public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: Merge branch 'master' into f21
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 638098da51cbb698684d48bce20a135d828293e6
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2014-08-07T16:16:19+02:00
Stats : +1954/-2562 in 17 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/638098da51cbb698684d48bce20a135d828293e6?branch=rebase_40beta
Log:
Merge branch 'master' into f21
Conflicts:
openssl.spec
---
diff --git a/.gitignore b/.gitignore
index ded4230..80ca99a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.1e-hobbled.tar.xz
/openssl-1.0.1g-hobbled.tar.xz
/openssl-1.0.1h-hobbled.tar.xz
+/openssl-1.0.1i-hobbled.tar.xz
diff --git a/openssl-1.0.0c-fips-md5-allow.patch b/openssl-1.0.0c-fips-md5-allow.patch
deleted file mode 100644
index f9f5e5d..0000000
--- a/openssl-1.0.0c-fips-md5-allow.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -up openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow openssl-1.0.0c/crypto/md5/md5_dgst.c
---- openssl-1.0.0c/crypto/md5/md5_dgst.c.md5-allow 2011-02-03 19:53:28.000000000 +0100
-+++ openssl-1.0.0c/crypto/md5/md5_dgst.c 2011-02-03 20:33:14.000000000 +0100
-@@ -75,7 +75,15 @@ const char MD5_version[]="MD5" OPENSSL_V
- #define INIT_DATA_C (unsigned long)0x98badcfeL
- #define INIT_DATA_D (unsigned long)0x10325476L
-
--FIPS_NON_FIPS_MD_Init(MD5)
-+int MD5_Init(MD5_CTX *c)
-+#ifdef OPENSSL_FIPS
-+ {
-+ if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
-+ FIPS_BAD_ALGORITHM(alg)
-+ return private_MD5_Init(c);
-+ }
-+int private_MD5_Init(MD5_CTX *c)
-+#endif
- {
- memset (c,0,sizeof(*c));
- c->A=INIT_DATA_A;
diff --git a/openssl-1.0.0e-doc-noeof.patch b/openssl-1.0.0e-doc-noeof.patch
deleted file mode 100644
index 9686575..0000000
--- a/openssl-1.0.0e-doc-noeof.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -up openssl-1.0.0e/doc/apps/s_client.pod.doc-noeof openssl-1.0.0e/doc/apps/s_client.pod
---- openssl-1.0.0e/doc/apps/s_client.pod.doc-noeof 2009-06-26 13:28:51.000000000 +0200
-+++ openssl-1.0.0e/doc/apps/s_client.pod 2011-11-03 08:30:35.000000000 +0100
-@@ -27,6 +27,7 @@ B<openssl> B<s_client>
- [B<-nbio>]
- [B<-crlf>]
- [B<-ign_eof>]
-+[B<-no_ign_eof>]
- [B<-quiet>]
- [B<-ssl2>]
- [B<-ssl3>]
-@@ -161,6 +162,11 @@ by some servers.
- inhibit shutting down the connection when end of file is reached in the
- input.
-
-+=item B<-no_ign_eof>
-+
-+shut down the connection when end of file is reached in the
-+input. Can be used to override the implicit B<-ign_eof> after B<-quiet>.
-+
- =item B<-quiet>
-
- inhibit printing of session and certificate information. This implicitly
diff --git a/openssl-1.0.1a-algo-doc.patch b/openssl-1.0.1a-algo-doc.patch
deleted file mode 100644
index c4aaa89..0000000
--- a/openssl-1.0.1a-algo-doc.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-diff -up openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod
---- openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc 2012-04-11 00:28:22.000000000 +0200
-+++ openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod 2012-04-20 09:14:01.865167011 +0200
-@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
-
- EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
- B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
--function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
-+function. B<type> will typically be supplied by a function such as EVP_sha1().
- If B<impl> is NULL then the default implementation of digest B<type> is used.
-
- EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
-@@ -165,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
- EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
- size in bytes.
-
--EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
- EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
- corresponding EVP_MD structures.
-
-diff -up openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod
---- openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc 2005-04-15 18:01:35.000000000 +0200
-+++ openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod 2012-04-20 09:10:59.114736465 +0200
-@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
- int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
- int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-+ const EVP_CIPHER *EVP_des_ede3(void);
-+ const EVP_CIPHER *EVP_des_ede3_ecb(void);
-+ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-+ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-+ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
-+ const EVP_CIPHER *EVP_des_ede3_ofb(void);
-+ const EVP_CIPHER *EVP_des_ede3_cbc(void);
-+ const EVP_CIPHER *EVP_aes_128_ecb(void);
-+ const EVP_CIPHER *EVP_aes_128_cbc(void);
-+ const EVP_CIPHER *EVP_aes_128_cfb1(void);
-+ const EVP_CIPHER *EVP_aes_128_cfb8(void);
-+ const EVP_CIPHER *EVP_aes_128_cfb128(void);
-+ const EVP_CIPHER *EVP_aes_128_ofb(void);
-+ const EVP_CIPHER *EVP_aes_192_ecb(void);
-+ const EVP_CIPHER *EVP_aes_192_cbc(void);
-+ const EVP_CIPHER *EVP_aes_192_cfb1(void);
-+ const EVP_CIPHER *EVP_aes_192_cfb8(void);
-+ const EVP_CIPHER *EVP_aes_192_cfb128(void);
-+ const EVP_CIPHER *EVP_aes_192_ofb(void);
-+ const EVP_CIPHER *EVP_aes_256_ecb(void);
-+ const EVP_CIPHER *EVP_aes_256_cbc(void);
-+ const EVP_CIPHER *EVP_aes_256_cfb1(void);
-+ const EVP_CIPHER *EVP_aes_256_cfb8(void);
-+ const EVP_CIPHER *EVP_aes_256_cfb128(void);
-+ const EVP_CIPHER *EVP_aes_256_ofb(void);
-+
- =head1 DESCRIPTION
-
- The EVP cipher routines are a high level interface to certain
-@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
-
- DESX algorithm in CBC mode.
-
-+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
-+
-+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
-+
-+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
-+
-+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
-+
-+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
-+
-+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
-+
- =item EVP_rc4(void)
-
- RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
diff --git a/openssl-1.0.1e-ssl2-no-ec.patch b/openssl-1.0.1e-ssl2-no-ec.patch
deleted file mode 100644
index 81ad472..0000000
--- a/openssl-1.0.1e-ssl2-no-ec.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff -up openssl-1.0.1e/ssl/s23_lib.c.ssl2noec openssl-1.0.1e/ssl/s23_lib.c
---- openssl-1.0.1e/ssl/s23_lib.c.ssl2noec 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/ssl/s23_lib.c 2014-05-06 15:51:54.053293674 +0200
-@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_C
- long l;
-
- /* We can write SSLv2 and SSLv3 ciphers */
-+ /* but no ECC ciphers */
-+ if (c->algorithm_mkey == SSL_kECDHr ||
-+ c->algorithm_mkey == SSL_kECDHe ||
-+ c->algorithm_mkey == SSL_kEECDH ||
-+ c->algorithm_auth == SSL_aECDH ||
-+ c->algorithm_auth == SSL_aECDSA)
-+ return 0;
- if (p != NULL)
- {
- l=c->id;
diff --git a/openssl-1.0.1e-trusted-first.patch b/openssl-1.0.1e-trusted-first.patch
deleted file mode 100644
index 08ab639..0000000
--- a/openssl-1.0.1e-trusted-first.patch
+++ /dev/null
@@ -1,330 +0,0 @@
-diff -up openssl-1.0.1e/apps/apps.c.trusted-first openssl-1.0.1e/apps/apps.c
---- openssl-1.0.1e/apps/apps.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/apps.c 2013-08-16 15:42:39.920534769 +0200
-@@ -2361,6 +2361,8 @@ int args_verify(char ***pargs, int *parg
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else if (!strcmp(arg, "-check_ss_sig"))
- flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-+ else if (!strcmp(arg, "-trusted_first"))
-+ flags |= X509_V_FLAG_TRUSTED_FIRST;
- else
- return 0;
-
-diff -up openssl-1.0.1e/apps/cms.c.trusted-first openssl-1.0.1e/apps/cms.c
---- openssl-1.0.1e/apps/cms.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/cms.c 2013-08-16 15:43:56.671213879 +0200
-@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
-+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
- #ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1e/apps/ocsp.c.trusted-first openssl-1.0.1e/apps/ocsp.c
---- openssl-1.0.1e/apps/ocsp.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/ocsp.c 2013-08-16 15:49:47.477572414 +0200
-@@ -595,6 +595,7 @@ int MAIN(int argc, char **argv)
- BIO_printf (bio_err, "-path path to use in OCSP request\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
-+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
- BIO_printf (bio_err, "-VAfile file validator certificates file\n");
- BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
- BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
-diff -up openssl-1.0.1e/apps/s_client.c.trusted-first openssl-1.0.1e/apps/s_client.c
---- openssl-1.0.1e/apps/s_client.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/apps/s_client.c 2013-08-16 15:49:00.727542994 +0200
-@@ -298,6 +298,7 @@ static void sc_usage(void)
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
-+ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
- BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
- BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
- BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
-diff -up openssl-1.0.1e/apps/smime.c.trusted-first openssl-1.0.1e/apps/smime.c
---- openssl-1.0.1e/apps/smime.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/smime.c 2013-08-16 15:46:44.024875150 +0200
-@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
-+ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
- #ifndef OPENSSL_NO_ENGINE
-diff -up openssl-1.0.1e/apps/s_server.c.trusted-first openssl-1.0.1e/apps/s_server.c
---- openssl-1.0.1e/apps/s_server.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/apps/s_server.c 2013-08-16 15:48:19.469634430 +0200
-@@ -501,6 +501,7 @@ static void sv_usage(void)
- BIO_printf(bio_err," -state - Print the SSL states\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
-+ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
- BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
- BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
-diff -up openssl-1.0.1e/apps/s_time.c.trusted-first openssl-1.0.1e/apps/s_time.c
---- openssl-1.0.1e/apps/s_time.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/apps/s_time.c 2013-08-16 15:47:35.862674188 +0200
-@@ -179,6 +179,7 @@ static void s_time_usage(void)
- file if not specified by this option\n\
- -CApath arg - PEM format directory of CA's\n\
- -CAfile arg - PEM format file of CA's\n\
-+-trusted_first - Use trusted CA's first when building the trust chain\n\
- -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
-
- printf( "usage: s_time <args>\n\n" );
-diff -up openssl-1.0.1e/apps/ts.c.trusted-first openssl-1.0.1e/apps/ts.c
---- openssl-1.0.1e/apps/ts.c.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/apps/ts.c 2013-08-16 15:45:27.766206812 +0200
-@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
- "ts -verify [-data file_to_hash] [-digest digest_bytes] "
- "[-queryfile request.tsq] "
- "-in response.tsr [-token_in] "
-- "-CApath ca_path -CAfile ca_file.pem "
-+ "-CApath ca_path -CAfile ca_file.pem -trusted_first"
- "-untrusted cert_file.pem\n");
- cleanup:
- /* Clean up. */
-diff -up openssl-1.0.1e/apps/verify.c.trusted-first openssl-1.0.1e/apps/verify.c
---- openssl-1.0.1e/apps/verify.c.trusted-first 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/apps/verify.c 2013-08-16 15:46:09.720124654 +0200
-@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
-
- end:
- if (ret == 1) {
-- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
- BIO_printf(bio_err," [-attime timestamp]");
- #ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," [-engine e]");
-diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1e/crypto/x509/x509_vfy.c
---- openssl-1.0.1e/crypto/x509/x509_vfy.c.trusted-first 2013-08-16 15:42:39.864533545 +0200
-+++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-08-16 15:42:39.921534791 +0200
-@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
-
- /* If we are self signed, we break */
- if (ctx->check_issued(ctx, x,x)) break;
-+ /* If asked see if we can find issuer in trusted store first */
-+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
-+ {
-+ ok = ctx->get_issuer(&xtmp, ctx, x);
-+ if (ok < 0)
-+ return ok;
-+ /* If successful for now free up cert so it
-+ * will be picked up again later.
-+ */
-+ if (ok > 0)
-+ {
-+ X509_free(xtmp);
-+ break;
-+ }
-+ }
-
- /* If we were passed a cert chain, use it first */
- if (ctx->untrusted != NULL)
-diff -up openssl-1.0.1e/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1e/crypto/x509/x509_vfy.h
---- openssl-1.0.1e/crypto/x509/x509_vfy.h.trusted-first 2013-08-16 15:42:39.356522432 +0200
-+++ openssl-1.0.1e/crypto/x509/x509_vfy.h 2013-08-16 15:42:39.922534813 +0200
-@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
- #define X509_V_FLAG_USE_DELTAS 0x2000
- /* Check selfsigned CA signature */
- #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
-+/* Use trusted store first */
-+#define X509_V_FLAG_TRUSTED_FIRST 0x8000
-
-
- #define X509_VP_FLAG_DEFAULT 0x1
-diff -up openssl-1.0.1e/doc/apps/cms.pod.trusted-first openssl-1.0.1e/doc/apps/cms.pod
---- openssl-1.0.1e/doc/apps/cms.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/doc/apps/cms.pod 2013-08-16 15:50:48.723921117 +0200
-@@ -35,6 +35,7 @@ B<openssl> B<cms>
- [B<-print>]
- [B<-CAfile file>]
- [B<-CApath dir>]
-+[B<-trusted_first>]
- [B<-md digest>]
- [B<-[cipher]>]
- [B<-nointern>]
-@@ -238,6 +239,12 @@ B<-verify>. This directory must be a sta
- is a hash of each subject name (using B<x509 -hash>) should be linked
- to each certificate.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before untrusted certificates
-+from the message when building the trust chain to verify certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-md digest>
-
- digest algorithm to use when signing or resigning. If not present then the
-diff -up openssl-1.0.1e/doc/apps/ocsp.pod.trusted-first openssl-1.0.1e/doc/apps/ocsp.pod
---- openssl-1.0.1e/doc/apps/ocsp.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/doc/apps/ocsp.pod 2013-08-16 15:52:20.106933403 +0200
-@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
- [B<-path>]
- [B<-CApath dir>]
- [B<-CAfile file>]
-+[B<-trusted_first>]
- [B<-VAfile file>]
- [B<-validity_period n>]
- [B<-status_age n>]
-@@ -138,6 +139,13 @@ or "/" by default.
- file or pathname containing trusted CA certificates. These are used to verify
- the signature on the OCSP response.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory over certificates provided
-+in the response or residing in other certificates file when building the trust
-+chain to verify responder certificate.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-verify_other file>
-
- file containing additional certificates to search when attempting to locate
-diff -up openssl-1.0.1e/doc/apps/s_client.pod.trusted-first openssl-1.0.1e/doc/apps/s_client.pod
---- openssl-1.0.1e/doc/apps/s_client.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/doc/apps/s_client.pod 2013-08-16 15:53:17.364194159 +0200
-@@ -17,6 +17,7 @@ B<openssl> B<s_client>
- [B<-pass arg>]
- [B<-CApath directory>]
- [B<-CAfile filename>]
-+[B<-trusted_first>]
- [B<-reconnect>]
- [B<-pause>]
- [B<-showcerts>]
-@@ -107,7 +108,7 @@ also used when building the client certi
- A file containing trusted certificates to use during server authentication
- and to use when attempting to build the client certificate chain.
-
--=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
-+=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
-
- Set various certificate chain valiadition option. See the
- L<B<verify>|verify(1)> manual page for details.
-diff -up openssl-1.0.1e/doc/apps/smime.pod.trusted-first openssl-1.0.1e/doc/apps/smime.pod
---- openssl-1.0.1e/doc/apps/smime.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/doc/apps/smime.pod 2013-08-16 15:56:12.497050767 +0200
-@@ -15,6 +15,9 @@ B<openssl> B<smime>
- [B<-pk7out>]
- [B<-[cipher]>]
- [B<-in file>]
-+[B<-CAfile file>]
-+[B<-CApath dir>]
-+[B<-trusted_first>]
- [B<-certfile file>]
- [B<-signer file>]
- [B<-recip file>]
-@@ -146,6 +149,12 @@ B<-verify>. This directory must be a sta
- is a hash of each subject name (using B<x509 -hash>) should be linked
- to each certificate.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory over certificates provided
-+in the message when building the trust chain to verify a certificate.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-md digest>
-
- digest algorithm to use when signing or resigning. If not present then the
-diff -up openssl-1.0.1e/doc/apps/s_server.pod.trusted-first openssl-1.0.1e/doc/apps/s_server.pod
---- openssl-1.0.1e/doc/apps/s_server.pod.trusted-first 2013-08-16 15:42:39.000000000 +0200
-+++ openssl-1.0.1e/doc/apps/s_server.pod 2013-08-16 15:54:33.609873214 +0200
-@@ -33,6 +33,7 @@ B<openssl> B<s_server>
- [B<-state>]
- [B<-CApath directory>]
- [B<-CAfile filename>]
-+[B<-trusted_first>]
- [B<-nocert>]
- [B<-cipher cipherlist>]
- [B<-quiet>]
-@@ -168,6 +169,12 @@ and to use when attempting to build the
- is also used in the list of acceptable client CAs passed to the client when
- a certificate is requested.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before other certificates
-+when building the trust chain to verify client certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-state>
-
- prints out the SSL session states.
-diff -up openssl-1.0.1e/doc/apps/s_time.pod.trusted-first openssl-1.0.1e/doc/apps/s_time.pod
---- openssl-1.0.1e/doc/apps/s_time.pod.trusted-first 2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/s_time.pod 2013-08-16 15:55:12.651732938 +0200
-@@ -14,6 +14,7 @@ B<openssl> B<s_time>
- [B<-key filename>]
- [B<-CApath directory>]
- [B<-CAfile filename>]
-+[B<-trusted_first>]
- [B<-reuse>]
- [B<-new>]
- [B<-verify depth>]
-@@ -76,6 +77,12 @@ also used when building the client certi
- A file containing trusted certificates to use during server authentication
- and to use when attempting to build the client certificate chain.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory over the certificates provided
-+by the server when building the trust chain to verify server certificate.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-new>
-
- performs the timing test using a new session ID for each connection.
-diff -up openssl-1.0.1e/doc/apps/ts.pod.trusted-first openssl-1.0.1e/doc/apps/ts.pod
---- openssl-1.0.1e/doc/apps/ts.pod.trusted-first 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/ts.pod 2013-08-16 15:57:17.399479957 +0200
-@@ -46,6 +46,7 @@ B<-verify>
- [B<-token_in>]
- [B<-CApath> trusted_cert_path]
- [B<-CAfile> trusted_certs.pem]
-+[B<-trusted_first>]
- [B<-untrusted> cert_file.pem]
-
- =head1 DESCRIPTION
-@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
- or B<-CApath> must be specified.
- (Optional)
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before other certificates
-+when building the trust chain to verify certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-untrusted> cert_file.pem
-
- Set of additional untrusted certificates in PEM format which may be
-diff -up openssl-1.0.1e/doc/apps/verify.pod.trusted-first openssl-1.0.1e/doc/apps/verify.pod
---- openssl-1.0.1e/doc/apps/verify.pod.trusted-first 2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/verify.pod 2013-08-16 15:58:00.267423925 +0200
-@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
- B<openssl> B<verify>
- [B<-CApath directory>]
- [B<-CAfile file>]
-+[B<-trusted_first>]
- [B<-purpose purpose>]
- [B<-policy arg>]
- [B<-ignore_critical>]
-@@ -56,6 +57,12 @@ in PEM format concatenated together.
- A file of untrusted certificates. The file should contain multiple certificates
- in PEM format concatenated together.
-
-+=item B<-trusted_first>
-+
-+Use certificates in CA file or CA directory before the certificates in the untrusted
-+file when building the trust chain to verify certificates.
-+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
-+
- =item B<-purpose purpose>
-
- The intended use for the certificate. If this option is not specified,
diff --git a/openssl-1.0.1g-3des-strength.patch b/openssl-1.0.1g-3des-strength.patch
deleted file mode 100644
index aec054d..0000000
--- a/openssl-1.0.1g-3des-strength.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-diff -up openssl-1.0.1g/ssl/s2_lib.c.3des-strength openssl-1.0.1g/ssl/s2_lib.c
---- openssl-1.0.1g/ssl/s2_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/s2_lib.c 2014-05-06 16:33:45.646358418 +0200
-@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
- SSL_SSLV2,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
-- 168,
-+ 128,
- 168,
- },
-
-diff -up openssl-1.0.1g/ssl/s3_lib.c.3des-strength openssl-1.0.1g/ssl/s3_lib.c
---- openssl-1.0.1g/ssl/s3_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/s3_lib.c 2014-05-06 16:38:05.887374872 +0200
-@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2432,7 +2432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
-@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
- SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-- 168,
-+ 128,
- 168,
- },
-
diff --git a/openssl-1.0.1g-new-fips-reqs.patch b/openssl-1.0.1g-new-fips-reqs.patch
deleted file mode 100644
index 335cf43..0000000
--- a/openssl-1.0.1g-new-fips-reqs.patch
+++ /dev/null
@@ -1,1764 +0,0 @@
-diff -up openssl-1.0.1g/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1g/crypto/bn/bn_rand.c
---- openssl-1.0.1g/crypto/bn/bn_rand.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/bn/bn_rand.c 2014-05-06 16:22:21.432540283 +0200
-@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
- goto err;
- }
-
-- /* make a random number and set the top and bottom bits */
-- time(&tim);
-- RAND_add(&tim,sizeof(tim),0.0);
-+ if (!FIPS_mode()) /* in FIPS mode the RNG is always properly seeded or the module fails */
-+ {
-+ /* make a random number and set the top and bottom bits */
-+ time(&tim);
-+ RAND_add(&tim,sizeof(tim),0.0);
-+ }
-
- if (pseudorand)
- {
-diff -up openssl-1.0.1g/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1g/crypto/dh/dh_gen.c
---- openssl-1.0.1g/crypto/dh/dh_gen.c.fips-reqs 2014-05-06 16:22:21.253536145 +0200
-+++ openssl-1.0.1g/crypto/dh/dh_gen.c 2014-05-06 16:22:21.432540283 +0200
-@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
- return 0;
- }
-
-- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
-+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN))
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
- goto err;
-diff -up openssl-1.0.1g/crypto/dh/dh.h.fips-reqs openssl-1.0.1g/crypto/dh/dh.h
---- openssl-1.0.1g/crypto/dh/dh.h.fips-reqs 2014-05-06 16:22:21.253536145 +0200
-+++ openssl-1.0.1g/crypto/dh/dh.h 2014-05-06 16:22:21.432540283 +0200
-@@ -78,6 +78,7 @@
- #endif
-
- #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
-
- #define DH_FLAG_CACHE_MONT_P 0x01
- #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
-diff -up openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1g/crypto/dh/dh_check.c
---- openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/dh/dh_check.c 2014-05-06 16:22:21.432540283 +0200
-@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
- BN_sub_word(q,1);
- if (BN_cmp(pub_key,q)>=0)
- *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
-+#ifdef OPENSSL_FIPS
-+ if (FIPS_mode() && dh->q != NULL)
-+ {
-+ BN_CTX *ctx = NULL;
-
-+ ctx = BN_CTX_new();
-+ if (ctx == NULL)
-+ goto err;
-+
-+ if (BN_mod_exp_mont(q, pub_key, dh->q, dh->p, ctx, NULL) <= 0)
-+ {
-+ BN_CTX_free(ctx);
-+ goto err;
-+ }
-+ if (!BN_is_one(q))
-+ {
-+ /* it would be more correct to add new return flag
-+ * for this test, but we do not want to do it
-+ * so just error out
-+ */
-+ BN_CTX_free(ctx);
-+ goto err;
-+ }
-+
-+ BN_CTX_free(ctx);
-+ }
-+#endif
- ok = 1;
- err:
- if (q != NULL) BN_free(q);
-diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_gen.c
---- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs 2014-05-06 16:22:21.254536168 +0200
-+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c 2014-05-06 16:22:21.432540283 +0200
-@@ -159,7 +159,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
- }
-
- if (FIPS_module_mode() &&
-- (bits != 1024 || qbits != 160) &&
-+ (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024 || qbits != 160) &&
- (bits != 2048 || qbits != 224) &&
- (bits != 2048 || qbits != 256) &&
- (bits != 3072 || qbits != 256))
-diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1g/crypto/dsa/dsa.h
---- openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs 2014-05-06 16:22:21.254536168 +0200
-+++ openssl-1.0.1g/crypto/dsa/dsa.h 2014-05-06 16:22:21.432540283 +0200
-@@ -89,6 +89,7 @@
- #endif
-
- #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024)
-
- #define DSA_FLAG_CACHE_MONT_P 0x01
- #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
-@@ -254,9 +255,9 @@ int DSAparams_print_fp(FILE *fp, const D
- int DSA_print_fp(FILE *bp, const DSA *x, int off);
- #endif
-
--#define DSS_prime_checks 50
--/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
-- * 50 rounds of Rabin-Miller */
-+#define DSS_prime_checks 64
-+/* Primality test according to FIPS PUB 186[-4], Appendix 2.1:
-+ * 64 rounds of Rabin-Miller */
- #define DSA_is_prime(n, callback, cb_arg) \
- BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-
-diff -up openssl-1.0.1g/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_key.c
---- openssl-1.0.1g/crypto/dsa/dsa_key.c.fips-reqs 2014-05-06 16:22:21.427540169 +0200
-+++ openssl-1.0.1g/crypto/dsa/dsa_key.c 2014-05-06 16:22:21.433540307 +0200
-@@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa)
-
- #ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-- && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
-+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN))
- {
- DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
-diff -up openssl-1.0.1g/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_dh_selftest.c.fips-reqs 2014-05-06 16:22:21.433540307 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_dh_selftest.c 2014-05-06 16:22:21.433540307 +0200
-@@ -0,0 +1,162 @@
-+/* ====================================================================
-+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
-+ * Copyright (c) 2013 Red Hat, Inc.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ *
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in
-+ * the documentation and/or other materials provided with the
-+ * distribution.
