (i=0; i<EC_NUM; i++)
++		for (i=R_EC_P256; i <= R_EC_P521; i++)
+ 			ecdh_doit[i]=1;
+ #endif
+ 		}
+diff -up openssl-1.0.1k/ssl/t1_lib.c.suiteb openssl-1.0.1k/ssl/t1_lib.c
+--- openssl-1.0.1k/ssl/t1_lib.c.suiteb	2015-01-09 10:03:38.603912844 +0100
++++ openssl-1.0.1k/ssl/t1_lib.c	2015-01-09 10:06:35.470912834 +0100
+@@ -218,29 +218,21 @@ static int pref_list[] =
+ 		NID_sect283k1, /* sect283k1 (9) */
+ 		NID_sect283r1, /* sect283r1 (10) */ 
+ #endif
+-		NID_secp256k1, /* secp256k1 (22) */ 
+ 		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+ #ifndef OPENSSL_NO_EC2M
+ 		NID_sect239k1, /* sect239k1 (8) */ 
+ 		NID_sect233k1, /* sect233k1 (6) */
+ 		NID_sect233r1, /* sect233r1 (7) */ 
+ #endif
+-		NID_secp224k1, /* secp224k1 (20) */ 
+-		NID_secp224r1, /* secp224r1 (21) */
+ #ifndef OPENSSL_NO_EC2M
+ 		NID_sect193r1, /* sect193r1 (4) */ 
+ 		NID_sect193r2, /* sect193r2 (5) */ 
+ #endif
+-		NID_secp192k1, /* secp192k1 (18) */
+-		NID_X9_62_prime192v1, /* secp192r1 (19) */ 
+ #ifndef OPENSSL_NO_EC2M
+ 		NID_sect163k1, /* sect163k1 (1) */
+ 		NID_sect163r1, /* sect163r1 (2) */
+ 		NID_sect163r2, /* sect163r2 (3) */
+ #endif
+-		NID_secp160k1, /* secp160k1 (15) */
+-		NID_secp160r1, /* secp160r1 (16) */ 
+-		NID_secp160r2, /* secp160r2 (17) */ 
+ 	};
+ 
+ int tls1_ec_curve_id2nid(int curve_id)
+@@ -1820,7 +1812,6 @@ int ssl_prepare_clienthello_tlsext(SSL *
+ 		s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+ 		s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+ 
+-		/* we support all named elliptic curves in RFC 4492 */
+ 		if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
+ 		s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
+ 		if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)

openssl-1.0.1k-ephemeral-key-size.patch

@@ -0,0 +1,135 @@
+diff -up openssl-1.0.1k/apps/s_apps.h.ephemeral openssl-1.0.1k/apps/s_apps.h
+--- openssl-1.0.1k/apps/s_apps.h.ephemeral	2015-01-09 10:22:03.289896211 +0100
++++ openssl-1.0.1k/apps/s_apps.h	2015-01-09 10:22:03.373898111 +0100
+@@ -156,6 +156,7 @@ int MS_CALLBACK verify_callback(int ok,
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
++int ssl_print_tmp_key(BIO *out, SSL *s);
+ int init_client(int *sock, char *server, char *port, int type);
+ int should_retry(int i);
+ int extract_host_port(char *str,char **host_ptr,char **port_ptr);
+diff -up openssl-1.0.1k/apps/s_cb.c.ephemeral openssl-1.0.1k/apps/s_cb.c
+--- openssl-1.0.1k/apps/s_cb.c.ephemeral	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/s_cb.c	2015-01-09 10:22:03.373898111 +0100
+@@ -338,6 +338,38 @@ void MS_CALLBACK apps_ssl_info_callback(
+ 		}
+ 	}
+ 
++int ssl_print_tmp_key(BIO *out, SSL *s)
++	{
++	EVP_PKEY *key;
++	if (!SSL_get_server_tmp_key(s, &key))
++		return 1;
++	BIO_puts(out, "Server Temp Key: ");
++	switch (EVP_PKEY_id(key))
++		{
++	case EVP_PKEY_RSA:
++		BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
++		break;
++
++	case EVP_PKEY_DH:
++		BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
++		break;
++
++	case EVP_PKEY_EC:
++			{
++			EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
++			int nid;
++			const char *cname;
++			nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
++			EC_KEY_free(ec);
++			cname = OBJ_nid2sn(nid);
++			BIO_printf(out, "ECDH, %s, %d bits\n",
++						cname, EVP_PKEY_bits(key));
++			}
++		}
++	EVP_PKEY_free(key);
++	return 1;
++	}
++		
+ 
+ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+ 	{
+diff -up openssl-1.0.1k/apps/s_client.c.ephemeral openssl-1.0.1k/apps/s_client.c
+--- openssl-1.0.1k/apps/s_client.c.ephemeral	2015-01-09 10:22:03.367897975 +0100
++++ openssl-1.0.1k/apps/s_client.c	2015-01-09 10:22:03.373898111 +0100
+@@ -2058,6 +2058,8 @@ static void print_stuff(BIO *bio, SSL *s
+ 			BIO_write(bio,"\n",1);
+ 			}
+ 
++		ssl_print_tmp_key(bio, s);
++
+ 		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
+ 			BIO_number_read(SSL_get_rbio(s)),
+ 			BIO_number_written(SSL_get_wbio(s)));
+diff -up openssl-1.0.1k/ssl/ssl.h.ephemeral openssl-1.0.1k/ssl/ssl.h
+--- openssl-1.0.1k/ssl/ssl.h.ephemeral	2015-01-09 10:22:03.358897772 +0100
++++ openssl-1.0.1k/ssl/ssl.h	2015-01-09 10:25:08.644088146 +0100
+@@ -1593,6 +1593,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+ #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
+ #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
+ 
++#define SSL_CTRL_GET_SERVER_TMP_KEY		109
+ #define SSL_CTRL_CHECK_PROTO_VERSION		119
+ #define DTLS_CTRL_SET_LINK_MTU			120
+ #define DTLS_CTRL_GET_LINK_MIN_MTU		121
+@@ -1638,6 +1639,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+ #define SSL_CTX_clear_extra_chain_certs(ctx) \
+ 	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+ 
++#define SSL_get_server_tmp_key(s, pk) \
++	SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
++
+ #ifndef OPENSSL_NO_BIO
+ BIO_METHOD *BIO_f_ssl(void);
+ BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+diff -up openssl-1.0.1k/ssl/s3_lib.c.ephemeral openssl-1.0.1k/ssl/s3_lib.c
+--- openssl-1.0.1k/ssl/s3_lib.c.ephemeral	2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/ssl/s3_lib.c	2015-01-09 10:22:03.374898133 +0100
+@@ -3356,6 +3356,45 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
+ 
+ #endif /* !OPENSSL_NO_TLSEXT */
+ 
++	case SSL_CTRL_GET_SERVER_TMP_KEY:
++		if (s->server || !s->session || !s->session->sess_cert)
++			return 0;
++		else
++			{
++			SESS_CERT *sc;
++			EVP_PKEY *ptmp;
++			int rv = 0;
++			sc = s->session->sess_cert;
++#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)
++			if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp
++							&& !sc->peer_ecdh_tmp)
++				return 0;
++#endif
++			ptmp = EVP_PKEY_new();
++			if (!ptmp)
++				return 0;
++			if (0);
++#ifndef OPENSSL_NO_RSA
++			else if (sc->peer_rsa_tmp)
++				rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp);
++#endif
++#ifndef OPENSSL_NO_DH
++			else if (sc->peer_dh_tmp)
++				rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp);
++#endif
++#ifndef OPENSSL_NO_ECDH
++			else if (sc->peer_ecdh_tmp)
++				rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp);
++#endif
++			if (rv)
++				{
++				*(EVP_PKEY **)parg = ptmp;
++				return 1;
++				}
++			EVP_PKEY_free(ptmp);
++			return 0;
++			}
++
+ 	case SSL_CTRL_CHECK_PROTO_VERSION:
+ 		/* For library-internal use; checks that the current protocol
+ 		 * is the highest enabled version (according to s->ctx->method,

openssl-1.0.1k-padlock64.patch

@@ -0,0 +1,197 @@
+diff -up openssl-1.0.1k/engines/e_padlock.c.padlock64 openssl-1.0.1k/engines/e_padlock.c
+--- openssl-1.0.1k/engines/e_padlock.c.padlock64	2015-01-08 15:00:56.000000000 +0100
++++ openssl-1.0.1k/engines/e_padlock.c	2015-01-09 10:18:55.579650992 +0100
+@@ -101,7 +101,10 @@
+    compiler choice is limited to GCC and Microsoft C. */
+ #undef COMPILE_HW_PADLOCK
+ #if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
+-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
++# if (defined(__GNUC__) && __GNUC__>=2 && \
++	(defined(__i386__) || defined(__i386) || \
++	 defined(__x86_64__) || defined(__x86_64)) \
++     ) || \
+      (defined(_MSC_VER) && defined(_M_IX86))
+ #  define COMPILE_HW_PADLOCK
+ # endif
+@@ -137,7 +140,7 @@ void ENGINE_load_padlock (void)
+ # endif
+ #elif defined(__GNUC__)
+ # ifndef alloca
+-#  define alloca(s) __builtin_alloca(s)
++#  define alloca(s) __builtin_alloca((s))
+ # endif
+ #endif
+ 
+@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_da
+  * =======================================================
+  */
+ #if defined(__GNUC__) && __GNUC__>=2
++#if defined(__i386__) || defined(__i386)
+ /*
+  * As for excessive "push %ebx"/"pop %ebx" found all over.
+  * When generating position-independent code GCC won't let
+@@ -383,23 +387,6 @@ padlock_available(void)
+ 	return padlock_use_ace + padlock_use_rng;
+ }
+ 
+-#ifndef OPENSSL_NO_AES
+-#ifndef AES_ASM
+-/* Our own htonl()/ntohl() */
+-static inline void
+-padlock_bswapl(AES_KEY *ks)
+-{
+-	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
+-	unsigned int *key = ks->rd_key;
+-
+-	while (i--) {
+-		asm volatile ("bswapl %0" : "+r"(*key));
+-		key++;
+-	}
+-}
+-#endif
+-#endif
+-
+ /* Force key reload from memory to the CPU microcode.
+    Loading EFLAGS from the stack clears EFLAGS[30] 
+    which does the trick. */
+@@ -457,12 +444,129 @@ static inline void *name(size_t cnt,		\
+ 		: "edx", "cc", "memory");	\
+ 	return iv;				\
+ }
++#endif
++
++#elif defined(__x86_64__) || defined(__x86_64)
++
++/* Load supported features of the CPU to see if
++   the PadLock is available. */
++static int
++padlock_available(void)
++{
++	char vendor_string[16];
++	unsigned int eax, edx;
+ 
++	/* Are we running on the Centaur (VIA) CPU? */
++	eax = 0x00000000;
++	vendor_string[12] = 0;
++	asm volatile (
++		"cpuid\n"
++		"movl	%%ebx,(%1)\n"
++		"movl	%%edx,4(%1)\n"
++		"movl	%%ecx,8(%1)\n"
++		: "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx");
++	if (strcmp(vendor_string, "CentaurHauls") != 0)
++		return 0;
++
++	/* Check for Centaur Extended Feature Flags presence */
++	eax = 0xC0000000;
++	asm volatile ("cpuid"
++		: "+a"(eax) : : "rbx", "rcx", "rdx");
++	if (eax < 0xC0000001)
++		return 0;
++
++	/* Read the Centaur Extended Feature Flags */
++	eax = 0xC0000001;
++	asm volatile ("cpuid"
++		: "+a"(eax), "=d"(edx) : : "rbx", "rcx");
++
++	/* Fill up some flags */
++	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
++	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
++
++	return padlock_use_ace + padlock_use_rng;
++}
++
++/* Force key reload from memory to the CPU microcode.
++   Loading EFLAGS from the stack clears EFLAGS[30] 
++   which does the trick. */
++static inline void
++padlock_reload_key(void)
++{
++	asm volatile ("pushfq; popfq");
++}
++
++#ifndef OPENSSL_NO_AES
++/*
++ * This is heuristic key context tracing. At first one
++ * believes that one should use atomic swap instructions,
++ * but it's not actually necessary. Point is that if
++ * padlock_saved_context was changed by another thread
++ * after we've read it and before we compare it with cdata,
++ * our key *shall* be reloaded upon thread context switch
++ * and we are therefore set in either case...
++ */
++static inline void
++padlock_verify_context(struct padlock_cipher_data *cdata)
++{
++	asm volatile (
++	"pushfq\n"
++"	btl	$30,(%%rsp)\n"
++"	jnc	1f\n"
++"	cmpq	%2,%1\n"
++"	je	1f\n"
++"	popfq\n"
++"	subq	$8,%%rsp\n"
++"1:	addq	$8,%%rsp\n"
++"	movq	%2,%0"
++	:"+m"(padlock_saved_context)
++	: "r"(padlock_saved_context), "r"(cdata) : "cc");
++}
++
++/* Template for padlock_xcrypt_* modes */
++/* BIG FAT WARNING: 
++ * 	The offsets used with 'leal' instructions
++ * 	describe items of the 'padlock_cipher_data'
++ * 	structure.
++ */
++#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt)	\
++static inline void *name(size_t cnt,		\
++	struct padlock_cipher_data *cdata,	\
++	void *out, const void *inp) 		\
++{	void *iv; 				\
++	asm volatile ( "leaq	16(%0),%%rdx\n"	\
++		"	leaq	32(%0),%%rbx\n"	\
++			rep_xcrypt "\n"		\
++		: "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
++		: "0"(cdata), "1"(cnt), "2"(out), "3"(inp)  \
++		: "rbx", "rdx", "cc", "memory");	\
++	return iv;				\
++}
++#endif
++
++#endif	/* cpu */
++
++#ifndef OPENSSL_NO_AES
+ /* Generate all functions with appropriate opcodes */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")	/* rep xcryptecb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")	/* rep xcryptcbc */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")	/* rep xcryptcfb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")	/* rep xcryptofb */
++
++#ifndef AES_ASM
++/* Our own htonl()/ntohl() */
++static inline void
++padlock_bswapl(AES_KEY *ks)
++{
++	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
++	unsigned int *key = ks->rd_key;
++
++	while (i--) {
++		asm volatile ("bswapl %0" : "+r"(*key));
++		key++;
++	}
++}
++#endif
+ #endif
+ 
+ /* The RNG call itself */
+@@ -493,8 +597,8 @@ padlock_xstore(void *addr, unsigned int
+ static inline unsigned char *
+ padlock_memcpy(void *dst,const void *src,size_t n)
+ {
+-	long       *d=dst;
+-	const long *s=src;
++	size_t       *d=dst;
++	const size_t *s=src;
+ 
+ 	n /= sizeof(*d);
+ 	do { *d++ = *s++; } while (--n);

openssl-1.0.1k-secp256k1.patch

@@ -0,0 +1,59 @@
+diff -up openssl-1.0.1k/crypto/ec/ec_curve.c.secp256k1 openssl-1.0.1k/crypto/ec/ec_curve.c
+--- openssl-1.0.1k/crypto/ec/ec_curve.c.secp256k1	2015-08-13 07:47:37.890966462 -0400
++++ openssl-1.0.1k/crypto/ec/ec_curve.c	2015-08-13 08:01:31.697866786 -0400
+@@ -82,6 +82,36 @@ typedef struct {
+ 	unsigned int cofactor;	/* promoted to BN_ULONG */
+ } EC_CURVE_DATA;
+ 
++static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
++	_EC_SECG_PRIME_256K1 = {
++	{ NID_X9_62_prime_field,0,32,1 },
++	{							/* no seed */
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,
++	  0xFC,0x2F,
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++	  0x00,0x00,
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    
++	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
++	  0x00,0x07,
++	  0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,	/* x */
++	  0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB,
++	  0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
++	  0x17,0x98,
++	  0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4,	/* y */
++	  0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48,
++	  0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10,
++	  0xd4,0xb8,
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
++	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,
++	  0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36,
++	  0x41,0x41 }
++	};
++
+ static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
+ 	_EC_NIST_PRIME_384 = {
+ 	{ NID_X9_62_prime_field,20,48,1 },
+@@ -212,6 +242,7 @@ typedef struct _ec_list_element_st {
+ static const ec_list_element curve_list[] = {
+ 	/* prime field curves */
+ 	/* secg curves */
++	{ NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field" },
+ 	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+ 	{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
+ #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+diff -up openssl-1.0.1k/ssl/t1_lib.c.secp256k1 openssl-1.0.1k/ssl/t1_lib.c
+--- openssl-1.0.1k/ssl/t1_lib.c.secp256k1	2015-08-13 08:03:17.401589785 -0400
++++ openssl-1.0.1k/ssl/t1_lib.c	2015-08-13 08:05:44.283292971 -0400
+@@ -218,6 +218,7 @@ static int pref_list[] =
+ 		NID_sect283k1, /* sect283k1 (9) */
+ 		NID_sect283r1, /* sect283r1 (10) */ 
+ #endif
++		NID_secp256k1, /* secp256k1 (22) */
+ 		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+ #ifndef OPENSSL_NO_EC2M
+ 		NID_sect239k1, /* sect239k1 (8) */ 