-+ *
-+ * 3. All advertising materials mentioning features or use of this
-+ * software must display the following acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-+ *
-+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-+ * endorse or promote products derived from this software without
-+ * prior written permission. For written permission, please contact
-+ * openssl-core@openssl.org.
-+ *
-+ * 5. Products derived from this software may not be called "OpenSSL"
-+ * nor may "OpenSSL" appear in their names without prior written
-+ * permission of the OpenSSL Project.
-+ *
-+ * 6. Redistributions of any form whatsoever must retain the following
-+ * acknowledgment:
-+ * "This product includes software developed by the OpenSSL Project
-+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-+ * OF THE POSSIBILITY OF SUCH DAMAGE.
-+ *
-+ */
-+
-+#include <string.h>
-+#include <openssl/crypto.h>
-+#include <openssl/dh.h>
-+#include <openssl/fips.h>
-+#include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <openssl/bn.h>
-+#include "fips_locl.h"
-+
-+#ifdef OPENSSL_FIPS
-+
-+static const unsigned char dh_test_2048_p[] = {
-+ 0xAE,0xEC,0xEE,0x22,0xFA,0x3A,0xA5,0x22,0xC0,0xDE,0x0F,0x09,
-+ 0x7E,0x17,0xC0,0x05,0xF9,0xF1,0xE7,0xC6,0x87,0x14,0x6D,0x11,
-+ 0xE7,0xAE,0xED,0x2F,0x72,0x59,0xC5,0xA9,0x9B,0xB8,0x02,0xA5,
-+ 0xF3,0x69,0x70,0xD6,0xDD,0x90,0xF9,0x19,0x79,0xBE,0x60,0x8F,
-+ 0x25,0x92,0x30,0x1C,0x51,0x51,0x38,0x26,0x82,0x25,0xE6,0xFC,
-+ 0xED,0x65,0x96,0x8F,0x57,0xE5,0x53,0x8B,0x38,0x63,0xC7,0xCE,
-+ 0xBC,0x1B,0x4D,0x18,0x2A,0x5B,0x04,0x3F,0x6A,0x3C,0x94,0x39,
-+ 0xAE,0x36,0xD6,0x5E,0x0F,0xA2,0xCC,0xD0,0xD4,0xD5,0xC6,0x1E,
-+ 0xF6,0xA0,0xF5,0x89,0x4E,0xB4,0x0B,0xA4,0xB3,0x2B,0x3D,0xE2,
-+ 0x4E,0xE1,0x49,0x25,0x99,0x5F,0x32,0x16,0x33,0x32,0x1B,0x7A,
-+ 0xA5,0x5C,0x6B,0x34,0x0D,0x39,0x99,0xDC,0xF0,0x76,0xE5,0x5A,
-+ 0xD4,0x71,0x00,0xED,0x5A,0x73,0xFB,0xC8,0x01,0xAD,0x99,0xCF,
-+ 0x99,0x52,0x7C,0x9C,0x64,0xC6,0x76,0x40,0x57,0xAF,0x59,0xD7,
-+ 0x38,0x0B,0x40,0xDE,0x33,0x0D,0xB8,0x76,0xEC,0xA9,0xD8,0x73,
-+ 0xF8,0xEF,0x26,0x66,0x06,0x27,0xDD,0x7C,0xA4,0x10,0x9C,0xA6,
-+ 0xAA,0xF9,0x53,0x62,0x73,0x1D,0xBA,0x1C,0xF1,0x67,0xF4,0x35,
-+ 0xED,0x6F,0x37,0x92,0xE8,0x4F,0x6C,0xBA,0x52,0x6E,0xA1,0xED,
-+ 0xDA,0x9F,0x85,0x11,0x82,0x52,0x62,0x08,0x44,0xF1,0x30,0x03,
-+ 0xC3,0x38,0x2C,0x79,0xBD,0xD4,0x43,0x45,0xEE,0x8E,0x50,0xFC,
-+ 0x29,0x46,0x9A,0xFE,0x54,0x1A,0x19,0x8F,0x4B,0x84,0x08,0xDE,
-+ 0x20,0x62,0x73,0xCC,0xDD,0x7E,0xF0,0xEF,0xA2,0xFD,0x86,0x58,
-+ 0x4B,0xD8,0x37,0xEB
-+};
-+
-+static const unsigned char dh_test_2048_g[] = {
-+ 0x02
-+};
-+
-+static const unsigned char dh_test_2048_pub_key[] = {
-+ 0xA0,0x39,0x11,0x77,0x9A,0xC1,0x30,0x1F,0xBE,0x48,0xA7,0xAA,
-+ 0xA0,0x84,0x54,0x64,0xAD,0x1B,0x70,0xFA,0x13,0x55,0x63,0xD2,
-+ 0x1F,0x62,0x32,0x93,0x8E,0xC9,0x3E,0x09,0xA7,0x64,0xE4,0x12,
-+ 0x6E,0x1B,0xF2,0x92,0x3B,0xB9,0xCB,0x56,0xEA,0x07,0x88,0xB5,
-+ 0xA6,0xBC,0x16,0x1F,0x27,0xFE,0xD8,0xAA,0x40,0xB2,0xB0,0x2D,
-+ 0x37,0x76,0xA6,0xA4,0x82,0x2C,0x0E,0x22,0x64,0x9D,0xCB,0xD1,
-+ 0x00,0xB7,0x89,0x14,0x72,0x4E,0xBE,0x48,0x41,0xF8,0xB2,0x51,
-+ 0x11,0x09,0x4B,0x22,0x01,0x23,0x39,0x96,0xE0,0x15,0xD7,0x9F,
-+ 0x60,0xD1,0xB7,0xAE,0xFE,0x5F,0xDB,0xE7,0x03,0x17,0x97,0xA6,
-+ 0x16,0x74,0xBD,0x53,0x81,0x19,0xC5,0x47,0x5E,0xCE,0x8D,0xED,
-+ 0x45,0x5D,0x3C,0x00,0xA0,0x0A,0x68,0x6A,0xE0,0x8E,0x06,0x46,
-+ 0x6F,0xD7,0xF9,0xDF,0x31,0x7E,0x77,0x44,0x0D,0x98,0xE0,0xCA,
-+ 0x98,0x09,0x52,0x04,0x90,0xEA,0x6D,0xF4,0x30,0x69,0x8F,0xB1,
-+ 0x9B,0xC1,0x43,0xDB,0xD5,0x8D,0xC8,0x8E,0xB6,0x0B,0x05,0xBE,
-+ 0x0E,0xC5,0x99,0xC8,0x6E,0x4E,0xF3,0xCB,0xC3,0x5E,0x9B,0x53,
-+ 0xF7,0x06,0x1C,0x4F,0xC7,0xB8,0x6E,0x30,0x18,0xCA,0x9B,0xB9,
-+ 0xBC,0x5F,0x17,0x72,0x29,0x5A,0xE5,0xD9,0x96,0xB7,0x0B,0xF3,
-+ 0x2D,0x8C,0xF1,0xE1,0x0E,0x0D,0x74,0xD5,0x9D,0xF0,0x06,0xA9,
-+ 0xB4,0x95,0x63,0x76,0x46,0x55,0x48,0x82,0x39,0x90,0xEF,0x56,
-+ 0x75,0x34,0xB8,0x34,0xC3,0x18,0x6E,0x1E,0xAD,0xE3,0x48,0x7E,
-+ 0x93,0x2C,0x23,0xE7,0xF8,0x90,0x73,0xB1,0x77,0x80,0x67,0xA9,
-+ 0x36,0x9E,0xDA,0xD2
-+};
-+
-+static const unsigned char dh_test_2048_priv_key[] = {
-+ 0x0C,0x4B,0x30,0x89,0xD1,0xB8,0x62,0xCB,0x3C,0x43,0x64,0x91,
-+ 0xF0,0x91,0x54,0x70,0xC5,0x27,0x96,0xE3,0xAC,0xBE,0xE8,0x00,
-+ 0xEC,0x55,0xF6,0xCC
-+};
-+
-+int FIPS_selftest_dh()
-+ {
-+ DH *dh = NULL;
-+ int ret = 0;
-+ void *pub_key = NULL;
-+ int len;
-+
-+ dh = DH_new();
-+
-+ if(dh == NULL)
-+ goto err;
-+
-+ fips_load_key_component(dh, p, dh_test_2048);
-+ fips_load_key_component(dh, g, dh_test_2048);
-+ /* note that the private key is much shorter than normally used
-+ * but still g ** priv_key > p
-+ */
-+ fips_load_key_component(dh, priv_key, dh_test_2048);
-+
-+ if (DH_generate_key(dh) <= 0)
-+ goto err;
-+
-+ len = BN_num_bytes(dh->pub_key);
-+ if ((pub_key = OPENSSL_malloc(len)) == NULL)
-+ goto err;
-+ BN_bn2bin(dh->pub_key, pub_key);
-+
-+ if (len != sizeof(dh_test_2048_pub_key) ||
-+ memcmp(pub_key, dh_test_2048_pub_key, len) != 0)
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (dh)
-+ DH_free(dh);
-+
-+ OPENSSL_free(pub_key);
-+ return ret;
-+ }
-+#endif
-diff -up openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
---- openssl-1.0.1g/crypto/fips/fips_drbg_rand.c.fips-reqs 2014-05-06 16:22:21.263536376 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c 2014-05-06 16:22:21.433540307 +0200
-@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char
- int rv = 0;
- unsigned char *adin = NULL;
- size_t adinlen = 0;
-- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ int locked;
-+ locked = private_RAND_lock(1);
- do
- {
- size_t rcnt;
-@@ -109,7 +110,8 @@ static int fips_drbg_bytes(unsigned char
- while (count);
- rv = 1;
- err:
-- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ if (locked)
-+ private_RAND_lock(0);
- return rv;
- }
-
-@@ -124,35 +126,51 @@ static int fips_drbg_status(void)
- {
- DRBG_CTX *dctx = &ossl_dctx;
- int rv;
-- CRYPTO_r_lock(CRYPTO_LOCK_RAND);
-+ int locked;
-+ locked = private_RAND_lock(1);
- rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
-- CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
-+ if (locked)
-+ private_RAND_lock(0);
- return rv;
- }
-
- static void fips_drbg_cleanup(void)
- {
- DRBG_CTX *dctx = &ossl_dctx;
-- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ int locked;
-+ locked = private_RAND_lock(1);
- FIPS_drbg_uninstantiate(dctx);
-- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ if (locked)
-+ private_RAND_lock(0);
- }
-
- static int fips_drbg_seed(const void *seed, int seedlen)
- {
- DRBG_CTX *dctx = &ossl_dctx;
-+ int locked;
-+ int ret = 1;
-+
-+ locked = private_RAND_lock(1);
- if (dctx->rand_seed_cb)
-- return dctx->rand_seed_cb(dctx, seed, seedlen);
-- return 1;
-+ ret = dctx->rand_seed_cb(dctx, seed, seedlen);
-+ if (locked)
-+ private_RAND_lock(0);
-+ return ret;
- }
-
- static int fips_drbg_add(const void *seed, int seedlen,
- double add_entropy)
- {
- DRBG_CTX *dctx = &ossl_dctx;
-+ int locked;
-+ int ret = 1;
-+
-+ locked = private_RAND_lock(1);
- if (dctx->rand_add_cb)
-- return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
-- return 1;
-+ ret = dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
-+ if (locked)
-+ private_RAND_lock(0);
-+ return ret;
- }
-
- static const RAND_METHOD rand_drbg_meth =
-diff -up openssl-1.0.1g/crypto/fips/fips.h.fips-reqs openssl-1.0.1g/crypto/fips/fips.h
---- openssl-1.0.1g/crypto/fips/fips.h.fips-reqs 2014-05-06 16:22:21.421540031 +0200
-+++ openssl-1.0.1g/crypto/fips/fips.h 2014-05-06 16:22:21.433540307 +0200
-@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
- int FIPS_selftest_dsa(void);
- int FIPS_selftest_ecdsa(void);
- int FIPS_selftest_ecdh(void);
-+int FIPS_selftest_dh(void);
- void FIPS_corrupt_rng(void);
- void FIPS_rng_stick(void);
- void FIPS_x931_stick(int onoff);
-diff -up openssl-1.0.1g/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_post.c
---- openssl-1.0.1g/crypto/fips/fips_post.c.fips-reqs 2014-05-06 16:22:21.420540008 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_post.c 2014-05-06 16:22:21.433540307 +0200
-@@ -99,6 +99,8 @@ int FIPS_selftest(void)
- rv = 0;
- if (!FIPS_selftest_dsa())
- rv = 0;
-+ if (!FIPS_selftest_dh())
-+ rv = 0;
- if (!FIPS_selftest_ecdh())
- rv = 0;
- return rv;
-diff -up openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
---- openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-05-06 16:22:21.267536469 +0200
-+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c 2014-05-06 16:22:21.434540330 +0200
-@@ -60,69 +60,113 @@
- #ifdef OPENSSL_FIPS
-
- static const unsigned char n[] =
--"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
--"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
--"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
--"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
--"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
--"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
--"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
--"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
--"\xCB";
-+"\x00\xc9\xd5\x6d\x9d\x90\xdb\x43\xd6\x02\xed\x96\x88\x13\x8a"
-+"\xb2\xbf\x6e\xa1\x06\x10\xb2\x78\x37\xa7\x14\xa8\xff\xdd\x00"
-+"\xdd\xb4\x93\xa0\x45\xcc\x96\x90\xed\xad\xa9\xdd\xc4\xd6\xca"
-+"\x0c\xf0\xed\x4f\x72\x5e\x21\x49\x9a\x18\x12\x15\x8f\x90\x5a"
-+"\xdb\xb6\x33\x99\xa3\xe6\xb4\xf0\xc4\x97\x21\x26\xbb\xe3\xba"
-+"\xf2\xff\xa0\x72\xda\x89\x63\x8e\x8b\x3e\x08\x9d\x92\x2a\xbe"
-+"\x16\xe1\x43\x15\xfc\x57\xc7\x1f\x09\x11\x67\x1c\xa9\x96\xd1"
-+"\x8b\x3e\x80\x93\xc1\x59\xd0\x6d\x39\xf2\xac\x95\xcc\x10\x75"
-+"\xe9\x31\x24\xd1\x43\xaf\x68\x52\x4b\xe7\x16\xd7\x49\x65\x6f"
-+"\x26\xc0\x86\xad\xc0\x07\x0a\xc1\xe1\x2f\x87\x85\x86\x3b\xdc"
-+"\x5a\x99\xbe\xe9\xf9\xb9\xe9\x82\x27\x51\x04\x15\xab\x06\x0e"
-+"\x76\x5a\x28\x8d\x92\xbd\xc5\xb5\x7b\xa8\xdf\x4e\x47\xa2\xc1"
-+"\xe7\x52\xbf\x47\xf7\x62\xe0\x3a\x6f\x4d\x6a\x4d\x4e\xd4\xb9"
-+"\x59\x69\xfa\xb2\x14\xc1\xee\xe6\x2f\x95\xcd\x94\x72\xae\xe4"
-+"\xdb\x18\x9a\xc4\xcd\x70\xbd\xee\x31\x16\xb7\x49\x65\xac\x40"
-+"\x19\x0e\xb5\x6d\x83\xf1\x36\xbb\x08\x2f\x2e\x4e\x92\x62\xa4"
-+"\xff\x50\xdb\x20\x45\xa2\xeb\x16\x7a\xf2\xd5\x28\xc1\xfd\x4e"
-+"\x03\x71";
-+
-
- static int corrupt_rsa;
-
- static int setrsakey(RSA *key)
- {
-- static const unsigned char e[] = "\x11";
-+ static const unsigned char e[] = "\x01\x00\x01";
-
- static const unsigned char d[] =
--"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
--"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
--"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
--"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
--"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
--"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
--"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
--"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
--"\xC1";
-+"\x36\x27\x3d\xb1\xf9\x1b\xdb\xa7\xa0\x41\x7f\x12\x23\xac\x23"
-+"\x29\x99\xd5\x3a\x7b\x60\x67\x41\x07\x63\x53\xb4\xd2\xe7\x58"
-+"\x95\x0a\xc7\x05\xf3\x4e\xb2\xb4\x12\xd4\x70\xdc\x4f\x85\x06"
-+"\xd3\xdd\xd8\x63\x27\x3e\x67\x31\x21\x24\x39\x04\xbc\x06\xa4"
-+"\xcc\xce\x2b\x7a\xfe\x7b\xad\xde\x11\x6e\xa3\xa5\xe6\x04\x53"
-+"\x0e\xa3\x4e\x2d\xb4\x8f\x31\xbf\xca\x75\x25\x52\x02\x85\xde"
-+"\x3d\xb2\x72\x43\xb2\x89\x8a\x9a\x34\x41\x26\x3f\x9a\x67\xbe"
-+"\xa4\x96\x7b\x0e\x75\xba\xa6\x93\xd5\xb8\xd8\xb8\x57\xf2\x4b"
-+"\x0f\x14\x81\xd1\x57\x4e\xf6\x45\x4c\xa6\x3b\xd0\x70\xca\xd3"
-+"\x9d\x55\xde\x22\x05\xe7\x8e\x28\x4d\xee\x11\xcf\xb6\x67\x76"
-+"\x09\xd3\xe3\x3c\x13\xf9\x99\x34\x10\x7b\xec\x81\x38\xf0\xb6"
-+"\x34\x9c\x9b\x50\x6f\x0b\x91\x81\x4d\x89\x94\x04\x7b\xf0\x3c"
-+"\xf4\xb1\xb2\x00\x48\x8d\x5a\x8f\x88\x9e\xc5\xab\x3a\x9e\x44"
-+"\x3f\x54\xe7\xd9\x6e\x47\xaa\xa1\xbd\x40\x46\x31\xf9\xf0\x34"
-+"\xb6\x04\xe1\x2b\x5b\x73\x86\xdd\x3a\x92\x1b\x71\xc7\x3f\x32"
-+"\xe5\xc3\xc2\xab\xa1\x7e\xbf\xa4\x52\xa0\xb0\x68\x90\xd1\x20"
-+"\x12\x79\xe9\xd7\xc9\x40\xba\xf2\x19\xc7\xa5\x00\x92\x86\x0d"
-+"\x01";
-
- static const unsigned char p[] =
--"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
--"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
--"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
--"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
--"\x99";
-+"\x00\xfc\x5c\x6e\x16\xce\x1f\x03\x7b\xcd\xf7\xb3\x72\xb2\x8f"
-+"\x16\x72\xb8\x56\xae\xf7\xcd\x67\xd8\x4e\x7d\x07\xaf\xd5\x43"
-+"\x26\xc3\x35\xbe\x43\x8f\x4e\x2f\x1c\x43\x4e\x6b\xd2\xb2\xec"
-+"\x52\x6d\x97\x52\x2b\xcc\x5c\x3a\x6b\xf4\x14\xc6\x74\xda\x66"
-+"\x38\x1c\x7a\x3f\x84\x2f\xe3\xf9\x5a\xb8\x65\x69\x46\x06\xa3"
-+"\x37\x79\xb2\xa1\x5b\x58\xed\x5e\xa7\x5f\x8c\x65\x66\xbb\xd1"
-+"\x24\x36\xe6\x37\xa7\x3d\x49\x77\x8a\x8c\x34\xd8\x69\x29\xf3"
-+"\x4d\x58\x22\xb0\x51\x24\xb6\x40\xa8\x86\x59\x0a\xb7\xba\x5c"
-+"\x97\xda\x57\xe8\x36\xda\x7a\x9c\xad";
-
- static const unsigned char q[] =
--"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
--"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
--"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
--"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
--"\x03";
-+"\x00\xcc\xbe\x7b\x09\x69\x06\xee\x45\xbf\x88\x47\x38\xa8\xf8"
-+"\x17\xe5\xb6\xba\x67\x55\xe3\xe8\x05\x8b\xb8\xe2\x53\xd6\x8e"
-+"\xef\x2c\xe7\x4f\x4a\xf7\x4e\x26\x8d\x85\x0b\x3f\xec\xc3\x1c"
-+"\xd4\xeb\xec\x6a\xc8\x72\x2a\x25\x7d\xfd\xa6\x77\x96\xf0\x1e"
-+"\xcd\x28\x57\xf8\x37\x30\x75\x6b\xbd\xd4\x7b\x0c\x87\xc5\x6c"
-+"\x87\x40\xa5\xbb\x27\x2c\x78\xc9\x74\x5a\x54\x5b\x0b\x30\x6f"
-+"\x44\x4a\xfa\x71\xe4\x21\x61\x66\xf9\xee\x65\xde\x7c\x04\xd7"
-+"\xfd\xa9\x15\x5b\x7f\xe2\x7a\xba\x69\x86\x72\xa6\x06\x8d\x9b"
-+"\x90\x55\x60\x9e\x4c\x5d\xa9\xb6\x55";
-+
-
- static const unsigned char dmp1[] =
--"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
--"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
--"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
--"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
-+"\x7a\xd6\x12\xd0\x0e\xec\x91\xa9\x85\x8b\xf8\x50\xf0\x11\x2e"
-+"\x00\x11\x32\x40\x60\x66\x1f\x11\xee\xc2\x75\x27\x65\x4b\x16"
-+"\x67\x16\x95\xd2\x14\xc3\x1d\xb3\x48\x1f\xb7\xe4\x0b\x2b\x74"
-+"\xc3\xdb\x50\x27\xf9\x85\x3a\xfa\xa9\x08\x23\xc1\x65\x3d\x34"
-+"\x3a\xc8\x56\x7a\x65\x45\x36\x6e\xae\x2a\xce\x9f\x43\x43\xd7"
-+"\x10\xe9\x9e\x18\xf4\xa4\x35\xda\x8a\x6b\xb0\x3f\xdd\x53\xe3"
-+"\xa8\xc5\x4e\x79\x9d\x1f\x51\x8c\xa2\xca\x66\x3c\x6a\x2a\xff"
-+"\x8e\xd2\xf3\xb7\xcb\x82\xda\xde\x2c\xe6\xd2\x8c\xb3\xad\xb6"
-+"\x4c\x95\x55\x76\xbd\xc9\xc8\xd1";
-+
-
- static const unsigned char dmq1[] =
--"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
--"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
--"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
--"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
--
-+"\x00\x83\x23\x1d\xbb\x11\x42\x17\x2b\x25\x5a\x2c\x03\xe6\x75"
-+"\xc1\x18\xa8\xc9\x0b\x96\xbf\xba\xc4\x92\x91\x80\xa5\x22\x2f"
-+"\xba\x91\x90\x36\x01\x56\x15\x00\x2c\x74\xa2\x97\xf7\x15\xa1"
-+"\x49\xdf\x32\x35\xd2\xdd\x0c\x91\xa6\xf8\xe7\xbe\x81\x36\x9b"
-+"\x03\xdc\x6b\x3b\xd8\x5d\x79\x57\xe0\xe6\x4f\x49\xdf\x4c\x5c"
-+"\x0e\xe5\x21\x41\x95\xfd\xad\xff\x9a\x3e\xa0\xf9\x0f\x59\x9e"
-+"\x6a\xa7\x7b\x71\xa7\x24\x9a\x36\x52\xae\x97\x20\xc1\x5e\x78"
-+"\xd9\x47\x8b\x1e\x67\xf2\xaf\x98\xe6\x2d\xef\x10\xd7\xf1\xab"
-+"\x49\xee\xe5\x4b\x7e\xae\x1f\x1d\x61";
-+
-+
- static const unsigned char iqmp[] =
--"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
--"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
--"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
--"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
--"\xF7";
-+"\x23\x96\xc1\x91\x17\x5e\x0a\x83\xd2\xdc\x7b\x69\xb2\x59\x1d"
-+"\x33\x58\x52\x3f\x18\xc7\x09\x50\x1c\xb9\xa1\xbb\x4c\xa2\x38"
-+"\x40\x4c\x9a\x8e\xfe\x9c\x90\x92\xd0\x71\x9f\x89\x99\x50\x91"
-+"\x1f\x34\x8b\x74\x53\x11\x11\x4a\x70\xe2\xf7\x30\xd8\x8c\x80"
-+"\xe1\xcc\x9f\xf1\x63\x17\x1a\x7d\x67\x29\x4c\xcb\x4e\x74\x7b"
-+"\xe0\x3e\x9e\x2f\xf4\x67\x8f\xec\xb9\x5c\x00\x1e\x7e\xa2\x7b"
-+"\x92\xc9\x6f\x4c\xe4\x0e\xf9\x48\x63\xcd\x50\x22\x5d\xbf\xb6"
-+"\x9d\x01\x33\x6a\xf4\x50\xbe\x86\x98\x4f\xca\x3f\x3a\xfa\xcf"
-+"\x07\x40\xc4\xaa\xad\xae\xbe\xbf";
-
- key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
- if (corrupt_rsa)
-- BN_set_bit(key->n, 1024);
-+ BN_set_bit(key->n, 2048);
- key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
- key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
- key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
-@@ -145,201 +189,391 @@ void FIPS_corrupt_rsa()
- static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
-
- static const unsigned char kat_RSA_PSS_SHA1[] = {
-- 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
-- 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
-- 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
-- 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
-- 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
-- 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
-- 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
-- 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
-- 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
-- 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
-- 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
-+ 0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3,
-+ 0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B,
-+ 0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84,
-+ 0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B,
-+ 0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9,
-+ 0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19,
-+ 0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98,
-+ 0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5,
-+ 0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4,
-+ 0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A,
-+ 0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70,
-+ 0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1,
-+ 0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C,
-+ 0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF,
-+ 0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99,
-+ 0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45,
-+ 0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF,
-+ 0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F,
-+ 0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01,
-+ 0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC,
-+ 0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05,
-+ 0xCE, 0x08, 0x1D, 0x89
- };
-
- static const unsigned char kat_RSA_PSS_SHA224[] = {
-- 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
-- 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
-- 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
-- 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
-- 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
-- 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
-- 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
-- 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
-- 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
-- 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
-- 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
-+ 0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA,
-+ 0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3,
-+ 0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3,
-+ 0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3,
-+ 0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7,
-+ 0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53,
-+ 0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A,
-+ 0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE,
-+ 0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06,
-+ 0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08,
-+ 0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D,
-+ 0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07,
-+ 0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70,
-+ 0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64,
-+ 0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17,
-+ 0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69,
-+ 0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97,
-+ 0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D,
-+ 0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5,
-+ 0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B,
-+ 0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD,
-+ 0x2D, 0x84, 0x03, 0xB7
- };
-
- static const unsigned char kat_RSA_PSS_SHA256[] = {
-- 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
-- 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
-- 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
-- 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
-- 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
-- 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
-- 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
-- 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
-- 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
-- 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
-- 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
-+ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19,
-+ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9,
-+ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB,
-+ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9,
-+ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16,
-+ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33,
-+ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49,
-+ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67,
-+ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B,
-+ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B,
-+ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6,
-+ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60,
-+ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6,
-+ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF,
-+ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23,
-+ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73,
-+ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56,
-+ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97,
-+ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50,
-+ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68,
-+ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62,
-+ 0x2B, 0x31, 0xB9, 0x7D
- };
-
- static const unsigned char kat_RSA_PSS_SHA384[] = {
-- 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
-- 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
-- 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
-- 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
-- 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
-- 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
-- 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
-- 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
-- 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
-- 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
-- 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
-+ 0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D,
-+ 0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03,
-+ 0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27,
-+ 0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC,
-+ 0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1,
-+ 0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6,
-+ 0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA,
-+ 0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB,
-+ 0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3,
-+ 0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5,
-+ 0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70,
-+ 0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E,
-+ 0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C,
-+ 0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0,
-+ 0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62,
-+ 0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07,
-+ 0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88,
-+ 0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7,
-+ 0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5,
-+ 0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D,
-+ 0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF,
-+ 0x90, 0xD2, 0xA6, 0x2B
- };
-
- static const unsigned char kat_RSA_PSS_SHA512[] = {
-- 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
-- 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
-- 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
-- 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
-- 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
-- 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
-- 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
-- 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
-- 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
-- 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
-- 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
-+ 0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32,
-+ 0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06,
-+ 0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D,
-+ 0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B,
-+ 0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D,
-+ 0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44,
-+ 0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B,
-+ 0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D,
-+ 0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD,
-+ 0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C,
-+ 0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1,
-+ 0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A,
-+ 0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE,
-+ 0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D,
-+ 0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F,
-+ 0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF,
-+ 0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F,
-+ 0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94,
-+ 0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE,
-+ 0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A,
-+ 0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0,
-+ 0x17, 0x2C, 0x13, 0xE0
- };
-
- static const unsigned char kat_RSA_SHA1[] = {
-- 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
-- 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
-- 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
-- 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
-- 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
-- 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
-- 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
-- 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
-- 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
-- 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
-- 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
-+ 0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA,
-+ 0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C,
-+ 0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE,
-+ 0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94,
-+ 0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08,
-+ 0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC,
-+ 0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0,
-+ 0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54,
-+ 0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F,
-+ 0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A,
-+ 0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF,
-+ 0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD,
-+ 0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8,
-+ 0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5,
-+ 0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F,
-+ 0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF,
-+ 0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60,
-+ 0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9,
-+ 0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC,
-+ 0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37,
-+ 0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF,
-+ 0x27, 0x90, 0xE2, 0x01
- };
-
- static const unsigned char kat_RSA_SHA224[] = {
-- 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
-- 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
-- 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
-- 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
-- 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
-- 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
-- 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
-- 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
-- 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
-- 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
-- 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
-+ 0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86,
-+ 0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8,
-+ 0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89,
-+ 0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39,
-+ 0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3,
-+ 0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E,
-+ 0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8,
-+ 0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4,
-+ 0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66,
-+ 0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6,
-+ 0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC,
-+ 0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9,
-+ 0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53,
-+ 0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA,
-+ 0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45,
-+ 0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC,
-+ 0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33,
-+ 0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5,
-+ 0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8,
-+ 0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83,
-+ 0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B,
-+ 0xDB, 0x70, 0x00, 0xF6
- };
-
- static const unsigned char kat_RSA_SHA256[] = {
-- 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
-- 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
-- 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
-- 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
-- 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
-- 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
-- 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
-- 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
-- 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
-- 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
-- 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
-+ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9,
-+ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF,
-+ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F,
-+ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06,
-+ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF,
-+ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2,
-+ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8,
-+ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5,
-+ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE,
-+ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6,
-+ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D,
-+ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42,
-+ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4,
-+ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E,
-+ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A,
-+ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91,
-+ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB,
-+ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65,
-+ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E,
-+ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B,
-+ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D,
-+ 0x47, 0x9D, 0x18, 0xD7
- };
-
- static const unsigned char kat_RSA_SHA384[] = {
-- 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
-- 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
-- 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
-- 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
-- 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
-- 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
-- 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
-- 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
-- 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
-- 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
-- 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
-+ 0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00,
-+ 0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D,
-+ 0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2,
-+ 0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B,
-+ 0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF,
-+ 0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1,
-+ 0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C,
-+ 0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E,
-+ 0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76,
-+ 0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4,
-+ 0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9,
-+ 0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4,
-+ 0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56,
-+ 0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39,
-+ 0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00,
-+ 0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F,
-+ 0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D,
-+ 0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26,
-+ 0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9,
-+ 0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD,
-+ 0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4,
-+ 0x7E, 0x37, 0x1D, 0x96
- };
-
- static const unsigned char kat_RSA_SHA512[] = {
-- 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
-- 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
-- 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
-- 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
-- 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
-- 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
-- 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
-- 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
-- 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
-- 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
-- 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
-+ 0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3,
-+ 0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F,
-+ 0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02,
-+ 0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B,
-+ 0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3,
-+ 0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1,
-+ 0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79,
-+ 0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1,
-+ 0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E,
-+ 0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1,
-+ 0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED,
-+ 0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE,
-+ 0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69,
-+ 0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2,
-+ 0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F,
-+ 0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3,
-+ 0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B,
-+ 0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86,
-+ 0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F,
-+ 0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A,
-+ 0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E,
-+ 0x43, 0xA8, 0x34, 0x0A
- };
-
- static const unsigned char kat_RSA_X931_SHA1[] = {
-- 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
-- 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
-- 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
-- 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
-- 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
-- 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
-- 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
-- 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
-- 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
-- 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
-- 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
-+ 0xB1, 0x0E, 0x4F, 0xC6, 0xE0, 0x95, 0x85, 0x7B, 0xBE, 0xDE, 0xC4, 0xE6,
-+ 0x1F, 0x12, 0x2E, 0x9B, 0x3E, 0x11, 0xA3, 0xF0, 0xF0, 0xA8, 0x23, 0x1A,
-+ 0x96, 0x6E, 0x99, 0xB5, 0x5F, 0x82, 0xC5, 0x87, 0x75, 0xE9, 0xD4, 0xBF,
-+ 0x9F, 0xE0, 0xA4, 0xED, 0xC7, 0x01, 0x2A, 0x3F, 0x6F, 0x43, 0x1D, 0x4F,
-+ 0xE8, 0x05, 0x34, 0x32, 0x20, 0x36, 0x94, 0xA0, 0x6D, 0xCC, 0xF6, 0x41,
-+ 0x49, 0x56, 0x96, 0xEC, 0x9C, 0x7C, 0xD1, 0x0E, 0x9E, 0xD8, 0x1B, 0x48,
-+ 0xD9, 0xDF, 0x99, 0x9F, 0x92, 0x17, 0x96, 0xA4, 0xF1, 0x87, 0x64, 0x61,
-+ 0x3C, 0xAF, 0x00, 0x24, 0xB3, 0x64, 0x88, 0x8E, 0x41, 0xBF, 0x29, 0x1F,
-+ 0xA3, 0x28, 0xAD, 0x21, 0x1E, 0xA3, 0x96, 0x40, 0x0A, 0x0B, 0x82, 0xCD,
-+ 0x97, 0x58, 0x33, 0xB6, 0x52, 0xAC, 0xC5, 0x3B, 0x14, 0xE7, 0x1E, 0x5D,
-+ 0x09, 0xC9, 0x76, 0xB5, 0x89, 0xC6, 0x9B, 0x4C, 0xC2, 0xC2, 0x31, 0x0E,
-+ 0xBA, 0x1E, 0xB5, 0x11, 0xD0, 0xFD, 0xC1, 0xDA, 0x64, 0x17, 0xA8, 0xCB,
-+ 0xF0, 0x94, 0xF4, 0xDD, 0x84, 0xB7, 0xEF, 0x9C, 0x13, 0x4F, 0xDD, 0x06,
-+ 0x0C, 0xE4, 0xC7, 0xFD, 0x69, 0x10, 0x20, 0xD3, 0x93, 0x5E, 0xF8, 0xBA,
-+ 0x21, 0xFB, 0x62, 0xC4, 0x63, 0x76, 0x43, 0xAA, 0x7E, 0x3C, 0x56, 0x5E,
-+ 0xB4, 0x47, 0x3A, 0x05, 0x0D, 0xBB, 0x13, 0xC4, 0x93, 0xFB, 0x29, 0xA8,
-+ 0x3E, 0x76, 0x41, 0x54, 0x9E, 0x7B, 0xE2, 0xE0, 0x07, 0x1D, 0xA7, 0x9C,
-+ 0x85, 0x11, 0xB5, 0xA5, 0x88, 0x58, 0x02, 0xD8, 0xC0, 0x4B, 0x81, 0xBF,
-+ 0x2B, 0x38, 0xE2, 0x2F, 0x42, 0xCA, 0x63, 0x8A, 0x0A, 0x78, 0xBA, 0x50,
-+ 0xE5, 0x84, 0x35, 0xD3, 0x6A, 0x1E, 0x96, 0x0B, 0x91, 0xB1, 0x0E, 0x85,
-+ 0xA8, 0x5C, 0x6E, 0x46, 0x5C, 0x61, 0x8C, 0x4F, 0x5B, 0x61, 0xB6, 0x3C,
-+ 0xB7, 0x2C, 0xA5, 0x1A
- };
-
- static const unsigned char kat_RSA_X931_SHA256[] = {
-- 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
-- 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
-- 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
-- 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
-- 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
-- 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
-- 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
-- 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
-- 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
-- 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
-- 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
-+ 0xC6, 0x6C, 0x01, 0x7F, 0xB6, 0x8C, 0xD4, 0x61, 0x83, 0xC5, 0xBC, 0x75,
-+ 0x39, 0x22, 0xDD, 0x17, 0x5B, 0x95, 0x4B, 0x4C, 0x46, 0x39, 0x37, 0xA7,
-+ 0x54, 0x6C, 0x49, 0x5A, 0x67, 0x90, 0x47, 0xF6, 0x59, 0xAE, 0xFC, 0xDD,
-+ 0xDF, 0xDB, 0xC7, 0x91, 0xB9, 0xB6, 0xCE, 0xD8, 0xFA, 0x30, 0x01, 0x9F,
-+ 0xCA, 0xE5, 0x4A, 0x51, 0xB7, 0xBE, 0xBD, 0x4E, 0x56, 0x25, 0x0B, 0x49,
-+ 0xE0, 0x46, 0xBB, 0x81, 0x0E, 0x14, 0x47, 0xFF, 0xCB, 0xBB, 0xA1, 0x6D,
-+ 0x44, 0x9B, 0xF7, 0xEE, 0x81, 0xEB, 0xF6, 0x62, 0xEA, 0x0D, 0x76, 0x76,
-+ 0x4E, 0x25, 0xD7, 0x9A, 0x2B, 0xB1, 0x92, 0xED, 0x5C, 0x7F, 0x9D, 0x99,
-+ 0x07, 0x9E, 0xBF, 0x62, 0x83, 0x12, 0x61, 0x99, 0x3E, 0xF5, 0x6A, 0x4C,
-+ 0x58, 0xB0, 0x2A, 0x15, 0x1C, 0xA0, 0xD2, 0x91, 0x87, 0x9C, 0x7D, 0x4F,
-+ 0xEF, 0x3B, 0x0F, 0x60, 0xD7, 0x1E, 0xEF, 0x7C, 0xBE, 0x68, 0x95, 0xE6,
-+ 0xBA, 0xFA, 0xF6, 0xD1, 0x67, 0x3D, 0x9D, 0x39, 0xAE, 0xC2, 0x85, 0xD2,
-+ 0xDE, 0xA5, 0x85, 0x1E, 0x4D, 0x2B, 0x2C, 0x06, 0x44, 0x98, 0x17, 0x46,
-+ 0x89, 0x41, 0x13, 0xFC, 0x99, 0xD6, 0x6C, 0xCF, 0x26, 0xA2, 0x77, 0x8A,
-+ 0x3F, 0x10, 0xF8, 0xC5, 0xC9, 0x4A, 0xB6, 0x93, 0xF5, 0x38, 0x89, 0xBD,
-+ 0xFF, 0xAE, 0x42, 0x06, 0x2D, 0xCD, 0x1B, 0x3D, 0x5A, 0xCD, 0xF2, 0x8A,
-+ 0x65, 0xA4, 0xB7, 0xB6, 0xF6, 0x5B, 0xE8, 0xA4, 0x68, 0xB4, 0x27, 0xDA,
-+ 0xF1, 0x59, 0x37, 0x24, 0x18, 0xB5, 0x5B, 0x15, 0x62, 0x64, 0x6F, 0x78,
-+ 0xBB, 0x17, 0x94, 0x42, 0xAD, 0xB3, 0x0D, 0x18, 0xB0, 0x1B, 0x28, 0x29,
-+ 0x3B, 0x15, 0xBF, 0xD1, 0xC8, 0x28, 0x4F, 0xDF, 0x7F, 0x34, 0x49, 0x2A,
-+ 0x44, 0xD5, 0x4C, 0x59, 0x90, 0x83, 0x8D, 0xFC, 0x58, 0x7E, 0xEC, 0x4B,
-+ 0x54, 0xF0, 0xB5, 0xBD
- };
-
- static const unsigned char kat_RSA_X931_SHA384[] = {
-- 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
-- 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
-- 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
-- 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
-- 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
-- 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
-- 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
-- 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
-- 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
-- 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
-- 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
-+ 0x88, 0x85, 0xE1, 0xC1, 0xE2, 0xE5, 0x0B, 0x6C, 0x03, 0x27, 0xAC, 0xC8,
-+ 0x3A, 0x72, 0xB4, 0x9A, 0xF3, 0xAE, 0x9C, 0x88, 0x8C, 0xBE, 0x28, 0x0D,
-+ 0x89, 0x5F, 0x06, 0x0F, 0x5F, 0x08, 0xE3, 0x9C, 0xF9, 0x28, 0x4F, 0xBB,
-+ 0x24, 0xDD, 0x21, 0x4C, 0x44, 0x96, 0x50, 0xB5, 0xD4, 0x8E, 0x13, 0x60,
-+ 0x7C, 0xCB, 0xD9, 0x5E, 0x7C, 0xB6, 0xAD, 0xA5, 0x6A, 0x41, 0x04, 0xA7,
-+ 0x8E, 0xF0, 0x39, 0x08, 0x7E, 0x18, 0x91, 0xF9, 0x46, 0x97, 0xEF, 0xF2,
-+ 0x14, 0xB2, 0x01, 0xFD, 0xB2, 0x2B, 0x3A, 0xF8, 0x4A, 0x59, 0xD1, 0x36,
-+ 0x1A, 0x7D, 0x2D, 0xB9, 0xC6, 0x7F, 0xDE, 0x62, 0xB6, 0x56, 0xBA, 0xFA,
-+ 0x5A, 0xA1, 0x5B, 0x8C, 0x5F, 0x98, 0xEC, 0xF8, 0x93, 0x13, 0x11, 0x42,
-+ 0xEE, 0xC4, 0x6C, 0x4A, 0x87, 0x4E, 0x98, 0x22, 0xB6, 0xBB, 0xB0, 0x3A,
-+ 0x70, 0xA9, 0xCC, 0xBC, 0x31, 0x27, 0xE7, 0xBC, 0xCA, 0xEC, 0x52, 0x81,
-+ 0x76, 0x9A, 0x3F, 0x18, 0xC1, 0x1C, 0x4A, 0xC7, 0x56, 0xE3, 0xF0, 0x6F,
-+ 0x36, 0xBB, 0x9B, 0xF9, 0x43, 0x90, 0xBE, 0x79, 0x59, 0x63, 0x1C, 0xFE,
-+ 0xB6, 0x46, 0x8B, 0xBA, 0xBD, 0xAA, 0x28, 0x71, 0x9B, 0xD6, 0xDD, 0x05,
-+ 0x00, 0x3B, 0xBC, 0x2D, 0x48, 0xE7, 0x6E, 0x6E, 0x42, 0x95, 0x27, 0xAE,
-+ 0x93, 0x92, 0x6D, 0x59, 0x47, 0x10, 0x59, 0xAC, 0xDD, 0x95, 0x29, 0xC3,
-+ 0x1B, 0x86, 0x67, 0x12, 0x98, 0x48, 0x10, 0xA6, 0x90, 0xA3, 0x59, 0x9D,
-+ 0x10, 0x4E, 0xEA, 0xD8, 0xCB, 0xE3, 0x81, 0xBA, 0xA1, 0x52, 0x55, 0x78,
-+ 0xFF, 0x95, 0x40, 0xE0, 0xAE, 0x93, 0x38, 0x5D, 0x21, 0x13, 0x8A, 0xFC,
-+ 0x72, 0xC7, 0xFB, 0x70, 0x1C, 0xEE, 0x5D, 0xB0, 0xE5, 0xFA, 0x44, 0x86,
-+ 0x67, 0x97, 0x66, 0x64, 0xA4, 0x1E, 0xF8, 0x3A, 0x16, 0xF8, 0xC9, 0xE0,
-+ 0x09, 0xF3, 0x61, 0x4F
- };
-
- static const unsigned char kat_RSA_X931_SHA512[] = {
-- 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
-- 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
-- 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
-- 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
-- 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
-- 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