openssl-1.0.1k-trusted-first.patch

@@ -0,0 +1,330 @@
+diff -up openssl-1.0.1k/apps/apps.c.trusted-first openssl-1.0.1k/apps/apps.c
+--- openssl-1.0.1k/apps/apps.c.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/apps.c	2015-01-09 10:19:45.476779456 +0100
+@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
+ 		flags |= X509_V_FLAG_NOTIFY_POLICY;
+ 	else if (!strcmp(arg, "-check_ss_sig"))
+ 		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++	else if (!strcmp(arg, "-trusted_first"))
++		flags |= X509_V_FLAG_TRUSTED_FIRST;
+ 	else
+ 		return 0;
+ 
+diff -up openssl-1.0.1k/apps/cms.c.trusted-first openssl-1.0.1k/apps/cms.c
+--- openssl-1.0.1k/apps/cms.c.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/cms.c	2015-01-09 10:19:45.476779456 +0100
+@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+ 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++		BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+ 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1k/apps/ocsp.c.trusted-first openssl-1.0.1k/apps/ocsp.c
+--- openssl-1.0.1k/apps/ocsp.c.trusted-first	2015-01-09 10:19:45.477779478 +0100
++++ openssl-1.0.1k/apps/ocsp.c	2015-01-09 10:20:57.726413440 +0100
+@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-path                path to use in OCSP request\n");
+ 		BIO_printf (bio_err, "-CApath dir          trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file         trusted certificates file\n");
++		BIO_printf (bio_err, "-trusted_first       use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-VAfile file         validator certificates file\n");
+ 		BIO_printf (bio_err, "-validity_period n   maximum validity discrepancy in seconds\n");
+ 		BIO_printf (bio_err, "-status_age n        maximum status age in seconds\n");
+diff -up openssl-1.0.1k/apps/s_client.c.trusted-first openssl-1.0.1k/apps/s_client.c
+--- openssl-1.0.1k/apps/s_client.c.trusted-first	2015-01-09 10:19:45.438778596 +0100
++++ openssl-1.0.1k/apps/s_client.c	2015-01-09 10:19:45.477779478 +0100
+@@ -299,6 +299,7 @@ static void sc_usage(void)
+ 	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
+ 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+ 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
++	BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
+ 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+ 	BIO_printf(bio_err," -prexit       - print session information even on connection failure\n");
+diff -up openssl-1.0.1k/apps/smime.c.trusted-first openssl-1.0.1k/apps/smime.c
+--- openssl-1.0.1k/apps/smime.c.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/smime.c	2015-01-09 10:19:45.477779478 +0100
+@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
+ 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+ 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++		BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+ 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1k/apps/s_server.c.trusted-first openssl-1.0.1k/apps/s_server.c
+--- openssl-1.0.1k/apps/s_server.c.trusted-first	2015-01-09 10:19:45.445778755 +0100
++++ openssl-1.0.1k/apps/s_server.c	2015-01-09 10:19:45.478779501 +0100
+@@ -502,6 +502,7 @@ static void sv_usage(void)
+ 	BIO_printf(bio_err," -state        - Print the SSL states\n");
+ 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
+ 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
++	BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
+ 	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+ 	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
+diff -up openssl-1.0.1k/apps/s_time.c.trusted-first openssl-1.0.1k/apps/s_time.c
+--- openssl-1.0.1k/apps/s_time.c.trusted-first	2015-01-09 10:19:45.391777534 +0100
++++ openssl-1.0.1k/apps/s_time.c	2015-01-09 10:19:45.478779501 +0100
+@@ -179,6 +179,7 @@ static void s_time_usage(void)
+                 file if not specified by this option\n\
+ -CApath arg   - PEM format directory of CA's\n\
+ -CAfile arg   - PEM format file of CA's\n\
++-trusted_first - Use trusted CA's first when building the trust chain\n\
+ -cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
+ 
+ 	printf( "usage: s_time <args>\n\n" );
+diff -up openssl-1.0.1k/apps/ts.c.trusted-first openssl-1.0.1k/apps/ts.c
+--- openssl-1.0.1k/apps/ts.c.trusted-first	2015-01-09 10:19:45.435778529 +0100
++++ openssl-1.0.1k/apps/ts.c	2015-01-09 10:19:45.478779501 +0100
+@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
+ 		   "ts -verify [-data file_to_hash] [-digest digest_bytes] "
+ 		   "[-queryfile request.tsq] "
+ 		   "-in response.tsr [-token_in] "
+-		   "-CApath ca_path -CAfile ca_file.pem "
++		   "-CApath ca_path -CAfile ca_file.pem -trusted_first"
+ 		   "-untrusted cert_file.pem\n");
+  cleanup:
+ 	/* Clean up. */
+diff -up openssl-1.0.1k/apps/verify.c.trusted-first openssl-1.0.1k/apps/verify.c
+--- openssl-1.0.1k/apps/verify.c.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/apps/verify.c	2015-01-09 10:19:45.478779501 +0100
+@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
+ 
+ end:
+ 	if (ret == 1) {
+-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
++		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
+ 		BIO_printf(bio_err," [-attime timestamp]");
+ #ifndef OPENSSL_NO_ENGINE
+ 		BIO_printf(bio_err," [-engine e]");
+diff -up openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.c
+--- openssl-1.0.1k/crypto/x509/x509_vfy.c.trusted-first	2015-01-09 10:19:45.443778710 +0100
++++ openssl-1.0.1k/crypto/x509/x509_vfy.c	2015-01-09 10:19:45.479779524 +0100
+@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+ 
+ 		/* If we are self signed, we break */
+ 		if (ctx->check_issued(ctx, x,x)) break;
++		/* If asked see if we can find issuer in trusted store first */
++		if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
++			{
++			ok = ctx->get_issuer(&xtmp, ctx, x);
++			if (ok < 0)
++				return ok;
++			/* If successful for now free up cert so it
++			 * will be picked up again later.
++			 */
++			if (ok > 0)
++				{
++				X509_free(xtmp);
++				break;
++				}
++			}
+ 
+ 		/* If we were passed a cert chain, use it first */
+ 		if (ctx->untrusted != NULL)
+diff -up openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1k/crypto/x509/x509_vfy.h
+--- openssl-1.0.1k/crypto/x509/x509_vfy.h.trusted-first	2015-01-09 10:19:45.266774706 +0100
++++ openssl-1.0.1k/crypto/x509/x509_vfy.h	2015-01-09 10:19:45.479779524 +0100
+@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
+ #define X509_V_FLAG_USE_DELTAS			0x2000
+ /* Check selfsigned CA signature */
+ #define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
++/* Use trusted store first */
++#define X509_V_FLAG_TRUSTED_FIRST		0x8000
+ 
+ 
+ #define X509_VP_FLAG_DEFAULT			0x1
+diff -up openssl-1.0.1k/doc/apps/cms.pod.trusted-first openssl-1.0.1k/doc/apps/cms.pod
+--- openssl-1.0.1k/doc/apps/cms.pod.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/cms.pod	2015-01-09 10:19:45.479779524 +0100
+@@ -35,6 +35,7 @@ B<openssl> B<cms>
+ [B<-print>]
+ [B<-CAfile file>]
+ [B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-md digest>]
+ [B<-[cipher]>]
+ [B<-nointern>]
+@@ -243,6 +244,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before untrusted certificates
++from the message when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+ 
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first openssl-1.0.1k/doc/apps/ocsp.pod
+--- openssl-1.0.1k/doc/apps/ocsp.pod.trusted-first	2015-01-09 10:19:45.436778551 +0100
++++ openssl-1.0.1k/doc/apps/ocsp.pod	2015-01-09 10:19:45.479779524 +0100
+@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
+ [B<-path>]
+ [B<-CApath dir>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-VAfile file>]
+ [B<-validity_period n>]
+ [B<-status_age n>]
+@@ -142,6 +143,13 @@ connection timeout to the OCSP responder
+ file or pathname containing trusted CA certificates. These are used to verify
+ the signature on the OCSP response.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the response or residing in other certificates file when building the trust
++chain to verify responder certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-verify_other file>
+ 
+ file containing additional certificates to search when attempting to locate
+diff -up openssl-1.0.1k/doc/apps/s_client.pod.trusted-first openssl-1.0.1k/doc/apps/s_client.pod
+--- openssl-1.0.1k/doc/apps/s_client.pod.trusted-first	2015-01-09 10:19:45.451778890 +0100
++++ openssl-1.0.1k/doc/apps/s_client.pod	2015-01-09 10:19:45.479779524 +0100
+@@ -19,6 +19,7 @@ B<openssl> B<s_client>
+ [B<-pass arg>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reconnect>]
+ [B<-pause>]
+ [B<-showcerts>]
+@@ -121,7 +122,7 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+ 
+-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
++=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
+ 
+ Set various certificate chain valiadition option. See the
+ L<B<verify>|verify(1)> manual page for details.
+diff -up openssl-1.0.1k/doc/apps/smime.pod.trusted-first openssl-1.0.1k/doc/apps/smime.pod
+--- openssl-1.0.1k/doc/apps/smime.pod.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/smime.pod	2015-01-09 10:19:45.479779524 +0100
+@@ -15,6 +15,9 @@ B<openssl> B<smime>
+ [B<-pk7out>]
+ [B<-[cipher]>]
+ [B<-in file>]
++[B<-CAfile file>]
++[B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-certfile file>]
+ [B<-signer file>]
+ [B<-recip  file>]
+@@ -146,6 +149,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the message when building the trust chain to verify a certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+ 
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1k/doc/apps/s_server.pod.trusted-first openssl-1.0.1k/doc/apps/s_server.pod
+--- openssl-1.0.1k/doc/apps/s_server.pod.trusted-first	2015-01-09 10:19:45.451778890 +0100
++++ openssl-1.0.1k/doc/apps/s_server.pod	2015-01-09 10:19:45.479779524 +0100
+@@ -33,6 +33,7 @@ B<openssl> B<s_server>
+ [B<-state>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-nocert>]
+ [B<-cipher cipherlist>]
+ [B<-serverpref>]
+@@ -178,6 +179,12 @@ and to use when attempting to build the
+ is also used in the list of acceptable client CAs passed to the client when
+ a certificate is requested.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates 
++when building the trust chain to verify client certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-state>
+ 
+ prints out the SSL session states.
+diff -up openssl-1.0.1k/doc/apps/s_time.pod.trusted-first openssl-1.0.1k/doc/apps/s_time.pod
+--- openssl-1.0.1k/doc/apps/s_time.pod.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/s_time.pod	2015-01-09 10:19:45.480779546 +0100
+@@ -14,6 +14,7 @@ B<openssl> B<s_time>
+ [B<-key filename>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reuse>]
+ [B<-new>]
+ [B<-verify depth>]
+@@ -76,6 +77,12 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over the certificates provided
++by the server when building the trust chain to verify server certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-new>
+ 
+ performs the timing test using a new session ID for each connection.
+diff -up openssl-1.0.1k/doc/apps/ts.pod.trusted-first openssl-1.0.1k/doc/apps/ts.pod
+--- openssl-1.0.1k/doc/apps/ts.pod.trusted-first	2014-10-15 15:49:15.000000000 +0200
++++ openssl-1.0.1k/doc/apps/ts.pod	2015-01-09 10:19:45.480779546 +0100
+@@ -46,6 +46,7 @@ B<-verify>
+ [B<-token_in>]
+ [B<-CApath> trusted_cert_path]
+ [B<-CAfile> trusted_certs.pem]
++[B<-trusted_first>]
+ [B<-untrusted> cert_file.pem]
+ 
+ =head1 DESCRIPTION
+@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
+ or B<-CApath> must be specified.
+ (Optional)
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates
++when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-untrusted> cert_file.pem
+ 
+ Set of additional untrusted certificates in PEM format which may be
+diff -up openssl-1.0.1k/doc/apps/verify.pod.trusted-first openssl-1.0.1k/doc/apps/verify.pod
+--- openssl-1.0.1k/doc/apps/verify.pod.trusted-first	2015-01-08 15:00:36.000000000 +0100
++++ openssl-1.0.1k/doc/apps/verify.pod	2015-01-09 10:19:45.480779546 +0100
+@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
+ B<openssl> B<verify>
+ [B<-CApath directory>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-purpose purpose>]
+ [B<-policy arg>]
+ [B<-ignore_critical>]
+@@ -56,6 +57,12 @@ in PEM format concatenated together.
+ A file of untrusted certificates. The file should contain multiple certificates
+ in PEM format concatenated together.
+ 
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before the certificates in the untrusted
++file when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-purpose purpose>
+ 
+ The intended use for the certificate. If this option is not specified,

openssl-1.1.0-issuer-hash.patch

@@ -1,11 +0,0 @@
-diff -up openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash openssl-1.1.0-pre5/crypto/x509/x509_cmp.c
---- openssl-1.1.0-pre5/crypto/x509/x509_cmp.c.issuer-hash	2016-07-18 15:16:32.788881100 +0200
-+++ openssl-1.1.0-pre5/crypto/x509/x509_cmp.c	2016-07-18 15:17:16.671871840 +0200
-@@ -87,6 +87,7 @@ unsigned long X509_issuer_and_serial_has
- 
-     if (ctx == NULL)
-         goto err;
-+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-     f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
-     if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
-         goto err;

openssl-1.1.1-alpn-cb.patch

@@ -1,27 +0,0 @@
-commit 9e885a707d604e9528b5491b78fb9c00f41193fc
-Author: Tomas Mraz <tmraz@fedoraproject.org>
-Date:   Thu Mar 26 15:59:00 2020 +0100
-
-    s_server: Properly indicate ALPN protocol mismatch
-    
-    Return SSL_TLSEXT_ERR_ALERT_FATAL from alpn_select_cb so that
-    an alert is sent to the client on ALPN protocol mismatch.
-    
-    Fixes: #2708
-    
-    Reviewed-by: Matt Caswell <matt@openssl.org>
-    (Merged from https://github.com/openssl/openssl/pull/11415)
-
-diff --git a/apps/s_server.c b/apps/s_server.c
-index bcc83e562c..591c6c19c5 100644
---- a/apps/s_server.c
-+++ b/apps/s_server.c
-@@ -707,7 +707,7 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
-     if (SSL_select_next_proto
-         ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
-          inlen) != OPENSSL_NPN_NEGOTIATED) {
--        return SSL_TLSEXT_ERR_NOACK;
-+        return SSL_TLSEXT_ERR_ALERT_FATAL;
-     }
- 
-     if (!s_quiet) {

openssl-1.1.1-apps-dgst.patch

@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1b/apps/ca.c.dgst openssl-1.1.1b/apps/ca.c
---- openssl-1.1.1b/apps/ca.c.dgst	2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/apps/ca.c	2019-03-15 15:53:46.622267688 +0100
-@@ -169,7 +169,7 @@ const OPTIONS ca_options[] = {
-     {"enddate", OPT_ENDDATE, 's',
-      "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
-     {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
--    {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
-+    {"md", OPT_MD, 's', "md to use; see openssl help for list"},
-     {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
-     {"keyfile", OPT_KEYFILE, 's', "Private key"},
-     {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},

openssl-1.1.1-build.patch

@@ -1,40 +0,0 @@
-diff -up openssl-1.1.1f/Configurations/10-main.conf.build openssl-1.1.1f/Configurations/10-main.conf
---- openssl-1.1.1f/Configurations/10-main.conf.build	2020-03-31 14:17:45.000000000 +0200
-+++ openssl-1.1.1f/Configurations/10-main.conf	2020-04-07 16:42:10.920546387 +0200
-@@ -678,6 +678,7 @@ my %targets = (
-         cxxflags         => add("-m64"),
-         lib_cppflags     => add("-DL_ENDIAN"),
-         perlasm_scheme   => "linux64le",
-+        multilib         => "64",
-     },
- 
-     "linux-armv4" => {
-@@ -718,6 +719,7 @@ my %targets = (
-     "linux-aarch64" => {
-         inherit_from     => [ "linux-generic64", asm("aarch64_asm") ],
-         perlasm_scheme   => "linux64",
-+        multilib         => "64",
-     },
-     "linux-arm64ilp32" => {  # https://wiki.linaro.org/Platform/arm64-ilp32
-         inherit_from     => [ "linux-generic32", asm("aarch64_asm") ],
-diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build openssl-1.1.1f/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.build	2020-04-07 16:42:10.920546387 +0200
-+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl	2020-04-07 16:44:23.539142108 +0200
-@@ -823,7 +823,7 @@ uninstall_runtime_libs:
- install_man_docs:
- 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- 	@$(ECHO) "*** Installing manpages"
--	$(PERL) $(SRCDIR)/util/process_docs.pl \
-+	TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- 		"--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX)
- 
- uninstall_man_docs:
-@@ -835,7 +835,7 @@ uninstall_man_docs:
- install_html_docs:
- 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
- 	@$(ECHO) "*** Installing HTML manpages"
--	$(PERL) $(SRCDIR)/util/process_docs.pl \
-+	TZ=UTC $(PERL) $(SRCDIR)/util/process_docs.pl \
- 		"--destdir=$(DESTDIR)$(HTMLDIR)" --type=html
- 
- uninstall_html_docs:

openssl-1.1.1-conf-paths.patch

@@ -1,56 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths openssl-1.1.1-pre8/apps/CA.pl.in
---- openssl-1.1.1-pre8/apps/CA.pl.in.conf-paths	2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/apps/CA.pl.in	2018-07-25 17:26:58.388624296 +0200
-@@ -33,7 +33,7 @@ my $X509 = "$openssl x509";
- my $PKCS12 = "$openssl pkcs12";
- 
- # default openssl.cnf file has setup as per the following
--my $CATOP = "./demoCA";
-+my $CATOP = "/etc/pki/CA";
- my $CAKEY = "cakey.pem";
- my $CAREQ = "careq.pem";
- my $CACERT = "cacert.pem";
-diff -up openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths openssl-1.1.1-pre8/apps/openssl.cnf
---- openssl-1.1.1-pre8/apps/openssl.cnf.conf-paths	2018-07-25 17:26:58.378624057 +0200
-+++ openssl-1.1.1-pre8/apps/openssl.cnf	2018-07-27 13:20:08.198513471 +0200
-@@ -23,6 +23,22 @@ oid_section		= new_oids
- # (Alternatively, use a configuration file that has only
- # X.509v3 extensions in its main [= default] section.)
- 
-+# Load default TLS policy configuration
-+
-+openssl_conf = default_modules
-+
-+[ default_modules ]
-+
-+ssl_conf = ssl_module
-+
-+[ ssl_module ]
-+
-+system_default = crypto_policy
-+
-+[ crypto_policy ]
-+
-+.include = /etc/crypto-policies/back-ends/opensslcnf.config
-+
- [ new_oids ]
- 
- # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-@@ -43,7 +59,7 @@ default_ca	= CA_default		# The default c
- ####################################################################
- [ CA_default ]
- 
--dir		= ./demoCA		# Where everything is kept
-+dir		= /etc/pki/CA		# Where everything is kept
- certs		= $dir/certs		# Where the issued certs are kept
- crl_dir		= $dir/crl		# Where the issued crl are kept
- database	= $dir/index.txt	# database index file.
-@@ -329,7 +345,7 @@ default_tsa = tsa_config1	# the default
- [ tsa_config1 ]
- 
- # These are used by the TSA reply generation only.
--dir		= ./demoCA		# TSA root directory
-+dir		= /etc/pki/CA		# TSA root directory
- serial		= $dir/tsaserial	# The current serial number (mandatory)
- crypto_device	= builtin		# OpenSSL engine to use for signing
- signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate

openssl-1.1.1-disable-ssl3.patch

@@ -1,91 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_client.c
---- openssl-1.1.1-pre8/apps/s_client.c.disable-ssl3	2018-07-16 18:08:20.000487628 +0200
-+++ openssl-1.1.1-pre8/apps/s_client.c	2018-07-16 18:16:40.070186323 +0200
-@@ -1681,6 +1681,9 @@ int s_client_main(int argc, char **argv)
-     if (sdebug)
-         ssl_ctx_security_debug(ctx, sdebug);
- 
-+    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
-     if (!config_ctx(cctx, ssl_args, ctx))
-         goto end;
- 
-diff -up openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3 openssl-1.1.1-pre8/apps/s_server.c
---- openssl-1.1.1-pre8/apps/s_server.c.disable-ssl3	2018-07-16 18:08:20.000487628 +0200
-+++ openssl-1.1.1-pre8/apps/s_server.c	2018-07-16 18:17:17.300055551 +0200
-@@ -1760,6 +1760,9 @@ int s_server_main(int argc, char *argv[]
-     if (sdebug)
-         ssl_ctx_security_debug(ctx, sdebug);
- 
-+    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
-     if (!config_ctx(cctx, ssl_args, ctx))
-         goto end;
- 
-diff -up openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.1-pre8/ssl/ssl_lib.c
---- openssl-1.1.1-pre8/ssl/ssl_lib.c.disable-ssl3	2018-06-20 16:48:13.000000000 +0200
-+++ openssl-1.1.1-pre8/ssl/ssl_lib.c	2018-07-16 18:08:20.001487652 +0200
-@@ -3016,6 +3016,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
-      */
-     ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
- 
-+    if (meth->version != SSL3_VERSION) {
-+        /*
-+         * Disable SSLv3 by default.  Applications can
-+         * re-enable it by configuring
-+         * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+         * or by using the SSL_CONF API.
-+         */
-+        ret->options |= SSL_OP_NO_SSLv3;
-+    }
-+
-     ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
- 
-     /*
-diff -up openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3 openssl-1.1.1-pre8/test/ssl_test.c
---- openssl-1.1.1-pre8/test/ssl_test.c.disable-ssl3	2018-06-20 16:48:15.000000000 +0200
-+++ openssl-1.1.1-pre8/test/ssl_test.c	2018-07-16 18:18:34.806865121 +0200
-@@ -443,6 +443,7 @@ static int test_handshake(int idx)
-             SSL_TEST_SERVERNAME_CB_NONE) {
-             if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
-                 goto err;
-+            SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
-             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
-                                                          TLS_MAX_VERSION)))
-                 goto err;
-@@ -464,6 +465,8 @@ static int test_handshake(int idx)
-             if (!TEST_ptr(resume_server_ctx)
-                     || !TEST_ptr(resume_client_ctx))
-                 goto err;
-+            SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
-+            SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
-         }
-     }
- 
-@@ -477,6 +480,9 @@ static int test_handshake(int idx)
-             || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
-         goto err;
- 
-+    SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
-+
-     if (!SSL_CTX_config(server_ctx, "server")
-         || !SSL_CTX_config(client_ctx, "client")) {
-         goto err;
-diff -up openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3 openssl-1.1.1-pre8/test/ssltest_old.c
---- openssl-1.1.1-pre8/test/ssltest_old.c.disable-ssl3	2018-06-20 16:48:15.000000000 +0200
-+++ openssl-1.1.1-pre8/test/ssltest_old.c	2018-07-16 18:08:20.002487676 +0200
-@@ -1358,6 +1358,11 @@ int main(int argc, char *argv[])
-         ERR_print_errors(bio_err);
-         goto end;
-     }
-+
-+    SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
-+
-     /*
-      * Since we will use low security ciphersuites and keys for testing set
-      * security level to zero by default. Tests can override this by adding