-- 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
-- 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
-- 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
-- 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
-- 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
-+ 0xC9, 0x2B, 0x6D, 0x50, 0xBB, 0xD8, 0x0B, 0x35, 0xE8, 0x78, 0xF5, 0xFC,
-+ 0xBB, 0x6A, 0xB4, 0x32, 0x63, 0x9C, 0x75, 0x19, 0x1D, 0xFB, 0x68, 0xC0,
-+ 0xFC, 0x34, 0xCE, 0x09, 0xFD, 0xF4, 0x33, 0x42, 0x70, 0x24, 0x57, 0xBC,
-+ 0xB3, 0xBD, 0x24, 0x33, 0x9E, 0x4B, 0x00, 0xCE, 0x15, 0xB3, 0x27, 0xC6,
-+ 0x39, 0x7C, 0xC1, 0x28, 0x75, 0xFE, 0x7B, 0x76, 0x4F, 0xFB, 0x60, 0xA0,
-+ 0x30, 0xBF, 0x74, 0x2C, 0x9D, 0xE4, 0xC8, 0x03, 0xA8, 0xDE, 0xB9, 0x2A,
-+ 0xD9, 0x23, 0x24, 0xDC, 0xEE, 0xF0, 0xC1, 0x8B, 0x4D, 0x12, 0x4A, 0x41,
-+ 0x33, 0x3B, 0x23, 0xFE, 0xDD, 0xE9, 0xE8, 0x55, 0x2B, 0x3E, 0xA4, 0x1B,
-+ 0x95, 0x21, 0x2A, 0xEF, 0x84, 0x2E, 0x13, 0x3D, 0x97, 0x7C, 0x08, 0x86,
-+ 0xB1, 0x60, 0xA4, 0xB9, 0xC4, 0x5A, 0x5B, 0x2D, 0x3F, 0xD7, 0x0D, 0xB2,
-+ 0x41, 0x72, 0x7A, 0x7F, 0xA3, 0x12, 0xB0, 0xAD, 0x80, 0x2E, 0xD6, 0xD3,
-+ 0x8A, 0x71, 0x72, 0x67, 0x94, 0x6F, 0x51, 0x05, 0x39, 0xFD, 0xBE, 0x91,
-+ 0xDE, 0x1D, 0x65, 0xE4, 0xA7, 0xA6, 0x0F, 0xA5, 0x08, 0x1F, 0xFC, 0x53,
-+ 0x48, 0x7B, 0xB8, 0xCE, 0x79, 0xDA, 0xDC, 0x18, 0xD1, 0xD3, 0x8A, 0x73,
-+ 0xCE, 0x5A, 0x62, 0x1E, 0x33, 0xD0, 0x21, 0x9C, 0xF9, 0xDE, 0x9E, 0x7E,
-+ 0x4D, 0x0E, 0x24, 0x30, 0x94, 0xB8, 0xDC, 0x8B, 0x57, 0x7E, 0x3B, 0xC6,
-+ 0xD7, 0x0F, 0xFC, 0xA6, 0x1F, 0xEB, 0xAF, 0x19, 0xD0, 0xFF, 0x3D, 0x63,
-+ 0x03, 0x1D, 0xAB, 0x11, 0x0C, 0xAD, 0x45, 0x46, 0x67, 0x76, 0xC8, 0x26,
-+ 0xD4, 0xD4, 0x70, 0x1F, 0xDF, 0xEB, 0xE5, 0x7D, 0x75, 0xD8, 0x3B, 0x52,
-+ 0x6C, 0xE7, 0x23, 0xCB, 0xB9, 0x1B, 0xA4, 0x2E, 0x5B, 0xEC, 0xB4, 0xB6,
-+ 0xB6, 0x2D, 0x0B, 0x60, 0xE3, 0x7B, 0x05, 0xE8, 0x1E, 0xAD, 0xC7, 0xE7,
-+ 0xBE, 0xF4, 0x71, 0xAE
- };
-
-+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen)
-+ {
-+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
-+ int ret = 0;
-+ int len;
-+
-+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ctbuf)
-+ goto err;
-+
-+ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len <= 0)
-+ goto err;
-+ /* Check ciphertext doesn't match plaintext */
-+ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
-+ goto err;
-+
-+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
-+ if (!ptbuf)
-+ goto err;
-+
-+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
-+ if (len != ptlen)
-+ goto err;
-+ if (memcmp(ptbuf, plaintext, len))
-+ goto err;
-+
-+ ret = 1;
-+
-+ err:
-+ if (ctbuf)
-+ OPENSSL_free(ctbuf);
-+ if (ptbuf)
-+ OPENSSL_free(ptbuf);
-+ return ret;
-+ }
-
- int FIPS_selftest_rsa()
- {
-@@ -353,7 +587,7 @@ int FIPS_selftest_rsa()
- if ((pk=EVP_PKEY_new()) == NULL)
- goto err;
-
-- EVP_PKEY_assign_RSA(pk, key);
-+ EVP_PKEY_set1_RSA(pk, key);
-
- if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
-@@ -430,13 +664,15 @@ int FIPS_selftest_rsa()
- "RSA SHA512 X931"))
- goto err;
-
-+ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
-+ goto err;
-
- ret = 1;
-
- err:
- if (pk)
- EVP_PKEY_free(pk);
-- else if (key)
-+ if (key)
- RSA_free(key);
- return ret;
- }
-diff -up openssl-1.0.1g/crypto/fips/Makefile.fips-reqs openssl-1.0.1g/crypto/fips/Makefile
---- openssl-1.0.1g/crypto/fips/Makefile.fips-reqs 2014-05-06 16:22:21.420540008 +0200
-+++ openssl-1.0.1g/crypto/fips/Makefile 2014-05-06 16:22:21.434540330 +0200
-@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
- fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
- fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
- fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
-- fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
-+ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \
-+ fips_dh_selftest.c
-
- LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
- fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
- fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
- fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
-- fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
-+ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \
-+ fips_dh_selftest.o
-
- LIBCRYPTO=-L.. -lcrypto
-
-diff -up openssl-1.0.1g/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1g/crypto/modes/gcm128.c
---- openssl-1.0.1g/crypto/modes/gcm128.c.fips-reqs 2014-04-06 17:55:01.000000000 +0200
-+++ openssl-1.0.1g/crypto/modes/gcm128.c 2014-05-06 16:22:21.434540330 +0200
-@@ -906,6 +906,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
- # endif
- #endif
-
-+ ctx->totlen += len;
-+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
-+ return -1;
-+
- #if 0
- n = (unsigned int)mlen%16; /* alternative to ctx->mres */
- #endif
-@@ -1269,6 +1273,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
- # endif
- #endif
-
-+ ctx->totlen += len;
-+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
-+ return -1;
-+
- mlen += len;
- if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
- return -1;
-diff -up openssl-1.0.1g/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1g/crypto/modes/modes_lcl.h
---- openssl-1.0.1g/crypto/modes/modes_lcl.h.fips-reqs 2014-05-06 16:22:20.903528054 +0200
-+++ openssl-1.0.1g/crypto/modes/modes_lcl.h 2014-05-06 16:22:21.435540353 +0200
-@@ -112,6 +112,7 @@ struct gcm128_context {
- unsigned int mres, ares;
- block128_f block;
- void *key;
-+ u64 totlen;
- };
-
- struct xts128_context {
-diff -up openssl-1.0.1g/crypto/rand/md_rand.c.fips-reqs openssl-1.0.1g/crypto/rand/md_rand.c
---- openssl-1.0.1g/crypto/rand/md_rand.c.fips-reqs 2014-05-06 16:22:21.269536515 +0200
-+++ openssl-1.0.1g/crypto/rand/md_rand.c 2014-05-06 16:26:53.776836535 +0200
-@@ -143,12 +143,6 @@ static long md_count[2]={0,0};
- static double entropy=0;
- static int initialized=0;
-
--static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
-- * holds CRYPTO_LOCK_RAND
-- * (to prevent double locking) */
--/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
--static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
--
-
- #ifdef PREDICT
- int rand_predictable=0;
-@@ -196,7 +190,7 @@ static void ssleay_rand_add(const void *
- long md_c[2];
- unsigned char local_md[MD_DIGEST_LENGTH];
- EVP_MD_CTX m;
-- int do_not_lock;
-+ int locked;
-
- if (!num)
- return;
-@@ -216,19 +210,8 @@ static void ssleay_rand_add(const void *
- * hash function.
- */
-
-- /* check if we already have the lock */
-- if (crypto_lock_rand)
-- {
-- CRYPTO_THREADID cur;
-- CRYPTO_THREADID_current(&cur);
-- CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-- }
-- else
-- do_not_lock = 0;
-+ locked = private_RAND_lock(1);
-
-- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- st_idx=state_index;
-
- /* use our own copies of the counters so that even
-@@ -260,7 +243,8 @@ static void ssleay_rand_add(const void *
-
- md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-
-- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ if (locked)
-+ private_RAND_lock(0);
-
- EVP_MD_CTX_init(&m);
- for (i=0; i<num; i+=MD_DIGEST_LENGTH)
-@@ -311,7 +295,7 @@ static void ssleay_rand_add(const void *
- }
- EVP_MD_CTX_cleanup(&m);
-
-- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ locked = private_RAND_lock(1);
- /* Don't just copy back local_md into md -- this could mean that
- * other thread's seeding remains without effect (except for
- * the incremented counter). By XORing it we keep at least as
-@@ -322,7 +306,8 @@ static void ssleay_rand_add(const void *
- }
- if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
- entropy += add;
-- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ if (locked)
-+ private_RAND_lock(0);
-
- #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
- assert(md_c[1] == md_count[1]);
-@@ -347,6 +332,7 @@ static int ssleay_rand_bytes(unsigned ch
- pid_t curr_pid = getpid();
- #endif
- int do_stir_pool = 0;
-+ int locked;
-
- #ifdef PREDICT
- if (rand_predictable)
-@@ -383,17 +369,8 @@ static int ssleay_rand_bytes(unsigned ch
- * are fed into the hash function and the results are kept in the
- * global 'md'.
- */
--#ifdef OPENSSL_FIPS
-- /* NB: in FIPS mode we are already under a lock */
-- if (!FIPS_mode())
--#endif
-- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-- CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-- CRYPTO_THREADID_current(&locking_threadid);
-- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-- crypto_lock_rand = 1;
-+ locked = private_RAND_lock(1);
-
- /* always poll for external entropy in FIPS mode, drbg provides the
- * expansion
-@@ -467,12 +444,8 @@ static int ssleay_rand_bytes(unsigned ch
-
- md_count[0] += 1;
-
-- /* before unlocking, we must clear 'crypto_lock_rand' */
-- crypto_lock_rand = 0;
--#ifdef OPENSSL_FIPS
-- if (!FIPS_mode())
--#endif
-- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ if (locked)
-+ private_RAND_lock(0);
-
- while (num > 0)
- {
-@@ -524,16 +497,11 @@ static int ssleay_rand_bytes(unsigned ch
- MD_Init(&m);
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
--#ifdef OPENSSL_FIPS
-- if (!FIPS_mode())
--#endif
-- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ locked = private_RAND_lock(1);
- MD_Update(&m,md,MD_DIGEST_LENGTH);
- MD_Final(&m,md);
--#ifdef OPENSSL_FIPS
-- if (!FIPS_mode())
--#endif
-- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ if (locked)
-+ private_RAND_lock(0);
-
- EVP_MD_CTX_cleanup(&m);
- if (ok)
-@@ -563,32 +531,10 @@ static int ssleay_rand_pseudo_bytes(unsi
-
- static int ssleay_rand_status(void)
- {
-- CRYPTO_THREADID cur;
- int ret;
-- int do_not_lock;
-+ int locked;
-
-- CRYPTO_THREADID_current(&cur);
-- /* check if we already have the lock
-- * (could happen if a RAND_poll() implementation calls RAND_status()) */
-- if (crypto_lock_rand)
-- {
-- CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-- do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-- }
-- else
-- do_not_lock = 0;
--
-- if (!do_not_lock)
-- {
-- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
--
-- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-- CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-- CRYPTO_THREADID_cpy(&locking_threadid, &cur);
-- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-- crypto_lock_rand = 1;
-- }
-+ locked = private_RAND_lock(1);
-
- if (!initialized)
- {
-@@ -598,13 +544,8 @@ static int ssleay_rand_status(void)
-
- ret = entropy >= ENTROPY_NEEDED;
-
-- if (!do_not_lock)
-- {
-- /* before unlocking, we must clear 'crypto_lock_rand' */
-- crypto_lock_rand = 0;
--
-- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-- }
-+ if (locked)
-+ private_RAND_lock(0);
-
- return ret;
- }
-diff -up openssl-1.0.1g/crypto/rand/rand.h.fips-reqs openssl-1.0.1g/crypto/rand/rand.h
---- openssl-1.0.1g/crypto/rand/rand.h.fips-reqs 2014-05-06 16:22:21.269536515 +0200
-+++ openssl-1.0.1g/crypto/rand/rand.h 2014-05-06 16:22:21.435540353 +0200
-@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i
- int RAND_init_fips(void);
- #endif
-
-+int private_RAND_lock(int lock);
-+
- /* BEGIN ERROR CODES */
- /* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
-diff -up openssl-1.0.1g/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1g/crypto/rand/rand_lcl.h
---- openssl-1.0.1g/crypto/rand/rand_lcl.h.fips-reqs 2014-05-06 16:22:21.021530782 +0200
-+++ openssl-1.0.1g/crypto/rand/rand_lcl.h 2014-05-06 16:22:21.435540353 +0200
-@@ -112,7 +112,7 @@
- #ifndef HEADER_RAND_LCL_H
- #define HEADER_RAND_LCL_H
-
--#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
-+#define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */
-
-
- #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-diff -up openssl-1.0.1g/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1g/crypto/rand/rand_lib.c
---- openssl-1.0.1g/crypto/rand/rand_lib.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/crypto/rand/rand_lib.c 2014-05-06 16:22:21.435540353 +0200
-@@ -181,6 +181,41 @@ int RAND_status(void)
- return 0;
- }
-
-+int private_RAND_lock(int lock)
-+ {
-+ static int crypto_lock_rand;
-+ static CRYPTO_THREADID locking_threadid;
-+ int do_lock;
-+
-+ if (!lock)
-+ {
-+ crypto_lock_rand = 0;
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-+ return 0;
-+ }
-+
-+ /* check if we already have the lock */
-+ if (crypto_lock_rand)
-+ {
-+ CRYPTO_THREADID cur;
-+ CRYPTO_THREADID_current(&cur);
-+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-+ do_lock = !!CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-+ }
-+ else
-+ do_lock = 1;
-+ if (do_lock)
-+ {
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-+ crypto_lock_rand = 1;
-+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-+ CRYPTO_THREADID_current(&locking_threadid);
-+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-+ }
-+ return do_lock;
-+ }
-+
- #ifdef OPENSSL_FIPS
-
- /* FIPS DRBG initialisation code. This sets up the DRBG for use by the
-@@ -239,12 +274,16 @@ static int drbg_rand_add(DRBG_CTX *ctx,
- double entropy)
- {
- RAND_SSLeay()->add(in, inlen, entropy);
-+ if (FIPS_rand_status())
-+ FIPS_drbg_reseed(ctx, NULL, 0);
- return 1;
- }
-
- static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
- {
- RAND_SSLeay()->seed(in, inlen);
-+ if (FIPS_rand_status())
-+ FIPS_drbg_reseed(ctx, NULL, 0);
- return 1;
- }
-
-diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa/rsa_gen.c
---- openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs 2014-05-06 16:22:21.270536538 +0200
-+++ openssl-1.0.1g/crypto/rsa/rsa_gen.c 2014-05-06 16:22:21.436540376 +0200
-@@ -1,5 +1,6 @@
- /* crypto/rsa/rsa_gen.c */
- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
-+ * Copyright (C) 2013 Red Hat, Inc.
- * All rights reserved.
- *
- * This package is an SSL implementation written
-@@ -165,6 +166,222 @@ int RSA_generate_key_ex(RSA *rsa, int bi
- return rsa_builtin_keygen(rsa, bits, e_value, cb);
- }
-
-+#ifdef OPENSSL_FIPS
-+static int FIPS_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-+ {
-+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
-+ BIGNUM local_r0, local_d, local_p;
-+ BIGNUM *pr0, *d, *p;
-+ BN_CTX *ctx = NULL;
-+ int ok = -1;
-+ int i;
-+ int n = 0;
-+ int test = 0;
-+ int pbits = bits/2;
-+
-+ if(FIPS_selftest_failed())
-+ {
-+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
-+ return 0;
-+ }
-+
-+ if ((pbits & 0xFF) || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048 && bits != 3072))
-+ {
-+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+
-+ ctx = BN_CTX_new();
-+ if (ctx == NULL) goto err;
-+ BN_CTX_start(ctx);
-+ r0 = BN_CTX_get(ctx);
-+ r1 = BN_CTX_get(ctx);
-+ r2 = BN_CTX_get(ctx);
-+ r3 = BN_CTX_get(ctx);
-+
-+ if (r3 == NULL) goto err;
-+
-+ /* We need the RSA components non-NULL */
-+ if (!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-+ if (!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-+ if (!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-+ if (!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-+ if (!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-+ if (!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-+ if (!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-+ if (!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-+
-+ if (!BN_set_word(r0, RSA_F4)) goto err;
-+ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256)
-+ {
-+ ok = 0; /* we set our own err */
-+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_BAD_E_VALUE);
-+ goto err;
-+ }
-+
-+ /* prepare approximate minimum p and q */
-+ if (!BN_set_word(r0, 0xB504F334)) goto err;
-+ if (!BN_lshift(r0, r0, pbits - 32)) goto err;
-+
-+ /* prepare minimum p and q difference */
-+ if (!BN_one(r3)) goto err;
-+ if (!BN_lshift(r3, r3, pbits - 100)) goto err;
-+
-+ BN_copy(rsa->e, e_value);
-+
-+ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
-+ test = 1;
-+
-+ /* generate p and q */
-+ for (i = 0; i < 5 * pbits; i++)
-+ {
-+ ploop:
-+ if (!test)
-+ if (!BN_rand(rsa->p, pbits, 0, 1)) goto err;
-+ if (BN_cmp(rsa->p, r0) < 0)
-+ {
-+ if (test) goto err;
-+ goto ploop;
-+ }
-+
-+ if (!BN_sub(r2, rsa->p, BN_value_one())) goto err;
-+ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
-+ if (BN_is_one(r1))
-+ {
-+ int r;
-+ r = BN_is_prime_fasttest_ex(rsa->p, pbits>1024?4:5, ctx, 0, cb);
-+ if (r == -1 || (test && r <= 0)) goto err;
-+ if (r > 0) break;
-+ }
-+
-+ if(!BN_GENCB_call(cb, 2, n++))
-+ goto err;
-+ }
-+
-+ if(!BN_GENCB_call(cb, 3, 0))
-+ goto err;
-+
-+ if(i >= 5*pbits)
-+ /* prime not found */
-+ goto err;
-+
-+ for (i = 0; i < 5 * pbits; i++)
-+ {
-+ qloop:
-+ if (!test)
-+ if (!BN_rand(rsa->q, pbits, 0, 1)) goto err;
-+ if (BN_cmp(rsa->q, r0) < 0)
-+ {
-+ if (test) goto err;
-+ goto qloop;
-+ }
-+ if (!BN_sub(r2, rsa->q, rsa->p)) goto err;
-+ if (BN_ucmp(r2, r3) <= 0)
-+ {
-+ if (test) goto err;
-+ goto qloop;
-+ }
-+
-+ if (!BN_sub(r2, rsa->q, BN_value_one())) goto err;
-+ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
-+ if (BN_is_one(r1))
-+ {
-+ int r;
-+ r = BN_is_prime_fasttest_ex(rsa->q, pbits>1024?4:5, ctx, 0, cb);
-+ if (r == -1 || (test && r <= 0)) goto err;
-+ if (r > 0) break;
-+ }
-+
-+ if(!BN_GENCB_call(cb, 2, n++))
-+ goto err;
-+ }
-+
-+ if(!BN_GENCB_call(cb, 3, 1))
-+ goto err;
-+
-+ if(i >= 5*pbits)
-+ /* prime not found */
-+ goto err;
-+
-+ if (test)
-+ {
-+ /* do not try to calculate the remaining key values */
-+ BN_clear(rsa->n);
-+ ok = 1;
-+ goto err;
-+ }
-+
-+ if (BN_cmp(rsa->p,rsa->q) < 0)
-+ {
-+ tmp=rsa->p;
-+ rsa->p=rsa->q;
-+ rsa->q=tmp;
-+ }
-+
-+ /* calculate n */
-+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
-+
-+ /* calculate d */
-+ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
-+ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
-+ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
-+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-+ {
-+ pr0 = &local_r0;
-+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-+ }
-+ else
-+ pr0 = r0;
-+ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
-+
-+ /* set up d for correct BN_FLG_CONSTTIME flag */
-+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-+ {
-+ d = &local_d;
-+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-+ }
-+ else
-+ d = rsa->d;
-+
-+ /* calculate d mod (p-1) */
-+ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
-+
-+ /* calculate d mod (q-1) */
-+ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
-+
-+ /* calculate inverse of q mod p */
-+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-+ {
-+ p = &local_p;
-+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-+ }
-+ else
-+ p = rsa->p;
-+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-+
-+ if (fips_rsa_pairwise_fail)
-+ BN_add_word(rsa->n, 1);
-+
-+ if(!fips_check_rsa(rsa))
-+ goto err;
-+
-+ ok=1;
-+err:
-+ if (ok == -1)
-+ {
-+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
-+ ok = 0;
-+ }
-+ if (ctx != NULL)
-+ {
-+ BN_CTX_end(ctx);
-+ BN_CTX_free(ctx);
-+ }
-+
-+ return ok;
-+ }
-+#endif
-+
- static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
- {
- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-@@ -176,17 +393,12 @@ static int rsa_builtin_keygen(RSA *rsa,
- #ifdef OPENSSL_FIPS
- if (FIPS_module_mode())
- {
-- if(FIPS_selftest_failed())
-- {
-- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
-- return 0;
-- }
--
- if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
- {
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
- return 0;
- }
-+ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
- }
- #endif
-
-@@ -301,17 +520,6 @@ static int rsa_builtin_keygen(RSA *rsa,
- p = rsa->p;
- if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-
--#ifdef OPENSSL_FIPS
-- if (FIPS_module_mode())
-- {
-- if (fips_rsa_pairwise_fail)
-- BN_add_word(rsa->n, 1);
--
-- if(!fips_check_rsa(rsa))
-- goto err;
-- }
--#endif
--
- ok=1;
- err:
- if (ok == -1)
-diff -up openssl-1.0.1g/ssl/t1_enc.c.fips-reqs openssl-1.0.1g/ssl/t1_enc.c
---- openssl-1.0.1g/ssl/t1_enc.c.fips-reqs 2014-03-17 17:14:20.000000000 +0100
-+++ openssl-1.0.1g/ssl/t1_enc.c 2014-05-06 16:22:21.436540376 +0200
-@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
- err:
- return ret;
- }
-+
-+int private_tls1_PRF(long digest_mask,
-+ const void *seed1, int seed1_len,
-+ const void *seed2, int seed2_len,
-+ const void *seed3, int seed3_len,
-+ const void *seed4, int seed4_len,
-+ const void *seed5, int seed5_len,
-+ const unsigned char *sec, int slen,
-+ unsigned char *out1,
-+ unsigned char *out2, int olen)
-+ {
-+ return tls1_PRF(digest_mask,
-+ seed1, seed1_len,
-+ seed2, seed2_len,
-+ seed3, seed3_len,
-+ seed4, seed4_len,
-+ seed5, seed5_len,
-+ sec, slen,
-+ out1, out2, olen);
-+ }
-+
- static int tls1_generate_key_block(SSL *s, unsigned char *km,
- unsigned char *tmp, int num)
- {
diff --git a/openssl-1.0.1h-disable-sslv2v3.patch b/openssl-1.0.1h-disable-sslv2v3.patch
index 83afda0..7a028aa 100644
--- a/openssl-1.0.1h-disable-sslv2v3.patch
+++ b/openssl-1.0.1h-disable-sslv2v3.patch
@@ -5,8 +5,8 @@ diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
-+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
++ /* Disable SSLv2 by default (affects the SSLv23_method() only) */
++ ret->options |= SSL_OP_NO_SSLv2;
+
return(ret);
err:
diff --git a/openssl-1.0.1h-manfix.patch b/openssl-1.0.1h-manfix.patch
deleted file mode 100644
index 836f58f..0000000
--- a/openssl-1.0.1h-manfix.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-diff -up openssl-1.0.1h/doc/apps/ec.pod.manfix openssl-1.0.1h/doc/apps/ec.pod
---- openssl-1.0.1h/doc/apps/ec.pod.manfix 2014-06-05 11:41:31.000000000 +0200
-+++ openssl-1.0.1h/doc/apps/ec.pod 2014-06-05 14:41:11.501274915 +0200
-@@ -93,10 +93,6 @@ prints out the public, private key compo
-
- this option prevents output of the encoded version of the key.
-
--=item B<-modulus>
--
--this option prints out the value of the public key component of the key.
--
- =item B<-pubin>
-
- by default a private key is read from the input file: with this option a
-diff -up openssl-1.0.1h/doc/apps/openssl.pod.manfix openssl-1.0.1h/doc/apps/openssl.pod
---- openssl-1.0.1h/doc/apps/openssl.pod.manfix 2014-06-05 11:41:31.000000000 +0200
-+++ openssl-1.0.1h/doc/apps/openssl.pod 2014-06-05 14:41:11.501274915 +0200
-@@ -163,7 +163,7 @@ Create or examine a netscape certificate
-
- Online Certificate Status Protocol utility.
-
--=item L<B<passwd>|passwd(1)>
-+=item L<B<passwd>|sslpasswd(1)>
-
- Generation of hashed passwords.
-
-@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
-
- Public key algorithm cryptographic operation utility.
-
--=item L<B<rand>|rand(1)>
-+=item L<B<rand>|sslrand(1)>
-
- Generate pseudo-random bytes.
-
-@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
- L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
- L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
- L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
--L<passwd(1)|passwd(1)>,
-+L<sslpasswd(1)|sslpasswd(1)>,
- L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
--L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
-+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
- L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
- L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
- L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
-diff -up openssl-1.0.1h/doc/apps/s_client.pod.manfix openssl-1.0.1h/doc/apps/s_client.pod
---- openssl-1.0.1h/doc/apps/s_client.pod.manfix 2014-06-05 14:41:11.445273605 +0200
-+++ openssl-1.0.1h/doc/apps/s_client.pod 2014-06-05 14:41:11.501274915 +0200
-@@ -33,9 +33,14 @@ B<openssl> B<s_client>
- [B<-ssl2>]
- [B<-ssl3>]
- [B<-tls1>]
-+[B<-tls1_1>]
-+[B<-tls1_2>]
-+[B<-dtls1>]
- [B<-no_ssl2>]
- [B<-no_ssl3>]
- [B<-no_tls1>]
-+[B<-no_tls1_1>]
-+[B<-no_tls1_2>]
- [B<-bugs>]
- [B<-cipher cipherlist>]
- [B<-starttls protocol>]
-@@ -45,6 +50,7 @@ B<openssl> B<s_client>
- [B<-sess_out filename>]
- [B<-sess_in filename>]
- [B<-rand file(s)>]
-+[B<-nextprotoneg protocols>]
-
- =head1 DESCRIPTION
-
-@@ -188,7 +194,7 @@ Use the PSK key B<key> when using a PSK
- given as a hexadecimal number without leading 0x, for example -psk
- 1a2b3c4d.
-
--=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-
- these options disable the use of certain SSL or TLS protocols. By default
- the initial handshake uses a method which should be compatible with all
-@@ -249,6 +255,17 @@ Multiple files can be specified separate
- The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
- all others.
-
-+=item B<-nextprotoneg protocols>
-+
-+enable Next Protocol Negotiation TLS extension and provide a list of
-+comma-separated protocol names that the client should advertise
-+support for. The list should contain most wanted protocols first.
-+Protocol names are printable ASCII strings, for example "http/1.1" or
-+"spdy/3".
-+Empty list of protocols is treated specially and will cause the client to
-+advertise support for the TLS extension but disconnect just after
-+reciving ServerHello with a list of server supported protocols.
-+
- =back
-
- =head1 CONNECTED COMMANDS
-diff -up openssl-1.0.1h/doc/apps/s_server.pod.manfix openssl-1.0.1h/doc/apps/s_server.pod
---- openssl-1.0.1h/doc/apps/s_server.pod.manfix 2014-06-05 11:41:31.000000000 +0200
-+++ openssl-1.0.1h/doc/apps/s_server.pod 2014-06-05 14:41:11.502274939 +0200
-@@ -55,6 +55,7 @@ B<openssl> B<s_server>
- [B<-no_ticket>]
- [B<-id_prefix arg>]
- [B<-rand file(s)>]
-+[B<-nextprotoneg protocols>]
-
- =head1 DESCRIPTION
-
-@@ -207,7 +208,7 @@ Use the PSK key B<key> when using a PSK
- given as a hexadecimal number without leading 0x, for example -psk
- 1a2b3c4d.
-
--=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
-
- these options disable the use of certain SSL or TLS protocols. By default
- the initial handshake uses a method which should be compatible with all
-@@ -282,6 +283,14 @@ Multiple files can be specified separate
- The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
- all others.
-
-+=item B<-nextprotoneg protocols>
-+
-+enable Next Protocol Negotiation TLS extension and provide a
-+comma-separated list of supported protocol names.
-+The list should contain most wanted protocols first.
-+Protocol names are printable ASCII strings, for example "http/1.1" or
-+"spdy/3".
-+
- =back
-
- =head1 CONNECTED COMMANDS
diff --git a/openssl-1.0.1h-session-resumption.patch b/openssl-1.0.1h-session-resumption.patch
deleted file mode 100644
index 1d0626f..0000000
--- a/openssl-1.0.1h-session-resumption.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up openssl-1.0.1h/ssl/s3_clnt.c.resumption openssl-1.0.1h/ssl/s3_clnt.c
---- openssl-1.0.1h/ssl/s3_clnt.c.resumption 2014-06-05 11:44:33.000000000 +0200
-+++ openssl-1.0.1h/ssl/s3_clnt.c 2014-06-10 16:35:12.895096670 +0200
-@@ -901,6 +901,7 @@ int ssl3_get_server_hello(SSL *s)
- {
- s->session->cipher = pref_cipher ?
- pref_cipher : ssl_get_cipher_by_char(s, p+j);
-+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
- }
- }
- #endif /* OPENSSL_NO_TLSEXT */
diff --git a/openssl-1.0.1i-algo-doc.patch b/openssl-1.0.1i-algo-doc.patch
new file mode 100644
index 0000000..a19877d
--- /dev/null
+++ b/openssl-1.0.1i-algo-doc.patch
@@ -0,0 +1,77 @@
+diff -up openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod
+--- openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/crypto/EVP_DigestInit.pod 2014-08-07 11:18:01.290773970 +0200
+@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
+
+ EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+ B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
++function. B<type> will typically be supplied by a function such as EVP_sha1().
+ If B<impl> is NULL then the default implementation of digest B<type> is used.
+
+ EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+@@ -164,7 +164,8 @@ corresponding OBJECT IDENTIFIER or NID_u
+ EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
+ EVP_MD_CTX_block_size() return the digest or block size in bytes.
+
+-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
++EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
++EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
+ EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+ corresponding EVP_MD structures.
+
+diff -up openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod
+--- openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod.algo-doc 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/crypto/EVP_EncryptInit.pod 2014-08-07 10:55:25.100638252 +0200
+@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
++ const EVP_CIPHER *EVP_des_ede3(void);
++ const EVP_CIPHER *EVP_des_ede3_ecb(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb64(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb1(void);
++ const EVP_CIPHER *EVP_des_ede3_cfb8(void);
++ const EVP_CIPHER *EVP_des_ede3_ofb(void);
++ const EVP_CIPHER *EVP_des_ede3_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_ecb(void);
++ const EVP_CIPHER *EVP_aes_128_cbc(void);
++ const EVP_CIPHER *EVP_aes_128_cfb1(void);
++ const EVP_CIPHER *EVP_aes_128_cfb8(void);
++ const EVP_CIPHER *EVP_aes_128_cfb128(void);
++ const EVP_CIPHER *EVP_aes_128_ofb(void);
++ const EVP_CIPHER *EVP_aes_192_ecb(void);
++ const EVP_CIPHER *EVP_aes_192_cbc(void);
++ const EVP_CIPHER *EVP_aes_192_cfb1(void);
++ const EVP_CIPHER *EVP_aes_192_cfb8(void);
++ const EVP_CIPHER *EVP_aes_192_cfb128(void);
++ const EVP_CIPHER *EVP_aes_192_ofb(void);
++ const EVP_CIPHER *EVP_aes_256_ecb(void);
++ const EVP_CIPHER *EVP_aes_256_cbc(void);
++ const EVP_CIPHER *EVP_aes_256_cfb1(void);
++ const EVP_CIPHER *EVP_aes_256_cfb8(void);
++ const EVP_CIPHER *EVP_aes_256_cfb128(void);
++ const EVP_CIPHER *EVP_aes_256_ofb(void);
++
+ =head1 DESCRIPTION
+
+ The EVP cipher routines are a high level interface to certain
+@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
+
+ DESX algorithm in CBC mode.
+
++=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
++
++AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
++
++AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
++=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
++
++AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
++
+ =item EVP_rc4(void)
+
+ RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
diff --git a/openssl-1.0.1i-manfix.patch b/openssl-1.0.1i-manfix.patch
new file mode 100644
index 0000000..f2f8be7
--- /dev/null
+++ b/openssl-1.0.1i-manfix.patch
@@ -0,0 +1,86 @@
+diff -up openssl-1.0.1i/doc/apps/ec.pod.manfix openssl-1.0.1i/doc/apps/ec.pod
+--- openssl-1.0.1i/doc/apps/ec.pod.manfix 2014-07-22 21:41:23.000000000 +0200
++++ openssl-1.0.1i/doc/apps/ec.pod 2014-08-07 11:21:57.258887741 +0200
+@@ -93,10 +93,6 @@ prints out the public, private key compo
+
+ this option prevents output of the encoded version of the key.
+
+-=item B<-modulus>
+-
+-this option prints out the value of the public key component of the key.
+-
+ =item B<-pubin>
+
+ by default a private key is read from the input file: with this option a
+diff -up openssl-1.0.1i/doc/apps/openssl.pod.manfix openssl-1.0.1i/doc/apps/openssl.pod
+--- openssl-1.0.1i/doc/apps/openssl.pod.manfix 2014-07-22 21:43:11.000000000 +0200
++++ openssl-1.0.1i/doc/apps/openssl.pod 2014-08-07 11:21:57.259887746 +0200
+@@ -163,7 +163,7 @@ Create or examine a netscape certificate
+
+ Online Certificate Status Protocol utility.
+
+-=item L<B<passwd>|passwd(1)>
++=item L<B<passwd>|sslpasswd(1)>
+
+ Generation of hashed passwords.
+
+@@ -187,7 +187,7 @@ Public key algorithm parameter managemen
+
+ Public key algorithm cryptographic operation utility.
+
+-=item L<B<rand>|rand(1)>
++=item L<B<rand>|sslrand(1)>
+
+ Generate pseudo-random bytes.
+
+@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc
+ L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+ L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>,
+ L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+-L<passwd(1)|passwd(1)>,
++L<sslpasswd(1)|sslpasswd(1)>,
+ L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
++L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
+ L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
+ L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+diff -up openssl-1.0.1i/doc/apps/s_client.pod.manfix openssl-1.0.1i/doc/apps/s_client.pod
+--- openssl-1.0.1i/doc/apps/s_client.pod.manfix 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 11:24:28.736604443 +0200
+@@ -34,9 +34,14 @@ B<openssl> B<s_client>
+ [B<-ssl2>]
+ [B<-ssl3>]
+ [B<-tls1>]
++[B<-tls1_1>]
++[B<-tls1_2>]
++[B<-dtls1>]
+ [B<-no_ssl2>]
+ [B<-no_ssl3>]
+ [B<-no_tls1>]
++[B<-no_tls1_1>]
++[B<-no_tls1_2>]
+ [B<-bugs>]
+ [B<-cipher cipherlist>]
+ [B<-serverpref>]
+@@ -196,7 +201,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
+diff -up openssl-1.0.1i/doc/apps/s_server.pod.manfix openssl-1.0.1i/doc/apps/s_server.pod
+--- openssl-1.0.1i/doc/apps/s_server.pod.manfix 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 11:21:57.259887746 +0200
+@@ -216,7 +216,7 @@ Use the PSK key B<key> when using a PSK
+ given as a hexadecimal number without leading 0x, for example -psk
+ 1a2b3c4d.
+
+-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
++=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+
+ these options disable the use of certain SSL or TLS protocols. By default
+ the initial handshake uses a method which should be compatible with all
diff --git a/openssl-1.0.1i-new-fips-reqs.patch b/openssl-1.0.1i-new-fips-reqs.patch
new file mode 100644
index 0000000..b577177
--- /dev/null
+++ b/openssl-1.0.1i-new-fips-reqs.patch
@@ -0,0 +1,1447 @@
+diff -up openssl-1.0.1i/crypto/bn/bn_rand.c.fips-reqs openssl-1.0.1i/crypto/bn/bn_rand.c
+--- openssl-1.0.1i/crypto/bn/bn_rand.c.fips-reqs 2014-07-22 21:43:11.000000000 +0200
++++ openssl-1.0.1i/crypto/bn/bn_rand.c 2014-08-07 11:25:28.835889145 +0200
+@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
+ goto err;
+ }
+
+- /* make a random number and set the top and bottom bits */
+- time(&tim);
+- RAND_add(&tim,sizeof(tim),0.0);
++ if (!FIPS_mode()) /* in FIPS mode the RNG is always properly seeded or the module fails */
++ {
++ /* make a random number and set the top and bottom bits */
++ time(&tim);
++ RAND_add(&tim,sizeof(tim),0.0);
++ }
+
+ if (pseudorand)
+ {
+diff -up openssl-1.0.1i/crypto/dh/dh_gen.c.fips-reqs openssl-1.0.1i/crypto/dh/dh_gen.c
+--- openssl-1.0.1i/crypto/dh/dh_gen.c.fips-reqs 2014-08-07 11:25:28.586887965 +0200
++++ openssl-1.0.1i/crypto/dh/dh_gen.c 2014-08-07 11:25:28.835889145 +0200
+@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
+ return 0;
+ }
+
+- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
++ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN))
+ {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+diff -up openssl-1.0.1i/crypto/dh/dh.h.fips-reqs openssl-1.0.1i/crypto/dh/dh.h
+--- openssl-1.0.1i/crypto/dh/dh.h.fips-reqs 2014-08-07 11:25:28.586887965 +0200
++++ openssl-1.0.1i/crypto/dh/dh.h 2014-08-07 11:25:28.836889150 +0200
+@@ -78,6 +78,7 @@
+ #endif
+
+ #define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
++#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
+
+ #define DH_FLAG_CACHE_MONT_P 0x01
+ #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+diff -up openssl-1.0.1i/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1i/crypto/dh/dh_check.c
+--- openssl-1.0.1i/crypto/dh/dh_check.c.fips-reqs 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/crypto/dh/dh_check.c 2014-08-07 11:25:28.836889150 +0200
+@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
+ BN_sub_word(q,1);
+ if (BN_cmp(pub_key,q)>=0)
+ *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
++#ifdef OPENSSL_FIPS
++ if (FIPS_mode() && dh->q != NULL)
++ {
++ BN_CTX *ctx = NULL;
+
++ ctx = BN_CTX_new();
++ if (ctx == NULL)
++ goto err;
++
++ if (BN_mod_exp_mont(q, pub_key, dh->q, dh->p, ctx, NULL) <= 0)
++ {
++ BN_CTX_free(ctx);
++ goto err;
++ }
++ if (!BN_is_one(q))
++ {
++ /* it would be more correct to add new return flag
++ * for this test, but we do not want to do it
++ * so just error out
++ */
++ BN_CTX_free(ctx);
++ goto err;
++ }
++
++ BN_CTX_free(ctx);
++ }
++#endif
+ ok = 1;
+ err:
+ if (q != NULL) BN_free(q);
+diff -up openssl-1.0.1i/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1i/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1i/crypto/dsa/dsa_gen.c.fips-reqs 2014-08-07 11:25:28.587887969 +0200
++++ openssl-1.0.1i/crypto/dsa/dsa_gen.c 2014-08-07 11:25:28.836889150 +0200
+@@ -159,7 +159,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
+ }
+
+ if (FIPS_module_mode() &&
+- (bits != 1024 || qbits != 160) &&
++ (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024 || qbits != 160) &&
+ (bits != 2048 || qbits != 224) &&
+ (bits != 2048 || qbits != 256) &&
+ (bits != 3072 || qbits != 256))
+diff -up openssl-1.0.1i/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1i/crypto/dsa/dsa.h
+--- openssl-1.0.1i/crypto/dsa/dsa.h.fips-reqs 2014-08-07 11:25:28.588887974 +0200
++++ openssl-1.0.1i/crypto/dsa/dsa.h 2014-08-07 11:25:28.837889154 +0200
+@@ -89,6 +89,7 @@
+ #endif
+
+ #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
++#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024)
+
+ #define DSA_FLAG_CACHE_MONT_P 0x01
+ #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
+@@ -254,9 +255,9 @@ int DSAparams_print_fp(FILE *fp, const D
+ int DSA_print_fp(FILE *bp, const DSA *x, int off);
+ #endif
+
+-#define DSS_prime_checks 50
+-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
+- * 50 rounds of Rabin-Miller */
++#define DSS_prime_checks 64
++/* Primality test according to FIPS PUB 186[-4], Appendix 2.1:
++ * 64 rounds of Rabin-Miller */
+ #define DSA_is_prime(n, callback, cb_arg) \
+ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+diff -up openssl-1.0.1i/crypto/dsa/dsa_key.c.fips-reqs openssl-1.0.1i/crypto/dsa/dsa_key.c
+--- openssl-1.0.1i/crypto/dsa/dsa_key.c.fips-reqs 2014-08-07 11:25:28.833889135 +0200
++++ openssl-1.0.1i/crypto/dsa/dsa_key.c 2014-08-07 11:25:28.837889154 +0200
+@@ -127,7 +127,7 @@ static int dsa_builtin_keygen(DSA *dsa)
+
+ #ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
+- && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
++ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN))
+ {
+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+diff -up openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_dh_selftest.c
+--- openssl-1.0.1i/crypto/fips/fips_dh_selftest.c.fips-reqs 2014-08-07 11:25:28.837889154 +0200
++++ openssl-1.0.1i/crypto/fips/fips_dh_selftest.c 2014-08-07 11:25:28.837889154 +0200
+@@ -0,0 +1,162 @@
++/* ====================================================================
++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 2013 Red Hat, Inc.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++#include <string.h>
++#include <openssl/crypto.h>
++#include <openssl/dh.h>
++#include <openssl/fips.h>
++#include <openssl/err.h>
++#include <openssl/evp.h>
++#include <openssl/bn.h>
++#include "fips_locl.h"
++
++#ifdef OPENSSL_FIPS
++
++static const unsigned char dh_test_2048_p[] = {
++ 0xAE,0xEC,0xEE,0x22,0xFA,0x3A,0xA5,0x22,0xC0,0xDE,0x0F,0x09,
++ 0x7E,0x17,0xC0,0x05,0xF9,0xF1,0xE7,0xC6,0x87,0x14,0x6D,0x11,
++ 0xE7,0xAE,0xED,0x2F,0x72,0x59,0xC5,0xA9,0x9B,0xB8,0x02,0xA5,
++ 0xF3,0x69,0x70,0xD6,0xDD,0x90,0xF9,0x19,0x79,0xBE,0x60,0x8F,
++ 0x25,0x92,0x30,0x1C,0x51,0x51,0x38,0x26,0x82,0x25,0xE6,0xFC,
++ 0xED,0x65,0x96,0x8F,0x57,0xE5,0x53,0x8B,0x38,0x63,0xC7,0xCE,
++ 0xBC,0x1B,0x4D,0x18,0x2A,0x5B,0x04,0x3F,0x6A,0x3C,0x94,0x39,
++ 0xAE,0x36,0xD6,0x5E,0x0F,0xA2,0xCC,0xD0,0xD4,0xD5,0xC6,0x1E,
++ 0xF6,0xA0,0xF5,0x89,0x4E,0xB4,0x0B,0xA4,0xB3,0x2B,0x3D,0xE2,
++ 0x4E,0xE1,0x49,0x25,0x99,0x5F,0x32,0x16,0x33,0x32,0x1B,0x7A,
++ 0xA5,0x5C,0x6B,0x34,0x0D,0x39,0x99,0xDC,0xF0,0x76,0xE5,0x5A,
++ 0xD4,0x71,0x00,0xED,0x5A,0x73,0xFB,0xC8,0x01,0xAD,0x99,0xCF,
++ 0x99,0x52,0x7C,0x9C,0x64,0xC6,0x76,0x40,0x57,0xAF,0x59,0xD7,
++ 0x38,0x0B,0x40,0xDE,0x33,0x0D,0xB8,0x76,0xEC,0xA9,0xD8,0x73,
++ 0xF8,0xEF,0x26,0x66,0x06,0x27,0xDD,0x7C,0xA4,0x10,0x9C,0xA6,
++ 0xAA,0xF9,0x53,0x62,0x73,0x1D,0xBA,0x1C,0xF1,0x67,0xF4,0x35,
++ 0xED,0x6F,0x37,0x92,0xE8,0x4F,0x6C,0xBA,0x52,0x6E,0xA1,0xED,
++ 0xDA,0x9F,0x85,0x11,0x82,0x52,0x62,0x08,0x44,0xF1,0x30,0x03,
++ 0xC3,0x38,0x2C,0x79,0xBD,0xD4,0x43,0x45,0xEE,0x8E,0x50,0xFC,
++ 0x29,0x46,0x9A,0xFE,0x54,0x1A,0x19,0x8F,0x4B,0x84,0x08,0xDE,
++ 0x20,0x62,0x73,0xCC,0xDD,0x7E,0xF0,0xEF,0xA2,0xFD,0x86,0x58,
++ 0x4B,0xD8,0x37,0xEB
++};
++
++static const unsigned char dh_test_2048_g[] = {
++ 0x02
++};
++
++static const unsigned char dh_test_2048_pub_key[] = {
++ 0xA0,0x39,0x11,0x77,0x9A,0xC1,0x30,0x1F,0xBE,0x48,0xA7,0xAA,
++ 0xA0,0x84,0x54,0x64,0xAD,0x1B,0x70,0xFA,0x13,0x55,0x63,0xD2,
++ 0x1F,0x62,0x32,0x93,0x8E,0xC9,0x3E,0x09,0xA7,0x64,0xE4,0x12,
++ 0x6E,0x1B,0xF2,0x92,0x3B,0xB9,0xCB,0x56,0xEA,0x07,0x88,0xB5,
++ 0xA6,0xBC,0x16,0x1F,0x27,0xFE,0xD8,0xAA,0x40,0xB2,0xB0,0x2D,
++ 0x37,0x76,0xA6,0xA4,0x82,0x2C,0x0E,0x22,0x64,0x9D,0xCB,0xD1,
++ 0x00,0xB7,0x89,0x14,0x72,0x4E,0xBE,0x48,0x41,0xF8,0xB2,0x51,
++ 0x11,0x09,0x4B,0x22,0x01,0x23,0x39,0x96,0xE0,0x15,0xD7,0x9F,
++ 0x60,0xD1,0xB7,0xAE,0xFE,0x5F,0xDB,0xE7,0x03,0x17,0x97,0xA6,
++ 0x16,0x74,0xBD,0x53,0x81,0x19,0xC5,0x47,0x5E,0xCE,0x8D,0xED,
++ 0x45,0x5D,0x3C,0x00,0xA0,0x0A,0x68,0x6A,0xE0,0x8E,0x06,0x46,
++ 0x6F,0xD7,0xF9,0xDF,0x31,0x7E,0x77,0x44,0x0D,0x98,0xE0,0xCA,
++ 0x98,0x09,0x52,0x04,0x90,0xEA,0x6D,0xF4,0x30,0x69,0x8F,0xB1,
++ 0x9B,0xC1,0x43,0xDB,0xD5,0x8D,0xC8,0x8E,0xB6,0x0B,0x05,0xBE,
++ 0x0E,0xC5,0x99,0xC8,0x6E,0x4E,0xF3,0xCB,0xC3,0x5E,0x9B,0x53,
++ 0xF7,0x06,0x1C,0x4F,0xC7,0xB8,0x6E,0x30,0x18,0xCA,0x9B,0xB9,
++ 0xBC,0x5F,0x17,0x72,0x29,0x5A,0xE5,0xD9,0x96,0xB7,0x0B,0xF3,
++ 0x2D,0x8C,0xF1,0xE1,0x0E,0x0D,0x74,0xD5,0x9D,0xF0,0x06,0xA9,
++ 0xB4,0x95,0x63,0x76,0x46,0x55,0x48,0x82,0x39,0x90,0xEF,0x56,
++ 0x75,0x34,0xB8,0x34,0xC3,0x18,0x6E,0x1E,0xAD,0xE3,0x48,0x7E,
++ 0x93,0x2C,0x23,0xE7,0xF8,0x90,0x73,0xB1,0x77,0x80,0x67,0xA9,
++ 0x36,0x9E,0xDA,0xD2
++};
++
++static const unsigned char dh_test_2048_priv_key[] = {
++ 0x0C,0x4B,0x30,0x89,0xD1,0xB8,0x62,0xCB,0x3C,0x43,0x64,0x91,
++ 0xF0,0x91,0x54,0x70,0xC5,0x27,0x96,0xE3,0xAC,0xBE,0xE8,0x00,
++ 0xEC,0x55,0xF6,0xCC
++};
++
++int FIPS_selftest_dh()
++ {
++ DH *dh = NULL;
++ int ret = 0;
++ void *pub_key = NULL;
++ int len;
++
++ dh = DH_new();
++
++ if(dh == NULL)
++ goto err;
++
++ fips_load_key_component(dh, p, dh_test_2048);
++ fips_load_key_component(dh, g, dh_test_2048);
++ /* note that the private key is much shorter than normally used
++ * but still g ** priv_key > p
++ */
++ fips_load_key_component(dh, priv_key, dh_test_2048);
++
++ if (DH_generate_key(dh) <= 0)
++ goto err;
++
++ len = BN_num_bytes(dh->pub_key);
++ if ((pub_key = OPENSSL_malloc(len)) == NULL)
++ goto err;
++ BN_bn2bin(dh->pub_key, pub_key);
++
++ if (len != sizeof(dh_test_2048_pub_key) ||
++ memcmp(pub_key, dh_test_2048_pub_key, len) != 0)
++ goto err;
++
++ ret = 1;
++
++ err:
++ if (dh)
++ DH_free(dh);
++
++ OPENSSL_free(pub_key);
++ return ret;
++ }
++#endif
+diff -up openssl-1.0.1i/crypto/fips/fips.h.fips-reqs openssl-1.0.1i/crypto/fips/fips.h
+--- openssl-1.0.1i/crypto/fips/fips.h.fips-reqs 2014-08-07 11:25:28.828889111 +0200
++++ openssl-1.0.1i/crypto/fips/fips.h 2014-08-07 11:25:28.838889159 +0200
+@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
+ int FIPS_selftest_dsa(void);
+ int FIPS_selftest_ecdsa(void);
+ int FIPS_selftest_ecdh(void);