openssl-1.1.1-ec-curves.patch

@@ -1,266 +0,0 @@
-diff -up openssl-1.1.1h/apps/speed.c.curves openssl-1.1.1h/apps/speed.c
---- openssl-1.1.1h/apps/speed.c.curves	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/apps/speed.c	2020-11-06 13:27:15.659288431 +0100
-@@ -490,90 +490,30 @@ static double rsa_results[RSA_NUM][2];
- #endif /* OPENSSL_NO_RSA */
- 
- enum {
--    R_EC_P160,
--    R_EC_P192,
-     R_EC_P224,
-     R_EC_P256,
-     R_EC_P384,
-     R_EC_P521,
--#ifndef OPENSSL_NO_EC2M
--    R_EC_K163,
--    R_EC_K233,
--    R_EC_K283,
--    R_EC_K409,
--    R_EC_K571,
--    R_EC_B163,
--    R_EC_B233,
--    R_EC_B283,
--    R_EC_B409,
--    R_EC_B571,
--#endif
--    R_EC_BRP256R1,
--    R_EC_BRP256T1,
--    R_EC_BRP384R1,
--    R_EC_BRP384T1,
--    R_EC_BRP512R1,
--    R_EC_BRP512T1,
-     R_EC_X25519,
-     R_EC_X448
- };
- 
- #ifndef OPENSSL_NO_EC
- static OPT_PAIR ecdsa_choices[] = {
--    {"ecdsap160", R_EC_P160},
--    {"ecdsap192", R_EC_P192},
-     {"ecdsap224", R_EC_P224},
-     {"ecdsap256", R_EC_P256},
-     {"ecdsap384", R_EC_P384},
-     {"ecdsap521", R_EC_P521},
--# ifndef OPENSSL_NO_EC2M
--    {"ecdsak163", R_EC_K163},
--    {"ecdsak233", R_EC_K233},
--    {"ecdsak283", R_EC_K283},
--    {"ecdsak409", R_EC_K409},
--    {"ecdsak571", R_EC_K571},
--    {"ecdsab163", R_EC_B163},
--    {"ecdsab233", R_EC_B233},
--    {"ecdsab283", R_EC_B283},
--    {"ecdsab409", R_EC_B409},
--    {"ecdsab571", R_EC_B571},
--# endif
--    {"ecdsabrp256r1", R_EC_BRP256R1},
--    {"ecdsabrp256t1", R_EC_BRP256T1},
--    {"ecdsabrp384r1", R_EC_BRP384R1},
--    {"ecdsabrp384t1", R_EC_BRP384T1},
--    {"ecdsabrp512r1", R_EC_BRP512R1},
--    {"ecdsabrp512t1", R_EC_BRP512T1}
- };
- # define ECDSA_NUM       OSSL_NELEM(ecdsa_choices)
- 
- static double ecdsa_results[ECDSA_NUM][2];    /* 2 ops: sign then verify */
- 
- static const OPT_PAIR ecdh_choices[] = {
--    {"ecdhp160", R_EC_P160},
--    {"ecdhp192", R_EC_P192},
-     {"ecdhp224", R_EC_P224},
-     {"ecdhp256", R_EC_P256},
-     {"ecdhp384", R_EC_P384},
-     {"ecdhp521", R_EC_P521},
--# ifndef OPENSSL_NO_EC2M
--    {"ecdhk163", R_EC_K163},
--    {"ecdhk233", R_EC_K233},
--    {"ecdhk283", R_EC_K283},
--    {"ecdhk409", R_EC_K409},
--    {"ecdhk571", R_EC_K571},
--    {"ecdhb163", R_EC_B163},
--    {"ecdhb233", R_EC_B233},
--    {"ecdhb283", R_EC_B283},
--    {"ecdhb409", R_EC_B409},
--    {"ecdhb571", R_EC_B571},
--# endif
--    {"ecdhbrp256r1", R_EC_BRP256R1},
--    {"ecdhbrp256t1", R_EC_BRP256T1},
--    {"ecdhbrp384r1", R_EC_BRP384R1},
--    {"ecdhbrp384t1", R_EC_BRP384T1},
--    {"ecdhbrp512r1", R_EC_BRP512R1},
--    {"ecdhbrp512t1", R_EC_BRP512T1},
-     {"ecdhx25519", R_EC_X25519},
-     {"ecdhx448", R_EC_X448}
- };
-@@ -1502,31 +1442,10 @@ int speed_main(int argc, char **argv)
-         unsigned int bits;
-     } test_curves[] = {
-         /* Prime Curves */
--        {"secp160r1", NID_secp160r1, 160},
--        {"nistp192", NID_X9_62_prime192v1, 192},
-         {"nistp224", NID_secp224r1, 224},
-         {"nistp256", NID_X9_62_prime256v1, 256},
-         {"nistp384", NID_secp384r1, 384},
-         {"nistp521", NID_secp521r1, 521},
--# ifndef OPENSSL_NO_EC2M
--        /* Binary Curves */
--        {"nistk163", NID_sect163k1, 163},
--        {"nistk233", NID_sect233k1, 233},
--        {"nistk283", NID_sect283k1, 283},
--        {"nistk409", NID_sect409k1, 409},
--        {"nistk571", NID_sect571k1, 571},
--        {"nistb163", NID_sect163r2, 163},
--        {"nistb233", NID_sect233r1, 233},
--        {"nistb283", NID_sect283r1, 283},
--        {"nistb409", NID_sect409r1, 409},
--        {"nistb571", NID_sect571r1, 571},
--# endif
--        {"brainpoolP256r1", NID_brainpoolP256r1, 256},
--        {"brainpoolP256t1", NID_brainpoolP256t1, 256},
--        {"brainpoolP384r1", NID_brainpoolP384r1, 384},
--        {"brainpoolP384t1", NID_brainpoolP384t1, 384},
--        {"brainpoolP512r1", NID_brainpoolP512r1, 512},
--        {"brainpoolP512t1", NID_brainpoolP512t1, 512},
-         /* Other and ECDH only ones */
-         {"X25519", NID_X25519, 253},
-         {"X448", NID_X448, 448}
-@@ -2026,9 +1945,9 @@ int speed_main(int argc, char **argv)
- #  endif
- 
- #  ifndef OPENSSL_NO_EC
--    ecdsa_c[R_EC_P160][0] = count / 1000;
--    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
--    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+    ecdsa_c[R_EC_P224][0] = count / 1000;
-+    ecdsa_c[R_EC_P224][1] = count / 1000 / 2;
-+    for (i = R_EC_P256; i <= R_EC_P521; i++) {
-         ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
-         ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
-         if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
-@@ -2040,7 +1959,7 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
--#   ifndef OPENSSL_NO_EC2M
-+#   if 0
-     ecdsa_c[R_EC_K163][0] = count / 1000;
-     ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
-     for (i = R_EC_K233; i <= R_EC_K571; i++) {
-@@ -2071,8 +1990,8 @@ int speed_main(int argc, char **argv)
-     }
- #   endif
- 
--    ecdh_c[R_EC_P160][0] = count / 1000;
--    for (i = R_EC_P192; i <= R_EC_P521; i++) {
-+    ecdh_c[R_EC_P224][0] = count / 1000;
-+    for (i = R_EC_P256; i <= R_EC_P521; i++) {
-         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-         if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
-             ecdh_doit[i] = 0;
-@@ -2082,7 +2001,7 @@ int speed_main(int argc, char **argv)
-             }
-         }
-     }
--#   ifndef OPENSSL_NO_EC2M
-+#   if 0
-     ecdh_c[R_EC_K163][0] = count / 1000;
-     for (i = R_EC_K233; i <= R_EC_K571; i++) {
-         ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
-diff -up openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves openssl-1.1.1h/crypto/ec/ecp_smpl.c
---- openssl-1.1.1h/crypto/ec/ecp_smpl.c.curves	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/crypto/ec/ecp_smpl.c	2020-11-06 13:27:15.659288431 +0100
-@@ -145,6 +145,11 @@ int ec_GFp_simple_group_set_curve(EC_GRO
-         return 0;
-     }
- 
-+    if (BN_num_bits(p) < 224) {
-+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-+        return 0;
-+    }
-+
-     if (ctx == NULL) {
-         ctx = new_ctx = BN_CTX_new();
-         if (ctx == NULL)
-diff -up openssl-1.1.1h/test/ecdsatest.h.curves openssl-1.1.1h/test/ecdsatest.h
---- openssl-1.1.1h/test/ecdsatest.h.curves	2020-11-06 13:27:15.627288114 +0100
-+++ openssl-1.1.1h/test/ecdsatest.h	2020-11-06 13:27:15.660288441 +0100
-@@ -32,23 +32,6 @@ typedef struct {
- } ecdsa_cavs_kat_t;
- 
- static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
--    /* prime KATs from X9.62 */
--    {NID_X9_62_prime192v1, NID_sha1,
--     "616263",                  /* "abc" */
--     "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
--     "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
--     "5ca5c0d69716dfcb3474373902",
--     "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
--     "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
--     "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
--    {NID_X9_62_prime239v1, NID_sha1,
--     "616263",                  /* "abc" */
--     "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
--     "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
--     "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
--     "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
--     "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
--     "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
-     /* prime KATs from NIST CAVP */
-     {NID_secp224r1, NID_sha224,
-      "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
---- openssl-1.1.1h/test/recipes/15-test_genec.t.ec-curves	2020-11-06 13:58:36.402895540 +0100
-+++ openssl-1.1.1h/test/recipes/15-test_genec.t	2020-11-06 13:59:38.508484498 +0100
-@@ -20,45 +20,11 @@ plan skip_all => "This test is unsupport
-     if disabled("ec");
- 
- my @prime_curves = qw(
--    secp112r1
--    secp112r2
--    secp128r1
--    secp128r2
--    secp160k1
--    secp160r1
--    secp160r2
--    secp192k1
--    secp224k1
-     secp224r1
-     secp256k1
-     secp384r1
-     secp521r1
--    prime192v1
--    prime192v2
--    prime192v3
--    prime239v1
--    prime239v2
--    prime239v3
-     prime256v1
--    wap-wsg-idm-ecid-wtls6
--    wap-wsg-idm-ecid-wtls7
--    wap-wsg-idm-ecid-wtls8
--    wap-wsg-idm-ecid-wtls9
--    wap-wsg-idm-ecid-wtls12
--    brainpoolP160r1
--    brainpoolP160t1
--    brainpoolP192r1
--    brainpoolP192t1
--    brainpoolP224r1
--    brainpoolP224t1
--    brainpoolP256r1
--    brainpoolP256t1
--    brainpoolP320r1
--    brainpoolP320t1
--    brainpoolP384r1
--    brainpoolP384t1
--    brainpoolP512r1
--    brainpoolP512t1
- );
- 
- my @binary_curves = qw(
-@@ -115,7 +81,6 @@ push(@other_curves, 'SM2')
-     if !disabled("sm2");
- 
- my @curve_aliases = qw(
--    P-192
-     P-224
-     P-256
-     P-384

openssl-1.1.1-edk2-build.patch

@@ -1,57 +0,0 @@
-diff -up openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build openssl-1.1.1g/crypto/evp/pkey_kdf.c
---- openssl-1.1.1g/crypto/evp/pkey_kdf.c.edk2-build	2020-05-18 12:55:53.299548432 +0200
-+++ openssl-1.1.1g/crypto/evp/pkey_kdf.c	2020-05-18 12:55:53.340548788 +0200
-@@ -12,6 +12,7 @@
- #include <openssl/evp.h>
- #include <openssl/err.h>
- #include <openssl/kdf.h>
-+#include "internal/numbers.h"
- #include "crypto/evp.h"
- 
- static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
-diff -up openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build openssl-1.1.1g/crypto/kdf/hkdf.c
---- openssl-1.1.1g/crypto/kdf/hkdf.c.edk2-build	2020-05-18 12:55:53.340548788 +0200
-+++ openssl-1.1.1g/crypto/kdf/hkdf.c	2020-05-18 12:57:18.648288904 +0200
-@@ -13,6 +13,7 @@
- #include <openssl/hmac.h>
- #include <openssl/kdf.h>
- #include <openssl/evp.h>
-+#include "internal/numbers.h"
- #include "internal/cryptlib.h"
- #include "crypto/evp.h"
- #include "kdf_local.h"
-diff -up openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build openssl-1.1.1g/crypto/rand/rand_unix.c
---- openssl-1.1.1g/crypto/rand/rand_unix.c.edk2-build	2020-05-18 12:56:05.646655554 +0200
-+++ openssl-1.1.1g/crypto/rand/rand_unix.c	2020-05-18 12:58:51.088090896 +0200
-@@ -20,7 +20,7 @@
- #include "crypto/fips.h"
- #include <stdio.h>
- #include "internal/dso.h"
--#ifdef __linux
-+#if defined(__linux) && !defined(OPENSSL_SYS_UEFI)
- # include <sys/syscall.h>
- # include <sys/random.h>
- # ifdef DEVRANDOM_WAIT
-diff -up openssl-1.1.1g/include/crypto/fips.h.edk2-build openssl-1.1.1g/include/crypto/fips.h
---- openssl-1.1.1g/include/crypto/fips.h.edk2-build	2020-05-18 12:55:53.296548406 +0200
-+++ openssl-1.1.1g/include/crypto/fips.h	2020-05-18 12:55:53.340548788 +0200
-@@ -50,10 +50,6 @@
- #include <openssl/opensslconf.h>
- #include <openssl/evp.h>
- 
--#ifndef OPENSSL_FIPS
--# error FIPS is disabled.
--#endif
--
- #ifdef OPENSSL_FIPS
- 
- int FIPS_module_mode_set(int onoff);
-@@ -97,4 +93,8 @@ void fips_set_selftest_fail(void);
- 
- void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
- 
-+#else
-+
-+# define fips_in_post() 0
-+
- #endif

openssl-1.1.1-fips-crng-test.patch

@@ -1,408 +0,0 @@
-diff -up openssl-1.1.1g/crypto/rand/build.info.crng-test openssl-1.1.1g/crypto/rand/build.info
---- openssl-1.1.1g/crypto/rand/build.info.crng-test	2020-04-23 13:30:45.863389837 +0200
-+++ openssl-1.1.1g/crypto/rand/build.info	2020-04-23 13:31:55.847069892 +0200
-@@ -1,6 +1,6 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
--        randfile.c rand_lib.c rand_err.c rand_egd.c \
-+        randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
-         rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
- 
- INCLUDE[drbg_ctr.o]=../modes
-diff -up openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test openssl-1.1.1g/crypto/rand/drbg_lib.c
---- openssl-1.1.1g/crypto/rand/drbg_lib.c.crng-test	2020-04-23 13:30:45.818390686 +0200
-+++ openssl-1.1.1g/crypto/rand/drbg_lib.c	2020-04-23 13:30:45.864389819 +0200
-@@ -67,7 +67,7 @@ static CRYPTO_THREAD_LOCAL private_drbg;
- 
- 
- /* NIST SP 800-90A DRBG recommends the use of a personalization string. */
--static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
-+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
- 
- static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
- 
-@@ -201,8 +201,13 @@ static RAND_DRBG *rand_drbg_new(int secu
-     drbg->parent = parent;
- 
-     if (parent == NULL) {
-+#ifdef OPENSSL_FIPS
-+        drbg->get_entropy = rand_crngt_get_entropy;
-+        drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
-+#else
-         drbg->get_entropy = rand_drbg_get_entropy;
-         drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
-+#endif
- #ifndef RAND_DRBG_GET_RANDOM_NONCE
-         drbg->get_nonce = rand_drbg_get_nonce;
-         drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
-diff -up openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test openssl-1.1.1g/crypto/rand/rand_crng_test.c
---- openssl-1.1.1g/crypto/rand/rand_crng_test.c.crng-test	2020-04-23 13:30:45.864389819 +0200
-+++ openssl-1.1.1g/crypto/rand/rand_crng_test.c	2020-04-23 13:30:45.864389819 +0200
-@@ -0,0 +1,118 @@
-+/*
-+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+/*
-+ * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
-+ */
-+
-+#include <string.h>
-+#include <openssl/evp.h>
-+#include "crypto/rand.h"
-+#include "internal/thread_once.h"
-+#include "rand_local.h"
-+
-+static RAND_POOL *crngt_pool;
-+static unsigned char crngt_prev[EVP_MAX_MD_SIZE];
-+
-+int (*crngt_get_entropy)(unsigned char *, unsigned char *, unsigned int *)
-+    = &rand_crngt_get_entropy_cb;
-+
-+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
-+                              unsigned int *md_size)
-+{
-+    int r;
-+    size_t n;
-+    unsigned char *p;
-+
-+    n = rand_pool_acquire_entropy(crngt_pool);
-+    if (n >= CRNGT_BUFSIZ) {
-+        p = rand_pool_detach(crngt_pool);
-+        r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
-+        if (r != 0)
-+            memcpy(buf, p, CRNGT_BUFSIZ);
-+        rand_pool_reattach(crngt_pool, p);
-+        return r;
-+    }
-+    return 0;
-+}
-+
-+void rand_crngt_cleanup(void)
-+{
-+    rand_pool_free(crngt_pool);
-+    crngt_pool = NULL;
-+}
-+
-+int rand_crngt_init(void)
-+{
-+    unsigned char buf[CRNGT_BUFSIZ];
-+
-+    if ((crngt_pool = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL)
-+        return 0;
-+    if (crngt_get_entropy(buf, crngt_prev, NULL)) {
-+        OPENSSL_cleanse(buf, sizeof(buf));
-+        return 1;
-+    }
-+    rand_crngt_cleanup();
-+    return 0;
-+}
-+
-+static CRYPTO_ONCE rand_crngt_init_flag = CRYPTO_ONCE_STATIC_INIT;
-+DEFINE_RUN_ONCE_STATIC(do_rand_crngt_init)
-+{
-+    return OPENSSL_init_crypto(0, NULL)
-+        && rand_crngt_init()
-+        && OPENSSL_atexit(&rand_crngt_cleanup);
-+}
-+
-+int rand_crngt_single_init(void)
-+{
-+    return RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init);
-+}
-+
-+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
-+                              unsigned char **pout,
-+                              int entropy, size_t min_len, size_t max_len,
-+                              int prediction_resistance)
-+{
-+    unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
-+    unsigned int sz;
-+    RAND_POOL *pool;
-+    size_t q, r = 0, s, t = 0;
-+    int attempts = 3;
-+
-+    if (!RUN_ONCE(&rand_crngt_init_flag, do_rand_crngt_init))
-+        return 0;
-+
-+    if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
-+        return 0;
-+
-+    while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
-+        s = q > sizeof(buf) ? sizeof(buf) : q;
-+        if (!crngt_get_entropy(buf, md, &sz)
-+            || memcmp(crngt_prev, md, sz) == 0
-+            || !rand_pool_add(pool, buf, s, s * 8))
-+            goto err;
-+        memcpy(crngt_prev, md, sz);
-+        t += s;
-+        attempts++;
-+    }
-+    r = t;
-+    *pout = rand_pool_detach(pool);
-+err:
-+    OPENSSL_cleanse(buf, sizeof(buf));
-+    rand_pool_free(pool);
-+    return r;
-+}
-+
-+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
-+                                unsigned char *out, size_t outlen)
-+{
-+    OPENSSL_secure_clear_free(out, outlen);
-+}
-diff -up openssl-1.1.1g/crypto/rand/rand_local.h.crng-test openssl-1.1.1g/crypto/rand/rand_local.h
---- openssl-1.1.1g/crypto/rand/rand_local.h.crng-test	2020-04-23 13:30:45.470397250 +0200
-+++ openssl-1.1.1g/crypto/rand/rand_local.h	2020-04-23 13:30:45.864389819 +0200
-@@ -33,7 +33,15 @@
- # define MASTER_RESEED_TIME_INTERVAL             (60*60)   /* 1 hour */
- # define SLAVE_RESEED_TIME_INTERVAL              (7*60)    /* 7 minutes */
- 
--
-+/*
-+ * The number of bytes that constitutes an atomic lump of entropy with respect
-+ * to the FIPS 140-2 section 4.9.2 Conditional Tests.  The size is somewhat
-+ * arbitrary, the smaller the value, the less entropy is consumed on first
-+ * read but the higher the probability of the test failing by accident.
-+ *
-+ * The value is in bytes.
-+ */
-+#define CRNGT_BUFSIZ    16
- 
- /*
-  * Maximum input size for the DRBG (entropy, nonce, personalization string)
-@@ -44,6 +52,8 @@
-  */
- # define DRBG_MAX_LENGTH                         INT32_MAX
- 
-+/* The default nonce */
-+# define DRBG_DEFAULT_PERS_STRING                "OpenSSL NIST SP 800-90A DRBG"
- 
- /*
-  * Maximum allocation size for RANDOM_POOL buffers
-@@ -296,4 +306,22 @@ int rand_drbg_enable_locking(RAND_DRBG *
- /* initializes the AES-CTR DRBG implementation */
- int drbg_ctr_init(RAND_DRBG *drbg);
- 
-+/*
-+ * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
-+ * These need to be exposed for the unit tests.
-+ */
-+int rand_crngt_get_entropy_cb(unsigned char *buf, unsigned char *md,
-+                              unsigned int *md_size);
-+extern int (*crngt_get_entropy)(unsigned char *buf, unsigned char *md,
-+                                unsigned int *md_size);
-+int rand_crngt_init(void);
-+void rand_crngt_cleanup(void);
-+
-+/*
-+ * Expose the run once initialisation function for the unit tests because.
-+ * they need to restart from scratch to validate the first block is skipped
-+ * properly.
-+ */
-+int rand_crngt_single_init(void);
-+
- #endif
-diff -up openssl-1.1.1g/include/crypto/rand.h.crng-test openssl-1.1.1g/include/crypto/rand.h
---- openssl-1.1.1g/include/crypto/rand.h.crng-test	2020-04-23 13:30:45.824390573 +0200
-+++ openssl-1.1.1g/include/crypto/rand.h	2020-04-23 13:30:45.864389819 +0200
-@@ -49,6 +49,14 @@ size_t rand_drbg_get_additional_data(RAN
- 
- void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
- 
-+/* CRNG test entropy filter callbacks. */
-+size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
-+                              unsigned char **pout,
-+                              int entropy, size_t min_len, size_t max_len,
-+                              int prediction_resistance);
-+void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
-+                                unsigned char *out, size_t outlen);
-+
- /*
-  * RAND_POOL functions
-  */
-diff -up openssl-1.1.1g/test/drbgtest.c.crng-test openssl-1.1.1g/test/drbgtest.c
---- openssl-1.1.1g/test/drbgtest.c.crng-test	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/test/drbgtest.c	2020-04-23 13:30:45.865389800 +0200
-@@ -150,6 +150,31 @@ static size_t kat_nonce(RAND_DRBG *drbg,
-     return t->noncelen;
- }
- 
-+ /*
-+ * Disable CRNG testing if it is enabled.
-+ * If the DRBG is ready or in an error state, this means an instantiate cycle
-+ * for which the default personalisation string is used.
-+ */
-+static int disable_crngt(RAND_DRBG *drbg)
-+{
-+    static const char pers[] = DRBG_DEFAULT_PERS_STRING;
-+    const int instantiate = drbg->state != DRBG_UNINITIALISED;
-+
-+    if (drbg->get_entropy != rand_crngt_get_entropy)
-+        return 1;
-+
-+     if ((instantiate && !RAND_DRBG_uninstantiate(drbg))
-+        || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy,
-+                                              &rand_drbg_cleanup_entropy,
-+                                              &rand_drbg_get_nonce,
-+                                              &rand_drbg_cleanup_nonce))
-+        || (instantiate
-+            && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers,
-+                                      sizeof(pers) - 1)))
-+        return 0;
-+    return 1;
-+}
-+
- static int uninstantiate(RAND_DRBG *drbg)
- {
-     int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
-@@ -175,7 +200,8 @@ static int single_kat(DRBG_SELFTEST_DATA
-     if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
-         return 0;
-     if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
--                                           kat_nonce, NULL))) {
-+                                           kat_nonce, NULL))
-+        || !TEST_true(disable_crngt(drbg))) {
-         failures++;
-         goto err;
-     }
-@@ -293,7 +319,8 @@ static int error_check(DRBG_SELFTEST_DAT
-     unsigned int reseed_counter_tmp;
-     int ret = 0;
- 
--    if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
-+    if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))
-+	|| !TEST_true(disable_crngt(drbg)))
-         goto err;
- 
-     /*
-@@ -740,6 +767,10 @@ static int test_rand_drbg_reseed(void)
-         || !TEST_ptr_eq(private->parent, master))
-         return 0;
- 
-+    /* Disable CRNG testing for the master DRBG */
-+    if (!TEST_true(disable_crngt(master)))
-+        return 0;
-+
-     /* uninstantiate the three global DRBGs */
-     RAND_DRBG_uninstantiate(private);
-     RAND_DRBG_uninstantiate(public);
-@@ -964,7 +995,8 @@ static int test_rand_seed(void)
-     size_t rand_buflen;
-     size_t required_seed_buflen = 0;
- 
--    if (!TEST_ptr(master = RAND_DRBG_get0_master()))
-+    if (!TEST_ptr(master = RAND_DRBG_get0_master())
-+        || !TEST_true(disable_crngt(master)))
-         return 0;
- 
- #ifdef OPENSSL_RAND_SEED_NONE
-@@ -1013,6 +1045,95 @@ static int test_rand_add(void)
-     return 1;
- }
- 
-+/*
-+ * A list of the FIPS DRGB types.
-+ */
-+static const struct s_drgb_types {
-+    int nid;
-+    int flags;
-+} drgb_types[] = {
-+    { NID_aes_128_ctr,  0                   },
-+    { NID_aes_192_ctr,  0                   },
-+    { NID_aes_256_ctr,  0                   },
-+};
-+
-+/* Six cases for each covers seed sizes up to 32 bytes */
-+static const size_t crngt_num_cases = 6;
-+
-+static size_t crngt_case, crngt_idx;
-+
-+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
-+                            unsigned int *md_size)
-+{
-+    size_t i, z;
-+
-+    if (!TEST_int_lt(crngt_idx, crngt_num_cases))
-+        return 0;
-+    /* Generate a block of unique data unless this is the duplication point */
-+    z = crngt_idx++;
-+    if (z > 0 && crngt_case == z)
-+        z--;
-+    for (i = 0; i < CRNGT_BUFSIZ; i++)
-+        buf[i] = (unsigned char)(i + 'A' + z);
-+    return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
-+}
-+
-+static int test_crngt(int n)
-+{
-+    const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char buff[100];
-+    size_t ent;
-+    int res = 0;
-+    int expect;
-+
-+    if (!TEST_true(rand_crngt_single_init()))
-+        return 0;
-+    rand_crngt_cleanup();
-+
-+    if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
-+        return 0;
-+    ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
-+    crngt_case = n % crngt_num_cases;
-+    crngt_idx = 0;
-+    crngt_get_entropy = &crngt_entropy_cb;
-+    if (!TEST_true(rand_crngt_init()))
-+        goto err;
-+#ifndef OPENSSL_FIPS
-+    if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
-+                                           &rand_crngt_cleanup_entropy,
-+                                           &rand_drbg_get_nonce,
-+                                           &rand_drbg_cleanup_nonce)))
-+        goto err;
-+#endif
-+    expect = crngt_case == 0 || crngt_case > ent;
-+    if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
-+        goto err;
-+    if (!expect)
-+        goto fin;
-+    if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
-+        goto err;
-+
-+    expect = crngt_case == 0 || crngt_case > 2 * ent;
-+    if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
-+        goto err;
-+    if (!expect)
-+        goto fin;
-+    if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
-+        goto err;
-+
-+fin:
-+    res = 1;
-+err:
-+    if (!res)
-+        TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
-+                  crngt_case, crngt_idx);
-+    uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    crngt_get_entropy = &rand_crngt_get_entropy_cb;
-+    return res;
-+}
-+
- int setup_tests(void)
- {
-     app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
-@@ -1025,5 +1146,6 @@ int setup_tests(void)
- #if defined(OPENSSL_THREADS)
-     ADD_TEST(test_multi_thread);
- #endif
-+    ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types));
-     return 1;
- }

openssl-1.1.1-fips-curves.patch

@@ -1,200 +0,0 @@
-diff -up openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves openssl-1.1.1g/crypto/ec/ec_curve.c
---- openssl-1.1.1g/crypto/ec/ec_curve.c.fips-curves	2020-05-18 12:59:54.839643980 +0200
-+++ openssl-1.1.1g/crypto/ec/ec_curve.c	2020-05-18 12:59:54.852644093 +0200
-@@ -13,6 +13,7 @@
- #include <openssl/err.h>
- #include <openssl/obj_mac.h>
- #include <openssl/opensslconf.h>
-+#include <openssl/crypto.h>
- #include "internal/nelem.h"
- 
- typedef struct {
-@@ -237,6 +238,7 @@ static const struct {
- 
- typedef struct _ec_list_element_st {
-     int nid;
-+    int fips_allowed;
-     const EC_CURVE_DATA *data;
-     const EC_METHOD *(*meth) (void);
-     const char *comment;
-@@ -246,23 +248,23 @@ static const ec_list_element curve_list[
-     /* prime field curves */
-     /* secg curves */
- #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
--    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
-+    {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
-      "NIST/SECG curve over a 224 bit prime field"},
- #else
--    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
-+    {NID_secp224r1, 1, &_EC_NIST_PRIME_224.h, 0,
-      "NIST/SECG curve over a 224 bit prime field"},
- #endif
--    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
-+    {NID_secp256k1, 0, &_EC_SECG_PRIME_256K1.h, 0,
-      "SECG curve over a 256 bit prime field"},
-     /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
--    {NID_secp384r1, &_EC_NIST_PRIME_384.h,
-+    {NID_secp384r1, 1, &_EC_NIST_PRIME_384.h,
- # if defined(S390X_EC_ASM)
-      EC_GFp_s390x_nistp384_method,
- # else
-      0,
- # endif
-      "NIST/SECG curve over a 384 bit prime field"},
--    {NID_secp521r1, &_EC_NIST_PRIME_521.h,
-+    {NID_secp521r1, 1, &_EC_NIST_PRIME_521.h,
- # if defined(S390X_EC_ASM)
-      EC_GFp_s390x_nistp521_method,
- # elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
-@@ -272,7 +274,7 @@ static const ec_list_element curve_list[
- # endif
-      "NIST/SECG curve over a 521 bit prime field"},
-     /* X9.62 curves */
--    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
-+    {NID_X9_62_prime256v1, 1, &_EC_X9_62_PRIME_256V1.h,
- #if defined(ECP_NISTZ256_ASM)
-      EC_GFp_nistz256_method,
- # elif defined(S390X_EC_ASM)
-@@ -404,6 +406,10 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
- 
-     for (i = 0; i < curve_list_length; i++)
-         if (curve_list[i].nid == nid) {
-+            if (!curve_list[i].fips_allowed && FIPS_mode()) {
-+                ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_NOT_A_NIST_PRIME);
-+                return NULL;
-+            }
-             ret = ec_group_new_from_data(curve_list[i]);
-             break;
-         }
-@@ -418,19 +424,31 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int
- 
- size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
- {
--    size_t i, min;
-+    size_t i, j, num;
-+    int fips_mode = FIPS_mode();
- 
--    if (r == NULL || nitems == 0)
--        return curve_list_length;
-+    num = curve_list_length;
-+    if (fips_mode)
-+        for (i = 0; i < curve_list_length; i++) {
-+            if (!curve_list[i].fips_allowed)
-+                --num;
-+        }
- 
--    min = nitems < curve_list_length ? nitems : curve_list_length;
-+    if (r == NULL || nitems == 0) {
-+        return num;
-+    }
- 
--    for (i = 0; i < min; i++) {
--        r[i].nid = curve_list[i].nid;
--        r[i].comment = curve_list[i].comment;
-+    for (i = 0, j = 0; i < curve_list_length; i++) {
-+        if (j >= nitems)
-+            break;
-+        if (!fips_mode || curve_list[i].fips_allowed) {
-+            r[j].nid = curve_list[i].nid;
-+            r[j].comment = curve_list[i].comment;
-+            ++j;
-+        }
-     }
- 
--    return curve_list_length;
-+    return num;
- }
- 
- /* Functions to translate between common NIST curve names and NIDs */
-diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-curves openssl-1.1.1g/ssl/t1_lib.c
---- openssl-1.1.1g/ssl/t1_lib.c.fips-curves	2020-05-18 12:59:54.797643616 +0200
-+++ openssl-1.1.1g/ssl/t1_lib.c	2020-05-18 13:03:54.748725463 +0200
-@@ -678,6 +678,36 @@ static const uint16_t tls12_sigalgs[] =
- #endif
- };
- 
-+static const uint16_t tls12_fips_sigalgs[] = {
-+#ifndef OPENSSL_NO_EC
-+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
-+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
-+    TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
-+#endif
-+
-+    TLSEXT_SIGALG_rsa_pss_pss_sha256,
-+    TLSEXT_SIGALG_rsa_pss_pss_sha384,
-+    TLSEXT_SIGALG_rsa_pss_pss_sha512,
-+    TLSEXT_SIGALG_rsa_pss_rsae_sha256,
-+    TLSEXT_SIGALG_rsa_pss_rsae_sha384,
-+    TLSEXT_SIGALG_rsa_pss_rsae_sha512,
-+
-+    TLSEXT_SIGALG_rsa_pkcs1_sha256,
-+    TLSEXT_SIGALG_rsa_pkcs1_sha384,
-+    TLSEXT_SIGALG_rsa_pkcs1_sha512,
-+
-+#ifndef OPENSSL_NO_EC
-+    TLSEXT_SIGALG_ecdsa_sha224,
-+#endif
-+    TLSEXT_SIGALG_rsa_pkcs1_sha224,
-+#ifndef OPENSSL_NO_DSA
-+    TLSEXT_SIGALG_dsa_sha224,
-+    TLSEXT_SIGALG_dsa_sha256,
-+    TLSEXT_SIGALG_dsa_sha384,
-+    TLSEXT_SIGALG_dsa_sha512,
-+#endif
-+};
-+
- #ifndef OPENSSL_NO_EC
- static const uint16_t suiteb_sigalgs[] = {
-     TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
-@@ -894,6 +924,8 @@ static const SIGALG_LOOKUP *tls1_get_leg
-     }
-     if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
-         return NULL;
-+    if (FIPS_mode()) /* We do not allow legacy SHA1 signatures in FIPS mode */
-+        return NULL;
-     if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
-         const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
- 
-@@ -954,6 +986,9 @@ size_t tls12_get_psigalgs(SSL *s, int se
-     } else if (s->cert->conf_sigalgs) {
-         *psigs = s->cert->conf_sigalgs;
-         return s->cert->conf_sigalgslen;
-+    } else if (FIPS_mode()) {
-+        *psigs = tls12_fips_sigalgs;
-+        return OSSL_NELEM(tls12_fips_sigalgs);
-     } else {
-         *psigs = tls12_sigalgs;
-         return OSSL_NELEM(tls12_sigalgs);
-@@ -973,6 +1008,9 @@ int tls_check_sigalg_curve(const SSL *s,
-     if (s->cert->conf_sigalgs) {
-         sigs = s->cert->conf_sigalgs;
-         siglen = s->cert->conf_sigalgslen;
-+    } else if (FIPS_mode()) {
-+        sigs = tls12_fips_sigalgs;
-+        siglen = OSSL_NELEM(tls12_fips_sigalgs);
-     } else {
-         sigs = tls12_sigalgs;
-         siglen = OSSL_NELEM(tls12_sigalgs);
-@@ -1617,6 +1655,8 @@ static int tls12_sigalg_allowed(const SS
-     if (lu->sig == NID_id_GostR3410_2012_256
-             || lu->sig == NID_id_GostR3410_2012_512
-             || lu->sig == NID_id_GostR3410_2001) {
-+        if (FIPS_mode())
-+            return 0;
-         /* We never allow GOST sig algs on the server with TLSv1.3 */
-         if (s->server && SSL_IS_TLS13(s))
-             return 0;
-@@ -2842,6 +2882,13 @@ int tls_choose_sigalg(SSL *s, int fatale
-                 const uint16_t *sent_sigs;
-                 size_t sent_sigslen;
- 
-+                if (fatalerrs && FIPS_mode()) {
-+                    /* There are no suitable legacy algorithms in FIPS mode */
-+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
-+                             SSL_F_TLS_CHOOSE_SIGALG,
-+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
-+                    return 0;
-+                }
-                 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
-                     if (!fatalerrs)
-                         return 1;