++int FIPS_selftest_dh(void);
+ void FIPS_corrupt_rng(void);
+ void FIPS_rng_stick(void);
+ void FIPS_x931_stick(int onoff);
+diff -up openssl-1.0.1i/crypto/fips/fips_post.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_post.c
+--- openssl-1.0.1i/crypto/fips/fips_post.c.fips-reqs 2014-08-07 11:25:28.822889083 +0200
++++ openssl-1.0.1i/crypto/fips/fips_post.c 2014-08-07 11:25:28.838889159 +0200
+@@ -99,6 +99,8 @@ int FIPS_selftest(void)
+ rv = 0;
+ if (!FIPS_selftest_dsa())
+ rv = 0;
++ if (!FIPS_selftest_dh())
++ rv = 0;
+ if (!FIPS_selftest_ecdh())
+ rv = 0;
+ return rv;
+diff -up openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c.fips-reqs openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c.fips-reqs 2014-08-07 11:25:28.783888898 +0200
++++ openssl-1.0.1i/crypto/fips/fips_rsa_selftest.c 2014-08-07 11:25:28.838889159 +0200
+@@ -60,69 +60,113 @@
+ #ifdef OPENSSL_FIPS
+
+ static const unsigned char n[] =
+-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+-"\xCB";
++"\x00\xc9\xd5\x6d\x9d\x90\xdb\x43\xd6\x02\xed\x96\x88\x13\x8a"
++"\xb2\xbf\x6e\xa1\x06\x10\xb2\x78\x37\xa7\x14\xa8\xff\xdd\x00"
++"\xdd\xb4\x93\xa0\x45\xcc\x96\x90\xed\xad\xa9\xdd\xc4\xd6\xca"
++"\x0c\xf0\xed\x4f\x72\x5e\x21\x49\x9a\x18\x12\x15\x8f\x90\x5a"
++"\xdb\xb6\x33\x99\xa3\xe6\xb4\xf0\xc4\x97\x21\x26\xbb\xe3\xba"
++"\xf2\xff\xa0\x72\xda\x89\x63\x8e\x8b\x3e\x08\x9d\x92\x2a\xbe"
++"\x16\xe1\x43\x15\xfc\x57\xc7\x1f\x09\x11\x67\x1c\xa9\x96\xd1"
++"\x8b\x3e\x80\x93\xc1\x59\xd0\x6d\x39\xf2\xac\x95\xcc\x10\x75"
++"\xe9\x31\x24\xd1\x43\xaf\x68\x52\x4b\xe7\x16\xd7\x49\x65\x6f"
++"\x26\xc0\x86\xad\xc0\x07\x0a\xc1\xe1\x2f\x87\x85\x86\x3b\xdc"
++"\x5a\x99\xbe\xe9\xf9\xb9\xe9\x82\x27\x51\x04\x15\xab\x06\x0e"
++"\x76\x5a\x28\x8d\x92\xbd\xc5\xb5\x7b\xa8\xdf\x4e\x47\xa2\xc1"
++"\xe7\x52\xbf\x47\xf7\x62\xe0\x3a\x6f\x4d\x6a\x4d\x4e\xd4\xb9"
++"\x59\x69\xfa\xb2\x14\xc1\xee\xe6\x2f\x95\xcd\x94\x72\xae\xe4"
++"\xdb\x18\x9a\xc4\xcd\x70\xbd\xee\x31\x16\xb7\x49\x65\xac\x40"
++"\x19\x0e\xb5\x6d\x83\xf1\x36\xbb\x08\x2f\x2e\x4e\x92\x62\xa4"
++"\xff\x50\xdb\x20\x45\xa2\xeb\x16\x7a\xf2\xd5\x28\xc1\xfd\x4e"
++"\x03\x71";
++
+
+ static int corrupt_rsa;
+
+ static int setrsakey(RSA *key)
+ {
+- static const unsigned char e[] = "\x11";
++ static const unsigned char e[] = "\x01\x00\x01";
+
+ static const unsigned char d[] =
+-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+-"\xC1";
++"\x36\x27\x3d\xb1\xf9\x1b\xdb\xa7\xa0\x41\x7f\x12\x23\xac\x23"
++"\x29\x99\xd5\x3a\x7b\x60\x67\x41\x07\x63\x53\xb4\xd2\xe7\x58"
++"\x95\x0a\xc7\x05\xf3\x4e\xb2\xb4\x12\xd4\x70\xdc\x4f\x85\x06"
++"\xd3\xdd\xd8\x63\x27\x3e\x67\x31\x21\x24\x39\x04\xbc\x06\xa4"
++"\xcc\xce\x2b\x7a\xfe\x7b\xad\xde\x11\x6e\xa3\xa5\xe6\x04\x53"
++"\x0e\xa3\x4e\x2d\xb4\x8f\x31\xbf\xca\x75\x25\x52\x02\x85\xde"
++"\x3d\xb2\x72\x43\xb2\x89\x8a\x9a\x34\x41\x26\x3f\x9a\x67\xbe"
++"\xa4\x96\x7b\x0e\x75\xba\xa6\x93\xd5\xb8\xd8\xb8\x57\xf2\x4b"
++"\x0f\x14\x81\xd1\x57\x4e\xf6\x45\x4c\xa6\x3b\xd0\x70\xca\xd3"
++"\x9d\x55\xde\x22\x05\xe7\x8e\x28\x4d\xee\x11\xcf\xb6\x67\x76"
++"\x09\xd3\xe3\x3c\x13\xf9\x99\x34\x10\x7b\xec\x81\x38\xf0\xb6"
++"\x34\x9c\x9b\x50\x6f\x0b\x91\x81\x4d\x89\x94\x04\x7b\xf0\x3c"
++"\xf4\xb1\xb2\x00\x48\x8d\x5a\x8f\x88\x9e\xc5\xab\x3a\x9e\x44"
++"\x3f\x54\xe7\xd9\x6e\x47\xaa\xa1\xbd\x40\x46\x31\xf9\xf0\x34"
++"\xb6\x04\xe1\x2b\x5b\x73\x86\xdd\x3a\x92\x1b\x71\xc7\x3f\x32"
++"\xe5\xc3\xc2\xab\xa1\x7e\xbf\xa4\x52\xa0\xb0\x68\x90\xd1\x20"
++"\x12\x79\xe9\xd7\xc9\x40\xba\xf2\x19\xc7\xa5\x00\x92\x86\x0d"
++"\x01";
+
+ static const unsigned char p[] =
+-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+-"\x99";
++"\x00\xfc\x5c\x6e\x16\xce\x1f\x03\x7b\xcd\xf7\xb3\x72\xb2\x8f"
++"\x16\x72\xb8\x56\xae\xf7\xcd\x67\xd8\x4e\x7d\x07\xaf\xd5\x43"
++"\x26\xc3\x35\xbe\x43\x8f\x4e\x2f\x1c\x43\x4e\x6b\xd2\xb2\xec"
++"\x52\x6d\x97\x52\x2b\xcc\x5c\x3a\x6b\xf4\x14\xc6\x74\xda\x66"
++"\x38\x1c\x7a\x3f\x84\x2f\xe3\xf9\x5a\xb8\x65\x69\x46\x06\xa3"
++"\x37\x79\xb2\xa1\x5b\x58\xed\x5e\xa7\x5f\x8c\x65\x66\xbb\xd1"
++"\x24\x36\xe6\x37\xa7\x3d\x49\x77\x8a\x8c\x34\xd8\x69\x29\xf3"
++"\x4d\x58\x22\xb0\x51\x24\xb6\x40\xa8\x86\x59\x0a\xb7\xba\x5c"
++"\x97\xda\x57\xe8\x36\xda\x7a\x9c\xad";
+
+ static const unsigned char q[] =
+-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+-"\x03";
++"\x00\xcc\xbe\x7b\x09\x69\x06\xee\x45\xbf\x88\x47\x38\xa8\xf8"
++"\x17\xe5\xb6\xba\x67\x55\xe3\xe8\x05\x8b\xb8\xe2\x53\xd6\x8e"
++"\xef\x2c\xe7\x4f\x4a\xf7\x4e\x26\x8d\x85\x0b\x3f\xec\xc3\x1c"
++"\xd4\xeb\xec\x6a\xc8\x72\x2a\x25\x7d\xfd\xa6\x77\x96\xf0\x1e"
++"\xcd\x28\x57\xf8\x37\x30\x75\x6b\xbd\xd4\x7b\x0c\x87\xc5\x6c"
++"\x87\x40\xa5\xbb\x27\x2c\x78\xc9\x74\x5a\x54\x5b\x0b\x30\x6f"
++"\x44\x4a\xfa\x71\xe4\x21\x61\x66\xf9\xee\x65\xde\x7c\x04\xd7"
++"\xfd\xa9\x15\x5b\x7f\xe2\x7a\xba\x69\x86\x72\xa6\x06\x8d\x9b"
++"\x90\x55\x60\x9e\x4c\x5d\xa9\xb6\x55";
++
+
+ static const unsigned char dmp1[] =
+-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
++"\x7a\xd6\x12\xd0\x0e\xec\x91\xa9\x85\x8b\xf8\x50\xf0\x11\x2e"
++"\x00\x11\x32\x40\x60\x66\x1f\x11\xee\xc2\x75\x27\x65\x4b\x16"
++"\x67\x16\x95\xd2\x14\xc3\x1d\xb3\x48\x1f\xb7\xe4\x0b\x2b\x74"
++"\xc3\xdb\x50\x27\xf9\x85\x3a\xfa\xa9\x08\x23\xc1\x65\x3d\x34"
++"\x3a\xc8\x56\x7a\x65\x45\x36\x6e\xae\x2a\xce\x9f\x43\x43\xd7"
++"\x10\xe9\x9e\x18\xf4\xa4\x35\xda\x8a\x6b\xb0\x3f\xdd\x53\xe3"
++"\xa8\xc5\x4e\x79\x9d\x1f\x51\x8c\xa2\xca\x66\x3c\x6a\x2a\xff"
++"\x8e\xd2\xf3\xb7\xcb\x82\xda\xde\x2c\xe6\xd2\x8c\xb3\xad\xb6"
++"\x4c\x95\x55\x76\xbd\xc9\xc8\xd1";
++
+
+ static const unsigned char dmq1[] =
+-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+-
++"\x00\x83\x23\x1d\xbb\x11\x42\x17\x2b\x25\x5a\x2c\x03\xe6\x75"
++"\xc1\x18\xa8\xc9\x0b\x96\xbf\xba\xc4\x92\x91\x80\xa5\x22\x2f"
++"\xba\x91\x90\x36\x01\x56\x15\x00\x2c\x74\xa2\x97\xf7\x15\xa1"
++"\x49\xdf\x32\x35\xd2\xdd\x0c\x91\xa6\xf8\xe7\xbe\x81\x36\x9b"
++"\x03\xdc\x6b\x3b\xd8\x5d\x79\x57\xe0\xe6\x4f\x49\xdf\x4c\x5c"
++"\x0e\xe5\x21\x41\x95\xfd\xad\xff\x9a\x3e\xa0\xf9\x0f\x59\x9e"
++"\x6a\xa7\x7b\x71\xa7\x24\x9a\x36\x52\xae\x97\x20\xc1\x5e\x78"
++"\xd9\x47\x8b\x1e\x67\xf2\xaf\x98\xe6\x2d\xef\x10\xd7\xf1\xab"
++"\x49\xee\xe5\x4b\x7e\xae\x1f\x1d\x61";
++
++
+ static const unsigned char iqmp[] =
+-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+-"\xF7";
++"\x23\x96\xc1\x91\x17\x5e\x0a\x83\xd2\xdc\x7b\x69\xb2\x59\x1d"
++"\x33\x58\x52\x3f\x18\xc7\x09\x50\x1c\xb9\xa1\xbb\x4c\xa2\x38"
++"\x40\x4c\x9a\x8e\xfe\x9c\x90\x92\xd0\x71\x9f\x89\x99\x50\x91"
++"\x1f\x34\x8b\x74\x53\x11\x11\x4a\x70\xe2\xf7\x30\xd8\x8c\x80"
++"\xe1\xcc\x9f\xf1\x63\x17\x1a\x7d\x67\x29\x4c\xcb\x4e\x74\x7b"
++"\xe0\x3e\x9e\x2f\xf4\x67\x8f\xec\xb9\x5c\x00\x1e\x7e\xa2\x7b"
++"\x92\xc9\x6f\x4c\xe4\x0e\xf9\x48\x63\xcd\x50\x22\x5d\xbf\xb6"
++"\x9d\x01\x33\x6a\xf4\x50\xbe\x86\x98\x4f\xca\x3f\x3a\xfa\xcf"
++"\x07\x40\xc4\xaa\xad\xae\xbe\xbf";
+
+ key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
+ if (corrupt_rsa)
+- BN_set_bit(key->n, 1024);
++ BN_set_bit(key->n, 2048);
+ key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
+ key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
+ key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
+@@ -145,201 +189,391 @@ void FIPS_corrupt_rsa()
+ static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
+
+ static const unsigned char kat_RSA_PSS_SHA1[] = {
+- 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
+- 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
+- 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
+- 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
+- 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
+- 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
+- 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
+- 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
+- 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
+- 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
+- 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
++ 0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3,
++ 0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B,
++ 0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84,
++ 0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B,
++ 0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9,
++ 0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19,
++ 0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98,
++ 0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5,
++ 0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4,
++ 0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A,
++ 0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70,
++ 0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1,
++ 0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C,
++ 0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF,
++ 0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99,
++ 0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45,
++ 0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF,
++ 0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F,
++ 0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01,
++ 0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC,
++ 0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05,
++ 0xCE, 0x08, 0x1D, 0x89
+ };
+
+ static const unsigned char kat_RSA_PSS_SHA224[] = {
+- 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
+- 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
+- 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
+- 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
+- 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
+- 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
+- 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
+- 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
+- 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
+- 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
+- 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
++ 0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA,
++ 0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3,
++ 0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3,
++ 0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3,
++ 0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7,
++ 0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53,
++ 0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A,
++ 0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE,
++ 0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06,
++ 0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08,
++ 0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D,
++ 0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07,
++ 0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70,
++ 0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64,
++ 0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17,
++ 0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69,
++ 0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97,
++ 0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D,
++ 0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5,
++ 0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B,
++ 0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD,
++ 0x2D, 0x84, 0x03, 0xB7
+ };
+
+ static const unsigned char kat_RSA_PSS_SHA256[] = {
+- 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
+- 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
+- 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
+- 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
+- 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
+- 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
+- 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
+- 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
+- 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
+- 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
+- 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
++ 0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19,
++ 0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9,
++ 0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB,
++ 0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9,
++ 0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16,
++ 0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33,
++ 0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49,
++ 0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67,
++ 0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B,
++ 0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B,
++ 0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6,
++ 0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60,
++ 0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6,
++ 0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF,
++ 0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23,
++ 0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73,
++ 0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56,
++ 0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97,
++ 0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50,
++ 0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68,
++ 0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62,
++ 0x2B, 0x31, 0xB9, 0x7D
+ };
+
+ static const unsigned char kat_RSA_PSS_SHA384[] = {
+- 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
+- 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
+- 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
+- 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
+- 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
+- 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
+- 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
+- 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
+- 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
+- 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
+- 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
++ 0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D,
++ 0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03,
++ 0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27,
++ 0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC,
++ 0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1,
++ 0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6,
++ 0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA,
++ 0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB,
++ 0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3,
++ 0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5,
++ 0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70,
++ 0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E,
++ 0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C,
++ 0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0,
++ 0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62,
++ 0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07,
++ 0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88,
++ 0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7,
++ 0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5,
++ 0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D,
++ 0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF,
++ 0x90, 0xD2, 0xA6, 0x2B
+ };
+
+ static const unsigned char kat_RSA_PSS_SHA512[] = {
+- 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
+- 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
+- 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
+- 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
+- 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
+- 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
+- 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
+- 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
+- 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
+- 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
+- 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
++ 0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32,
++ 0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06,
++ 0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D,
++ 0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B,
++ 0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D,
++ 0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44,
++ 0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B,
++ 0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D,
++ 0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD,
++ 0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C,
++ 0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1,
++ 0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A,
++ 0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE,
++ 0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D,
++ 0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F,
++ 0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF,
++ 0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F,
++ 0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94,
++ 0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE,
++ 0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A,
++ 0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0,
++ 0x17, 0x2C, 0x13, 0xE0
+ };
+
+ static const unsigned char kat_RSA_SHA1[] = {
+- 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
+- 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
+- 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
+- 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
+- 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
+- 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
+- 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
+- 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
+- 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
+- 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
+- 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
++ 0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA,
++ 0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C,
++ 0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE,
++ 0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94,
++ 0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08,
++ 0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC,
++ 0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0,
++ 0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54,
++ 0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F,
++ 0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A,
++ 0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF,
++ 0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD,
++ 0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8,
++ 0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5,
++ 0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F,
++ 0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF,
++ 0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60,
++ 0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9,
++ 0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC,
++ 0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37,
++ 0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF,
++ 0x27, 0x90, 0xE2, 0x01
+ };
+
+ static const unsigned char kat_RSA_SHA224[] = {
+- 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
+- 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
+- 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
+- 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
+- 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
+- 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
+- 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
+- 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
+- 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
+- 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
+- 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
++ 0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86,
++ 0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8,
++ 0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89,
++ 0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39,
++ 0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3,
++ 0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E,
++ 0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8,
++ 0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4,
++ 0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66,
++ 0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6,
++ 0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC,
++ 0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9,
++ 0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53,
++ 0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA,
++ 0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45,
++ 0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC,
++ 0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33,
++ 0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5,
++ 0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8,
++ 0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83,
++ 0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B,
++ 0xDB, 0x70, 0x00, 0xF6
+ };
+
+ static const unsigned char kat_RSA_SHA256[] = {
+- 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
+- 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
+- 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
+- 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
+- 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
+- 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
+- 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
+- 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