openssl-1.1.1-fips-drbg-selftest.patch

@@ -1,587 +0,0 @@
-diff -up openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest openssl-1.1.1g/crypto/fips/fips_post.c
---- openssl-1.1.1g/crypto/fips/fips_post.c.drbg-selftest	2020-04-23 13:33:12.500624151 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-04-23 13:33:12.618621925 +0200
-@@ -67,12 +67,18 @@
- 
- # include <openssl/fips.h>
- # include "crypto/fips.h"
-+# include "crypto/rand.h"
- # include "fips_locl.h"
- 
- /* Run all selftests */
- int FIPS_selftest(void)
- {
-     int rv = 1;
-+    if (!rand_drbg_selftest()) {
-+        FIPSerr(FIPS_F_FIPS_SELFTEST, FIPS_R_TEST_FAILURE);
-+        ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
-+        rv = 0;
-+    }
-     if (!FIPS_selftest_drbg())
-         rv = 0;
-     if (!FIPS_selftest_sha1())
-diff -up openssl-1.1.1g/crypto/rand/build.info.drbg-selftest openssl-1.1.1g/crypto/rand/build.info
---- openssl-1.1.1g/crypto/rand/build.info.drbg-selftest	2020-04-23 13:33:12.619621907 +0200
-+++ openssl-1.1.1g/crypto/rand/build.info	2020-04-23 13:34:10.857523497 +0200
-@@ -1,6 +1,6 @@
- LIBS=../../libcrypto
- SOURCE[../../libcrypto]=\
-         randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
--        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
-+        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c drbg_selftest.c
- 
- INCLUDE[drbg_ctr.o]=../modes
-diff -up openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest openssl-1.1.1g/crypto/rand/drbg_selftest.c
---- openssl-1.1.1g/crypto/rand/drbg_selftest.c.drbg-selftest	2020-04-23 13:33:12.619621907 +0200
-+++ openssl-1.1.1g/crypto/rand/drbg_selftest.c	2020-04-23 13:33:12.619621907 +0200
-@@ -0,0 +1,537 @@
-+/*
-+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <string.h>
-+#include <stddef.h>
-+#include "internal/nelem.h"
-+#include <openssl/crypto.h>
-+#include <openssl/err.h>
-+#include <openssl/rand_drbg.h>
-+#include <openssl/obj_mac.h>
-+#include "internal/thread_once.h"
-+#include "crypto/rand.h"
-+
-+typedef struct test_ctx_st {
-+    const unsigned char *entropy;
-+    size_t entropylen;
-+    int entropycnt;
-+    const unsigned char *nonce;
-+    size_t noncelen;
-+    int noncecnt;
-+} TEST_CTX;
-+
-+static int app_data_index = -1;
-+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
-+DEFINE_RUN_ONCE_STATIC(drbg_app_data_index_init)
-+{
-+    app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
-+
-+    return 1;
-+}
-+
-+enum drbg_kat_type {
-+    NO_RESEED,
-+    PR_FALSE,
-+    PR_TRUE
-+};
-+
-+enum drbg_df {
-+    USE_DF,
-+    NO_DF,
-+    NA
-+};
-+
-+struct drbg_kat_no_reseed {
-+    size_t count;
-+    const unsigned char *entropyin;
-+    const unsigned char *nonce;
-+    const unsigned char *persstr;
-+    const unsigned char *addin1;
-+    const unsigned char *addin2;
-+    const unsigned char *retbytes;
-+};
-+
-+struct drbg_kat_pr_false {
-+    size_t count;
-+    const unsigned char *entropyin;
-+    const unsigned char *nonce;
-+    const unsigned char *persstr;
-+    const unsigned char *entropyinreseed;
-+    const unsigned char *addinreseed;
-+    const unsigned char *addin1;
-+    const unsigned char *addin2;
-+    const unsigned char *retbytes;
-+};
-+
-+struct drbg_kat_pr_true {
-+    size_t count;
-+    const unsigned char *entropyin;
-+    const unsigned char *nonce;
-+    const unsigned char *persstr;
-+    const unsigned char *entropyinpr1;
-+    const unsigned char *addin1;
-+    const unsigned char *entropyinpr2;
-+    const unsigned char *addin2;
-+    const unsigned char *retbytes;
-+};
-+
-+struct drbg_kat {
-+    enum drbg_kat_type type;
-+    enum drbg_df df;
-+    int nid;
-+
-+    size_t entropyinlen;
-+    size_t noncelen;
-+    size_t persstrlen;
-+    size_t addinlen;
-+    size_t retbyteslen;
-+
-+    const void *t;
-+};
-+
-+/*
-+ * Excerpt from test/drbg_cavs_data.c
-+ * DRBG test vectors from:
-+ * https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/
-+ */
-+
-+static const unsigned char kat1308_entropyin[] = {
-+    0x7c, 0x5d, 0x90, 0x70, 0x3b, 0x8a, 0xc7, 0x0f, 0x23, 0x73, 0x24, 0x9c,
-+    0xa7, 0x15, 0x41, 0x71, 0x7a, 0x31, 0xea, 0x32, 0xfc, 0x28, 0x0d, 0xd7,
-+    0x5b, 0x09, 0x01, 0x98, 0x1b, 0xe2, 0xa5, 0x53, 0xd9, 0x05, 0x32, 0x97,
-+    0xec, 0xbe, 0x86, 0xfd, 0x1c, 0x1c, 0x71, 0x4c, 0x52, 0x29, 0x9e, 0x52,
-+};
-+static const unsigned char kat1308_nonce[] = {0};
-+static const unsigned char kat1308_persstr[] = {
-+    0xdc, 0x07, 0x2f, 0x68, 0xfa, 0x77, 0x03, 0x23, 0x42, 0xb0, 0xf5, 0xa2,
-+    0xd9, 0xad, 0xa1, 0xd0, 0xad, 0xa2, 0x14, 0xb4, 0xd0, 0x8e, 0xfb, 0x39,
-+    0xdd, 0xc2, 0xac, 0xfb, 0x98, 0xdf, 0x7f, 0xce, 0x4c, 0x75, 0x56, 0x45,
-+    0xcd, 0x86, 0x93, 0x74, 0x90, 0x6e, 0xf6, 0x9e, 0x85, 0x7e, 0xfb, 0xc3,
-+};
-+static const unsigned char kat1308_addin0[] = {
-+    0x52, 0x25, 0xc4, 0x2f, 0x03, 0xce, 0x29, 0x71, 0xc5, 0x0b, 0xc3, 0x4e,
-+    0xad, 0x8d, 0x6f, 0x17, 0x82, 0xe1, 0xf3, 0xfd, 0xfd, 0x9b, 0x94, 0x9a,
-+    0x1d, 0xac, 0xd0, 0xd4, 0x3f, 0x2b, 0xe3, 0xab, 0x7c, 0x3d, 0x3e, 0x5a,
-+    0x68, 0xbb, 0xa4, 0x74, 0x68, 0x1a, 0xc6, 0x27, 0xff, 0xe0, 0xc0, 0x6c,
-+};
-+static const unsigned char kat1308_addin1[] = {
-+    0xdc, 0x91, 0xd7, 0xb7, 0xb9, 0x94, 0x79, 0x0f, 0x06, 0xc4, 0x70, 0x19,
-+    0x33, 0x25, 0x7c, 0x96, 0x01, 0xa0, 0x62, 0xb0, 0x50, 0xe6, 0xc0, 0x3a,
-+    0x56, 0x8f, 0xc5, 0x50, 0x48, 0xc6, 0xf4, 0x49, 0xe5, 0x70, 0x16, 0x2e,
-+    0xae, 0xf2, 0x99, 0xb4, 0x2d, 0x70, 0x18, 0x16, 0xcd, 0xe0, 0x24, 0xe4,
-+};
-+static const unsigned char kat1308_retbits[] = {
-+    0xde, 0xf8, 0x91, 0x1b, 0xf1, 0xe1, 0xa9, 0x97, 0xd8, 0x61, 0x84, 0xe2,
-+    0xdb, 0x83, 0x3e, 0x60, 0x45, 0xcd, 0xc8, 0x66, 0x93, 0x28, 0xc8, 0x92,
-+    0xbc, 0x25, 0xae, 0xe8, 0xb0, 0xed, 0xed, 0x16, 0x3d, 0xa5, 0xf9, 0x0f,
-+    0xb3, 0x72, 0x08, 0x84, 0xac, 0x3c, 0x3b, 0xaa, 0x5f, 0xf9, 0x7d, 0x63,
-+    0x3e, 0xde, 0x59, 0x37, 0x0e, 0x40, 0x12, 0x2b, 0xbc, 0x6c, 0x96, 0x53,
-+    0x26, 0x32, 0xd0, 0xb8,
-+};
-+static const struct drbg_kat_no_reseed kat1308_t = {
-+    2, kat1308_entropyin, kat1308_nonce, kat1308_persstr,
-+    kat1308_addin0, kat1308_addin1, kat1308_retbits
-+};
-+static const struct drbg_kat kat1308 = {
-+    NO_RESEED, NO_DF, NID_aes_256_ctr, 48, 0, 48, 48, 64, &kat1308_t
-+};
-+
-+static const unsigned char kat1465_entropyin[] = {
-+    0xc9, 0x96, 0x3a, 0x15, 0x51, 0x76, 0x4f, 0xe0, 0x45, 0x82, 0x8a, 0x64,
-+    0x87, 0xbe, 0xaa, 0xc0,
-+};
-+static const unsigned char kat1465_nonce[] = {
-+    0x08, 0xcd, 0x69, 0x39, 0xf8, 0x58, 0x9a, 0x85,
-+};
-+static const unsigned char kat1465_persstr[] = {0};
-+static const unsigned char kat1465_entropyinreseed[] = {
-+    0x16, 0xcc, 0x35, 0x15, 0xb1, 0x17, 0xf5, 0x33, 0x80, 0x9a, 0x80, 0xc5,
-+    0x1f, 0x4b, 0x7b, 0x51,
-+};
-+static const unsigned char kat1465_addinreseed[] = {
-+    0xf5, 0x3d, 0xf1, 0x2e, 0xdb, 0x28, 0x1c, 0x00, 0x7b, 0xcb, 0xb6, 0x12,
-+    0x61, 0x9f, 0x26, 0x5f,
-+};
-+static const unsigned char kat1465_addin0[] = {
-+    0xe2, 0x67, 0x06, 0x62, 0x09, 0xa7, 0xcf, 0xd6, 0x84, 0x8c, 0x20, 0xf6,
-+    0x10, 0x5a, 0x73, 0x9c,
-+};
-+static const unsigned char kat1465_addin1[] = {
-+    0x26, 0xfa, 0x50, 0xe1, 0xb3, 0xcb, 0x65, 0xed, 0xbc, 0x6d, 0xda, 0x18,
-+    0x47, 0x99, 0x1f, 0xeb,
-+};
-+static const unsigned char kat1465_retbits[] = {
-+    0xf9, 0x47, 0xc6, 0xb0, 0x58, 0xa8, 0x66, 0x8a, 0xf5, 0x2b, 0x2a, 0x6d,
-+    0x4e, 0x24, 0x6f, 0x65, 0xbf, 0x51, 0x22, 0xbf, 0xe8, 0x8d, 0x6c, 0xeb,
-+    0xf9, 0x68, 0x7f, 0xed, 0x3b, 0xdd, 0x6b, 0xd5, 0x28, 0x47, 0x56, 0x52,
-+    0xda, 0x50, 0xf0, 0x90, 0x73, 0x95, 0x06, 0x58, 0xaf, 0x08, 0x98, 0x6e,
-+    0x24, 0x18, 0xfd, 0x2f, 0x48, 0x72, 0x57, 0xd6, 0x59, 0xab, 0xe9, 0x41,
-+    0x58, 0xdb, 0x27, 0xba,
-+};
-+static const struct drbg_kat_pr_false kat1465_t = {
-+    9, kat1465_entropyin, kat1465_nonce, kat1465_persstr,
-+    kat1465_entropyinreseed, kat1465_addinreseed, kat1465_addin0,
-+    kat1465_addin1, kat1465_retbits
-+};
-+static const struct drbg_kat kat1465 = {
-+    PR_FALSE, USE_DF, NID_aes_128_ctr, 16, 8, 0, 16, 64, &kat1465_t
-+};
-+
-+static const unsigned char kat3146_entropyin[] = {
-+    0xd7, 0x08, 0x42, 0x82, 0xc2, 0xd2, 0xd1, 0xde, 0x01, 0xb4, 0x36, 0xb3,
-+    0x7f, 0xbd, 0xd3, 0xdd, 0xb3, 0xc4, 0x31, 0x4f, 0x8f, 0xa7, 0x10, 0xf4,
-+};
-+static const unsigned char kat3146_nonce[] = {
-+    0x7b, 0x9e, 0xcd, 0x49, 0x4f, 0x46, 0xa0, 0x08, 0x32, 0xff, 0x2e, 0xc3,
-+    0x50, 0x86, 0xca, 0xca,
-+};
-+static const unsigned char kat3146_persstr[] = {0};
-+static const unsigned char kat3146_entropyinpr1[] = {
-+    0x68, 0xd0, 0x7b, 0xa4, 0xe7, 0x22, 0x19, 0xe6, 0xb6, 0x46, 0x6a, 0xda,
-+    0x8e, 0x67, 0xea, 0x63, 0x3f, 0xaf, 0x2f, 0x6c, 0x9d, 0x5e, 0x48, 0x15,
-+};
-+static const unsigned char kat3146_addinpr1[] = {
-+    0x70, 0x0f, 0x54, 0xf4, 0x53, 0xde, 0xca, 0x61, 0x5c, 0x49, 0x51, 0xd1,
-+    0x41, 0xc4, 0xf1, 0x2f, 0x65, 0xfb, 0x7e, 0xbc, 0x9b, 0x14, 0xba, 0x90,
-+    0x05, 0x33, 0x7e, 0x64, 0xb7, 0x2b, 0xaf, 0x99,
-+};
-+static const unsigned char kat3146_entropyinpr2[] = {
-+    0xeb, 0x77, 0xb0, 0xe9, 0x2d, 0x31, 0xc8, 0x66, 0xc5, 0xc4, 0xa7, 0xf7,
-+    0x6c, 0xb2, 0x74, 0x36, 0x4b, 0x25, 0x78, 0x04, 0xd8, 0xd7, 0xd2, 0x34,
-+};
-+static const unsigned char kat3146_addinpr2[] = {
-+    0x05, 0xcd, 0x2a, 0x97, 0x5a, 0x5d, 0xfb, 0x98, 0xc1, 0xf1, 0x00, 0x0c,
-+    0xed, 0xe6, 0x2a, 0xba, 0xf0, 0x89, 0x1f, 0x5a, 0x4f, 0xd7, 0x48, 0xb3,
-+    0x24, 0xc0, 0x8a, 0x3d, 0x60, 0x59, 0x5d, 0xb6,
-+};
-+static const unsigned char kat3146_retbits[] = {
-+    0x29, 0x94, 0xa4, 0xa8, 0x17, 0x3e, 0x62, 0x2f, 0x94, 0xdd, 0x40, 0x1f,
-+    0xe3, 0x7e, 0x77, 0xd4, 0x38, 0xbc, 0x0e, 0x49, 0x46, 0xf6, 0x0e, 0x28,
-+    0x91, 0xc6, 0x9c, 0xc4, 0xa6, 0xa1, 0xf8, 0x9a, 0x64, 0x5e, 0x99, 0x76,
-+    0xd0, 0x2d, 0xee, 0xde, 0xe1, 0x2c, 0x93, 0x29, 0x4b, 0x12, 0xcf, 0x87,
-+    0x03, 0x98, 0xb9, 0x74, 0x41, 0xdb, 0x3a, 0x49, 0x9f, 0x92, 0xd0, 0x45,
-+    0xd4, 0x30, 0x73, 0xbb,
-+};
-+static const struct drbg_kat_pr_true kat3146_t = {
-+    10, kat3146_entropyin, kat3146_nonce, kat3146_persstr,
-+    kat3146_entropyinpr1, kat3146_addinpr1, kat3146_entropyinpr2,
-+    kat3146_addinpr2, kat3146_retbits
-+};
-+static const struct drbg_kat kat3146 = {
-+    PR_TRUE, USE_DF, NID_aes_192_ctr, 24, 16, 0, 32, 64, &kat3146_t
-+};
-+
-+static const struct drbg_kat *drbg_test[] = { &kat1308, &kat1465, &kat3146 };
-+
-+static const size_t drbg_test_nelem = OSSL_NELEM(drbg_test);
-+
-+static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
-+                          int entropy, size_t min_len, size_t max_len,
-+                          int prediction_resistance)
-+{
-+    TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
-+
-+    t->entropycnt++;
-+    *pout = (unsigned char *)t->entropy;
-+    return t->entropylen;
-+}
-+
-+static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
-+                        int entropy, size_t min_len, size_t max_len)
-+{
-+    TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
-+
-+    t->noncecnt++;
-+    *pout = (unsigned char *)t->nonce;
-+    return t->noncelen;
-+}
-+
-+/*
-+ * Do a single NO_RESEED KAT:
-+ *
-+ * Instantiate
-+ * Generate Random Bits (pr=false)
-+ * Generate Random Bits (pr=false)
-+ * Uninstantiate
-+ *
-+ * Return 0 on failure.
-+ */
-+static int single_kat_no_reseed(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char *buff = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.entropy = data->entropyin;
-+    t.entropylen = td->entropyinlen;
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    buff = OPENSSL_malloc(td->retbyteslen);
-+    if (buff == NULL) {
-+        failures++;
-+        goto err;
-+    }
-+
-+    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin1, td->addinlen)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin2, td->addinlen)
-+        || memcmp(data->retbytes, buff,
-+                  td->retbyteslen) != 0)
-+        failures++;
-+
-+err:
-+    OPENSSL_free(buff);
-+    RAND_DRBG_uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+/*-
-+ * Do a single PR_FALSE KAT:
-+ *
-+ * Instantiate
-+ * Reseed
-+ * Generate Random Bits (pr=false)
-+ * Generate Random Bits (pr=false)
-+ * Uninstantiate
-+ *
-+ * Return 0 on failure.
-+ */
-+static int single_kat_pr_false(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char *buff = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.entropy = data->entropyin;
-+    t.entropylen = td->entropyinlen;
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    buff = OPENSSL_malloc(td->retbyteslen);
-+    if (buff == NULL) {
-+        failures++;
-+        goto err;
-+    }
-+
-+    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
-+        failures++;
-+
-+    t.entropy = data->entropyinreseed;
-+    t.entropylen = td->entropyinlen;
-+
-+    if (!RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin1, td->addinlen)
-+        || !RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
-+                               data->addin2, td->addinlen)
-+        || memcmp(data->retbytes, buff,
-+                  td->retbyteslen) != 0)
-+        failures++;
-+
-+err:
-+    OPENSSL_free(buff);
-+    RAND_DRBG_uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+/*-
-+ * Do a single PR_TRUE KAT:
-+ *
-+ * Instantiate
-+ * Generate Random Bits (pr=true)
-+ * Generate Random Bits (pr=true)
-+ * Uninstantiate
-+ *
-+ * Return 0 on failure.
-+ */
-+static int single_kat_pr_true(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned char *buff = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    t.entropy = data->entropyin;
-+    t.entropylen = td->entropyinlen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    buff = OPENSSL_malloc(td->retbyteslen);
-+    if (buff == NULL) {
-+        failures++;
-+        goto err;
-+    }
-+
-+    if (!RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
-+        failures++;
-+
-+    t.entropy = data->entropyinpr1;
-+    t.entropylen = td->entropyinlen;
-+
-+    if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
-+                            data->addin1, td->addinlen))
-+        failures++;
-+
-+    t.entropy = data->entropyinpr2;
-+    t.entropylen = td->entropyinlen;
-+
-+    if (!RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
-+                            data->addin2, td->addinlen)
-+        || memcmp(data->retbytes, buff,
-+                  td->retbyteslen) != 0)
-+        failures++;
-+
-+err:
-+    OPENSSL_free(buff);
-+    RAND_DRBG_uninstantiate(drbg);
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+static int test_kats(int i)
-+{
-+    const struct drbg_kat *td = drbg_test[i];
-+    int rv = 0;
-+
-+    switch (td->type) {
-+    case NO_RESEED:
-+        if (!single_kat_no_reseed(td))
-+            goto err;
-+        break;
-+    case PR_FALSE:
-+        if (!single_kat_pr_false(td))
-+            goto err;
-+        break;
-+    case PR_TRUE:
-+        if (!single_kat_pr_true(td))
-+            goto err;
-+        break;
-+    default:	/* cant happen */
-+        goto err;
-+    }
-+    rv = 1;
-+err:
-+    return rv;
-+}
-+
-+/*-
-+ * Do one expected-error test:
-+ *
-+ * Instantiate with no entropy supplied
-+ *
-+ * Return 0 on failure.
-+ */
-+static int test_drbg_sanity(const struct drbg_kat *td)
-+{
-+    struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
-+    RAND_DRBG *drbg = NULL;
-+    unsigned int flags = 0;
-+    int failures = 0;
-+    TEST_CTX t;
-+
-+    if (td->df != USE_DF)
-+        flags |= RAND_DRBG_FLAG_CTR_NO_DF;
-+
-+    if ((drbg = RAND_DRBG_new(td->nid, flags, NULL)) == NULL)
-+        return 0;
-+
-+    if (!RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
-+                                 kat_nonce, NULL)) {
-+        failures++;
-+        goto err;
-+    }
-+    memset(&t, 0, sizeof(t));
-+    t.entropy = data->entropyin;
-+    t.entropylen = 0;     /* No entropy */
-+    t.nonce = data->nonce;
-+    t.noncelen = td->noncelen;
-+    RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
-+
-+    ERR_set_mark();
-+    /* This must fail. */
-+    if (RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
-+        failures++;
-+    RAND_DRBG_uninstantiate(drbg);
-+    ERR_pop_to_mark();
-+
-+err:
-+    RAND_DRBG_free(drbg);
-+    return failures == 0;
-+}
-+
-+
-+int rand_drbg_selftest(void)
-+{
-+    int i;
-+
-+    if (!RUN_ONCE(&get_index_once, drbg_app_data_index_init))
-+        return 0;
-+
-+    for (i = 0; i < drbg_test_nelem; i++) {
-+        if (test_kats(i) <= 0)
-+            return 0;
-+    }
-+
-+    if (test_drbg_sanity(&kat1465) <= 0)
-+        return 0;
-+
-+    return 1;
-+}
-diff -up openssl-1.1.1g/include/crypto/rand.h.drbg-selftest openssl-1.1.1g/include/crypto/rand.h
---- openssl-1.1.1g/include/crypto/rand.h.drbg-selftest	2020-04-23 13:33:12.587622510 +0200
-+++ openssl-1.1.1g/include/crypto/rand.h	2020-04-23 13:33:12.619621907 +0200
-@@ -140,4 +140,9 @@ void rand_pool_cleanup(void);
-  */
- void rand_pool_keep_random_devices_open(int keep);
- 
-+/*
-+ * Perform the DRBG KAT selftests
-+ */
-+int rand_drbg_selftest(void);
-+
- #endif