+- 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
+- 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
+- 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
++ 0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9,
++ 0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF,
++ 0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F,
++ 0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06,
++ 0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF,
++ 0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2,
++ 0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8,
++ 0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5,
++ 0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE,
++ 0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6,
++ 0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D,
++ 0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42,
++ 0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4,
++ 0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E,
++ 0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A,
++ 0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91,
++ 0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB,
++ 0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65,
++ 0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E,
++ 0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B,
++ 0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D,
++ 0x47, 0x9D, 0x18, 0xD7
+ };
+
+ static const unsigned char kat_RSA_SHA384[] = {
+- 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
+- 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
+- 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
+- 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
+- 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
+- 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
+- 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
+- 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
+- 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
+- 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
+- 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
++ 0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00,
++ 0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D,
++ 0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2,
++ 0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B,
++ 0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF,
++ 0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1,
++ 0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C,
++ 0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E,
++ 0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76,
++ 0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4,
++ 0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9,
++ 0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4,
++ 0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56,
++ 0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39,
++ 0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00,
++ 0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F,
++ 0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D,
++ 0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26,
++ 0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9,
++ 0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD,
++ 0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4,
++ 0x7E, 0x37, 0x1D, 0x96
+ };
+
+ static const unsigned char kat_RSA_SHA512[] = {
+- 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
+- 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
+- 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
+- 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
+- 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
+- 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
+- 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
+- 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
+- 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
+- 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
+- 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
++ 0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3,
++ 0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F,
++ 0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02,
++ 0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B,
++ 0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3,
++ 0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1,
++ 0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79,
++ 0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1,
++ 0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E,
++ 0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1,
++ 0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED,
++ 0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE,
++ 0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69,
++ 0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2,
++ 0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F,
++ 0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3,
++ 0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B,
++ 0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86,
++ 0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F,
++ 0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A,
++ 0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E,
++ 0x43, 0xA8, 0x34, 0x0A
+ };
+
+ static const unsigned char kat_RSA_X931_SHA1[] = {
+- 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
+- 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
+- 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
+- 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
+- 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
+- 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
+- 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
+- 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
+- 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
+- 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
+- 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
++ 0xB1, 0x0E, 0x4F, 0xC6, 0xE0, 0x95, 0x85, 0x7B, 0xBE, 0xDE, 0xC4, 0xE6,
++ 0x1F, 0x12, 0x2E, 0x9B, 0x3E, 0x11, 0xA3, 0xF0, 0xF0, 0xA8, 0x23, 0x1A,
++ 0x96, 0x6E, 0x99, 0xB5, 0x5F, 0x82, 0xC5, 0x87, 0x75, 0xE9, 0xD4, 0xBF,
++ 0x9F, 0xE0, 0xA4, 0xED, 0xC7, 0x01, 0x2A, 0x3F, 0x6F, 0x43, 0x1D, 0x4F,
++ 0xE8, 0x05, 0x34, 0x32, 0x20, 0x36, 0x94, 0xA0, 0x6D, 0xCC, 0xF6, 0x41,
++ 0x49, 0x56, 0x96, 0xEC, 0x9C, 0x7C, 0xD1, 0x0E, 0x9E, 0xD8, 0x1B, 0x48,
++ 0xD9, 0xDF, 0x99, 0x9F, 0x92, 0x17, 0x96, 0xA4, 0xF1, 0x87, 0x64, 0x61,
++ 0x3C, 0xAF, 0x00, 0x24, 0xB3, 0x64, 0x88, 0x8E, 0x41, 0xBF, 0x29, 0x1F,
++ 0xA3, 0x28, 0xAD, 0x21, 0x1E, 0xA3, 0x96, 0x40, 0x0A, 0x0B, 0x82, 0xCD,
++ 0x97, 0x58, 0x33, 0xB6, 0x52, 0xAC, 0xC5, 0x3B, 0x14, 0xE7, 0x1E, 0x5D,
++ 0x09, 0xC9, 0x76, 0xB5, 0x89, 0xC6, 0x9B, 0x4C, 0xC2, 0xC2, 0x31, 0x0E,
++ 0xBA, 0x1E, 0xB5, 0x11, 0xD0, 0xFD, 0xC1, 0xDA, 0x64, 0x17, 0xA8, 0xCB,
++ 0xF0, 0x94, 0xF4, 0xDD, 0x84, 0xB7, 0xEF, 0x9C, 0x13, 0x4F, 0xDD, 0x06,
++ 0x0C, 0xE4, 0xC7, 0xFD, 0x69, 0x10, 0x20, 0xD3, 0x93, 0x5E, 0xF8, 0xBA,
++ 0x21, 0xFB, 0x62, 0xC4, 0x63, 0x76, 0x43, 0xAA, 0x7E, 0x3C, 0x56, 0x5E,
++ 0xB4, 0x47, 0x3A, 0x05, 0x0D, 0xBB, 0x13, 0xC4, 0x93, 0xFB, 0x29, 0xA8,
++ 0x3E, 0x76, 0x41, 0x54, 0x9E, 0x7B, 0xE2, 0xE0, 0x07, 0x1D, 0xA7, 0x9C,
++ 0x85, 0x11, 0xB5, 0xA5, 0x88, 0x58, 0x02, 0xD8, 0xC0, 0x4B, 0x81, 0xBF,
++ 0x2B, 0x38, 0xE2, 0x2F, 0x42, 0xCA, 0x63, 0x8A, 0x0A, 0x78, 0xBA, 0x50,
++ 0xE5, 0x84, 0x35, 0xD3, 0x6A, 0x1E, 0x96, 0x0B, 0x91, 0xB1, 0x0E, 0x85,
++ 0xA8, 0x5C, 0x6E, 0x46, 0x5C, 0x61, 0x8C, 0x4F, 0x5B, 0x61, 0xB6, 0x3C,
++ 0xB7, 0x2C, 0xA5, 0x1A
+ };
+
+ static const unsigned char kat_RSA_X931_SHA256[] = {
+- 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
+- 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
+- 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
+- 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
+- 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
+- 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
+- 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
+- 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
+- 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
+- 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
+- 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
++ 0xC6, 0x6C, 0x01, 0x7F, 0xB6, 0x8C, 0xD4, 0x61, 0x83, 0xC5, 0xBC, 0x75,
++ 0x39, 0x22, 0xDD, 0x17, 0x5B, 0x95, 0x4B, 0x4C, 0x46, 0x39, 0x37, 0xA7,
++ 0x54, 0x6C, 0x49, 0x5A, 0x67, 0x90, 0x47, 0xF6, 0x59, 0xAE, 0xFC, 0xDD,
++ 0xDF, 0xDB, 0xC7, 0x91, 0xB9, 0xB6, 0xCE, 0xD8, 0xFA, 0x30, 0x01, 0x9F,
++ 0xCA, 0xE5, 0x4A, 0x51, 0xB7, 0xBE, 0xBD, 0x4E, 0x56, 0x25, 0x0B, 0x49,
++ 0xE0, 0x46, 0xBB, 0x81, 0x0E, 0x14, 0x47, 0xFF, 0xCB, 0xBB, 0xA1, 0x6D,
++ 0x44, 0x9B, 0xF7, 0xEE, 0x81, 0xEB, 0xF6, 0x62, 0xEA, 0x0D, 0x76, 0x76,
++ 0x4E, 0x25, 0xD7, 0x9A, 0x2B, 0xB1, 0x92, 0xED, 0x5C, 0x7F, 0x9D, 0x99,
++ 0x07, 0x9E, 0xBF, 0x62, 0x83, 0x12, 0x61, 0x99, 0x3E, 0xF5, 0x6A, 0x4C,
++ 0x58, 0xB0, 0x2A, 0x15, 0x1C, 0xA0, 0xD2, 0x91, 0x87, 0x9C, 0x7D, 0x4F,
++ 0xEF, 0x3B, 0x0F, 0x60, 0xD7, 0x1E, 0xEF, 0x7C, 0xBE, 0x68, 0x95, 0xE6,
++ 0xBA, 0xFA, 0xF6, 0xD1, 0x67, 0x3D, 0x9D, 0x39, 0xAE, 0xC2, 0x85, 0xD2,
++ 0xDE, 0xA5, 0x85, 0x1E, 0x4D, 0x2B, 0x2C, 0x06, 0x44, 0x98, 0x17, 0x46,
++ 0x89, 0x41, 0x13, 0xFC, 0x99, 0xD6, 0x6C, 0xCF, 0x26, 0xA2, 0x77, 0x8A,
++ 0x3F, 0x10, 0xF8, 0xC5, 0xC9, 0x4A, 0xB6, 0x93, 0xF5, 0x38, 0x89, 0xBD,
++ 0xFF, 0xAE, 0x42, 0x06, 0x2D, 0xCD, 0x1B, 0x3D, 0x5A, 0xCD, 0xF2, 0x8A,
++ 0x65, 0xA4, 0xB7, 0xB6, 0xF6, 0x5B, 0xE8, 0xA4, 0x68, 0xB4, 0x27, 0xDA,
++ 0xF1, 0x59, 0x37, 0x24, 0x18, 0xB5, 0x5B, 0x15, 0x62, 0x64, 0x6F, 0x78,
++ 0xBB, 0x17, 0x94, 0x42, 0xAD, 0xB3, 0x0D, 0x18, 0xB0, 0x1B, 0x28, 0x29,
++ 0x3B, 0x15, 0xBF, 0xD1, 0xC8, 0x28, 0x4F, 0xDF, 0x7F, 0x34, 0x49, 0x2A,
++ 0x44, 0xD5, 0x4C, 0x59, 0x90, 0x83, 0x8D, 0xFC, 0x58, 0x7E, 0xEC, 0x4B,
++ 0x54, 0xF0, 0xB5, 0xBD
+ };
+
+ static const unsigned char kat_RSA_X931_SHA384[] = {
+- 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
+- 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
+- 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
+- 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
+- 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
+- 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
+- 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
+- 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
+- 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
+- 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
+- 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
++ 0x88, 0x85, 0xE1, 0xC1, 0xE2, 0xE5, 0x0B, 0x6C, 0x03, 0x27, 0xAC, 0xC8,
++ 0x3A, 0x72, 0xB4, 0x9A, 0xF3, 0xAE, 0x9C, 0x88, 0x8C, 0xBE, 0x28, 0x0D,
++ 0x89, 0x5F, 0x06, 0x0F, 0x5F, 0x08, 0xE3, 0x9C, 0xF9, 0x28, 0x4F, 0xBB,
++ 0x24, 0xDD, 0x21, 0x4C, 0x44, 0x96, 0x50, 0xB5, 0xD4, 0x8E, 0x13, 0x60,
++ 0x7C, 0xCB, 0xD9, 0x5E, 0x7C, 0xB6, 0xAD, 0xA5, 0x6A, 0x41, 0x04, 0xA7,
++ 0x8E, 0xF0, 0x39, 0x08, 0x7E, 0x18, 0x91, 0xF9, 0x46, 0x97, 0xEF, 0xF2,
++ 0x14, 0xB2, 0x01, 0xFD, 0xB2, 0x2B, 0x3A, 0xF8, 0x4A, 0x59, 0xD1, 0x36,
++ 0x1A, 0x7D, 0x2D, 0xB9, 0xC6, 0x7F, 0xDE, 0x62, 0xB6, 0x56, 0xBA, 0xFA,
++ 0x5A, 0xA1, 0x5B, 0x8C, 0x5F, 0x98, 0xEC, 0xF8, 0x93, 0x13, 0x11, 0x42,
++ 0xEE, 0xC4, 0x6C, 0x4A, 0x87, 0x4E, 0x98, 0x22, 0xB6, 0xBB, 0xB0, 0x3A,
++ 0x70, 0xA9, 0xCC, 0xBC, 0x31, 0x27, 0xE7, 0xBC, 0xCA, 0xEC, 0x52, 0x81,
++ 0x76, 0x9A, 0x3F, 0x18, 0xC1, 0x1C, 0x4A, 0xC7, 0x56, 0xE3, 0xF0, 0x6F,
++ 0x36, 0xBB, 0x9B, 0xF9, 0x43, 0x90, 0xBE, 0x79, 0x59, 0x63, 0x1C, 0xFE,
++ 0xB6, 0x46, 0x8B, 0xBA, 0xBD, 0xAA, 0x28, 0x71, 0x9B, 0xD6, 0xDD, 0x05,
++ 0x00, 0x3B, 0xBC, 0x2D, 0x48, 0xE7, 0x6E, 0x6E, 0x42, 0x95, 0x27, 0xAE,
++ 0x93, 0x92, 0x6D, 0x59, 0x47, 0x10, 0x59, 0xAC, 0xDD, 0x95, 0x29, 0xC3,
++ 0x1B, 0x86, 0x67, 0x12, 0x98, 0x48, 0x10, 0xA6, 0x90, 0xA3, 0x59, 0x9D,
++ 0x10, 0x4E, 0xEA, 0xD8, 0xCB, 0xE3, 0x81, 0xBA, 0xA1, 0x52, 0x55, 0x78,
++ 0xFF, 0x95, 0x40, 0xE0, 0xAE, 0x93, 0x38, 0x5D, 0x21, 0x13, 0x8A, 0xFC,
++ 0x72, 0xC7, 0xFB, 0x70, 0x1C, 0xEE, 0x5D, 0xB0, 0xE5, 0xFA, 0x44, 0x86,
++ 0x67, 0x97, 0x66, 0x64, 0xA4, 0x1E, 0xF8, 0x3A, 0x16, 0xF8, 0xC9, 0xE0,
++ 0x09, 0xF3, 0x61, 0x4F
+ };
+
+ static const unsigned char kat_RSA_X931_SHA512[] = {
+- 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
+- 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
+- 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
+- 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
+- 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
+- 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
+- 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
+- 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
+- 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
+- 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
+- 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
++ 0xC9, 0x2B, 0x6D, 0x50, 0xBB, 0xD8, 0x0B, 0x35, 0xE8, 0x78, 0xF5, 0xFC,
++ 0xBB, 0x6A, 0xB4, 0x32, 0x63, 0x9C, 0x75, 0x19, 0x1D, 0xFB, 0x68, 0xC0,
++ 0xFC, 0x34, 0xCE, 0x09, 0xFD, 0xF4, 0x33, 0x42, 0x70, 0x24, 0x57, 0xBC,
++ 0xB3, 0xBD, 0x24, 0x33, 0x9E, 0x4B, 0x00, 0xCE, 0x15, 0xB3, 0x27, 0xC6,
++ 0x39, 0x7C, 0xC1, 0x28, 0x75, 0xFE, 0x7B, 0x76, 0x4F, 0xFB, 0x60, 0xA0,
++ 0x30, 0xBF, 0x74, 0x2C, 0x9D, 0xE4, 0xC8, 0x03, 0xA8, 0xDE, 0xB9, 0x2A,
++ 0xD9, 0x23, 0x24, 0xDC, 0xEE, 0xF0, 0xC1, 0x8B, 0x4D, 0x12, 0x4A, 0x41,
++ 0x33, 0x3B, 0x23, 0xFE, 0xDD, 0xE9, 0xE8, 0x55, 0x2B, 0x3E, 0xA4, 0x1B,
++ 0x95, 0x21, 0x2A, 0xEF, 0x84, 0x2E, 0x13, 0x3D, 0x97, 0x7C, 0x08, 0x86,
++ 0xB1, 0x60, 0xA4, 0xB9, 0xC4, 0x5A, 0x5B, 0x2D, 0x3F, 0xD7, 0x0D, 0xB2,
++ 0x41, 0x72, 0x7A, 0x7F, 0xA3, 0x12, 0xB0, 0xAD, 0x80, 0x2E, 0xD6, 0xD3,
++ 0x8A, 0x71, 0x72, 0x67, 0x94, 0x6F, 0x51, 0x05, 0x39, 0xFD, 0xBE, 0x91,
++ 0xDE, 0x1D, 0x65, 0xE4, 0xA7, 0xA6, 0x0F, 0xA5, 0x08, 0x1F, 0xFC, 0x53,
++ 0x48, 0x7B, 0xB8, 0xCE, 0x79, 0xDA, 0xDC, 0x18, 0xD1, 0xD3, 0x8A, 0x73,
++ 0xCE, 0x5A, 0x62, 0x1E, 0x33, 0xD0, 0x21, 0x9C, 0xF9, 0xDE, 0x9E, 0x7E,
++ 0x4D, 0x0E, 0x24, 0x30, 0x94, 0xB8, 0xDC, 0x8B, 0x57, 0x7E, 0x3B, 0xC6,
++ 0xD7, 0x0F, 0xFC, 0xA6, 0x1F, 0xEB, 0xAF, 0x19, 0xD0, 0xFF, 0x3D, 0x63,
++ 0x03, 0x1D, 0xAB, 0x11, 0x0C, 0xAD, 0x45, 0x46, 0x67, 0x76, 0xC8, 0x26,
++ 0xD4, 0xD4, 0x70, 0x1F, 0xDF, 0xEB, 0xE5, 0x7D, 0x75, 0xD8, 0x3B, 0x52,
++ 0x6C, 0xE7, 0x23, 0xCB, 0xB9, 0x1B, 0xA4, 0x2E, 0x5B, 0xEC, 0xB4, 0xB6,
++ 0xB6, 0x2D, 0x0B, 0x60, 0xE3, 0x7B, 0x05, 0xE8, 0x1E, 0xAD, 0xC7, 0xE7,
++ 0xBE, 0xF4, 0x71, 0xAE
+ };
+
++static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext, int ptlen)
++ {
++ unsigned char *ctbuf = NULL, *ptbuf = NULL;
++ int ret = 0;
++ int len;
++
++ ctbuf = OPENSSL_malloc(RSA_size(rsa));
++ if (!ctbuf)
++ goto err;
++
++ len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
++ if (len <= 0)
++ goto err;
++ /* Check ciphertext doesn't match plaintext */
++ if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
++ goto err;
++
++ ptbuf = OPENSSL_malloc(RSA_size(rsa));
++ if (!ptbuf)
++ goto err;
++
++ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
++ if (len != ptlen)
++ goto err;
++ if (memcmp(ptbuf, plaintext, len))
++ goto err;
++
++ ret = 1;
++
++ err:
++ if (ctbuf)
++ OPENSSL_free(ctbuf);
++ if (ptbuf)
++ OPENSSL_free(ptbuf);
++ return ret;
++ }
+
+ int FIPS_selftest_rsa()
+ {
+@@ -353,7 +587,7 @@ int FIPS_selftest_rsa()
+ if ((pk=EVP_PKEY_new()) == NULL)
+ goto err;
+
+- EVP_PKEY_assign_RSA(pk, key);
++ EVP_PKEY_set1_RSA(pk, key);
+
+ if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+@@ -430,13 +664,15 @@ int FIPS_selftest_rsa()
+ "RSA SHA512 X931"))
+ goto err;
+
++ if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
++ goto err;
+
+ ret = 1;
+
+ err:
+ if (pk)
+ EVP_PKEY_free(pk);
+- else if (key)
++ if (key)
+ RSA_free(key);
+ return ret;
+ }
+diff -up openssl-1.0.1i/crypto/fips/Makefile.fips-reqs openssl-1.0.1i/crypto/fips/Makefile
+--- openssl-1.0.1i/crypto/fips/Makefile.fips-reqs 2014-08-07 11:25:28.823889088 +0200
++++ openssl-1.0.1i/crypto/fips/Makefile 2014-08-07 11:25:28.838889159 +0200
+@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
+ fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c fips_rand.c \
+ fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
+ fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
+- fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c
++ fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c fips_enc.c fips_md.c \
++ fips_dh_selftest.c
+
+ LIBOBJ=fips_aes_selftest.o fips_des_selftest.o fips_hmac_selftest.o fips_rand_selftest.o \
+ fips_rsa_selftest.o fips_sha_selftest.o fips.o fips_dsa_selftest.o fips_rand.o \
+ fips_rsa_x931g.o fips_post.o fips_drbg_ctr.o fips_drbg_hash.o fips_drbg_hmac.o \
+ fips_drbg_lib.o fips_drbg_rand.o fips_drbg_selftest.o fips_rand_lib.o \
+- fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o
++ fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \
++ fips_dh_selftest.o
+
+ LIBCRYPTO=-L.. -lcrypto
+
+diff -up openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1i/crypto/modes/gcm128.c
+--- openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/crypto/modes/gcm128.c 2014-08-07 11:25:28.839889164 +0200
+@@ -906,6 +906,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
+ # endif
+ #endif
+
++ ctx->totlen += len;
++ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
++ return -1;
++
+ #if 0
+ n = (unsigned int)mlen%16; /* alternative to ctx->mres */
+ #endif
+@@ -1269,6 +1273,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
+ # endif
+ #endif
+
++ ctx->totlen += len;
++ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
++ return -1;
++
+ mlen += len;
+ if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
+ return -1;
+diff -up openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1i/crypto/modes/modes_lcl.h
+--- openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs 2014-08-07 11:25:28.365886918 +0200
++++ openssl-1.0.1i/crypto/modes/modes_lcl.h 2014-08-07 11:25:28.839889164 +0200
+@@ -112,6 +112,7 @@ struct gcm128_context {
+ unsigned int mres, ares;
+ block128_f block;
+ void *key;
++ u64 totlen;
+ };
+
+ struct xts128_context {
+diff -up openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1i/crypto/rand/rand_lcl.h
+--- openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs 2014-08-07 11:25:28.418887169 +0200
++++ openssl-1.0.1i/crypto/rand/rand_lcl.h 2014-08-07 11:25:28.840889168 +0200
+@@ -112,7 +112,7 @@
+ #ifndef HEADER_RAND_LCL_H
+ #define HEADER_RAND_LCL_H
+
+-#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
++#define ENTROPY_NEEDED 48 /* require 384 bits = 48 bytes of randomness */
+
+
+ #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+diff -up openssl-1.0.1i/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1i/crypto/rand/rand_lib.c
+--- openssl-1.0.1i/crypto/rand/rand_lib.c.fips-reqs 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/crypto/rand/rand_lib.c 2014-08-07 13:45:51.240535446 +0200
+@@ -240,12 +240,24 @@ static int drbg_rand_add(DRBG_CTX *ctx,
+ double entropy)
+ {
+ RAND_SSLeay()->add(in, inlen, entropy);
++ if (FIPS_rand_status())
++ {
++ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ FIPS_drbg_reseed(ctx, NULL, 0);
++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ }
+ return 1;
+ }
+
+ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
+ {
+ RAND_SSLeay()->seed(in, inlen);
++ if (FIPS_rand_status())
++ {
++ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ FIPS_drbg_reseed(ctx, NULL, 0);
++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ }
+ return 1;
+ }
+
+diff -up openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1i/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1i/crypto/rsa/rsa_gen.c.fips-reqs 2014-08-07 11:25:28.788888922 +0200
++++ openssl-1.0.1i/crypto/rsa/rsa_gen.c 2014-08-07 11:25:28.840889168 +0200
+@@ -1,5 +1,6 @@
+ /* crypto/rsa/rsa_gen.c */
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
++ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+@@ -165,6 +166,222 @@ int RSA_generate_key_ex(RSA *rsa, int bi
+ return rsa_builtin_keygen(rsa, bits, e_value, cb);
+ }
+
++#ifdef OPENSSL_FIPS
++static int FIPS_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
++ {
++ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
++ BIGNUM local_r0, local_d, local_p;
++ BIGNUM *pr0, *d, *p;
++ BN_CTX *ctx = NULL;
++ int ok = -1;
++ int i;
++ int n = 0;
++ int test = 0;
++ int pbits = bits/2;
++
++ if(FIPS_selftest_failed())
++ {
++ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
++ return 0;
++ }
++
++ if ((pbits & 0xFF) || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048 && bits != 3072))
++ {
++ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++
++ ctx = BN_CTX_new();
++ if (ctx == NULL) goto err;
++ BN_CTX_start(ctx);
++ r0 = BN_CTX_get(ctx);
++ r1 = BN_CTX_get(ctx);
++ r2 = BN_CTX_get(ctx);
++ r3 = BN_CTX_get(ctx);
++
++ if (r3 == NULL) goto err;
++
++ /* We need the RSA components non-NULL */
++ if (!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
++ if (!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
++ if (!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
++ if (!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
++ if (!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
++ if (!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
++ if (!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
++ if (!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
++