openssl-1.1.1-fips-post-rand.patch

@@ -1,189 +0,0 @@
-diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
---- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand	2020-03-17 18:06:16.822418854 +0100
-+++ openssl-1.1.1e/crypto/fips/fips.c	2020-03-17 18:06:16.861418172 +0100
-@@ -68,6 +68,7 @@
- 
- # include <openssl/fips.h>
- # include "internal/thread_once.h"
-+# include "crypto/rand.h"
- 
- # ifndef PATH_MAX
- #  define PATH_MAX 1024
-@@ -76,6 +77,7 @@
- static int fips_selftest_fail = 0;
- static int fips_mode = 0;
- static int fips_started = 0;
-+static int fips_post = 0;
- 
- static int fips_is_owning_thread(void);
- static int fips_set_owning_thread(void);
-@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
-     fips_selftest_fail = 1;
- }
- 
-+int fips_in_post(void)
-+{
-+    return fips_post;
-+}
-+
- /* we implement what libfipscheck does ourselves */
- 
- static int
-@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
-         }
- # endif
- 
-+        fips_post = 1;
-+
-         if (!FIPS_selftest()) {
-             fips_selftest_fail = 1;
-             ret = 0;
-@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
-             goto end;
-         }
- 
-+        fips_post = 0;
-+
-         fips_set_mode(onoff);
-+        /* force RNG reseed with entropy from getrandom() on next call */
-+        rand_force_reseed();
-+
-         ret = 1;
-         goto end;
-     }
-diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
---- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/rand/drbg_lib.c	2020-03-17 18:07:35.305045521 +0100
-@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
-     return min_entropy > min_entropylen ? min_entropy : min_entropylen;
- }
- 
-+void rand_force_reseed(void)
-+{
-+    RAND_DRBG *drbg;
-+
-+    drbg = RAND_DRBG_get0_master();
-+    drbg->fork_id = 0;
-+
-+    drbg = RAND_DRBG_get0_private();
-+    drbg->fork_id = 0;
-+
-+    drbg = RAND_DRBG_get0_public();
-+    drbg->fork_id = 0;
-+}
-+
- /* Implements the default OpenSSL RAND_add() method */
- static int drbg_add(const void *buf, int num, double randomness)
- {
-diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
---- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/rand/rand_unix.c	2020-03-17 18:09:01.503537189 +0100
-@@ -17,10 +17,12 @@
- #include <openssl/crypto.h>
- #include "rand_local.h"
- #include "crypto/rand.h"
-+#include "crypto/fips.h"
- #include <stdio.h>
- #include "internal/dso.h"
- #ifdef __linux
- # include <sys/syscall.h>
-+# include <sys/random.h>
- # ifdef DEVRANDOM_WAIT
- #  include <sys/shm.h>
- #  include <sys/utsname.h>
-@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
-  * syscall_random(): Try to get random data using a system call
-  * returns the number of bytes returned in buf, or < 0 on error.
-  */
--static ssize_t syscall_random(void *buf, size_t buflen)
-+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
- {
-     /*
-      * Note: 'buflen' equals the size of the buffer which is used by the
-@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
-      * - Linux since 3.17 with glibc 2.25
-      * - FreeBSD since 12.0 (1200061)
-      */
-+#  if 0
- #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
-     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
- 
-@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
-     if (p_getentropy.p != NULL)
-         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
- #  endif
--
-+#  endif
-     /* Linux supports this since version 3.17 */
--#  if defined(__linux) && defined(__NR_getrandom)
--    return syscall(__NR_getrandom, buf, buflen, 0);
-+#  if defined(__linux) && defined(SYS_getrandom)
-+    return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
- #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
-     return sysctl_random(buf, buflen);
- #  else
-@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
-     size_t entropy_available;
- 
- #   if defined(OPENSSL_RAND_SEED_GETRANDOM)
-+    int in_post;
-+
-+    for (in_post = fips_in_post(); in_post >= 0; --in_post) {
-     {
-         size_t bytes_needed;
-         unsigned char *buffer;
-@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
-         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
-         while (bytes_needed != 0 && attempts-- > 0) {
-             buffer = rand_pool_add_begin(pool, bytes_needed);
--            bytes = syscall_random(buffer, bytes_needed);
-+            bytes = syscall_random(buffer, bytes_needed, in_post);
-             if (bytes > 0) {
-                 rand_pool_add_end(pool, bytes, 8 * bytes);
-                 bytes_needed -= bytes;
-@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
-             int attempts = 3;
-             const int fd = get_random_device(i);
- 
--            if (fd == -1)
-+            if (fd == -1) {
-+                OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
-                 continue;
-+            }
- 
-             while (bytes_needed != 0 && attempts-- > 0) {
-                 buffer = rand_pool_add_begin(pool, bytes_needed);
-@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
-             return entropy_available;
-     }
- #   endif
--
-+#   ifdef OPENSSL_RAND_SEED_GETRANDOM
-+    }
-+#   endif
-     return rand_pool_entropy_available(pool);
- #  endif
- }
-diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
---- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand	2020-03-17 18:06:16.831418696 +0100
-+++ openssl-1.1.1e/include/crypto/fips.h	2020-03-17 18:06:16.861418172 +0100
-@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
- int FIPS_selftest_drbg(void);
- int FIPS_selftest_cmac(void);
- 
-+int fips_in_post(void);
-+
- int fips_pkey_signature_test(EVP_PKEY *pkey,
-                                  const unsigned char *tbs, int tbslen,
-                                  const unsigned char *kat,
-diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
---- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/include/crypto/rand.h	2020-03-17 18:07:35.303045555 +0100
-@@ -24,6 +24,7 @@
- typedef struct rand_pool_st RAND_POOL;
- 
- void rand_cleanup_int(void);
-+void rand_force_reseed(void);
- void rand_drbg_cleanup_int(void);
- void drbg_delete_thread_state(void);
- 

openssl-1.1.1-intel-cet.patch

@@ -1,500 +0,0 @@
-diff -up openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl
---- openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/aes/asm/aesni-x86_64.pl	2020-03-19 17:07:02.626522694 +0100
-@@ -275,6 +275,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_encrypt:
- .cfi_startproc
-+	endbranch
- 	movups	($inp),$inout0		# load input
- 	mov	240($key),$rounds	# key->rounds
- ___
-@@ -293,6 +294,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_decrypt:
- .cfi_startproc
-+	endbranch
- 	movups	($inp),$inout0		# load input
- 	mov	240($key),$rounds	# key->rounds
- ___
-@@ -613,6 +615,7 @@ $code.=<<___;
- .align	16
- aesni_ecb_encrypt:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0x58(%rsp),%rsp
-@@ -985,6 +988,7 @@ $code.=<<___;
- .align	16
- aesni_ccm64_encrypt_blocks:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0x58(%rsp),%rsp
-@@ -1077,6 +1081,7 @@ $code.=<<___;
- .align	16
- aesni_ccm64_decrypt_blocks:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0x58(%rsp),%rsp
-@@ -1203,6 +1208,7 @@ $code.=<<___;
- .align	16
- aesni_ctr32_encrypt_blocks:
- .cfi_startproc
-+	endbranch
- 	cmp	\$1,$len
- 	jne	.Lctr32_bulk
- 
-@@ -1775,6 +1781,7 @@ $code.=<<___;
- .align	16
- aesni_xts_encrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%r11			# frame pointer
- .cfi_def_cfa_register	%r11
- 	push	%rbp
-@@ -2258,6 +2265,7 @@ $code.=<<___;
- .align	16
- aesni_xts_decrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%r11			# frame pointer
- .cfi_def_cfa_register	%r11
- 	push	%rbp
-@@ -2783,6 +2791,7 @@ $code.=<<___;
- .align	32
- aesni_ocb_encrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%rax
- 	push	%rbx
- .cfi_push	%rbx
-@@ -3249,6 +3258,7 @@ __ocb_encrypt1:
- .align	32
- aesni_ocb_decrypt:
- .cfi_startproc
-+	endbranch
- 	lea	(%rsp),%rax
- 	push	%rbx
- .cfi_push	%rbx
-@@ -3737,6 +3747,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_cbc_encrypt:
- .cfi_startproc
-+	endbranch
- 	test	$len,$len		# check length
- 	jz	.Lcbc_ret
- 
-diff -up openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl
---- openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/aes/asm/vpaes-x86_64.pl	2020-03-19 17:00:15.974621757 +0100
-@@ -696,6 +696,7 @@ _vpaes_schedule_mangle:
- .align	16
- ${PREFIX}_set_encrypt_key:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -746,6 +747,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_set_decrypt_key:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -801,6 +803,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_encrypt:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -846,6 +849,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_decrypt:
- .cfi_startproc
-+	endbranch
- ___
- $code.=<<___ if ($win64);
- 	lea	-0xb8(%rsp),%rsp
-@@ -897,6 +901,7 @@ $code.=<<___;
- .align	16
- ${PREFIX}_cbc_encrypt:
- .cfi_startproc
-+	endbranch
- 	xchg	$key,$len
- ___
- ($len,$key)=($key,$len);
-diff -up openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.c
---- openssl-1.1.1e/crypto/async/arch/async_posix.c.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/async/arch/async_posix.c	2020-03-19 17:00:15.974621757 +0100
-@@ -34,7 +34,9 @@ void async_local_cleanup(void)
- 
- int async_fibre_makecontext(async_fibre *fibre)
- {
-+#ifndef USE_SWAPCONTEXT
-     fibre->env_init = 0;
-+#endif
-     if (getcontext(&fibre->fibre) == 0) {
-         fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
-         if (fibre->fibre.uc_stack.ss_sp != NULL) {
-diff -up openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet openssl-1.1.1e/crypto/async/arch/async_posix.h
---- openssl-1.1.1e/crypto/async/arch/async_posix.h.intel-cet	2020-03-19 17:00:15.435631166 +0100
-+++ openssl-1.1.1e/crypto/async/arch/async_posix.h	2020-03-19 17:00:15.975621739 +0100
-@@ -25,17 +25,33 @@
- #  define ASYNC_POSIX
- #  define ASYNC_ARCH
- 
-+#  ifdef __CET__
-+/*
-+ * When Intel CET is enabled, makecontext will create a different
-+ * shadow stack for each context.  async_fibre_swapcontext cannot
-+ * use _longjmp.  It must call swapcontext to swap shadow stack as
-+ * well as normal stack.
-+ */
-+#   define USE_SWAPCONTEXT
-+#  endif
- #  include <ucontext.h>
--#  include <setjmp.h>
-+#  ifndef USE_SWAPCONTEXT
-+#   include <setjmp.h>
-+#  endif
- 
- typedef struct async_fibre_st {
-     ucontext_t fibre;
-+#  ifndef USE_SWAPCONTEXT
-     jmp_buf env;
-     int env_init;
-+#  endif
- } async_fibre;
- 
- static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
- {
-+#  ifdef USE_SWAPCONTEXT
-+    swapcontext(&o->fibre, &n->fibre);
-+#  else
-     o->env_init = 1;
- 
-     if (!r || !_setjmp(o->env)) {
-@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapc
-         else
-             setcontext(&n->fibre);
-     }
-+#  endif
- 
-     return 1;
- }
-diff -up openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl
---- openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/camellia/asm/cmll-x86_64.pl	2020-03-19 17:00:15.975621739 +0100
-@@ -685,6 +685,7 @@ $code.=<<___;
- .align	16
- Camellia_cbc_encrypt:
- .cfi_startproc
-+	endbranch
- 	cmp	\$0,%rdx
- 	je	.Lcbc_abort
- 	push	%rbx
-diff -up openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl
---- openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/modes/asm/ghash-x86_64.pl	2020-03-19 17:00:15.975621739 +0100
-@@ -239,6 +239,7 @@ $code=<<___;
- .align	16
- gcm_gmult_4bit:
- .cfi_startproc
-+	endbranch
- 	push	%rbx
- .cfi_push	%rbx
- 	push	%rbp		# %rbp and others are pushed exclusively in
-@@ -286,6 +287,7 @@ $code.=<<___;
- .align	16
- gcm_ghash_4bit:
- .cfi_startproc
-+	endbranch
- 	push	%rbx
- .cfi_push	%rbx
- 	push	%rbp
-@@ -612,6 +614,7 @@ $code.=<<___;
- .align	16
- gcm_gmult_clmul:
- .cfi_startproc
-+	endbranch
- .L_gmult_clmul:
- 	movdqu		($Xip),$Xi
- 	movdqa		.Lbswap_mask(%rip),$T3
-@@ -663,6 +666,7 @@ $code.=<<___;
- .align	32
- gcm_ghash_clmul:
- .cfi_startproc
-+	endbranch
- .L_ghash_clmul:
- ___
- $code.=<<___ if ($win64);
-@@ -1166,6 +1170,7 @@ $code.=<<___;
- .align	32
- gcm_gmult_avx:
- .cfi_startproc
-+	endbranch
- 	jmp	.L_gmult_clmul
- .cfi_endproc
- .size	gcm_gmult_avx,.-gcm_gmult_avx
-@@ -1177,6 +1182,7 @@ $code.=<<___;
- .align	32
- gcm_ghash_avx:
- .cfi_startproc
-+	endbranch
- ___
- if ($avx) {
- my ($Xip,$Htbl,$inp,$len)=@_4args;
-diff -up openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet openssl-1.1.1e/crypto/perlasm/cbc.pl
---- openssl-1.1.1e/crypto/perlasm/cbc.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/perlasm/cbc.pl	2020-03-19 17:00:15.976621722 +0100
-@@ -165,21 +165,28 @@ sub cbc
- 	&jmp_ptr($count);
- 
- &set_label("ej7");
-+	&endbranch()
- 	&movb(&HB("edx"),	&BP(6,$in,"",0));
- 	&shl("edx",8);
- &set_label("ej6");
-+	&endbranch()
- 	&movb(&HB("edx"),	&BP(5,$in,"",0));
- &set_label("ej5");
-+	&endbranch()
- 	&movb(&LB("edx"),	&BP(4,$in,"",0));
- &set_label("ej4");
-+	&endbranch()
- 	&mov("ecx",		&DWP(0,$in,"",0));
- 	&jmp(&label("ejend"));
- &set_label("ej3");
-+	&endbranch()
- 	&movb(&HB("ecx"),	&BP(2,$in,"",0));
- 	&shl("ecx",8);
- &set_label("ej2");
-+	&endbranch()
- 	&movb(&HB("ecx"),	&BP(1,$in,"",0));
- &set_label("ej1");
-+	&endbranch()
- 	&movb(&LB("ecx"),	&BP(0,$in,"",0));
- &set_label("ejend");
- 
-diff -up openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl
---- openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/perlasm/x86_64-xlate.pl	2020-03-19 17:00:15.984621582 +0100
-@@ -101,6 +101,33 @@ elsif (!$gas)
-     $decor="\$L\$";
- }
- 
-+my $cet_property;
-+if ($flavour =~ /elf/) {
-+	# Always generate .note.gnu.property section for ELF outputs to
-+	# mark Intel CET support since all input files must be marked
-+	# with Intel CET support in order for linker to mark output with
-+	# Intel CET support.
-+	my $p2align=3; $p2align=2 if ($flavour eq "elf32");
-+	$cet_property = <<_____;
-+	.section ".note.gnu.property", "a"
-+	.p2align $p2align
-+	.long 1f - 0f
-+	.long 4f - 1f
-+	.long 5
-+0:
-+	.asciz "GNU"
-+1:
-+	.p2align $p2align
-+	.long 0xc0000002
-+	.long 3f - 2f
-+2:
-+	.long 3
-+3:
-+	.p2align $p2align
-+4:
-+_____
-+}
-+
- my $current_segment;
- my $current_function;
- my %globals;
-@@ -1213,6 +1240,7 @@ while(defined(my $line=<>)) {
-     print $line,"\n";
- }
- 
-+print "$cet_property"			if ($cet_property);
- print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
- print "END\n"				if ($masm);
- 
-diff -up openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet openssl-1.1.1e/crypto/perlasm/x86gas.pl
---- openssl-1.1.1e/crypto/perlasm/x86gas.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/perlasm/x86gas.pl	2020-03-19 17:00:15.985621565 +0100
-@@ -124,6 +124,7 @@ sub ::function_begin_B
-     push(@out,".align\t$align\n");
-     push(@out,"$func:\n");
-     push(@out,"$begin:\n")		if ($global);
-+    &::endbranch();
-     $::stack=4;
- }
- 
-@@ -172,6 +173,26 @@ sub ::file_end
- 	else		{ push (@out,"$tmp\n"); }
-     }
-     push(@out,$initseg) if ($initseg);
-+    if ($::elf) {
-+	push(@out,"
-+	.section \".note.gnu.property\", \"a\"
-+	.p2align 2
-+	.long 1f - 0f
-+	.long 4f - 1f
-+	.long 5
-+0:
-+	.asciz \"GNU\"
-+1:
-+	.p2align 2
-+	.long 0xc0000002
-+	.long 3f - 2f
-+2:
-+	.long 3
-+3:
-+	.p2align 2
-+4:
-+");
-+    }
- }
- 
- sub ::data_byte	{   push(@out,".byte\t".join(',',@_)."\n");   }
-diff -up openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl
---- openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl.intel-cet	2020-03-19 17:00:38.185234015 +0100
-+++ openssl-1.1.1e/crypto/poly1305/asm/poly1305-x86_64.pl	2020-03-19 17:05:46.575850341 +0100
-@@ -2806,6 +2806,7 @@ $code.=<<___;
- .align	32
- poly1305_blocks_vpmadd52:
- .cfi_startproc
-+	endbranch
- 	shr	\$4,$len
- 	jz	.Lno_data_vpmadd52		# too short
- 
-@@ -3739,6 +3740,7 @@ $code.=<<___;
- .align	32
- poly1305_emit_base2_44:
- .cfi_startproc
-+	endbranch
- 	mov	0($ctx),%r8	# load hash value
- 	mov	8($ctx),%r9
- 	mov	16($ctx),%r10
-diff -up openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl
---- openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl.intel-cet	2020-03-19 17:00:38.190233928 +0100
-+++ openssl-1.1.1e/crypto/rc4/asm/rc4-x86_64.pl	2020-03-19 17:05:02.598618064 +0100
-@@ -140,6 +140,7 @@ $code=<<___;
- .align	16
- RC4:
- .cfi_startproc
-+	endbranch
- 	or	$len,$len
- 	jne	.Lentry
- 	ret
-@@ -455,6 +456,7 @@ $code.=<<___;
- .align	16
- RC4_set_key:
- .cfi_startproc
-+	endbranch
- 	lea	8($dat),$dat
- 	lea	($inp,$len),$inp
- 	neg	$len
-@@ -529,6 +531,7 @@ RC4_set_key:
- .align	16
- RC4_options:
- .cfi_startproc
-+	endbranch
- 	lea	.Lopts(%rip),%rax
- 	mov	OPENSSL_ia32cap_P(%rip),%edx
- 	bt	\$20,%edx
-diff -up openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet openssl-1.1.1e/crypto/x86_64cpuid.pl
---- openssl-1.1.1e/crypto/x86_64cpuid.pl.intel-cet	2020-03-17 15:31:17.000000000 +0100
-+++ openssl-1.1.1e/crypto/x86_64cpuid.pl	2020-03-19 17:03:58.172742775 +0100
-@@ -40,6 +40,7 @@ print<<___;
- .align	16
- OPENSSL_atomic_add:
- .cfi_startproc
-+	endbranch
- 	movl	($arg1),%eax
- .Lspin:	leaq	($arg2,%rax),%r8
- 	.byte	0xf0		# lock
-@@ -56,6 +57,7 @@ OPENSSL_atomic_add:
- .align	16
- OPENSSL_rdtsc:
- .cfi_startproc
-+	endbranch
- 	rdtsc
- 	shl	\$32,%rdx
- 	or	%rdx,%rax
-@@ -68,6 +70,7 @@ OPENSSL_rdtsc:
- .align	16
- OPENSSL_ia32_cpuid:
- .cfi_startproc
-+	endbranch
- 	mov	%rbx,%r8		# save %rbx
- .cfi_register	%rbx,%r8
- 
-@@ -237,6 +240,7 @@ OPENSSL_ia32_cpuid:
- .align  16
- OPENSSL_cleanse:
- .cfi_startproc
-+	endbranch
- 	xor	%rax,%rax
- 	cmp	\$15,$arg2
- 	jae	.Lot
-@@ -274,6 +278,7 @@ OPENSSL_cleanse:
- .align  16
- CRYPTO_memcmp:
- .cfi_startproc
-+	endbranch
- 	xor	%rax,%rax
- 	xor	%r10,%r10
- 	cmp	\$0,$arg3
-@@ -312,6 +317,7 @@ print<<___ if (!$win64);
- .align	16
- OPENSSL_wipe_cpu:
- .cfi_startproc
-+	endbranch
- 	pxor	%xmm0,%xmm0
- 	pxor	%xmm1,%xmm1
- 	pxor	%xmm2,%xmm2
-@@ -346,6 +352,8 @@ print<<___ if ($win64);
- .type	OPENSSL_wipe_cpu,\@abi-omnipotent
- .align	16
- OPENSSL_wipe_cpu:
-+.cfi_startproc
-+	endbranch
- 	pxor	%xmm0,%xmm0
- 	pxor	%xmm1,%xmm1
- 	pxor	%xmm2,%xmm2
-@@ -376,6 +384,7 @@ print<<___;
- .align	16
- OPENSSL_instrument_bus:
- .cfi_startproc
-+	endbranch
- 	mov	$arg1,$out	# tribute to Win64
- 	mov	$arg2,$cnt
- 	mov	$arg2,$max
-@@ -410,6 +419,7 @@ OPENSSL_instrument_bus:
- .align	16
- OPENSSL_instrument_bus2:
- .cfi_startproc
-+	endbranch
- 	mov	$arg1,$out	# tribute to Win64
- 	mov	$arg2,$cnt
- 	mov	$arg3,$max
-@@ -465,6 +475,7 @@ print<<___;
- .align	16
- OPENSSL_ia32_${rdop}_bytes:
- .cfi_startproc
-+	endbranch
- 	xor	%rax, %rax	# return value
- 	cmp	\$0,$arg2
- 	je	.Ldone_${rdop}_bytes

openssl-1.1.1-kdf-selftest.patch

@@ -1,170 +0,0 @@
-diff -up openssl-1.1.1g/crypto/fips/build.info.kdf-selftest openssl-1.1.1g/crypto/fips/build.info
---- openssl-1.1.1g/crypto/fips/build.info.kdf-selftest	2020-06-03 16:08:36.274849058 +0200
-+++ openssl-1.1.1g/crypto/fips/build.info	2020-06-03 16:11:05.609079372 +0200
-@@ -5,7 +5,7 @@ SOURCE[../../libcrypto]=\
-         fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
-         fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
-         fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
--        fips_dh_selftest.c fips_ers.c
-+        fips_dh_selftest.c fips_kdf_selftest.c fips_ers.c
- 
- PROGRAMS_NO_INST=\
-           fips_standalone_hmac
-diff -up openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c
---- openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c.kdf-selftest	2020-06-03 16:08:36.337849577 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_kdf_selftest.c	2020-06-03 16:08:36.337849577 +0200
-@@ -0,0 +1,117 @@
-+/*
-+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <string.h>
-+#include <openssl/err.h>
-+#include <openssl/fips.h>
-+#include "crypto/fips.h"
-+
-+#include <openssl/evp.h>
-+#include <openssl/kdf.h>
-+
-+#ifdef OPENSSL_FIPS
-+int FIPS_selftest_pbkdf2(void)
-+{
-+    int ret = 0;
-+    EVP_KDF_CTX *kctx;
-+    unsigned char out[32];
-+
-+    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
-+        goto err;
-+    }
-+
-+    {
-+        const unsigned char expected[sizeof(out)] = {
-+            0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
-+            0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
-+            0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
-+            0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
-+        };
-+        if (memcmp(out, expected, sizeof(expected))) {
-+            goto err;
-+        }
-+    }
-+    ret = 1;
-+
-+err:
-+    if (!ret)
-+        FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
-+    EVP_KDF_CTX_free(kctx);
-+    return ret;
-+}
-+
-+/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
-+ * 5) appendix A. */
-+int FIPS_selftest_kbkdf(void)
-+{
-+    int ret = 0;
-+    EVP_KDF_CTX *kctx;
-+    char *label = "prf", *prf_input = "test";
-+    static unsigned char input_key[] = {
-+        0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
-+        0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
-+    };
-+    static unsigned char output[] = {
-+        0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
-+        0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
-+        0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
-+        0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
-+    };
-+    unsigned char result[sizeof(output)] = { 0 };
-+
-+    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
-+        goto err;
-+    }
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
-+        goto err;
-+    }
-+    ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
-+        && memcmp(result, output, sizeof(output)) == 0;
-+err:
-+
-+    if (!ret)
-+        FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
-+    EVP_KDF_CTX_free(kctx);
-+    return ret;
-+}
-+
-+int FIPS_selftest_kdf(void)
-+{
-+    return FIPS_selftest_pbkdf2() && FIPS_selftest_kbkdf();
-+}
-+
-+#endif
-diff -up openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest openssl-1.1.1g/crypto/fips/fips_post.c
---- openssl-1.1.1g/crypto/fips/fips_post.c.kdf-selftest	2020-06-03 16:08:36.332849536 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-06-03 16:08:36.338849585 +0200
-@@ -111,6 +111,8 @@ int FIPS_selftest(void)
-         rv = 0;
-     if (!FIPS_selftest_ecdh())
-         rv = 0;
-+    if (!FIPS_selftest_kdf())
-+        rv = 0;
-     return rv;
- }
- 
-diff -up openssl-1.1.1g/include/crypto/fips.h.kdf-selftest openssl-1.1.1g/include/crypto/fips.h
---- openssl-1.1.1g/include/crypto/fips.h.kdf-selftest	2020-06-03 16:08:36.330849519 +0200
-+++ openssl-1.1.1g/include/crypto/fips.h	2020-06-03 16:08:36.338849585 +0200
-@@ -72,6 +72,9 @@ void FIPS_drbg_stick(int onoff);
- int FIPS_selftest_hmac(void);
- int FIPS_selftest_drbg(void);
- int FIPS_selftest_cmac(void);
-+int FIPS_selftest_kbkdf(void);
-+int FIPS_selftest_pbkdf2(void);
-+int FIPS_selftest_kdf(void);
- 
- int fips_in_post(void);
- 
-diff -up openssl-1.1.1g/include/openssl/fips.h.kdf-selftest openssl-1.1.1g/include/openssl/fips.h
---- openssl-1.1.1g/include/openssl/fips.h.kdf-selftest	2020-06-03 16:08:36.282849124 +0200
-+++ openssl-1.1.1g/include/openssl/fips.h	2020-06-03 16:08:36.338849585 +0200
-@@ -123,6 +123,8 @@ extern "C" {
- # define FIPS_F_FIPS_SELFTEST_DSA                         112
- # define FIPS_F_FIPS_SELFTEST_ECDSA                       133
- # define FIPS_F_FIPS_SELFTEST_HMAC                        113
-+# define FIPS_F_FIPS_SELFTEST_KBKDF                       151
-+# define FIPS_F_FIPS_SELFTEST_PBKDF2                      152
- # define FIPS_F_FIPS_SELFTEST_SHA1                        115
- # define FIPS_F_FIPS_SELFTEST_SHA2                        105
- # define FIPS_F_OSSL_ECDSA_SIGN_SIG                       143

openssl-1.1.1-man-rename.patch

@@ -1,19 +0,0 @@
-diff -up openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename openssl-1.1.1-pre9/doc/man1/openssl.pod
---- openssl-1.1.1-pre9/doc/man1/openssl.pod.man-rename	2018-08-21 14:14:13.000000000 +0200
-+++ openssl-1.1.1-pre9/doc/man1/openssl.pod	2018-08-22 12:13:04.092568064 +0200
-@@ -482,13 +482,13 @@ L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>
- L<ec(1)>, L<ecparam(1)>,
- L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
- L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
--L<passwd(1)>,
- L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
- L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
--L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
-+L<rehash(1)>, L<req(1)>, L<rsa(1)>,
- L<rsautl(1)>, L<s_client(1)>,
- L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
- L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
-+L<sslpasswd(1)>, L<sslrand(1)>,
- L<ts(1)>,
- L<verify(1)>, L<version(1)>, L<x509(1)>,
- L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>

openssl-1.1.1-no-brainpool.patch

@@ -1,112 +0,0 @@
-diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in
---- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in.no-brainpool	2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.in	2019-09-13 15:11:07.358687169 +0200
-@@ -147,22 +147,22 @@ our @tests = (
-     {
-         name => "ECDSA with brainpool",
-         server =>  {
--            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
--            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
--            "Groups" => "brainpoolP256r1",
-+            "Certificate" => test_pem("server-ecdsa-cert.pem"),
-+            "PrivateKey" => test_pem("server-ecdsa-key.pem"),
-+#            "Groups" => "brainpoolP256r1",
-         },
-         client => {
-             #We don't restrict this to TLSv1.2, although use of brainpool
-             #should force this anyway so that this should succeed
-             "CipherString" => "aECDSA",
-             "RequestCAFile" => test_pem("root-cert.pem"),
--            "Groups" => "brainpoolP256r1",
-+#            "Groups" => "brainpoolP256r1",
-         },
-         test   => {
--            "ExpectedServerCertType" =>, "brainpoolP256r1",
--            "ExpectedServerSignType" =>, "EC",
-+#            "ExpectedServerCertType" =>, "brainpoolP256r1",
-+#            "ExpectedServerSignType" =>, "EC",
-             # Note: certificate_authorities not sent for TLS < 1.3
--            "ExpectedServerCANames" =>, "empty",
-+#            "ExpectedServerCANames" =>, "empty",
-             "ExpectedResult" => "Success"
-         },
-     },
-@@ -853,18 +853,18 @@ my @tests_tls_1_3 = (
-     {
-         name => "TLS 1.3 ECDSA with brainpool",
-         server =>  {
--            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
--            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
--            "Groups" => "brainpoolP256r1",
-+            "Certificate" => test_pem("server-ecdsa-cert.pem"),
-+            "PrivateKey" => test_pem("server-ecdsa-key.pem"),
-+#            "Groups" => "brainpoolP256r1",
-         },
-         client => {
-             "RequestCAFile" => test_pem("root-cert.pem"),
--            "Groups" => "brainpoolP256r1",
-+#            "Groups" => "brainpoolP256r1",
-             "MinProtocol" => "TLSv1.3",
-             "MaxProtocol" => "TLSv1.3"
-         },
-         test   => {
--            "ExpectedResult" => "ServerFail"
-+            "ExpectedResult" => "Success"
-         },
-     },
- );
-diff -up openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool openssl-1.1.1d/test/ssl-tests/20-cert-select.conf
---- openssl-1.1.1d/test/ssl-tests/20-cert-select.conf.no-brainpool	2019-09-10 15:13:07.000000000 +0200
-+++ openssl-1.1.1d/test/ssl-tests/20-cert-select.conf	2019-09-13 15:12:27.380288469 +0200
-@@ -238,23 +238,18 @@ server = 5-ECDSA with brainpool-server
- client = 5-ECDSA with brainpool-client
- 
- [5-ECDSA with brainpool-server]
--Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
- CipherString = DEFAULT
--Groups = brainpoolP256r1
--PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
- 
- [5-ECDSA with brainpool-client]
- CipherString = aECDSA
--Groups = brainpoolP256r1
- RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
- VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
- VerifyMode = Peer
- 
- [test-5]
- ExpectedResult = Success
--ExpectedServerCANames = empty
--ExpectedServerCertType = brainpoolP256r1
--ExpectedServerSignType = EC
- 
- 
- # ===========================================================
-@@ -1713,14 +1708,12 @@ server = 52-TLS 1.3 ECDSA with brainpool
- client = 52-TLS 1.3 ECDSA with brainpool-client
- 
- [52-TLS 1.3 ECDSA with brainpool-server]
--Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
- CipherString = DEFAULT
--Groups = brainpoolP256r1
--PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
- 
- [52-TLS 1.3 ECDSA with brainpool-client]
- CipherString = DEFAULT
--Groups = brainpoolP256r1
- MaxProtocol = TLSv1.3
- MinProtocol = TLSv1.3
- RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-@@ -1728,7 +1721,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/ro
- VerifyMode = Peer
- 
- [test-52]
--ExpectedResult = ServerFail
-+ExpectedResult = Success
- 
- 
- # ===========================================================

openssl-1.1.1-no-html.patch

@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html openssl-1.1.1f/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1f/Configurations/unix-Makefile.tmpl.no-html	2020-04-07 16:45:21.904083989 +0200
-+++ openssl-1.1.1f/Configurations/unix-Makefile.tmpl	2020-04-07 16:45:56.218461895 +0200
-@@ -544,7 +544,7 @@ install_sw: install_dev install_engines
- 
- uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
- 
--install_docs: install_man_docs install_html_docs
-+install_docs: install_man_docs
- 
- uninstall_docs: uninstall_man_docs uninstall_html_docs
- 	$(RM) -r "$(DESTDIR)$(DOCDIR)"

openssl-1.1.1-no-weak-verify.patch

@@ -1,26 +0,0 @@
-diff -up openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify openssl-1.1.1b/crypto/asn1/a_verify.c
---- openssl-1.1.1b/crypto/asn1/a_verify.c.no-weak-verify	2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/asn1/a_verify.c	2019-02-28 11:25:31.531862873 +0100
-@@ -7,6 +7,9 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
-+/* for secure_getenv */
-+#define _GNU_SOURCE
-+
- #include <stdio.h>
- #include <time.h>
- #include <sys/types.h>
-@@ -130,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
-         if (ret != 2)
-             goto err;
-         ret = -1;
-+    } else if ((mdnid == NID_md5
-+               && secure_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
-+               mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
-+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
-+                ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-+        goto err;
-     } else {
-         const EVP_MD *type = EVP_get_digestbynid(mdnid);
- 

openssl-1.1.1-rewire-fips-drbg.patch

@@ -1,170 +0,0 @@
-diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
---- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c	2020-06-22 13:32:47.675852917 +0200
-@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
- int FIPS_drbg_reseed(DRBG_CTX *dctx,
-                      const unsigned char *adin, size_t adinlen)
- {
-+    int len = (int)adinlen;
-+
-+    if (len < 0 || (size_t)len != adinlen) {
-+        FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
-+        return 0;
-+    }
-+    RAND_seed(adin, len);
-+    return 1;
-+}
-+
-+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
-+                     const unsigned char *adin, size_t adinlen)
-+{
-     return drbg_reseed(dctx, adin, adinlen, 1);
- }
- 
-@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
-                        int prediction_resistance,
-                        const unsigned char *adin, size_t adinlen)
- {
-+    int len = (int)outlen;
-+
-+    if (len < 0 || (size_t)len != outlen) {
-+        FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
-+        return 0;
-+    }
-+    return RAND_bytes(out, len);
-+}
-+
-+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-+                       int prediction_resistance,
-+                       const unsigned char *adin, size_t adinlen)
-+{
-     int r = 0;
- 
-     if (FIPS_selftest_failed()) {
-diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
---- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c	2020-06-22 13:32:47.675852917 +0200
-@@ -57,6 +57,8 @@
- #include <openssl/err.h>
- #include <openssl/rand.h>
- #include <openssl/fips.h>
-+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
-+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
- #include <openssl/fips_rand.h>
- #include "fips_rand_lcl.h"
- 
-diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
---- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg	2020-06-22 13:32:47.612852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c	2020-06-22 13:32:47.675852917 +0200
-@@ -55,6 +55,8 @@
- #include <openssl/crypto.h>
- #include <openssl/err.h>
- #include <openssl/fips.h>
-+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
-+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
- #include <openssl/fips_rand.h>
- #include "fips_rand_lcl.h"
- #include "fips_locl.h"
-diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
---- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-06-22 13:32:47.675852917 +0200
-@@ -79,8 +79,6 @@ int FIPS_selftest(void)
-         ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
-         rv = 0;
-     }
--    if (!FIPS_selftest_drbg())
--        rv = 0;
-     if (!FIPS_selftest_sha1())
-         rv = 0;
-     if (!FIPS_selftest_sha2())
-diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
---- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.613852927 +0200
-+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c	2020-06-22 13:36:28.722817967 +0200
-@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
- 
- int FIPS_rand_seed(const void *buf, int num)
- {
-+#if 0
-     if (!fips_approved_rand_meth && FIPS_module_mode()) {
-         FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
-         return 0;
-@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
-     if (fips_rand_meth && fips_rand_meth->seed)
-         fips_rand_meth->seed(buf, num);
-     return 1;
-+#else
-+    RAND_seed(buf, num);
-+    return 1;
-+#endif
- }
- 
- int FIPS_rand_bytes(unsigned char *buf, int num)
- {
-+#if 0
-     if (!fips_approved_rand_meth && FIPS_module_mode()) {
-         FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
-         return 0;
-@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
-     if (fips_rand_meth && fips_rand_meth->bytes)
-         return fips_rand_meth->bytes(buf, num);
-     return 0;
-+#else
-+    return RAND_bytes(buf, num);
-+#endif
- }
- 
- int FIPS_rand_status(void)
- {
-+#if 0
-     if (!fips_approved_rand_meth && FIPS_module_mode()) {
-         FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
-         return 0;
-@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
-     if (fips_rand_meth && fips_rand_meth->status)
-         return fips_rand_meth->status();
-     return 0;
-+#else
-+    return RAND_status();
-+#endif
- }
- 
- /* Return instantiated strength of PRNG. For DRBG this is an internal
-diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
---- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
-+++ openssl-1.1.1g/include/openssl/fips.h	2020-06-22 13:32:47.675852917 +0200
-@@ -64,6 +64,11 @@ extern "C" {
- 
-     int FIPS_selftest(void);
-     int FIPS_selftest_failed(void);
-+
-+    /*
-+     * This function is deprecated as it performs selftest of the old FIPS drbg
-+     * implementation that is not validated.
-+     */
-     int FIPS_selftest_drbg_all(void);
- 
-     int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
-diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
---- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg	2020-06-22 13:32:47.617852926 +0200
-+++ openssl-1.1.1g/include/openssl/fips_rand.h	2020-06-22 13:32:47.675852917 +0200
-@@ -60,6 +60,20 @@
- #  ifdef  __cplusplus
- extern "C" {
- #  endif
-+
-+/*
-+ * IMPORTANT NOTE:
-+ * All functions in this header file are deprecated and should not be used
-+ * as they use the old FIPS_drbg implementation that is not FIPS validated
-+ * anymore.
-+ * To provide backwards compatibility for applications that need FIPS compliant
-+ * RNG number generation and use FIPS_drbg_generate, this function was
-+ * re-wired to call the FIPS validated DRBG instance instead through
-+ * the RAND_bytes() call.
-+ *
-+ * All these functions will be removed in future.
-+ */
-+
-     typedef struct drbg_ctx_st DRBG_CTX;
- /* DRBG external flags */
- /* Flag for CTR mode only: use derivation function ctr_df */

openssl-1.1.1-seclevel.patch

@@ -1,160 +0,0 @@
-diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
---- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/x509/x509_vfy.c	2020-06-05 17:16:54.835536823 +0200
-@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
- }
- 
- static const int minbits_table[] = { 80, 112, 128, 192, 256 };
-+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
- static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
- 
- /*
-@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
- 
-     if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
-         return 0;
--
--    return secbits >= minbits_table[level - 1];
-+    /*
-+     * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
-+     * disable SHA1 flag is not set.
-+     */
-+    if ((ctx->param->flags & 0x40000000) || FIPS_mode())
-+        return secbits >= minbits_table[level - 1];
-+    return secbits >= minbits_digest_table[level - 1];
- }
-diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
---- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod	2020-06-04 15:48:01.608178833 +0200
-@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
- 
- =item B<Level 2>
- 
--Security level set to 112 bits of security. As a result RSA, DSA and DH keys
--shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
-+Security level set to 112 bits of security with the exception of SHA1 allowed
-+for signatures.
-+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
-+shorter than 224 bits are prohibited.
- In addition to the level 1 exclusions any cipher suite using RC4 is also
- prohibited. SSL version 3 is also not allowed. Compression is disabled.
- 
-diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
---- openssl-1.1.1g/ssl/ssl_cert.c.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/ssl/ssl_cert.c	2020-06-05 17:10:11.842198401 +0200
-@@ -27,6 +27,7 @@
- static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
-                                          int op, int bits, int nid, void *other,
-                                          void *ex);
-+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
- 
- static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
- static volatile int ssl_x509_store_ctx_idx = -1;
-@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
-     X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
- 
-     /* Set suite B flags if needed */
--    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
-+    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
-     if (!X509_STORE_CTX_set_ex_data
-         (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
-         goto end;
-@@ -953,12 +954,33 @@ static int ssl_security_default_callback
-             return 0;
-         break;
-     default:
-+        /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
-+        if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
-+            break;
-         if (bits < minbits)
-             return 0;
-     }
-     return 1;
- }
- 
-+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
-+{
-+    unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
-+    const CERT *c;
-+
-+    if (FIPS_mode())
-+        return ret;
-+
-+    if (ctx != NULL) {
-+       c = ctx->cert;
-+    } else {
-+       c = s->cert;
-+    }
-+    if (tls1_cert_sigalgs_have_sha1(c))
-+        return 0;
-+    return ret;
-+}
-+
- int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
- {
-     return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
-diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
---- openssl-1.1.1g/ssl/ssl_local.h.seclevel	2020-06-04 15:48:01.602178783 +0200
-+++ openssl-1.1.1g/ssl/ssl_local.h	2020-06-05 17:02:22.666313410 +0200
-@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
- __owur int tls1_process_sigalgs(SSL *s);
- __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
- __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
-+int tls1_cert_sigalgs_have_sha1(const CERT *c);
- __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
- #  ifndef OPENSSL_NO_EC
- __owur int tls_check_sigalg_curve(const SSL *s, int curve);
-diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
---- openssl-1.1.1g/ssl/t1_lib.c.seclevel	2020-06-04 15:48:01.654179221 +0200
-+++ openssl-1.1.1g/ssl/t1_lib.c	2020-06-05 17:02:40.268459157 +0200
-@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
-     return 0;
- }
- 
-+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
-+{
-+    size_t i;
-+
-+    for (i = 0; i < sigalgslen; i++, sigalgs++) {
-+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
-+
-+        if (lu == NULL)
-+            continue;
-+        if (lu->hash == NID_sha1)
-+            return 1;
-+    }
-+    return 0;
-+}
-+
-+
-+int tls1_cert_sigalgs_have_sha1(const CERT *c)
-+{
-+    if (c->client_sigalgs != NULL) {
-+        if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
-+            return 1;
-+    }
-+    if (c->conf_sigalgs != NULL) {
-+        if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
-+            return 1;
-+        return 0;
-+    }
-+    return 1;
-+}
-+
- static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
- {
-     int sig_nid, use_pc_sigalgs = 0;
-diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
---- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/test/recipes/25-test_verify.t	2020-06-04 15:48:01.608178833 +0200
-@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
- ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
-     "CA with PSS signature using SHA256");
- 
--ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
--    "Reject PSS signature using SHA1 and auth level 2");
-+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
-+    "Reject PSS signature using SHA1 and auth level 3");
- 
- ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
-     "PSS signature using SHA256 and auth level 2");

openssl-1.1.1-system-cipherlist.patch

@@ -1,310 +0,0 @@
-diff -up openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist openssl-1.1.1c/Configurations/unix-Makefile.tmpl
---- openssl-1.1.1c/Configurations/unix-Makefile.tmpl.system-cipherlist	2019-05-29 15:42:27.951329271 +0200
-+++ openssl-1.1.1c/Configurations/unix-Makefile.tmpl	2019-05-29 15:42:27.974328867 +0200
-@@ -180,6 +180,10 @@ MANDIR=$(INSTALLTOP)/share/man
- DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
- HTMLDIR=$(DOCDIR)/html
- 
-+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
-+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
-+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
-+
- # MANSUFFIX is for the benefit of anyone who may want to have a suffix
- # appended after the manpage file section number.  "ssl" is popular,
- # resulting in files such as config.5ssl rather than config.5.
-@@ -203,6 +207,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
- CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
- CPPFLAGS={- our $cppflags1 = join(" ",
-                                   (map { "-D".$_} @{$config{CPPDEFINES}}),
-+                                  "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
-                                   (map { "-I".$_} @{$config{CPPINCLUDES}}),
-                                   @{$config{CPPFLAGS}}) -}
- CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
-diff -up openssl-1.1.1c/Configure.system-cipherlist openssl-1.1.1c/Configure
---- openssl-1.1.1c/Configure.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/Configure	2019-05-29 15:45:10.465469533 +0200
-@@ -24,7 +24,7 @@ use OpenSSL::Glob;
- my $orig_death_handler = $SIG{__DIE__};
- $SIG{__DIE__} = \&death_handler;
- 
--my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
-+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
- 
- # Options:
- #
-@@ -41,6 +41,9 @@ my $usage="Usage: Configure [no-<cipher>
- #               This becomes the value of OPENSSLDIR in Makefile and in C.
- #               (Default: PREFIX/ssl)
- #
-+# --system-ciphers-file  A file to read cipher string from when the PROFILE=SYSTEM
-+#		cipher is specified (default).
-+#
- # --cross-compile-prefix Add specified prefix to binutils components.
- #
- # --api         One of 0.9.8, 1.0.0 or 1.1.0.  Do not compile support for
-@@ -295,6 +298,7 @@ $config{prefix}="";
- $config{openssldir}="";
- $config{processor}="";
- $config{libdir}="";
-+$config{system_ciphers_file}="";
- my $auto_threads=1;    # enable threads automatically? true by default
- my $default_ranlib;
- 
-@@ -824,6 +828,10 @@ while (@argvcopy)
-                             push @seed_sources, $x;
-                             }
-                         }
-+		elsif (/^--system-ciphers-file=(.*)$/)
-+			{
-+			$config{system_ciphers_file}=$1;
-+			}
-                 elsif (/^--cross-compile-prefix=(.*)$/)
-                         {
-                         $user{CROSS_COMPILE}=$1;
-@@ -1016,6 +1024,8 @@ if ($target eq "HASH") {
-     exit 0;
- }
- 
-+chop $config{system_ciphers_file} if $config{system_ciphers_file} =~ /\/$/;
-+
- print "Configuring OpenSSL version $config{version} ($config{version_num}) ";
- print "for $target\n";
- 
-diff -up openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist openssl-1.1.1c/doc/man1/ciphers.pod
---- openssl-1.1.1c/doc/man1/ciphers.pod.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/doc/man1/ciphers.pod	2019-05-29 15:42:27.975328849 +0200
-@@ -182,6 +182,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
- 
- The cipher suites not enabled by B<ALL>, currently B<eNULL>.
- 
-+=item B<PROFILE=SYSTEM>
-+
-+The list of enabled cipher suites will be loaded from the system crypto policy
-+configuration file B</etc/crypto-policies/back-ends/openssl.config>.
-+See also L<update-crypto-policies(8)>.
-+This is the default behavior unless an application explicitly sets a cipher
-+list. If used in a cipher list configuration value this string must be at the
-+beginning of the cipher list, otherwise it will not be recognized.
-+
- =item B<HIGH>
- 
- "High" encryption cipher suites. This currently means those with key lengths
-diff -up openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist openssl-1.1.1c/include/openssl/ssl.h
---- openssl-1.1.1c/include/openssl/ssl.h.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/include/openssl/ssl.h	2019-05-29 15:42:27.975328849 +0200
-@@ -186,6 +186,11 @@ extern "C" {
-  * throwing out anonymous and unencrypted ciphersuites! (The latter are not
-  * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
-  */
-+# ifdef SYSTEM_CIPHERS_FILE
-+#  define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
-+# else
-+#  define SSL_SYSTEM_DEFAULT_CIPHER_LIST SSL_DEFAULT_CIPHER_LIST
-+# endif
- 
- /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
- # define SSL_SENT_SHUTDOWN       1
-diff -up openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist openssl-1.1.1c/ssl/ssl_ciph.c
---- openssl-1.1.1c/ssl/ssl_ciph.c.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/ssl/ssl_ciph.c	2019-05-29 15:42:27.976328831 +0200
-@@ -9,6 +9,8 @@
-  * https://www.openssl.org/source/license.html
-  */
- 
-+/* for secure_getenv */
-+#define _GNU_SOURCE
- #include <stdio.h>
- #include <ctype.h>
- #include <openssl/objects.h>
-@@ -1399,6 +1401,53 @@ int SSL_set_ciphersuites(SSL *s, const c
-     return ret;
- }
- 
-+#ifdef SYSTEM_CIPHERS_FILE
-+static char *load_system_str(const char *suffix)
-+{
-+    FILE *fp;
-+    char buf[1024];
-+    char *new_rules;
-+    const char *ciphers_path;
-+    unsigned len, slen;
-+
-+    if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
-+        ciphers_path = SYSTEM_CIPHERS_FILE;
-+    fp = fopen(ciphers_path, "r");
-+    if (fp == NULL || fgets(buf, sizeof(buf), fp) == NULL) {
-+        /* cannot open or file is empty */
-+        snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
-+    }
-+
-+    if (fp)
-+        fclose(fp);
-+
-+    slen = strlen(suffix);
-+    len = strlen(buf);
-+
-+    if (buf[len - 1] == '\n') {
-+        len--;
-+        buf[len] = 0;
-+    }
-+    if (buf[len - 1] == '\r') {
-+        len--;
-+        buf[len] = 0;
-+    }
-+
-+    new_rules = OPENSSL_malloc(len + slen + 1);
-+    if (new_rules == 0)
-+        return NULL;
-+
-+    memcpy(new_rules, buf, len);
-+    if (slen > 0) {
-+        memcpy(&new_rules[len], suffix, slen);
-+        len += slen;
-+    }
-+    new_rules[len] = 0;
-+
-+    return new_rules;
-+}
-+#endif
-+
- STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
-                                              STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
-                                              STACK_OF(SSL_CIPHER) **cipher_list,
-@@ -1412,15 +1461,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-     const char *rule_p;
-     CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-     const SSL_CIPHER **ca_list = NULL;
-+#ifdef SYSTEM_CIPHERS_FILE
-+    char *new_rules = NULL;
-+
-+    if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
-+        char *p = rule_str + 14;
-+    
-+        new_rules = load_system_str(p);
-+        rule_str = new_rules;
-+    }
-+#endif
- 
-     /*
-      * Return with error if nothing to do.
-      */
-     if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
--        return NULL;
-+        goto err;
- #ifndef OPENSSL_NO_EC
-     if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
--        return NULL;
-+        goto err;
- #endif
- 
-     /*
-@@ -1443,7 +1502,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-     co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
-     if (co_list == NULL) {
-         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
--        return NULL;          /* Failure */
-+        goto err;
-     }
- 
-     ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1509,8 +1568,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-      * in force within each class
-      */
-     if (!ssl_cipher_strength_sort(&head, &tail)) {
--        OPENSSL_free(co_list);
--        return NULL;
-+        goto err;
-     }
- 
-     /*
-@@ -1555,9 +1613,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-     num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-     ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
-     if (ca_list == NULL) {
--        OPENSSL_free(co_list);
-         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
--        return NULL;          /* Failure */
-+        goto err;
-     }
-     ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
-                                disabled_mkey, disabled_auth, disabled_enc,
-@@ -1583,8 +1640,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-     OPENSSL_free(ca_list);      /* Not needed anymore */
- 
-     if (!ok) {                  /* Rule processing failure */
--        OPENSSL_free(co_list);
--        return NULL;
-+        goto err;
-     }
- 
-     /*
-@@ -1592,14 +1648,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-      * if we cannot get one.
-      */
-     if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
--        OPENSSL_free(co_list);
--        return NULL;
-+        goto err;
-     }
- 
-+#ifdef SYSTEM_CIPHERS_FILE
-+    OPENSSL_free(new_rules);    /* Not needed anymore */
-+#endif
-+
-     /* Add TLSv1.3 ciphers first - we always prefer those if possible */
-     for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
-         if (!sk_SSL_CIPHER_push(cipherstack,
-                                 sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
-+            OPENSSL_free(co_list);
-             sk_SSL_CIPHER_free(cipherstack);
-             return NULL;
-         }
-@@ -1631,6 +1691,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
-     *cipher_list = cipherstack;
- 
-     return cipherstack;
-+
-+err:
-+    OPENSSL_free(co_list);
-+#ifdef SYSTEM_CIPHERS_FILE
-+    OPENSSL_free(new_rules);
-+#endif
-+    return NULL;
-+  
- }
- 
- char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-diff -up openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist openssl-1.1.1c/ssl/ssl_lib.c
---- openssl-1.1.1c/ssl/ssl_lib.c.system-cipherlist	2019-05-29 15:42:27.970328937 +0200
-+++ openssl-1.1.1c/ssl/ssl_lib.c	2019-05-29 15:42:27.977328814 +0200
-@@ -662,7 +662,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
-                                 ctx->tls13_ciphersuites,
-                                 &(ctx->cipher_list),
-                                 &(ctx->cipher_list_by_id),
--                                SSL_DEFAULT_CIPHER_LIST, ctx->cert);
-+                                SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
-     if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
-         SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
-         return 0;
-@@ -2954,7 +2954,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
-     if (!ssl_create_cipher_list(ret->method,
-                                 ret->tls13_ciphersuites,
-                                 &ret->cipher_list, &ret->cipher_list_by_id,
--                                SSL_DEFAULT_CIPHER_LIST, ret->cert)
-+                                SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
-         || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
-         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
-         goto err2;
-diff -up openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist openssl-1.1.1c/test/cipherlist_test.c
---- openssl-1.1.1c/test/cipherlist_test.c.system-cipherlist	2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/test/cipherlist_test.c	2019-05-29 15:42:27.977328814 +0200
-@@ -251,7 +251,9 @@ end:
- 
- int setup_tests(void)
- {
-+#ifndef SYSTEM_CIPHERS_FILE
-     ADD_TEST(test_default_cipherlist_implicit);
-+#endif
-     ADD_TEST(test_default_cipherlist_explicit);
-     ADD_TEST(test_default_cipherlist_clear);
-     return 1;

openssl-1.1.1-ts-sha256-default.patch

@@ -1,70 +0,0 @@
-diff -up openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default openssl-1.1.1h/apps/openssl.cnf
---- openssl-1.1.1h/apps/openssl.cnf.ts-sha256-default	2020-11-06 11:07:28.850100899 +0100
-+++ openssl-1.1.1h/apps/openssl.cnf	2020-11-06 11:11:28.042913791 +0100
-@@ -364,5 +348,5 @@ tsa_name		= yes	# Must the TSA name be i
- 				# (optional, default: no)
- ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
- 				# (optional, default: no)
--ess_cert_id_alg		= sha1	# algorithm to compute certificate
-+ess_cert_id_alg		= sha256	# algorithm to compute certificate
- 				# identifier (optional, default: sha1)
-diff -up openssl-1.1.1h/apps/ts.c.ts-sha256-default openssl-1.1.1h/apps/ts.c
---- openssl-1.1.1h/apps/ts.c.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/apps/ts.c	2020-11-06 11:07:28.883101220 +0100
-@@ -423,7 +423,7 @@ static TS_REQ *create_query(BIO *data_bi
-     ASN1_OBJECT *policy_obj = NULL;
-     ASN1_INTEGER *nonce_asn1 = NULL;
- 
--    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
-+    if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL)
-         goto err;
-     if ((ts_req = TS_REQ_new()) == NULL)
-         goto err;
-diff -up openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default openssl-1.1.1h/crypto/ts/ts_conf.c
---- openssl-1.1.1h/crypto/ts/ts_conf.c.ts-sha256-default	2020-11-06 12:03:51.226372867 +0100
-+++ openssl-1.1.1h/crypto/ts/ts_conf.c	2020-11-06 12:04:01.713488990 +0100
-@@ -476,7 +476,7 @@ int TS_CONF_set_ess_cert_id_digest(CONF
-     const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
- 
-     if (md == NULL)
--        md = "sha1";
-+        md = "sha256";
- 
-     cert_md = EVP_get_digestbyname(md);
-     if (cert_md == NULL) {
-diff -up openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default openssl-1.1.1h/doc/man1/ts.pod
---- openssl-1.1.1h/doc/man1/ts.pod.ts-sha256-default	2020-09-22 14:55:07.000000000 +0200
-+++ openssl-1.1.1h/doc/man1/ts.pod	2020-11-06 11:07:28.883101220 +0100
-@@ -518,7 +518,7 @@ included. Default is no. (Optional)
- =item B<ess_cert_id_alg>
- 
- This option specifies the hash function to be used to calculate the TSA's
--public key certificate identifier. Default is sha1. (Optional)
-+public key certificate identifier. Default is sha256. (Optional)
- 
- =back
- 
-@@ -530,7 +530,7 @@ openssl/apps/openssl.cnf will do.
- 
- =head2 Time Stamp Request
- 
--To create a timestamp request for design1.txt with SHA-1
-+To create a timestamp request for design1.txt with SHA-256
- without nonce and policy and no certificate is required in the response:
- 
-   openssl ts -query -data design1.txt -no_nonce \
-@@ -546,12 +546,12 @@ To print the content of the previous req
- 
-   openssl ts -query -in design1.tsq -text
- 
--To create a timestamp request which includes the MD-5 digest
-+To create a timestamp request which includes the SHA-512 digest
- of design2.txt, requests the signer certificate and nonce,
- specifies a policy id (assuming the tsa_policy1 name is defined in the
- OID section of the config file):
- 
--  openssl ts -query -data design2.txt -md5 \
-+  openssl ts -query -data design2.txt -sha512 \
-         -tspolicy tsa_policy1 -cert -out design2.tsq
- 
- =head2 Time Stamp Response

openssl-1.1.1-version-add-engines.patch

@@ -1,38 +0,0 @@
-diff -up openssl-1.1.1-pre8/apps/version.c.version-add-engines openssl-1.1.1-pre8/apps/version.c
---- openssl-1.1.1-pre8/apps/version.c.version-add-engines	2018-06-20 16:48:09.000000000 +0200
-+++ openssl-1.1.1-pre8/apps/version.c	2018-07-16 18:00:40.608624346 +0200
-@@ -64,7 +64,7 @@ int version_main(int argc, char **argv)
- {
-     int ret = 1, dirty = 0, seed = 0;
-     int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
--    int engdir = 0;
-+    int engdir = 0, engines = 0;
-     char *prog;
-     OPTION_CHOICE o;
- 
-@@ -106,7 +106,7 @@ opthelp:
-             break;
-         case OPT_A:
-             seed = options = cflags = version = date = platform = dir = engdir
--                = 1;
-+                = engines = 1;
-             break;
-         }
-     }
-@@ -188,6 +188,16 @@ opthelp:
- #endif
-         printf("\n");
-     }
-+    if (engines) {
-+        ENGINE *e;
-+        printf("engines:  ");
-+        e = ENGINE_get_first();
-+        while (e) {
-+            printf("%s ", ENGINE_get_id(e));
-+            e = ENGINE_get_next(e);
-+        }
-+        printf("\n");
-+    }
-     ret = 0;
-  end:
-     return ret;

openssl-1.1.1-version-override.patch

@@ -1,12 +0,0 @@
-diff -up openssl-1.1.1g/include/openssl/opensslv.h.version-override openssl-1.1.1g/include/openssl/opensslv.h
---- openssl-1.1.1g/include/openssl/opensslv.h.version-override	2020-04-23 13:29:37.802673513 +0200
-+++ openssl-1.1.1g/include/openssl/opensslv.h	2020-04-23 13:30:13.064008458 +0200
-@@ -40,7 +40,7 @@ extern "C" {
-  *  major minor fix final patch/beta)
-  */
- # define OPENSSL_VERSION_NUMBER  0x1010108fL
--# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1h  22 Sep 2020"
-+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1h FIPS 22 Sep 2020"
- 
- /*-
-  * The macros below are to be used for shared library (.so, .dll, ...)

openssl-1.1.1-weak-ciphers.patch

@@ -1,57 +0,0 @@
-diff -up openssl-1.1.1/ssl/s3_lib.c.weak-ciphers openssl-1.1.1/ssl/s3_lib.c
---- openssl-1.1.1/ssl/s3_lib.c.weak-ciphers	2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1/ssl/s3_lib.c	2018-09-17 12:53:33.850637181 +0200
-@@ -2612,7 +2612,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      SSL_GOST89MAC,
-      TLS1_VERSION, TLS1_2_VERSION,
-      0, 0,
--     SSL_HIGH,
-+     SSL_MEDIUM,
-      SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
-      256,
-      256,
-@@ -2644,7 +2644,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      SSL_GOST89MAC12,
-      TLS1_VERSION, TLS1_2_VERSION,
-      0, 0,
--     SSL_HIGH,
-+     SSL_MEDIUM,
-      SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
-      256,
-      256,
-@@ -2753,7 +2753,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      },
- #endif                          /* OPENSSL_NO_SEED */
- 
--#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-+#if 0 /* No MD5 ciphersuites */
-     {
-      1,
-      SSL3_TXT_RSA_RC4_128_MD5,
-@@ -2770,6 +2770,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      128,
-      128,
-      },
-+#endif
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-     {
-      1,
-      SSL3_TXT_RSA_RC4_128_SHA,
-@@ -2786,6 +2788,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      128,
-      128,
-      },
-+#endif
-+#if 0
-     {
-      1,
-      SSL3_TXT_ADH_RC4_128_MD5,
-@@ -2802,6 +2806,8 @@ static SSL_CIPHER ssl3_ciphers[] = {
-      128,
-      128,
-      },
-+#endif
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-     {
-      1,
-      TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,

openssl-fips.conf

@@ -0,0 +1,2 @@
+-b /usr/lib{,64}/libcrypto.so.*
+-b /usr/lib{,64}/libssl.so.*