++ if (!BN_set_word(r0, RSA_F4)) goto err;
++ if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256)
++ {
++ ok = 0; /* we set our own err */
++ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_BAD_E_VALUE);
++ goto err;
++ }
++
++ /* prepare approximate minimum p and q */
++ if (!BN_set_word(r0, 0xB504F334)) goto err;
++ if (!BN_lshift(r0, r0, pbits - 32)) goto err;
++
++ /* prepare minimum p and q difference */
++ if (!BN_one(r3)) goto err;
++ if (!BN_lshift(r3, r3, pbits - 100)) goto err;
++
++ BN_copy(rsa->e, e_value);
++
++ if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
++ test = 1;
++
++ /* generate p and q */
++ for (i = 0; i < 5 * pbits; i++)
++ {
++ ploop:
++ if (!test)
++ if (!BN_rand(rsa->p, pbits, 0, 1)) goto err;
++ if (BN_cmp(rsa->p, r0) < 0)
++ {
++ if (test) goto err;
++ goto ploop;
++ }
++
++ if (!BN_sub(r2, rsa->p, BN_value_one())) goto err;
++ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
++ if (BN_is_one(r1))
++ {
++ int r;
++ r = BN_is_prime_fasttest_ex(rsa->p, pbits>1024?4:5, ctx, 0, cb);
++ if (r == -1 || (test && r <= 0)) goto err;
++ if (r > 0) break;
++ }
++
++ if(!BN_GENCB_call(cb, 2, n++))
++ goto err;
++ }
++
++ if(!BN_GENCB_call(cb, 3, 0))
++ goto err;
++
++ if(i >= 5*pbits)
++ /* prime not found */
++ goto err;
++
++ for (i = 0; i < 5 * pbits; i++)
++ {
++ qloop:
++ if (!test)
++ if (!BN_rand(rsa->q, pbits, 0, 1)) goto err;
++ if (BN_cmp(rsa->q, r0) < 0)
++ {
++ if (test) goto err;
++ goto qloop;
++ }
++ if (!BN_sub(r2, rsa->q, rsa->p)) goto err;
++ if (BN_ucmp(r2, r3) <= 0)
++ {
++ if (test) goto err;
++ goto qloop;
++ }
++
++ if (!BN_sub(r2, rsa->q, BN_value_one())) goto err;
++ if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err;
++ if (BN_is_one(r1))
++ {
++ int r;
++ r = BN_is_prime_fasttest_ex(rsa->q, pbits>1024?4:5, ctx, 0, cb);
++ if (r == -1 || (test && r <= 0)) goto err;
++ if (r > 0) break;
++ }
++
++ if(!BN_GENCB_call(cb, 2, n++))
++ goto err;
++ }
++
++ if(!BN_GENCB_call(cb, 3, 1))
++ goto err;
++
++ if(i >= 5*pbits)
++ /* prime not found */
++ goto err;
++
++ if (test)
++ {
++ /* do not try to calculate the remaining key values */
++ BN_clear(rsa->n);
++ ok = 1;
++ goto err;
++ }
++
++ if (BN_cmp(rsa->p,rsa->q) < 0)
++ {
++ tmp=rsa->p;
++ rsa->p=rsa->q;
++ rsa->q=tmp;
++ }
++
++ /* calculate n */
++ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
++
++ /* calculate d */
++ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
++ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
++ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
++ {
++ pr0 = &local_r0;
++ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
++ }
++ else
++ pr0 = r0;
++ if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
++
++ /* set up d for correct BN_FLG_CONSTTIME flag */
++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
++ {
++ d = &local_d;
++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
++ }
++ else
++ d = rsa->d;
++
++ /* calculate d mod (p-1) */
++ if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
++
++ /* calculate d mod (q-1) */
++ if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
++
++ /* calculate inverse of q mod p */
++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
++ {
++ p = &local_p;
++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
++ }
++ else
++ p = rsa->p;
++ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
++
++ if (fips_rsa_pairwise_fail)
++ BN_add_word(rsa->n, 1);
++
++ if(!fips_check_rsa(rsa))
++ goto err;
++
++ ok=1;
++err:
++ if (ok == -1)
++ {
++ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
++ ok = 0;
++ }
++ if (ctx != NULL)
++ {
++ BN_CTX_end(ctx);
++ BN_CTX_free(ctx);
++ }
++
++ return ok;
++ }
++#endif
++
+ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+ {
+ BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
+@@ -176,17 +393,12 @@ static int rsa_builtin_keygen(RSA *rsa,
+ #ifdef OPENSSL_FIPS
+ if (FIPS_module_mode())
+ {
+- if(FIPS_selftest_failed())
+- {
+- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
+- return 0;
+- }
+-
+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
+ {
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
+ return 0;
+ }
++ return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
+ }
+ #endif
+
+@@ -301,17 +513,6 @@ static int rsa_builtin_keygen(RSA *rsa,
+ p = rsa->p;
+ if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
+
+-#ifdef OPENSSL_FIPS
+- if (FIPS_module_mode())
+- {
+- if (fips_rsa_pairwise_fail)
+- BN_add_word(rsa->n, 1);
+-
+- if(!fips_check_rsa(rsa))
+- goto err;
+- }
+-#endif
+-
+ ok=1;
+ err:
+ if (ok == -1)
+diff -up openssl-1.0.1i/ssl/t1_enc.c.fips-reqs openssl-1.0.1i/ssl/t1_enc.c
+--- openssl-1.0.1i/ssl/t1_enc.c.fips-reqs 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/ssl/t1_enc.c 2014-08-07 11:25:28.841889173 +0200
+@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
+ err:
+ return ret;
+ }
++
++int private_tls1_PRF(long digest_mask,
++ const void *seed1, int seed1_len,
++ const void *seed2, int seed2_len,
++ const void *seed3, int seed3_len,
++ const void *seed4, int seed4_len,
++ const void *seed5, int seed5_len,
++ const unsigned char *sec, int slen,
++ unsigned char *out1,
++ unsigned char *out2, int olen)
++ {
++ return tls1_PRF(digest_mask,
++ seed1, seed1_len,
++ seed2, seed2_len,
++ seed3, seed3_len,
++ seed4, seed4_len,
++ seed5, seed5_len,
++ sec, slen,
++ out1, out2, olen);
++ }
++
+ static int tls1_generate_key_block(SSL *s, unsigned char *km,
+ unsigned char *tmp, int num)
+ {
diff --git a/openssl-1.0.1i-trusted-first.patch b/openssl-1.0.1i-trusted-first.patch
new file mode 100644
index 0000000..f11f36d
--- /dev/null
+++ b/openssl-1.0.1i-trusted-first.patch
@@ -0,0 +1,330 @@
+diff -up openssl-1.0.1i/apps/apps.c.trusted-first openssl-1.0.1i/apps/apps.c
+--- openssl-1.0.1i/apps/apps.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/apps/apps.c 2014-08-07 13:54:27.751103405 +0200
+@@ -2365,6 +2365,8 @@ int args_verify(char ***pargs, int *parg
+ flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
++ else if (!strcmp(arg, "-trusted_first"))
++ flags |= X509_V_FLAG_TRUSTED_FIRST;
+ else
+ return 0;
+
+diff -up openssl-1.0.1i/apps/cms.c.trusted-first openssl-1.0.1i/apps/cms.c
+--- openssl-1.0.1i/apps/cms.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/apps/cms.c 2014-08-07 13:54:27.751103405 +0200
+@@ -642,6 +642,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1i/apps/ocsp.c.trusted-first openssl-1.0.1i/apps/ocsp.c
+--- openssl-1.0.1i/apps/ocsp.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/apps/ocsp.c 2014-08-07 13:54:27.752103409 +0200
+@@ -605,6 +605,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-path path to use in OCSP request\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ BIO_printf (bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
+diff -up openssl-1.0.1i/apps/s_client.c.trusted-first openssl-1.0.1i/apps/s_client.c
+--- openssl-1.0.1i/apps/s_client.c.trusted-first 2014-08-07 13:54:27.752103409 +0200
++++ openssl-1.0.1i/apps/s_client.c 2014-08-07 15:06:28.443918055 +0200
+@@ -299,6 +299,7 @@ static void sc_usage(void)
+ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
++ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
+ BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err," -prexit - print session information even on connection failure\n");
+diff -up openssl-1.0.1i/apps/smime.c.trusted-first openssl-1.0.1i/apps/smime.c
+--- openssl-1.0.1i/apps/smime.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/apps/smime.c 2014-08-07 13:54:27.753103414 +0200
+@@ -479,6 +479,7 @@ int MAIN(int argc, char **argv)
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
++ BIO_printf (bio_err, "-trusted_first use trusted certificates first when building the trust chain\n");
+ BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+ #ifndef OPENSSL_NO_ENGINE
+diff -up openssl-1.0.1i/apps/s_server.c.trusted-first openssl-1.0.1i/apps/s_server.c
+--- openssl-1.0.1i/apps/s_server.c.trusted-first 2014-08-07 13:54:27.718103241 +0200
++++ openssl-1.0.1i/apps/s_server.c 2014-08-07 13:54:27.753103414 +0200
+@@ -502,6 +502,7 @@ static void sv_usage(void)
+ BIO_printf(bio_err," -state - Print the SSL states\n");
+ BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
++ BIO_printf(bio_err," -trusted_first - Use trusted CA's first when building the trust chain\n");
+ BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
+ BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
+ BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
+diff -up openssl-1.0.1i/apps/s_time.c.trusted-first openssl-1.0.1i/apps/s_time.c
+--- openssl-1.0.1i/apps/s_time.c.trusted-first 2014-08-07 13:54:27.432101823 +0200
++++ openssl-1.0.1i/apps/s_time.c 2014-08-07 13:54:27.753103414 +0200
+@@ -179,6 +179,7 @@ static void s_time_usage(void)
+ file if not specified by this option\n\
+ -CApath arg - PEM format directory of CA's\n\
+ -CAfile arg - PEM format file of CA's\n\
++-trusted_first - Use trusted CA's first when building the trust chain\n\
+ -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
+
+ printf( "usage: s_time <args>\n\n" );
+diff -up openssl-1.0.1i/apps/ts.c.trusted-first openssl-1.0.1i/apps/ts.c
+--- openssl-1.0.1i/apps/ts.c.trusted-first 2014-08-07 13:54:27.707103186 +0200
++++ openssl-1.0.1i/apps/ts.c 2014-08-07 13:54:27.753103414 +0200
+@@ -383,7 +383,7 @@ int MAIN(int argc, char **argv)
+ "ts -verify [-data file_to_hash] [-digest digest_bytes] "
+ "[-queryfile request.tsq] "
+ "-in response.tsr [-token_in] "
+- "-CApath ca_path -CAfile ca_file.pem "
++ "-CApath ca_path -CAfile ca_file.pem -trusted_first"
+ "-untrusted cert_file.pem\n");
+ cleanup:
+ /* Clean up. */
+diff -up openssl-1.0.1i/apps/verify.c.trusted-first openssl-1.0.1i/apps/verify.c
+--- openssl-1.0.1i/apps/verify.c.trusted-first 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/apps/verify.c 2014-08-07 13:54:27.754103419 +0200
+@@ -237,7 +237,7 @@ int MAIN(int argc, char **argv)
+
+ end:
+ if (ret == 1) {
+- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
++ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]");
+ BIO_printf(bio_err," [-attime timestamp]");
+ #ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," [-engine e]");
+diff -up openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.c
+--- openssl-1.0.1i/crypto/x509/x509_vfy.c.trusted-first 2014-08-07 13:54:27.716103231 +0200
++++ openssl-1.0.1i/crypto/x509/x509_vfy.c 2014-08-07 13:54:27.754103419 +0200
+@@ -207,6 +207,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+
+ /* If we are self signed, we break */
+ if (ctx->check_issued(ctx, x,x)) break;
++ /* If asked see if we can find issuer in trusted store first */
++ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
++ {
++ ok = ctx->get_issuer(&xtmp, ctx, x);
++ if (ok < 0)
++ return ok;
++ /* If successful for now free up cert so it
++ * will be picked up again later.
++ */
++ if (ok > 0)
++ {
++ X509_free(xtmp);
++ break;
++ }
++ }
+
+ /* If we were passed a cert chain, use it first */
+ if (ctx->untrusted != NULL)
+diff -up openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first openssl-1.0.1i/crypto/x509/x509_vfy.h
+--- openssl-1.0.1i/crypto/x509/x509_vfy.h.trusted-first 2014-08-07 13:54:27.360101466 +0200
++++ openssl-1.0.1i/crypto/x509/x509_vfy.h 2014-08-07 13:54:27.754103419 +0200
+@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE
+ #define X509_V_FLAG_USE_DELTAS 0x2000
+ /* Check selfsigned CA signature */
+ #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
++/* Use trusted store first */
++#define X509_V_FLAG_TRUSTED_FIRST 0x8000
+
+
+ #define X509_VP_FLAG_DEFAULT 0x1
+diff -up openssl-1.0.1i/doc/apps/cms.pod.trusted-first openssl-1.0.1i/doc/apps/cms.pod
+--- openssl-1.0.1i/doc/apps/cms.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/apps/cms.pod 2014-08-07 13:54:27.754103419 +0200
+@@ -35,6 +35,7 @@ B<openssl> B<cms>
+ [B<-print>]
+ [B<-CAfile file>]
+ [B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-md digest>]
+ [B<-[cipher]>]
+ [B<-nointern>]
+@@ -243,6 +244,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before untrusted certificates
++from the message when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first openssl-1.0.1i/doc/apps/ocsp.pod
+--- openssl-1.0.1i/doc/apps/ocsp.pod.trusted-first 2014-08-07 13:54:27.708103191 +0200
++++ openssl-1.0.1i/doc/apps/ocsp.pod 2014-08-07 13:54:27.755103424 +0200
+@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
+ [B<-path>]
+ [B<-CApath dir>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-VAfile file>]
+ [B<-validity_period n>]
+ [B<-status_age n>]
+@@ -138,6 +139,13 @@ or "/" by default.
+ file or pathname containing trusted CA certificates. These are used to verify
+ the signature on the OCSP response.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the response or residing in other certificates file when building the trust
++chain to verify responder certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-verify_other file>
+
+ file containing additional certificates to search when attempting to locate
+diff -up openssl-1.0.1i/doc/apps/s_client.pod.trusted-first openssl-1.0.1i/doc/apps/s_client.pod
+--- openssl-1.0.1i/doc/apps/s_client.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
++++ openssl-1.0.1i/doc/apps/s_client.pod 2014-08-07 13:54:27.755103424 +0200
+@@ -19,6 +19,7 @@ B<openssl> B<s_client>
+ [B<-pass arg>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reconnect>]
+ [B<-pause>]
+ [B<-showcerts>]
+@@ -121,7 +122,7 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+
+-=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
++=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
+
+ Set various certificate chain valiadition option. See the
+ L<B<verify>|verify(1)> manual page for details.
+diff -up openssl-1.0.1i/doc/apps/smime.pod.trusted-first openssl-1.0.1i/doc/apps/smime.pod
+--- openssl-1.0.1i/doc/apps/smime.pod.trusted-first 2014-07-22 21:43:11.000000000 +0200
++++ openssl-1.0.1i/doc/apps/smime.pod 2014-08-07 13:54:27.755103424 +0200
+@@ -15,6 +15,9 @@ B<openssl> B<smime>
+ [B<-pk7out>]
+ [B<-[cipher]>]
+ [B<-in file>]
++[B<-CAfile file>]
++[B<-CApath dir>]
++[B<-trusted_first>]
+ [B<-certfile file>]
+ [B<-signer file>]
+ [B<-recip file>]
+@@ -146,6 +149,12 @@ B<-verify>. This directory must be a sta
+ is a hash of each subject name (using B<x509 -hash>) should be linked
+ to each certificate.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over certificates provided
++in the message when building the trust chain to verify a certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-md digest>
+
+ digest algorithm to use when signing or resigning. If not present then the
+diff -up openssl-1.0.1i/doc/apps/s_server.pod.trusted-first openssl-1.0.1i/doc/apps/s_server.pod
+--- openssl-1.0.1i/doc/apps/s_server.pod.trusted-first 2014-08-07 13:54:27.726103281 +0200
++++ openssl-1.0.1i/doc/apps/s_server.pod 2014-08-07 15:07:12.315099577 +0200
+@@ -33,6 +33,7 @@ B<openssl> B<s_server>
+ [B<-state>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-nocert>]
+ [B<-cipher cipherlist>]
+ [B<-serverpref>]
+@@ -178,6 +179,12 @@ and to use when attempting to build the
+ is also used in the list of acceptable client CAs passed to the client when
+ a certificate is requested.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates
++when building the trust chain to verify client certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-state>
+
+ prints out the SSL session states.
+diff -up openssl-1.0.1i/doc/apps/s_time.pod.trusted-first openssl-1.0.1i/doc/apps/s_time.pod
+--- openssl-1.0.1i/doc/apps/s_time.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
++++ openssl-1.0.1i/doc/apps/s_time.pod 2014-08-07 13:54:27.755103424 +0200
+@@ -14,6 +14,7 @@ B<openssl> B<s_time>
+ [B<-key filename>]
+ [B<-CApath directory>]
+ [B<-CAfile filename>]
++[B<-trusted_first>]
+ [B<-reuse>]
+ [B<-new>]
+ [B<-verify depth>]
+@@ -76,6 +77,12 @@ also used when building the client certi
+ A file containing trusted certificates to use during server authentication
+ and to use when attempting to build the client certificate chain.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory over the certificates provided
++by the server when building the trust chain to verify server certificate.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-new>
+
+ performs the timing test using a new session ID for each connection.
+diff -up openssl-1.0.1i/doc/apps/ts.pod.trusted-first openssl-1.0.1i/doc/apps/ts.pod
+--- openssl-1.0.1i/doc/apps/ts.pod.trusted-first 2014-07-22 21:41:23.000000000 +0200
++++ openssl-1.0.1i/doc/apps/ts.pod 2014-08-07 13:54:27.756103429 +0200
+@@ -46,6 +46,7 @@ B<-verify>
+ [B<-token_in>]
+ [B<-CApath> trusted_cert_path]
+ [B<-CAfile> trusted_certs.pem]
++[B<-trusted_first>]
+ [B<-untrusted> cert_file.pem]
+
+ =head1 DESCRIPTION
+@@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional de
+ or B<-CApath> must be specified.
+ (Optional)
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before other certificates
++when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-untrusted> cert_file.pem
+
+ Set of additional untrusted certificates in PEM format which may be
+diff -up openssl-1.0.1i/doc/apps/verify.pod.trusted-first openssl-1.0.1i/doc/apps/verify.pod
+--- openssl-1.0.1i/doc/apps/verify.pod.trusted-first 2014-08-06 23:10:56.000000000 +0200
++++ openssl-1.0.1i/doc/apps/verify.pod 2014-08-07 13:54:27.756103429 +0200
+@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
+ B<openssl> B<verify>
+ [B<-CApath directory>]
+ [B<-CAfile file>]
++[B<-trusted_first>]
+ [B<-purpose purpose>]
+ [B<-policy arg>]
+ [B<-ignore_critical>]
+@@ -56,6 +57,12 @@ in PEM format concatenated together.
+ A file of untrusted certificates. The file should contain multiple certificates
+ in PEM format concatenated together.
+
++=item B<-trusted_first>
++
++Use certificates in CA file or CA directory before the certificates in the untrusted
++file when building the trust chain to verify certificates.
++This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
++
+ =item B<-purpose purpose>
+
+ The intended use for the certificate. If this option is not specified,
diff --git a/openssl.spec b/openssl.spec
index 88fca31..e58b9a7 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,8 +22,8 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 1.0.1h
-Release: 6%{?dist}
+Version: 1.0.1i
+Release: 1%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -56,12 +56,11 @@ Patch24: openssl-1.0.1e-issuer-hash.patch
Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
Patch35: openssl-0.9.8j-version-add-engines.patch
-Patch36: openssl-1.0.0e-doc-noeof.patch
Patch39: openssl-1.0.1h-ipv6-apps.patch
Patch40: openssl-1.0.1g-fips.patch
Patch45: openssl-1.0.1e-env-zlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
-Patch49: openssl-1.0.1a-algo-doc.patch
+Patch49: openssl-1.0.1i-algo-doc.patch
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
Patch51: openssl-1.0.1e-version.patch
Patch56: openssl-1.0.0c-rsa-x931.patch
@@ -73,22 +72,19 @@ Patch66: openssl-1.0.1-pkgconfig-krb5.patch
Patch68: openssl-1.0.1e-secure-getenv.patch
Patch69: openssl-1.0.1c-dh-1024.patch
Patch70: openssl-1.0.1e-fips-ec.patch
-Patch71: openssl-1.0.1h-manfix.patch
+Patch71: openssl-1.0.1i-manfix.patch
Patch72: openssl-1.0.1e-fips-ctor.patch
Patch73: openssl-1.0.1e-ecc-suiteb.patch
Patch74: openssl-1.0.1e-no-md5-verify.patch
Patch75: openssl-1.0.1e-compat-symbols.patch
-Patch76: openssl-1.0.1g-new-fips-reqs.patch
+Patch76: openssl-1.0.1i-new-fips-reqs.patch
Patch77: openssl-1.0.1e-weak-ciphers.patch
-Patch78: openssl-1.0.1g-3des-strength.patch
Patch90: openssl-1.0.1e-enc-fail.patch
-Patch91: openssl-1.0.1e-ssl2-no-ec.patch
Patch92: openssl-1.0.1h-system-cipherlist.patch
Patch93: openssl-1.0.1h-disable-sslv2v3.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
-Patch82: openssl-1.0.1h-session-resumption.patch
-Patch84: openssl-1.0.1e-trusted-first.patch
+Patch84: openssl-1.0.1i-trusted-first.patch
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
Patch89: openssl-1.0.1e-ephemeral-key-size.patch
@@ -181,7 +177,6 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch33 -p1 -b .ca-dir
%patch34 -p1 -b .x509
%patch35 -p1 -b .version-add-engines
-%patch36 -p1 -b .doc-noeof
%patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .fips
%patch45 -p1 -b .env-zlib
@@ -205,14 +200,11 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch75 -p1 -b .compat
%patch76 -p1 -b .fips-reqs
%patch77 -p1 -b .weak-ciphers
-%patch78 -p1 -b .3des-strength
%patch90 -p1 -b .enc-fail
-%patch91 -p1 -b .ssl2noec
%patch92 -p1 -b .system
%patch93 -p1 -b .v2v3
%patch81 -p1 -b .padlock64
-%patch82 -p1 -b .resumption
%patch84 -p1 -b .trusted-first
%patch85 -p1 -b .armcap
%patch89 -p1 -b .ephemeral
@@ -483,6 +475,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Aug 7 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1i-1
+- new upstream release fixing multiple moderate security issues
+- for now disable only SSLv2 by default
+
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> 1.0.1h-6
- fix license handling
diff --git a/sources b/sources
index 5c377fa..b97a288 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-4ea0f231c61b9c66642176cdc033b386 openssl-1.0.1h-hobbled.tar.xz
+c152e5284765c3325301a62b01a48fc0 openssl-1.0.1i-hobbled.tar.xz
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: Merge branch 'master' into f21 Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox