File openssl-1.1.0-fips.patch of Package openssl-1_1.16402

Index: openssl-1.1.0i/apps/speed.c
===================================================================
--- openssl-1.1.0i.orig/apps/speed.c	2019-01-18 12:57:57.217962026 +0100
+++ openssl-1.1.0i/apps/speed.c	2019-01-18 13:05:35.848875581 +0100
@@ -1467,6 +1467,8 @@ int speed_main(int argc, char **argv)
         if (strcmp(*argv, "rsa") == 0) {
             for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
                 rsa_doit[loop] = 1;
+            if (FIPS_mode())
+                rsa_doit[R_RSA_512] = 0;
             continue;
         }
         if (found(*argv, rsa_choices, &i)) {
@@ -1476,7 +1478,9 @@ int speed_main(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_DSA
         if (strcmp(*argv, "dsa") == 0) {
-            dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
+            if (!FIPS_mode())
+                dsa_doit[R_DSA_512] = 1;
+            dsa_doit[R_DSA_1024] =
                 dsa_doit[R_DSA_2048] = 1;
             continue;
         }
@@ -1565,15 +1569,21 @@ int speed_main(int argc, char **argv)
     /* No parameters; turn on everything. */
     if ((argc == 0) && !doit[D_EVP]) {
         for (i = 0; i < ALGOR_NUM; i++)
-            if (i != D_EVP)
+            if (i != D_EVP &&
+                (!FIPS_mode() || (i != D_WHIRLPOOL &&
+                                  i != D_MD2 && i != D_MD4 &&
+                                  i != D_MD5 && i != D_MDC2 &&
+                                  i != D_RMD160)))
                 doit[i] = 1;
 #ifndef OPENSSL_NO_RSA
         for (i = 0; i < RSA_NUM; i++)
-            rsa_doit[i] = 1;
+            if (!FIPS_mode() || i != R_RSA_512)
+                rsa_doit[i] = 1;
 #endif
 #ifndef OPENSSL_NO_DSA
         for (i = 0; i < DSA_NUM; i++)
-            dsa_doit[i] = 1;
+            if (!FIPS_mode() || i != R_DSA_512)
+                dsa_doit[i] = 1;
 #endif
 #ifndef OPENSSL_NO_EC
         for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
@@ -1622,30 +1632,46 @@ int speed_main(int argc, char **argv)
     AES_set_encrypt_key(key24, 192, &aes_ks2);
     AES_set_encrypt_key(key32, 256, &aes_ks3);
 #ifndef OPENSSL_NO_CAMELLIA
-    Camellia_set_key(key16, 128, &camellia_ks1);
-    Camellia_set_key(ckey24, 192, &camellia_ks2);
-    Camellia_set_key(ckey32, 256, &camellia_ks3);
+    if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) {
+        Camellia_set_key(key16, 128, &camellia_ks1);
+        Camellia_set_key(ckey24, 192, &camellia_ks2);
+        Camellia_set_key(ckey32, 256, &camellia_ks3);
+    }
 #endif
 #ifndef OPENSSL_NO_IDEA
-    IDEA_set_encrypt_key(key16, &idea_ks);
+    if (doit[D_CBC_IDEA]) {
+        IDEA_set_encrypt_key(key16, &idea_ks);
+    }
 #endif
 #ifndef OPENSSL_NO_SEED
-    SEED_set_key(key16, &seed_ks);
+    if (doit[D_CBC_SEED]) {
+        SEED_set_key(key16, &seed_ks);
+    }
 #endif
 #ifndef OPENSSL_NO_RC4
-    RC4_set_key(&rc4_ks, 16, key16);
+   if (doit[D_RC4]) {
+        RC4_set_key(&rc4_ks, 16, key16);
+    }
 #endif
 #ifndef OPENSSL_NO_RC2
-    RC2_set_key(&rc2_ks, 16, key16, 128);
+    if (doit[D_CBC_RC2]) {
+        RC2_set_key(&rc2_ks, 16, key16, 128);
+    }
 #endif
 #ifndef OPENSSL_NO_RC5
-    RC5_32_set_key(&rc5_ks, 16, key16, 12);
+    if (doit[D_CBC_RC5]) {
+        RC5_32_set_key(&rc5_ks, 16, key16, 12);
+    }
 #endif
 #ifndef OPENSSL_NO_BF
-    BF_set_key(&bf_ks, 16, key16);
+    if (doit[D_CBC_BF]) {
+        BF_set_key(&bf_ks, 16, key16);
+    }
 #endif
 #ifndef OPENSSL_NO_CAST
-    CAST_set_key(&cast_ks, 16, key16);
+    if (doit[D_CBC_CAST]) {
+        CAST_set_key(&cast_ks, 16, key16);
+    }
 #endif
 #ifndef SIGALRM
 # ifndef OPENSSL_NO_DES
@@ -1908,6 +1934,7 @@ int speed_main(int argc, char **argv)
 
         for (i = 0; i < loopargs_len; i++) {
             loopargs[i].hctx = HMAC_CTX_new();
+            HMAC_CTX_set_flags(loopargs[i].hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
             if (loopargs[i].hctx == NULL) {
                 BIO_printf(bio_err, "HMAC malloc failure, exiting...");
                 exit(1);
Index: openssl-1.1.0i/Configure
===================================================================
--- openssl-1.1.0i.orig/Configure	2019-01-18 12:57:57.217962026 +0100
+++ openssl-1.1.0i/Configure	2019-01-18 12:58:06.818013572 +0100
@@ -313,7 +313,7 @@ $config{sdirs} = [
     "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
     "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
     "bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
-    "buffer", "bio", "stack", "lhash", "rand", "err",
+    "buffer", "bio", "stack", "lhash", "rand", "err", "fips",
     "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
     "cms", "ts", "srp", "cmac", "ct", "async", "kdf"
     ];
Index: openssl-1.1.0i/crypto/bn/bn_rand.c
===================================================================
--- openssl-1.1.0i.orig/crypto/bn/bn_rand.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/bn/bn_rand.c	2019-01-18 12:58:06.818013572 +0100
@@ -39,9 +39,11 @@ static int bnrand(int pseudorand, BIGNUM
         goto err;
     }
 
-    /* make a random number and set the top and bottom bits */
-    time(&tim);
-    RAND_add(&tim, sizeof(tim), 0.0);
+    if (!FIPS_mode()) {         /* in FIPS mode the RNG is always properly seeded or the module fails */
+        /* make a random number and set the top and bottom bits */
+        time(&tim);
+        RAND_add(&tim, sizeof(tim), 0.0);
+    }
 
     if (RAND_bytes(buf, bytes) <= 0)
         goto err;
Index: openssl-1.1.0i/crypto/dh/dh_err.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dh/dh_err.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/dh/dh_err.c	2019-01-18 12:58:06.822013592 +0100
@@ -25,6 +25,9 @@ static ERR_STRING_DATA DH_str_functs[] =
     {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"},
     {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"},
     {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"},
+    {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+    {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
+    {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"},
     {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"},
     {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"},
     {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"},
@@ -49,9 +52,11 @@ static ERR_STRING_DATA DH_str_reasons[]
     {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
     {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
     {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
     {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
     {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"},
     {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_REASON(DH_R_NON_FIPS_METHOD), "non FIPS method"},
     {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
     {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
     {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
Index: openssl-1.1.0i/crypto/dh/dh_gen.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dh/dh_gen.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/dh/dh_gen.c	2019-01-18 12:58:06.822013592 +0100
@@ -16,6 +16,9 @@
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include "dh_locl.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
 
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
                                 BN_GENCB *cb);
@@ -23,6 +26,13 @@ static int dh_builtin_genparams(DH *ret,
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
                               BN_GENCB *cb)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
+        && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+        DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
+        return 0;
+    }
+#endif
     if (ret->meth->generate_params)
         return ret->meth->generate_params(ret, prime_len, generator, cb);
     return dh_builtin_genparams(ret, prime_len, generator, cb);
@@ -62,6 +72,18 @@ static int dh_builtin_genparams(DH *ret,
     int g, ok = -1;
     BN_CTX *ctx = NULL;
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS, FIPS_R_FIPS_SELFTEST_FAILED);
+        return 0;
+    }
+
+    if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN)) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
+        goto err;
+    }
+#endif
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
Index: openssl-1.1.0i/crypto/dh/dh_key.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dh/dh_key.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/dh/dh_key.c	2019-01-18 12:58:06.822013592 +0100
@@ -11,6 +11,9 @@
 #include "internal/cryptlib.h"
 #include "dh_locl.h"
 #include "internal/bn_int.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
@@ -22,18 +25,32 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
+        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+        DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
+        return 0;
+    }
+#endif
     return dh->meth->generate_key(dh);
 }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
+        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+        DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
+        return 0;
+    }
+#endif
     return dh->meth->compute_key(key, pub_key, dh);
 }
 
 int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
     int rv, pad;
-    rv = dh->meth->compute_key(key, pub_key, dh);
+    rv = DH_compute_key(key, pub_key, dh);
     if (rv <= 0)
         return rv;
     pad = BN_num_bytes(dh->p) - rv;
@@ -87,6 +104,14 @@ static int generate_key(DH *dh)
         return 0;
     }
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode()
+        && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+#endif
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -170,6 +195,13 @@ static int compute_key(unsigned char *ke
         DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
         goto err;
     }
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode()
+        && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
+        goto err;
+    }
+#endif
 
     ctx = BN_CTX_new();
     if (ctx == NULL)
@@ -221,6 +253,9 @@ static int dh_bn_mod_exp(const DH *dh, B
 
 static int dh_init(DH *dh)
 {
+#ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+#endif
     dh->flags |= DH_FLAG_CACHE_MONT_P;
     return (1);
 }
Index: openssl-1.1.0i/crypto/dsa/dsa_err.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dsa/dsa_err.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/dsa/dsa_err.c	2019-01-18 12:58:06.822013592 +0100
@@ -21,10 +21,13 @@
 static ERR_STRING_DATA DSA_str_functs[] = {
     {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
     {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+    {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "dsa_builtin_keygen"},
     {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "dsa_builtin_paramgen"},
     {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
     {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
     {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+    {ERR_FUNC(DSA_F_DSA_GENERATE_KEY), "DSA_generate_key"},
+    {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX), "DSA_generate_parameters_ex"},
     {ERR_FUNC(DSA_F_DSA_METH_DUP), "DSA_meth_dup"},
     {ERR_FUNC(DSA_F_DSA_METH_NEW), "DSA_meth_new"},
     {ERR_FUNC(DSA_F_DSA_METH_SET1_NAME), "DSA_meth_set1_name"},
@@ -52,9 +55,12 @@ static ERR_STRING_DATA DSA_str_reasons[]
     {ERR_REASON(DSA_R_DECODE_ERROR), "decode error"},
     {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE), "invalid digest type"},
     {ERR_REASON(DSA_R_INVALID_PARAMETERS), "invalid parameters"},
+    {ERR_REASON(DSA_R_KEY_SIZE_INVALID), "key size invalid"},
+    {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
     {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
     {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
     {ERR_REASON(DSA_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"},
     {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
     {ERR_REASON(DSA_R_Q_NOT_PRIME), "q not prime"},
     {ERR_REASON(DSA_R_SEED_LEN_SMALL),
Index: openssl-1.1.0i/crypto/dsa/dsa_gen.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dsa/dsa_gen.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/dsa/dsa_gen.c	2019-01-18 12:58:06.822013592 +0100
@@ -22,12 +22,22 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 #include "dsa_locl.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                                const unsigned char *seed_in, int seed_len,
                                int *counter_ret, unsigned long *h_ret,
                                BN_GENCB *cb)
 {
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
+        && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
+        return 0;
+    }
+# endif
     if (ret->meth->dsa_paramgen)
         return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                        counter_ret, h_ret, cb);
@@ -35,9 +45,15 @@ int DSA_generate_parameters_ex(DSA *ret,
         const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
         size_t qbits = EVP_MD_size(evpmd) * 8;
 
+# ifdef OPENSSL_FIPS
+        return dsa_builtin_paramgen2(ret, bits, qbits, evpmd,
+                          seed_in, seed_len, -1, NULL, counter_ret,
+                          h_ret, cb);
+# else
         return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
                                     seed_in, seed_len, NULL, counter_ret,
                                     h_ret, cb);
+# endif
     }
 }
 
@@ -310,7 +326,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
                           int *counter_ret, unsigned long *h_ret,
                           BN_GENCB *cb)
 {
-    int ok = -1;
+    int ok = 0;
     unsigned char *seed = NULL, *seed_tmp = NULL;
     unsigned char md[EVP_MAX_MD_SIZE];
     int mdsize;
@@ -327,6 +343,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
     if (mctx == NULL)
         goto err;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN2, FIPS_R_FIPS_SELFTEST_FAILED);
+        goto err;
+    }
+
+    if (FIPS_mode() && (L != 1024 || N != 160) &&
+        (L != 2048 || N != 224) && (L != 2048 || N != 256) &&
+        (L != 3072 || N != 256)) {
+        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_KEY_SIZE_INVALID);
+        goto err;
+    }
+# endif
+
     if (evpmd == NULL) {
         if (N == 160)
             evpmd = EVP_sha1();
@@ -427,9 +457,10 @@ int dsa_builtin_paramgen2(DSA *ret, size
                 goto err;
             /* Provided seed didn't produce a prime: error */
             if (seed_in) {
-                ok = 0;
-                DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);
-                goto err;
+                /* Different seed_out will indicate that seed_in
+                 * did not generate primes.
+                 */
+                seed_in = NULL;
             }
 
             /* do a callback call */
@@ -515,11 +546,14 @@ int dsa_builtin_paramgen2(DSA *ret, size
             if (counter >= (int)(4 * L))
                 break;
         }
+#if 0
+        /* Cannot happen */
         if (seed_in) {
             ok = 0;
             DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
             goto err;
         }
+#endif
     }
  end:
     if (!BN_GENCB_call(cb, 2, 1))
@@ -590,7 +624,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
         BN_free(ret->g);
         ret->g = BN_dup(g);
         if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
-            ok = -1;
+            ok = 0;
             goto err;
         }
         if (counter_ret != NULL)
@@ -608,3 +642,53 @@ int dsa_builtin_paramgen2(DSA *ret, size
     EVP_MD_CTX_free(mctx);
     return ok;
 }
+
+#ifdef OPENSSL_FIPS
+
+int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                               const EVP_MD *evpmd, const unsigned char *seed_in,
+                               size_t seed_len, int idx, unsigned char *seed_out,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb)
+{
+    return dsa_builtin_paramgen2(ret, L, N, evpmd, seed_in, seed_len,
+        idx, seed_out, counter_ret, h_ret, cb);
+}
+
+int FIPS_dsa_paramgen_check_g(DSA *dsa)
+{
+    BN_CTX *ctx;
+    BIGNUM *tmp;
+    BN_MONT_CTX *mont = NULL;
+    int rv = -1;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        return -1;
+    BN_CTX_start(ctx);
+    if (BN_cmp(dsa->g, BN_value_one()) <= 0)
+        return 0;
+    if (BN_cmp(dsa->g, dsa->p) >= 0)
+        return 0;
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+    if ((mont=BN_MONT_CTX_new()) == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont,dsa->p,ctx))
+        goto err;
+    /* Work out g^q mod p */
+    if (!BN_mod_exp_mont(tmp,dsa->g,dsa->q, dsa->p, ctx, mont))
+        goto err;
+    if (!BN_cmp(tmp, BN_value_one()))
+        rv = 1;
+    else
+        rv = 0;
+ err:
+    BN_CTX_end(ctx);
+    BN_MONT_CTX_free(mont);
+    BN_CTX_free(ctx);
+    return rv;
+}
+
+#endif
Index: openssl-1.1.0i/crypto/dsa/dsa_key.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dsa/dsa_key.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/dsa/dsa_key.c	2019-01-18 12:58:06.822013592 +0100
@@ -13,10 +13,49 @@
 #include <openssl/bn.h>
 #include "dsa_locl.h"
 
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+
+static int fips_check_dsa(DSA *dsa)
+{
+    EVP_PKEY *pk;
+    unsigned char tbs[] = "DSA Pairwise Check Data";
+    int ret = 0;
+
+    if ((pk = EVP_PKEY_new()) == NULL)
+        goto err;
+
+    EVP_PKEY_set1_DSA(pk, dsa);
+
+    if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
+        ret = 1;
+
+ err:
+    if (ret == 0) {
+        FIPSerr(FIPS_F_FIPS_CHECK_DSA, FIPS_R_PAIRWISE_TEST_FAILED);
+        fips_set_selftest_fail();
+    }
+
+    if (pk)
+        EVP_PKEY_free(pk);
+
+    return ret;
+}
+
+#endif
+
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
+        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
+        return 0;
+    }
+#endif
     if (dsa->meth->dsa_keygen)
         return dsa->meth->dsa_keygen(dsa);
     return dsa_builtin_keygen(dsa);
@@ -28,6 +67,14 @@ static int dsa_builtin_keygen(DSA *dsa)
     BN_CTX *ctx = NULL;
     BIGNUM *pub_key = NULL, *priv_key = NULL;
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
+        && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN)) {
+        DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+        goto err;
+    }
+#endif
+
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
 
@@ -65,6 +112,13 @@ static int dsa_builtin_keygen(DSA *dsa)
 
     dsa->priv_key = priv_key;
     dsa->pub_key = pub_key;
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !fips_check_dsa(dsa)) {
+        dsa->pub_key = NULL;
+        dsa->priv_key = NULL;
+        goto err;
+    }
+#endif
     ok = 1;
 
  err:
Index: openssl-1.1.0i/crypto/dsa/dsa_ossl.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dsa/dsa_ossl.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/dsa/dsa_ossl.c	2019-01-18 12:59:10.566418690 +0100
@@ -15,6 +15,9 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
 #include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
@@ -67,6 +70,19 @@ static DSA_SIG *dsa_do_sign(const unsign
     DSA_SIG *ret = NULL;
     int rv = 0;
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_DSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED);
+        return NULL;
+    }
+
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
+        && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
+        return NULL;
+    }
+#endif
+
     if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
         reason = DSA_R_MISSING_PARAMETERS;
         goto err;
@@ -298,6 +314,18 @@ static int dsa_do_verify(const unsigned
         DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
         return -1;
     }
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_DSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED);
+        return -1;
+    }
+
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
+        && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
+        return -1;
+    }
+#endif
 
     if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
         DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
@@ -386,6 +414,9 @@ static int dsa_do_verify(const unsigned
 
 static int dsa_init(DSA *dsa)
 {
+#ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+#endif
     dsa->flags |= DSA_FLAG_CACHE_MONT_P;
     return (1);
 }
Index: openssl-1.1.0i/crypto/dsa/dsa_pmeth.c
===================================================================
--- openssl-1.1.0i.orig/crypto/dsa/dsa_pmeth.c	2019-01-18 12:57:57.221962048 +0100
+++ openssl-1.1.0i/crypto/dsa/dsa_pmeth.c	2019-01-18 12:58:06.822013592 +0100
@@ -208,8 +208,8 @@ static int pkey_dsa_paramgen(EVP_PKEY_CT
         BN_GENCB_free(pcb);
         return 0;
     }
-    ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-                               NULL, 0, NULL, NULL, NULL, pcb);
+    ret = dsa_builtin_paramgen2(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+                               NULL, 0, -1, NULL, NULL, NULL, pcb);
     BN_GENCB_free(pcb);
     if (ret)
         EVP_PKEY_assign_DSA(pkey, dsa);
Index: openssl-1.1.0i/crypto/ec/ecdh_ossl.c
===================================================================
--- openssl-1.1.0i.orig/crypto/ec/ecdh_ossl.c	2019-01-18 12:57:57.225962068 +0100
+++ openssl-1.1.0i/crypto/ec/ecdh_ossl.c	2019-01-18 12:58:06.826013614 +0100
@@ -33,9 +33,20 @@
 #include <openssl/ec.h>
 #include "ec_lcl.h"
 
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
 int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
                           const EC_POINT *pub_key, const EC_KEY *ecdh)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_ECDH_COMPUTE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
+        return -1;
+    }
+#endif
+
     if (ecdh->group->meth->ecdh_compute_key == NULL) {
         ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
         return 0;
Index: openssl-1.1.0i/crypto/ec/ecdsa_ossl.c
===================================================================
--- openssl-1.1.0i.orig/crypto/ec/ecdsa_ossl.c	2019-01-18 12:57:57.225962068 +0100
+++ openssl-1.1.0i/crypto/ec/ecdsa_ossl.c	2019-01-18 12:58:06.826013614 +0100
@@ -14,6 +14,10 @@
 #include "internal/bn_int.h"
 #include "ec_lcl.h"
 
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
 int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
                     unsigned char *sig, unsigned int *siglen,
                     const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
@@ -208,6 +212,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const uns
     ECDSA_SIG *ret;
     const BIGNUM *priv_key;
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_OSSL_ECDSA_SIGN_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
+        return NULL;
+    }
+#endif
+
     group = EC_KEY_get0_group(eckey);
     priv_key = EC_KEY_get0_private_key(eckey);
 
@@ -366,6 +377,13 @@ int ossl_ecdsa_verify_sig(const unsigned
     const EC_GROUP *group;
     const EC_POINT *pub_key;
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_OSSL_ECDSA_VERIFY_SIG, FIPS_R_FIPS_SELFTEST_FAILED);
+        return NULL;
+    }
+#endif
+
     /* check input values */
     if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
         (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
Index: openssl-1.1.0i/crypto/ec/ec_key.c
===================================================================
--- openssl-1.1.0i.orig/crypto/ec/ec_key.c	2019-01-18 12:57:57.225962068 +0100
+++ openssl-1.1.0i/crypto/ec/ec_key.c	2019-01-18 12:58:06.826013614 +0100
@@ -177,14 +177,61 @@ int EC_KEY_up_ref(EC_KEY *r)
     return ((i > 1) ? 1 : 0);
 }
 
+#ifdef OPENSSL_FIPS
+
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+
+static int fips_check_ec(EC_KEY *key)
+{
+    EVP_PKEY *pk;
+    unsigned char tbs[] = "ECDSA Pairwise Check Data";
+    int ret = 0;
+
+    if (!EC_KEY_can_sign(key)) /* no test for non-signing keys */
+        return 1;
+
+    if ((pk = EVP_PKEY_new()) == NULL)
+        goto err;
+
+    EVP_PKEY_set1_EC_KEY(pk, key);
+
+    if (fips_pkey_signature_test(pk, tbs, -1, NULL, 0, NULL, 0, NULL))
+        ret = 1;
+
+ err:
+    if (ret == 0) {
+        FIPSerr(FIPS_F_FIPS_CHECK_EC, FIPS_R_PAIRWISE_TEST_FAILED);
+        fips_set_selftest_fail();
+    }
+    if (pk)
+        EVP_PKEY_free(pk);
+    return ret;
+}
+
+#endif
+
 int EC_KEY_generate_key(EC_KEY *eckey)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(EC_F_EC_KEY_GENERATE_KEY, FIPS_R_FIPS_SELFTEST_FAILED);
+        return 0;
+    }
+#endif
     if (eckey == NULL || eckey->group == NULL) {
         ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
     }
-    if (eckey->meth->keygen != NULL)
-        return eckey->meth->keygen(eckey);
+    if (eckey->meth->keygen != NULL) {
+        int rv = eckey->meth->keygen(eckey);
+#ifdef OPENSSL_FIPS
+        if (rv > 0 && FIPS_mode()) {
+            rv = fips_check_ec(eckey);
+        }
+#endif
+        return rv;
+    }
     ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
     return 0;
 }
Index: openssl-1.1.0i/crypto/err/err_all.c
===================================================================
--- openssl-1.1.0i.orig/crypto/err/err_all.c	2019-01-18 12:57:57.225962068 +0100
+++ openssl-1.1.0i/crypto/err/err_all.c	2019-01-18 12:58:06.826013614 +0100
@@ -43,9 +43,6 @@
 int err_load_crypto_strings_int(void)
 {
     if (
-#ifdef OPENSSL_FIPS
-        FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 ||
-#endif
 #ifndef OPENSSL_NO_ERR
         ERR_load_ERR_strings() == 0 ||    /* include error strings for SYSerr */
         ERR_load_BN_strings() == 0 ||
Index: openssl-1.1.0i/crypto/evp/c_allc.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/c_allc.c	2019-01-18 12:57:57.225962068 +0100
+++ openssl-1.1.0i/crypto/evp/c_allc.c	2019-01-18 12:58:06.826013614 +0100
@@ -17,6 +17,9 @@
 void openssl_add_all_ciphers_int(void)
 {
 
+#ifdef OPENSSL_FIPS
+    if (!FIPS_mode()) {
+#endif
 #ifndef OPENSSL_NO_DES
     EVP_add_cipher(EVP_des_cfb());
     EVP_add_cipher(EVP_des_cfb1());
@@ -217,4 +220,70 @@ void openssl_add_all_ciphers_int(void)
     EVP_add_cipher(EVP_chacha20_poly1305());
 # endif
 #endif
+#ifdef OPENSSL_FIPS
+    } else {
+# ifndef OPENSSL_NO_DES
+        EVP_add_cipher(EVP_des_ede3_cfb());
+
+        EVP_add_cipher(EVP_des_ede3_ofb());
+
+        EVP_add_cipher(EVP_des_ede3_cbc());
+        EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
+        EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
+
+        EVP_add_cipher(EVP_des_ede3());
+        EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+        EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
+        EVP_add_cipher(EVP_des_ede3_wrap());
+        EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
+# endif
+
+# ifndef OPENSSL_NO_AES
+        EVP_add_cipher(EVP_aes_128_ecb());
+        EVP_add_cipher(EVP_aes_128_cbc());
+        EVP_add_cipher(EVP_aes_128_cfb());
+        EVP_add_cipher(EVP_aes_128_cfb1());
+        EVP_add_cipher(EVP_aes_128_cfb8());
+        EVP_add_cipher(EVP_aes_128_ofb());
+        EVP_add_cipher(EVP_aes_128_ctr());
+        EVP_add_cipher(EVP_aes_128_gcm());
+        EVP_add_cipher(EVP_aes_128_xts());
+        EVP_add_cipher(EVP_aes_128_ccm());
+        EVP_add_cipher(EVP_aes_128_wrap());
+        EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
+        EVP_add_cipher(EVP_aes_128_wrap_pad());
+        EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
+        EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
+        EVP_add_cipher(EVP_aes_192_ecb());
+        EVP_add_cipher(EVP_aes_192_cbc());
+        EVP_add_cipher(EVP_aes_192_cfb());
+        EVP_add_cipher(EVP_aes_192_cfb1());
+        EVP_add_cipher(EVP_aes_192_cfb8());
+        EVP_add_cipher(EVP_aes_192_ofb());
+        EVP_add_cipher(EVP_aes_192_ctr());
+        EVP_add_cipher(EVP_aes_192_gcm());
+        EVP_add_cipher(EVP_aes_192_ccm());
+        EVP_add_cipher(EVP_aes_192_wrap());
+        EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
+        EVP_add_cipher(EVP_aes_192_wrap_pad());
+        EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
+        EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
+        EVP_add_cipher(EVP_aes_256_ecb());
+        EVP_add_cipher(EVP_aes_256_cbc());
+        EVP_add_cipher(EVP_aes_256_cfb());
+        EVP_add_cipher(EVP_aes_256_cfb1());
+        EVP_add_cipher(EVP_aes_256_cfb8());
+        EVP_add_cipher(EVP_aes_256_ofb());
+        EVP_add_cipher(EVP_aes_256_ctr());
+        EVP_add_cipher(EVP_aes_256_gcm());
+        EVP_add_cipher(EVP_aes_256_xts());
+        EVP_add_cipher(EVP_aes_256_ccm());
+        EVP_add_cipher(EVP_aes_256_wrap());
+        EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
+        EVP_add_cipher(EVP_aes_256_wrap_pad());
+        EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
+        EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
+# endif
+    }
+#endif
 }
Index: openssl-1.1.0i/crypto/evp/c_alld.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/c_alld.c	2019-01-18 12:57:57.225962068 +0100
+++ openssl-1.1.0i/crypto/evp/c_alld.c	2019-01-18 12:58:06.826013614 +0100
@@ -16,6 +16,9 @@
 
 void openssl_add_all_digests_int(void)
 {
+#ifdef OPENSSL_FIPS
+    if (!FIPS_mode()) {
+#endif
 #ifndef OPENSSL_NO_MD4
     EVP_add_digest(EVP_md4());
 #endif
@@ -46,4 +49,15 @@ void openssl_add_all_digests_int(void)
     EVP_add_digest(EVP_blake2b512());
     EVP_add_digest(EVP_blake2s256());
 #endif
+#ifdef OPENSSL_FIPS
+    } else {
+        EVP_add_digest(EVP_sha1());
+        EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+        EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+        EVP_add_digest(EVP_sha224());
+        EVP_add_digest(EVP_sha256());
+        EVP_add_digest(EVP_sha384());
+        EVP_add_digest(EVP_sha512());
+    }
+#endif
 }
Index: openssl-1.1.0i/crypto/evp/digest.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/digest.c	2019-01-18 12:57:57.225962068 +0100
+++ openssl-1.1.0i/crypto/evp/digest.c	2019-01-18 12:58:06.826013614 +0100
@@ -14,6 +14,9 @@
 #include <openssl/engine.h>
 #include "internal/evp_int.h"
 #include "evp_locl.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
 
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
@@ -61,6 +64,12 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 {
     EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
+        return 0;
+    }
+#endif
 #ifndef OPENSSL_NO_ENGINE
     /*
      * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
@@ -114,6 +123,15 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
     }
 #endif
     if (ctx->digest != type) {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode()) {
+            if (!(type->flags & EVP_MD_FLAG_FIPS)
+                && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+                return 0;
+            }
+        }
+#endif
         if (ctx->digest && ctx->digest->ctx_size) {
             OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
             ctx->md_data = NULL;
@@ -145,6 +163,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
+#ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+#endif
     return ctx->update(ctx, data, count);
 }
 
@@ -162,6 +183,9 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,
 {
     int ret;
 
+#ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+#endif
     OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
     ret = ctx->digest->final(ctx, md);
     if (size != NULL)
Index: openssl-1.1.0i/crypto/evp/e_aes.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/e_aes.c	2019-01-18 12:57:57.229962090 +0100
+++ openssl-1.1.0i/crypto/evp/e_aes.c	2019-01-18 12:58:06.826013614 +0100
@@ -1263,9 +1263,9 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX
     return 1;
 }
 
-BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
-    BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
-    BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
+    BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS)
+    BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS)
 
 static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
@@ -1311,6 +1311,11 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *
     case EVP_CTRL_AEAD_SET_IVLEN:
         if (arg <= 0)
             return 0;
+# ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
+            && arg < 12)
+            return 0;
+# endif
         /* Allocate memory for IV if needed */
         if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
             if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
@@ -1771,11 +1776,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
                 | EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
-                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
+                    CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
-                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
+                    CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
-                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER |
+                    CUSTOM_FLAGS)
 
 static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
@@ -1910,6 +1918,14 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
         return 0;
     if (!out || !in || len < AES_BLOCK_SIZE)
         return 0;
+# ifdef OPENSSL_FIPS
+    /* Requirement of SP800-38E */
+    if (FIPS_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
+        (len > (1UL << 20) * 16)) {
+        EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
+        return 0;
+    }
+# endif
     if (xctx->stream)
         (*xctx->stream) (in, out, len,
                          xctx->xts.key1, xctx->xts.key2,
@@ -1927,8 +1943,10 @@ static int aes_xts_cipher(EVP_CIPHER_CTX
                          | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
                          | EVP_CIPH_CUSTOM_COPY)
 
-BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS,
+                    EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS,
+                    EVP_CIPH_FLAG_FIPS | XTS_FLAGS)
 
 static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
@@ -2192,11 +2210,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX
 #define aes_ccm_cleanup NULL
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
-                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+                    EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
-                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+                        EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
     BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
-                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+                        EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 
 typedef struct {
     union {
@@ -2289,7 +2307,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CT
     return rv ? (int)rv : -1;
 }
 
-#define WRAP_FLAGS      (EVP_CIPH_WRAP_MODE \
+#define WRAP_FLAGS      (EVP_CIPH_WRAP_MODE | EVP_CIPH_FLAG_FIPS \
                 | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
                 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
 
Index: openssl-1.1.0i/crypto/evp/e_des3.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/e_des3.c	2019-01-18 12:57:57.229962090 +0100
+++ openssl-1.1.0i/crypto/evp/e_des3.c	2019-01-18 12:58:06.826013614 +0100
@@ -211,16 +211,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY,
 # define des_ede3_cbc_cipher des_ede_cbc_cipher
 # define des_ede3_ecb_cipher des_ede_ecb_cipher
     BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-                  des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+                  EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL,
+                  des3_ctrl)
 
     BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
-                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+                     EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
+                     NULL, des3_ctrl)
 
     BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
-                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+                     EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
+                     NULL, des3_ctrl)
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
Index: openssl-1.1.0i/crypto/evp/e_null.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/e_null.c	2019-01-18 12:57:57.229962090 +0100
+++ openssl-1.1.0i/crypto/evp/e_null.c	2019-01-18 12:58:06.826013614 +0100
@@ -19,7 +19,8 @@ static int null_cipher(EVP_CIPHER_CTX *c
                        const unsigned char *in, size_t inl);
 static const EVP_CIPHER n_cipher = {
     NID_undef,
-    1, 0, 0, 0,
+    1, 0, 0,
+    EVP_CIPH_FLAG_FIPS,
     null_init_key,
     null_cipher,
     NULL,
Index: openssl-1.1.0i/crypto/evp/evp_enc.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/evp_enc.c	2019-01-18 12:57:57.229962090 +0100
+++ openssl-1.1.0i/crypto/evp/evp_enc.c	2019-01-18 12:58:06.826013614 +0100
@@ -16,10 +16,19 @@
 #include <openssl/engine.h>
 #include "internal/evp_int.h"
 #include "evp_locl.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
 
 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
 {
-    if (c == NULL)
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_EVP_CIPHER_CTX_RESET, FIPS_R_FIPS_SELFTEST_FAILED);
+        return 0;
+    }
+#endif
+   if (c == NULL)
         return 1;
     if (c->cipher != NULL) {
         if (c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -38,6 +47,12 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX
 
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_EVP_CIPHER_CTX_NEW, FIPS_R_FIPS_SELFTEST_FAILED);
+        return NULL;
+    }
+#endif
     return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
 }
 
@@ -66,6 +81,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
             enc = 1;
         ctx->encrypt = enc;
     }
+#ifdef OPENSSL_FIPS
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
+        return 0;
+    }
+#endif
 #ifndef OPENSSL_NO_ENGINE
     /*
      * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
@@ -135,7 +156,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
         }
         ctx->key_len = cipher->key_len;
         /* Preserve wrap enable flag, zero everything else */
-        ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
+        ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW | EVP_CIPH_FLAG_NON_FIPS_ALLOW;
         if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
                 ctx->cipher = NULL;
@@ -194,6 +215,18 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ct
             return 0;
         }
     }
+#ifdef OPENSSL_FIPS
+    /* After 'key' is set no further parameters changes are permissible.
+     * So only check for non FIPS enabling at this point.
+     */
+    if (key && FIPS_mode()) {
+        if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+            & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
+            EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+            return 0;
+        }
+    }
+#endif
 
     if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
         if (!ctx->cipher->init(ctx, key, iv, enc))
Index: openssl-1.1.0i/crypto/evp/evp_err.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/evp_err.c	2019-01-18 12:57:57.237962133 +0100
+++ openssl-1.1.0i/crypto/evp/evp_err.c	2019-01-18 12:58:06.826013614 +0100
@@ -24,6 +24,7 @@ static ERR_STRING_DATA EVP_str_functs[]
     {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"},
     {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"},
     {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"},
+    {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "aes_xts_cipher"},
     {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"},
     {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"},
     {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"},
@@ -113,6 +114,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
     {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
     {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
     {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"},
+    {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"},
     {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
     {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
     {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"},
@@ -153,6 +155,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
     {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
     {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
     {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_REASON(EVP_R_TOO_LARGE), "too large"},
     {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
     {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
     {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
Index: openssl-1.1.0i/crypto/evp/evp_lib.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/evp_lib.c	2019-01-18 12:57:57.237962133 +0100
+++ openssl-1.1.0i/crypto/evp/evp_lib.c	2019-01-18 12:58:06.826013614 +0100
@@ -180,6 +180,9 @@ int EVP_CIPHER_impl_ctx_size(const EVP_C
 int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                const unsigned char *in, unsigned int inl)
 {
+#ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+#endif
     return ctx->cipher->do_cipher(ctx, out, in, inl);
 }
 
Index: openssl-1.1.0i/crypto/evp/m_sha1.c
===================================================================
--- openssl-1.1.0i.orig/crypto/evp/m_sha1.c	2019-01-18 12:57:57.237962133 +0100
+++ openssl-1.1.0i/crypto/evp/m_sha1.c	2019-01-18 12:58:06.826013614 +0100
@@ -94,7 +94,7 @@ static const EVP_MD sha1_md = {
     NID_sha1,
     NID_sha1WithRSAEncryption,
     SHA_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
     init,
     update,
     final,
@@ -144,7 +144,7 @@ static const EVP_MD sha224_md = {
     NID_sha224,
     NID_sha224WithRSAEncryption,
     SHA224_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
     init224,
     update224,
     final224,
@@ -163,7 +163,7 @@ static const EVP_MD sha256_md = {
     NID_sha256,
     NID_sha256WithRSAEncryption,
     SHA256_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
     init256,
     update256,
     final256,
@@ -213,7 +213,7 @@ static const EVP_MD sha384_md = {
     NID_sha384,
     NID_sha384WithRSAEncryption,
     SHA384_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
     init384,
     update384,
     final384,
@@ -232,7 +232,7 @@ static const EVP_MD sha512_md = {
     NID_sha512,
     NID_sha512WithRSAEncryption,
     SHA512_DIGEST_LENGTH,
-    EVP_MD_FLAG_DIGALGID_ABSENT,
+    EVP_MD_FLAG_DIGALGID_ABSENT | EVP_MD_FLAG_FIPS,
     init512,
     update512,
     final512,
Index: openssl-1.1.0i/crypto/fips/build.info
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/build.info	2019-01-18 12:58:06.826013614 +0100
@@ -0,0 +1,15 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=\
+        fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c \
+        fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c \
+        fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
+        fips_drbg_lib.c fips_drbg_rand.c fips_drbg_selftest.c fips_rand_lib.c \
+        fips_cmac_selftest.c fips_ecdh_selftest.c fips_ecdsa_selftest.c \
+        fips_enc.c fips_md.c fips_dh_selftest.c fips_ers.c
+
+PROGRAMS=\
+          fips_standalone_hmac
+
+SOURCE[fips_standalone_hmac]=fips_standalone_hmac.c
+INCLUDE[fips_standalone_hmac]=../../include
+DEPEND[fips_standalone_hmac]=../../libcrypto.a
Index: openssl-1.1.0i/crypto/fips/fips_aes_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_aes_selftest.c	2019-01-18 12:58:06.826013614 +0100
@@ -0,0 +1,372 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+#endif
+
+#ifdef OPENSSL_FIPS
+static const struct {
+    const unsigned char key[16];
+    const unsigned char plaintext[16];
+    const unsigned char ciphertext[16];
+} tests[] = {
+    {
+        {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}, {
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}, {
+0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30,
+                0xD8, 0xCD, 0xB7, 0x80, 0x70, 0xB4, 0xC5, 0x5A},},};
+
+int FIPS_selftest_aes()
+{
+    int n;
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    for (n = 0; n < 1; ++n) {
+        unsigned char key[16];
+
+        memcpy(key, tests[n].key, sizeof(key));
+        if (fips_cipher_test(ctx, EVP_aes_128_ecb(),
+                             key, NULL,
+                             tests[n].plaintext,
+                             tests[n].ciphertext, 16) <= 0)
+            goto err;
+    }
+    ret = 1;
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    if (ret == 0)
+        FIPSerr(FIPS_F_FIPS_SELFTEST_AES, FIPS_R_SELFTEST_FAILED);
+    return ret;
+}
+
+/* AES-CCM test data from NIST public test vectors */
+
+static const unsigned char ccm_key[] = {
+    0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6,
+    0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8
+};
+
+static const unsigned char ccm_nonce[] = {
+    0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7
+};
+
+static const unsigned char ccm_adata[] = {
+    0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7,
+    0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5,
+    0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4
+};
+
+static const unsigned char ccm_pt[] = {
+    0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f,
+    0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10
+};
+
+static const unsigned char ccm_ct[] = {
+    0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2,
+    0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd
+};
+
+static const unsigned char ccm_tag[] = {
+    0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44,
+    0x14, 0xdb, 0x50, 0x6d
+};
+
+int FIPS_selftest_aes_ccm(void)
+{
+    int ret = 0;
+    unsigned char out[128], tag[16];
+    EVP_CIPHER_CTX *ctx;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    memset(out, 0, sizeof(out));
+    if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 1))
+        goto err;
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
+                             sizeof(ccm_nonce), NULL))
+        goto err;
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
+                             sizeof(ccm_tag), NULL))
+        goto err;
+    if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 1))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_pt)) != sizeof(ccm_pt))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
+        goto err;
+    if (EVP_Cipher(ctx, out, ccm_pt, sizeof(ccm_pt)) != sizeof(ccm_ct))
+        goto err;
+
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, 16, tag))
+        goto err;
+    if (memcmp(tag, ccm_tag, sizeof(ccm_tag))
+        || memcmp(out, ccm_ct, sizeof(ccm_ct)))
+        goto err;
+
+    memset(out, 0, sizeof(out));
+
+    if (!EVP_CipherInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL, 0))
+        goto err;
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN,
+                             sizeof(ccm_nonce), NULL))
+        goto err;
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, 16, tag))
+        goto err;
+    if (!EVP_CipherInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce, 0))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, NULL, sizeof(ccm_ct)) != sizeof(ccm_ct))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, ccm_adata, sizeof(ccm_adata)) < 0)
+        goto err;
+    if (EVP_Cipher(ctx, out, ccm_ct, sizeof(ccm_ct)) != sizeof(ccm_pt))
+        goto err;
+
+    if (memcmp(out, ccm_pt, sizeof(ccm_pt)))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+
+    if (ret == 0) {
+        FIPSerr(FIPS_F_FIPS_SELFTEST_AES_CCM, FIPS_R_SELFTEST_FAILED);
+        return 0;
+    } else
+        return ret;
+
+}
+
+/* AES-GCM test data from NIST public test vectors */
+
+static const unsigned char gcm_key[] = {
+    0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
+    0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
+    0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
+};
+
+static const unsigned char gcm_iv[] = {
+    0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84
+};
+
+static const unsigned char gcm_pt[] = {
+    0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea,
+    0xcc, 0x2b, 0xf2, 0xa5
+};
+
+static const unsigned char gcm_aad[] = {
+    0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43,
+    0x7f, 0xec, 0x78, 0xde
+};
+
+static const unsigned char gcm_ct[] = {
+    0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e,
+    0xb9, 0xf2, 0x17, 0x36
+};
+
+static const unsigned char gcm_tag[] = {
+    0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62,
+    0x98, 0xf7, 0x7e, 0x0c
+};
+
+int FIPS_selftest_aes_gcm(void)
+{
+    int ret = 0;
+    unsigned char out[128], tag[16];
+    EVP_CIPHER_CTX *ctx;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    memset(out, 0, sizeof(out));
+    memset(tag, 0, sizeof(tag));
+    if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 1))
+        goto err;
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+                             sizeof(gcm_iv), NULL))
+        goto err;
+    if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 1))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
+        goto err;
+    if (EVP_Cipher(ctx, out, gcm_pt, sizeof(gcm_pt)) != sizeof(gcm_ct))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, NULL, 0) < 0)
+        goto err;
+
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
+        goto err;
+
+    if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
+        goto err;
+
+    memset(out, 0, sizeof(out));
+
+    if (!EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL, 0))
+        goto err;
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN,
+                             sizeof(gcm_iv), NULL))
+        goto err;
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
+        goto err;
+    if (!EVP_CipherInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv, 0))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
+        goto err;
+    if (EVP_Cipher(ctx, out, gcm_ct, sizeof(gcm_ct)) != sizeof(gcm_pt))
+        goto err;
+    if (EVP_Cipher(ctx, NULL, NULL, 0) < 0)
+        goto err;
+
+    if (memcmp(out, gcm_pt, 16))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+
+    if (ret == 0) {
+        FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM, FIPS_R_SELFTEST_FAILED);
+        return 0;
+    } else
+        return ret;
+
+}
+
+static const unsigned char XTS_128_key[] = {
+    0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, 0x3b, 0x2c, 0x34, 0x38,
+    0x76, 0x08, 0x17, 0x62, 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
+    0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
+};
+
+static const unsigned char XTS_128_i[] = {
+    0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, 0x6e, 0x4b, 0x92, 0x01,
+    0x3e, 0x76, 0x8a, 0xd5
+};
+
+static const unsigned char XTS_128_pt[] = {
+    0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, 0x6f, 0xb3, 0x50, 0x39,
+    0x07, 0x90, 0x31, 0x1c
+};
+
+static const unsigned char XTS_128_ct[] = {
+    0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, 0x82, 0x50, 0x81, 0xd5,
+    0xbe, 0x47, 0x1c, 0x63
+};
+
+static const unsigned char XTS_256_key[] = {
+    0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, 0x48, 0x01, 0xe4, 0x2f,
+    0x4b, 0x09, 0x47, 0x14, 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
+    0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, 0xd6, 0xe1, 0x3f, 0xfd,
+    0xf2, 0x41, 0x8d, 0x8d, 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
+    0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, 0x31, 0x8e, 0xea, 0x39,
+    0x2c, 0xf4, 0x1b, 0x08
+};
+
+static const unsigned char XTS_256_i[] = {
+    0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, 0xf0, 0x42, 0x8e, 0x84,
+    0xa9, 0xf8, 0x75, 0x64
+};
+
+static const unsigned char XTS_256_pt[] = {
+    0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, 0xac, 0xc6, 0x47, 0xe8,
+    0x10, 0xbb, 0xc3, 0x64, 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
+    0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
+};
+
+static const unsigned char XTS_256_ct[] = {
+    0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, 0x0b, 0x37, 0xf9, 0x34,
+    0xd4, 0x6a, 0x9b, 0x13, 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
+    0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
+};
+
+int FIPS_selftest_aes_xts()
+{
+    int ret = 1;
+    EVP_CIPHER_CTX *ctx;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    if (fips_cipher_test(ctx, EVP_aes_128_xts(),
+                         XTS_128_key, XTS_128_i, XTS_128_pt, XTS_128_ct,
+                         sizeof(XTS_128_pt)) <= 0)
+        ret = 0;
+
+    if (fips_cipher_test(ctx, EVP_aes_256_xts(),
+                         XTS_256_key, XTS_256_i, XTS_256_pt, XTS_256_ct,
+                         sizeof(XTS_256_pt)) <= 0)
+        ret = 0;
+
+    EVP_CIPHER_CTX_free(ctx);
+
+ err:
+    if (ret == 0)
+        FIPSerr(FIPS_F_FIPS_SELFTEST_AES_XTS, FIPS_R_SELFTEST_FAILED);
+    return ret;
+}
+
+#endif
Index: openssl-1.1.0i/crypto/fips/fips.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,526 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#define _GNU_SOURCE
+
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/hmac.h>
+#include <openssl/rsa.h>
+#include <string.h>
+#include <limits.h>
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+# include <openssl/fips.h>
+# include "internal/thread_once.h"
+
+# ifndef PATH_MAX
+#  define PATH_MAX 1024
+# endif
+
+static int fips_selftest_fail = 0;
+static int fips_mode = 0;
+static int fips_started = 0;
+
+static int fips_is_owning_thread(void);
+static int fips_set_owning_thread(void);
+static int fips_clear_owning_thread(void);
+
+static CRYPTO_RWLOCK *fips_lock = NULL;
+static CRYPTO_RWLOCK *fips_owning_lock = NULL;
+static CRYPTO_ONCE fips_lock_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_fips_lock_init)
+{
+    fips_lock = CRYPTO_THREAD_lock_new();
+    fips_owning_lock = CRYPTO_THREAD_lock_new();
+    return fips_lock != NULL && fips_owning_lock != NULL;
+}
+
+# define fips_w_lock()   CRYPTO_THREAD_write_lock(fips_lock)
+# define fips_w_unlock() CRYPTO_THREAD_unlock(fips_lock)
+# define fips_r_lock()   CRYPTO_THREAD_read_lock(fips_lock)
+# define fips_r_unlock() CRYPTO_THREAD_unlock(fips_lock)
+
+static void fips_set_mode(int onoff)
+{
+    int owning_thread = fips_is_owning_thread();
+
+    if (fips_started) {
+        if (!owning_thread)
+            fips_w_lock();
+        fips_mode = onoff;
+        if (!owning_thread)
+            fips_w_unlock();
+    }
+}
+
+int FIPS_module_mode(void)
+{
+    int ret = 0;
+    int owning_thread = fips_is_owning_thread();
+
+    if (fips_started) {
+        if (!owning_thread)
+            fips_r_lock();
+        ret = fips_mode;
+        if (!owning_thread)
+            fips_r_unlock();
+    }
+    return ret;
+}
+
+/* just a compat symbol - return NULL */
+int FIPS_selftest_failed(void)
+{
+    int ret = 0;
+    if (fips_started) {
+        int owning_thread = fips_is_owning_thread();
+
+        if (!owning_thread)
+            fips_r_lock();
+        ret = fips_selftest_fail;
+        if (!owning_thread)
+            fips_r_unlock();
+    }
+    return ret;
+}
+
+/* Selftest failure fatal exit routine. This will be called
+ * during *any* cryptographic operation. It has the minimum
+ * overhead possible to avoid too big a performance hit.
+ */
+
+void FIPS_selftest_check(void)
+{
+    if (fips_selftest_fail) {
+        OpenSSLDie(__FILE__, __LINE__, "FATAL FIPS SELFTEST FAILURE");
+    }
+}
+
+void fips_set_selftest_fail(void)
+{
+    fips_selftest_fail = 1;
+}
+
+/* we implement what libfipscheck does ourselves */
+
+static int
+get_library_path(const char *libname, const char *symbolname, char *path,
+                 size_t pathlen)
+{
+    Dl_info info;
+    void *dl, *sym;
+    int rv = -1;
+
+    dl = dlopen(libname, RTLD_LAZY);
+    if (dl == NULL) {
+        return -1;
+    }
+
+    sym = dlsym(dl, symbolname);
+
+    if (sym != NULL && dladdr(sym, &info)) {
+        strncpy(path, info.dli_fname, pathlen - 1);
+        path[pathlen - 1] = '\0';
+        rv = 0;
+    }
+
+    dlclose(dl);
+
+    return rv;
+}
+
+static const char conv[] = "0123456789abcdef";
+
+static char *bin2hex(void *buf, size_t len)
+{
+    char *hex, *p;
+    unsigned char *src = buf;
+
+    hex = malloc(len * 2 + 1);
+    if (hex == NULL)
+        return NULL;
+
+    p = hex;
+
+    while (len > 0) {
+        unsigned c;
+
+        c = *src;
+        src++;
+
+        *p = conv[c >> 4];
+        ++p;
+        *p = conv[c & 0x0f];
+        ++p;
+        --len;
+    }
+    *p = '\0';
+    return hex;
+}
+
+# define HMAC_PREFIX "."
+# ifndef HMAC_SUFFIX
+#  define HMAC_SUFFIX ".hmac"
+# endif
+# define READ_BUFFER_LENGTH 16384
+
+static char *make_hmac_path(const char *origpath)
+{
+    char *path, *p;
+    const char *fn;
+
+    path =
+        malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
+    if (path == NULL) {
+        return NULL;
+    }
+
+    fn = strrchr(origpath, '/');
+    if (fn == NULL) {
+        fn = origpath;
+    } else {
+        ++fn;
+    }
+
+    strncpy(path, origpath, fn - origpath);
+    p = path + (fn - origpath);
+    p = stpcpy(p, HMAC_PREFIX);
+    p = stpcpy(p, fn);
+    p = stpcpy(p, HMAC_SUFFIX);
+
+    return path;
+}
+
+static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
+
+static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
+{
+    FILE *f = NULL;
+    int rv = -1;
+    unsigned char rbuf[READ_BUFFER_LENGTH];
+    size_t len;
+    unsigned int hlen;
+    HMAC_CTX *c;
+
+    c = HMAC_CTX_new();
+    if (c == NULL)
+        return rv;
+
+    f = fopen(path, "r");
+
+    if (f == NULL) {
+        goto end;
+    }
+
+    if (HMAC_Init_ex(c, hmackey, sizeof(hmackey) - 1, EVP_sha256(), NULL) <= 0) {
+        goto end;
+    }
+
+    while ((len = fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
+        if (HMAC_Update(c, rbuf, len) <= 0) {
+            goto end;
+        }
+    }
+
+    len = sizeof(rbuf);
+    /* reuse rbuf for hmac */
+    if (HMAC_Final(c, rbuf, &hlen) <= 0) {
+        goto end;
+    }
+
+    *buf = malloc(hlen);
+    if (*buf == NULL) {
+        goto end;
+    }
+
+    *hmaclen = hlen;
+
+    memcpy(*buf, rbuf, hlen);
+
+    rv = 0;
+ end:
+    HMAC_CTX_free(c);
+
+    if (f)
+        fclose(f);
+
+    return rv;
+}
+
+static int FIPSCHECK_verify(const char *path)
+{
+    int rv = 0;
+    FILE *hf;
+    char *hmacpath, *p;
+    char *hmac = NULL;
+    size_t n;
+
+    hmacpath = make_hmac_path(path);
+    if (hmacpath == NULL)
+        return 0;
+
+    hf = fopen(hmacpath, "r");
+    if (hf == NULL) {
+        free(hmacpath);
+        return 0;
+    }
+
+    if (getline(&hmac, &n, hf) > 0) {
+        void *buf;
+        size_t hmaclen;
+        char *hex;
+
+        if ((p = strchr(hmac, '\n')) != NULL)
+            *p = '\0';
+
+        if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
+            rv = -4;
+            goto end;
+        }
+
+        if ((hex = bin2hex(buf, hmaclen)) == NULL) {
+            free(buf);
+            rv = -5;
+            goto end;
+        }
+
+        if (strcmp(hex, hmac) != 0) {
+            rv = -1;
+        }
+        free(buf);
+        free(hex);
+    } else {
+        rv = -1;
+    }
+
+ end:
+    free(hmac);
+    free(hmacpath);
+    fclose(hf);
+
+    if (rv < 0)
+        return 0;
+
+    /* check successful */
+    return 1;
+}
+
+static int verify_checksums(void)
+{
+    int rv;
+    char path[PATH_MAX + 1];
+    char *p;
+
+    /* we need to avoid dlopening libssl, assume both libcrypto and libssl
+       are in the same directory */
+
+    rv = get_library_path("libcrypto.so." SHLIB_VERSION_NUMBER,
+                          "FIPS_mode_set", path, sizeof(path));
+    if (rv < 0)
+        return 0;
+
+    rv = FIPSCHECK_verify(path);
+    if (!rv)
+        return 0;
+
+    /* replace libcrypto with libssl */
+    while ((p = strstr(path, "libcrypto.so")) != NULL) {
+        p = stpcpy(p, "libssl");
+        memmove(p, p + 3, strlen(p + 2));
+    }
+
+    rv = FIPSCHECK_verify(path);
+    if (!rv)
+        return 0;
+    return 1;
+}
+
+# ifndef FIPS_MODULE_PATH
+#  define FIPS_MODULE_PATH "/etc/system-fips"
+# endif
+
+int FIPS_module_installed(void)
+{
+    int rv;
+    rv = access(FIPS_MODULE_PATH, F_OK);
+    if (rv < 0 && errno != ENOENT)
+        rv = 0;
+
+    /* Installed == true */
+    return !rv;
+}
+
+int FIPS_module_mode_set(int onoff)
+{
+    int ret = 0;
+
+    if (!RUN_ONCE(&fips_lock_init, do_fips_lock_init))
+        return NULL;
+
+    fips_w_lock();
+    fips_started = 1;
+    fips_set_owning_thread();
+
+    if (onoff) {
+
+        fips_selftest_fail = 0;
+
+        /* Don't go into FIPS mode twice, just so we can do automagic
+           seeding */
+        if (FIPS_module_mode()) {
+            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+                    FIPS_R_FIPS_MODE_ALREADY_SET);
+            fips_selftest_fail = 1;
+            ret = 0;
+            goto end;
+        }
+# ifdef OPENSSL_IA32_SSE2
+        {
+            extern unsigned int OPENSSL_ia32cap_P[2];
+            if ((OPENSSL_ia32cap_P[0] & (1 << 25 | 1 << 26)) !=
+                (1 << 25 | 1 << 26)) {
+                FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+                        FIPS_R_UNSUPPORTED_PLATFORM);
+                fips_selftest_fail = 1;
+                ret = 0;
+                goto end;
+            }
+        }
+# endif
+
+        if (!FIPS_selftest()) {
+            fips_selftest_fail = 1;
+            ret = 0;
+            goto end;
+        }
+
+        if (!verify_checksums()) {
+            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+            fips_selftest_fail = 1;
+            ret = 0;
+            goto end;
+        }
+
+        fips_set_mode(onoff);
+        ret = 1;
+        goto end;
+    }
+    fips_set_mode(0);
+    fips_selftest_fail = 0;
+    ret = 1;
+ end:
+    fips_clear_owning_thread();
+    fips_w_unlock();
+    return ret;
+}
+
+static CRYPTO_THREAD_ID fips_threadid;
+static int fips_thread_set = 0;
+
+static int fips_is_owning_thread(void)
+{
+    int ret = 0;
+
+    if (fips_started) {
+        CRYPTO_THREAD_read_lock(fips_owning_lock);
+        if (fips_thread_set) {
+            CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
+            if (CRYPTO_THREAD_compare_id(fips_threadid, cur))
+                ret = 1;
+        }
+        CRYPTO_THREAD_unlock(fips_owning_lock);
+    }
+    return ret;
+}
+
+int fips_set_owning_thread(void)
+{
+    int ret = 0;
+
+    if (fips_started) {
+        CRYPTO_THREAD_write_lock(fips_owning_lock);
+        if (!fips_thread_set) {
+            fips_threadid = CRYPTO_THREAD_get_current_id();
+            ret = 1;
+            fips_thread_set = 1;
+        }
+        CRYPTO_THREAD_unlock(fips_owning_lock);
+    }
+    return ret;
+}
+
+int fips_clear_owning_thread(void)
+{
+    int ret = 0;
+
+    if (fips_started) {
+        CRYPTO_THREAD_write_lock(fips_owning_lock);
+        if (fips_thread_set) {
+            CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
+            if (CRYPTO_THREAD_compare_id(fips_threadid, cur))
+                fips_thread_set = 0;
+        }
+        CRYPTO_THREAD_unlock(fips_owning_lock);
+    }
+    return ret;
+}
+
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_cmac_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_cmac_selftest.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,156 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include "internal/fips_int.h"
+#include <openssl/cmac.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+    int nid;
+    const unsigned char key[EVP_MAX_KEY_LENGTH];
+    size_t keysize;
+    const unsigned char msg[64];
+    size_t msgsize;
+    const unsigned char mac[32];
+    size_t macsize;
+} CMAC_KAT;
+
+/* from http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf */
+static const CMAC_KAT vector[] = {
+    {NID_aes_128_cbc,           /* Count = 32 from CMACGenAES128.txt */
+     {0x77, 0xa7, 0x7f, 0xaf, 0x29, 0x0c, 0x1f, 0xa3,
+      0x0c, 0x68, 0x3d, 0xf1, 0x6b, 0xa7, 0xa7, 0x7b,}, 128,
+     {0x02, 0x06, 0x83, 0xe1, 0xf0, 0x39, 0x2f, 0x4c,
+      0xac, 0x54, 0x31, 0x8b, 0x60, 0x29, 0x25, 0x9e,
+      0x9c, 0x55, 0x3d, 0xbc, 0x4b, 0x6a, 0xd9, 0x98,
+      0xe6, 0x4d, 0x58, 0xe4, 0xe7, 0xdc, 0x2e, 0x13,}, 256,
+     {0xfb, 0xfe, 0xa4, 0x1b,}, 32},
+    {NID_aes_192_cbc,           /* Count = 23 from CMACGenAES192.txt */
+     {0x7b, 0x32, 0x39, 0x13, 0x69, 0xaa, 0x4c, 0xa9,
+      0x75, 0x58, 0x09, 0x5b, 0xe3, 0xc3, 0xec, 0x86,
+      0x2b, 0xd0, 0x57, 0xce, 0xf1, 0xe3, 0x2d, 0x62,}, 192,
+     {0x0}, 0,
+     {0xe4, 0xd9, 0x34, 0x0b, 0x03, 0xe6, 0x7d, 0xef,
+      0xd4, 0x96, 0x9c, 0xc1, 0xed, 0x37, 0x35, 0xe6,}, 128,
+     },
+    {NID_aes_256_cbc,           /* Count = 33 from CMACGenAES256.txt */
+     {0x0b, 0x12, 0x2a, 0xc8, 0xf3, 0x4e, 0xd1, 0xfe,
+      0x08, 0x2a, 0x36, 0x25, 0xd1, 0x57, 0x56, 0x14,
+      0x54, 0x16, 0x7a, 0xc1, 0x45, 0xa1, 0x0b, 0xbf,
+      0x77, 0xc6, 0xa7, 0x05, 0x96, 0xd5, 0x74, 0xf1,}, 256,
+     {0x49, 0x8b, 0x53, 0xfd, 0xec, 0x87, 0xed, 0xcb,
+      0xf0, 0x70, 0x97, 0xdc, 0xcd, 0xe9, 0x3a, 0x08,
+      0x4b, 0xad, 0x75, 0x01, 0xa2, 0x24, 0xe3, 0x88,
+      0xdf, 0x34, 0x9c, 0xe1, 0x89, 0x59, 0xfe, 0x84,
+      0x85, 0xf8, 0xad, 0x15, 0x37, 0xf0, 0xd8, 0x96,
+      0xea, 0x73, 0xbe, 0xdc, 0x72, 0x14, 0x71, 0x3f,}, 384,
+     {0xf6, 0x2c, 0x46, 0x32, 0x9b,}, 40,
+     },
+    {NID_des_ede3_cbc,          /* Count = 41 from CMACGenTDES3.req */
+     {0x89, 0xbc, 0xd9, 0x52, 0xa8, 0xc8, 0xab, 0x37,
+      0x1a, 0xf4, 0x8a, 0xc7, 0xd0, 0x70, 0x85, 0xd5,
+      0xef, 0xf7, 0x02, 0xe6, 0xd6, 0x2c, 0xdc, 0x23,}, 192,
+     {0xfa, 0x62, 0x0c, 0x1b, 0xbe, 0x97, 0x31, 0x9e,
+      0x9a, 0x0c, 0xf0, 0x49, 0x21, 0x21, 0xf7, 0xa2,
+      0x0e, 0xb0, 0x8a, 0x6a, 0x70, 0x9d, 0xcb, 0xd0,
+      0x0a, 0xaf, 0x38, 0xe4, 0xf9, 0x9e, 0x75, 0x4e,}, 256,
+     {0x8f, 0x49, 0xa1, 0xb7, 0xd6, 0xaa, 0x22, 0x58,}, 64,
+     },
+};
+
+int FIPS_selftest_cmac()
+{
+    size_t n, outlen;
+    unsigned char out[32];
+    const EVP_CIPHER *cipher;
+    CMAC_CTX *ctx = CMAC_CTX_new();
+    const CMAC_KAT *t;
+    int rv = 1;
+
+    for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
+        cipher = FIPS_get_cipherbynid(t->nid);
+        if (!cipher) {
+            rv = -1;
+            goto err;
+        }
+        if (!CMAC_Init(ctx, t->key, t->keysize / 8, cipher, 0)) {
+            rv = -1;
+            goto err;
+        }
+        if (!CMAC_Update(ctx, t->msg, t->msgsize / 8)) {
+            rv = -1;
+            goto err;
+        }
+
+        if (!CMAC_Final(ctx, out, &outlen)) {
+            rv = -1;
+            goto err;
+        }
+
+        if (outlen < t->macsize / 8 || memcmp(out, t->mac, t->macsize / 8)) {
+            rv = 0;
+        }
+    }
+
+ err:
+    CMAC_CTX_free(ctx);
+
+    if (rv == -1) {
+        rv = 0;
+    }
+    if (!rv)
+        FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC, FIPS_R_SELFTEST_FAILED);
+
+    return rv;
+}
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_des_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_des_selftest.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,133 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+#endif
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+
+static const struct {
+    const unsigned char key[16];
+    const unsigned char plaintext[8];
+    const unsigned char ciphertext[8];
+} tests2[] = {
+    {
+        {
+        0x7c, 0x4f, 0x6e, 0xf7, 0xa2, 0x04, 0x16, 0xec,
+                0x0b, 0x6b, 0x7c, 0x9e, 0x5e, 0x19, 0xa7, 0xc4}, {
+        0x06, 0xa7, 0xd8, 0x79, 0xaa, 0xce, 0x69, 0xef}, {
+        0x4c, 0x11, 0x17, 0x55, 0xbf, 0xc4, 0x4e, 0xfd}
+    }, {
+        {
+        0x5d, 0x9e, 0x01, 0xd3, 0x25, 0xc7, 0x3e, 0x34,
+                0x01, 0x16, 0x7c, 0x85, 0x23, 0xdf, 0xe0, 0x68}, {
+        0x9c, 0x50, 0x09, 0x0f, 0x5e, 0x7d, 0x69, 0x7e}, {
+    0xd2, 0x0b, 0x18, 0xdf, 0xd9, 0x0d, 0x9e, 0xff},}
+};
+
+static const struct {
+    const unsigned char key[24];
+    const unsigned char plaintext[8];
+    const unsigned char ciphertext[8];
+} tests3[] = {
+    {
+        {
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
+                0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}, {
+        0x8f, 0x8f, 0xbf, 0x9b, 0x5d, 0x48, 0xb4, 0x1c}, {
+    0x59, 0x8c, 0xe5, 0xd3, 0x6c, 0xa2, 0xea, 0x1b},}, {
+        {
+        0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFE,
+                0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+                0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4}, {
+        0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, {
+0x11, 0x25, 0xb0, 0x35, 0xbe, 0xa0, 0x82, 0x86},},};
+
+int FIPS_selftest_des()
+{
+    int n, ret = 0;
+    EVP_CIPHER_CTX *ctx;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
+    for (n = 0; n < 2; ++n) {
+        unsigned char plaintext[8];
+
+        memcpy(plaintext, tests2[n].plaintext, sizeof(plaintext));
+        if (!fips_cipher_test(ctx, EVP_des_ede_ecb(),
+                              tests2[n].key, NULL,
+                              plaintext, tests2[n].ciphertext, 8))
+            goto err;
+    }
+
+    /* Encrypt/decrypt with 3DES and compare to known answers */
+    for (n = 0; n < 2; ++n) {
+        if (!fips_cipher_test(ctx, EVP_des_ede3_ecb(),
+                              tests3[n].key, NULL,
+                              tests3[n].plaintext, tests3[n].ciphertext, 8))
+            goto err;
+    }
+    ret = 1;
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    if (ret == 0)
+        FIPSerr(FIPS_F_FIPS_SELFTEST_DES, FIPS_R_SELFTEST_FAILED);
+
+    return ret;
+}
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_dh_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_dh_selftest.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,180 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2013 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+static const unsigned char dh_test_2048_p[] = {
+    0xAE, 0xEC, 0xEE, 0x22, 0xFA, 0x3A, 0xA5, 0x22, 0xC0, 0xDE, 0x0F, 0x09,
+    0x7E, 0x17, 0xC0, 0x05, 0xF9, 0xF1, 0xE7, 0xC6, 0x87, 0x14, 0x6D, 0x11,
+    0xE7, 0xAE, 0xED, 0x2F, 0x72, 0x59, 0xC5, 0xA9, 0x9B, 0xB8, 0x02, 0xA5,
+    0xF3, 0x69, 0x70, 0xD6, 0xDD, 0x90, 0xF9, 0x19, 0x79, 0xBE, 0x60, 0x8F,
+    0x25, 0x92, 0x30, 0x1C, 0x51, 0x51, 0x38, 0x26, 0x82, 0x25, 0xE6, 0xFC,
+    0xED, 0x65, 0x96, 0x8F, 0x57, 0xE5, 0x53, 0x8B, 0x38, 0x63, 0xC7, 0xCE,
+    0xBC, 0x1B, 0x4D, 0x18, 0x2A, 0x5B, 0x04, 0x3F, 0x6A, 0x3C, 0x94, 0x39,
+    0xAE, 0x36, 0xD6, 0x5E, 0x0F, 0xA2, 0xCC, 0xD0, 0xD4, 0xD5, 0xC6, 0x1E,
+    0xF6, 0xA0, 0xF5, 0x89, 0x4E, 0xB4, 0x0B, 0xA4, 0xB3, 0x2B, 0x3D, 0xE2,
+    0x4E, 0xE1, 0x49, 0x25, 0x99, 0x5F, 0x32, 0x16, 0x33, 0x32, 0x1B, 0x7A,
+    0xA5, 0x5C, 0x6B, 0x34, 0x0D, 0x39, 0x99, 0xDC, 0xF0, 0x76, 0xE5, 0x5A,
+    0xD4, 0x71, 0x00, 0xED, 0x5A, 0x73, 0xFB, 0xC8, 0x01, 0xAD, 0x99, 0xCF,
+    0x99, 0x52, 0x7C, 0x9C, 0x64, 0xC6, 0x76, 0x40, 0x57, 0xAF, 0x59, 0xD7,
+    0x38, 0x0B, 0x40, 0xDE, 0x33, 0x0D, 0xB8, 0x76, 0xEC, 0xA9, 0xD8, 0x73,
+    0xF8, 0xEF, 0x26, 0x66, 0x06, 0x27, 0xDD, 0x7C, 0xA4, 0x10, 0x9C, 0xA6,
+    0xAA, 0xF9, 0x53, 0x62, 0x73, 0x1D, 0xBA, 0x1C, 0xF1, 0x67, 0xF4, 0x35,
+    0xED, 0x6F, 0x37, 0x92, 0xE8, 0x4F, 0x6C, 0xBA, 0x52, 0x6E, 0xA1, 0xED,
+    0xDA, 0x9F, 0x85, 0x11, 0x82, 0x52, 0x62, 0x08, 0x44, 0xF1, 0x30, 0x03,
+    0xC3, 0x38, 0x2C, 0x79, 0xBD, 0xD4, 0x43, 0x45, 0xEE, 0x8E, 0x50, 0xFC,
+    0x29, 0x46, 0x9A, 0xFE, 0x54, 0x1A, 0x19, 0x8F, 0x4B, 0x84, 0x08, 0xDE,
+    0x20, 0x62, 0x73, 0xCC, 0xDD, 0x7E, 0xF0, 0xEF, 0xA2, 0xFD, 0x86, 0x58,
+    0x4B, 0xD8, 0x37, 0xEB
+};
+
+static const unsigned char dh_test_2048_g[] = {
+    0x02
+};
+
+static const unsigned char dh_test_2048_pub_key[] = {
+    0xA0, 0x39, 0x11, 0x77, 0x9A, 0xC1, 0x30, 0x1F, 0xBE, 0x48, 0xA7, 0xAA,
+    0xA0, 0x84, 0x54, 0x64, 0xAD, 0x1B, 0x70, 0xFA, 0x13, 0x55, 0x63, 0xD2,
+    0x1F, 0x62, 0x32, 0x93, 0x8E, 0xC9, 0x3E, 0x09, 0xA7, 0x64, 0xE4, 0x12,
+    0x6E, 0x1B, 0xF2, 0x92, 0x3B, 0xB9, 0xCB, 0x56, 0xEA, 0x07, 0x88, 0xB5,
+    0xA6, 0xBC, 0x16, 0x1F, 0x27, 0xFE, 0xD8, 0xAA, 0x40, 0xB2, 0xB0, 0x2D,
+    0x37, 0x76, 0xA6, 0xA4, 0x82, 0x2C, 0x0E, 0x22, 0x64, 0x9D, 0xCB, 0xD1,
+    0x00, 0xB7, 0x89, 0x14, 0x72, 0x4E, 0xBE, 0x48, 0x41, 0xF8, 0xB2, 0x51,
+    0x11, 0x09, 0x4B, 0x22, 0x01, 0x23, 0x39, 0x96, 0xE0, 0x15, 0xD7, 0x9F,
+    0x60, 0xD1, 0xB7, 0xAE, 0xFE, 0x5F, 0xDB, 0xE7, 0x03, 0x17, 0x97, 0xA6,
+    0x16, 0x74, 0xBD, 0x53, 0x81, 0x19, 0xC5, 0x47, 0x5E, 0xCE, 0x8D, 0xED,
+    0x45, 0x5D, 0x3C, 0x00, 0xA0, 0x0A, 0x68, 0x6A, 0xE0, 0x8E, 0x06, 0x46,
+    0x6F, 0xD7, 0xF9, 0xDF, 0x31, 0x7E, 0x77, 0x44, 0x0D, 0x98, 0xE0, 0xCA,
+    0x98, 0x09, 0x52, 0x04, 0x90, 0xEA, 0x6D, 0xF4, 0x30, 0x69, 0x8F, 0xB1,
+    0x9B, 0xC1, 0x43, 0xDB, 0xD5, 0x8D, 0xC8, 0x8E, 0xB6, 0x0B, 0x05, 0xBE,
+    0x0E, 0xC5, 0x99, 0xC8, 0x6E, 0x4E, 0xF3, 0xCB, 0xC3, 0x5E, 0x9B, 0x53,
+    0xF7, 0x06, 0x1C, 0x4F, 0xC7, 0xB8, 0x6E, 0x30, 0x18, 0xCA, 0x9B, 0xB9,
+    0xBC, 0x5F, 0x17, 0x72, 0x29, 0x5A, 0xE5, 0xD9, 0x96, 0xB7, 0x0B, 0xF3,
+    0x2D, 0x8C, 0xF1, 0xE1, 0x0E, 0x0D, 0x74, 0xD5, 0x9D, 0xF0, 0x06, 0xA9,
+    0xB4, 0x95, 0x63, 0x76, 0x46, 0x55, 0x48, 0x82, 0x39, 0x90, 0xEF, 0x56,
+    0x75, 0x34, 0xB8, 0x34, 0xC3, 0x18, 0x6E, 0x1E, 0xAD, 0xE3, 0x48, 0x7E,
+    0x93, 0x2C, 0x23, 0xE7, 0xF8, 0x90, 0x73, 0xB1, 0x77, 0x80, 0x67, 0xA9,
+    0x36, 0x9E, 0xDA, 0xD2
+};
+
+static const unsigned char dh_test_2048_priv_key[] = {
+    0x0C, 0x4B, 0x30, 0x89, 0xD1, 0xB8, 0x62, 0xCB, 0x3C, 0x43, 0x64, 0x91,
+    0xF0, 0x91, 0x54, 0x70, 0xC5, 0x27, 0x96, 0xE3, 0xAC, 0xBE, 0xE8, 0x00,
+    0xEC, 0x55, 0xF6, 0xCC
+};
+
+int FIPS_selftest_dh()
+{
+    DH *dh = NULL;
+    int ret = 0;
+    void *pub_key_bin = NULL;
+    int len;
+    BIGNUM *p = NULL, *g = NULL, *priv_key = NULL, *tmp_pub_key = NULL;
+    const BIGNUM *pub_key;
+
+    fips_load_key_component(p, dh_test_2048);
+    fips_load_key_component(g, dh_test_2048);
+    /* note that the private key is much shorter than normally used
+     * but still g ** priv_key > p
+     */
+    fips_load_key_component(priv_key, dh_test_2048);
+    if ((tmp_pub_key = BN_new()) == NULL)
+        goto err;
+
+    dh = DH_new();
+
+    if (dh == NULL)
+        goto err;
+
+    DH_set0_pqg(dh, p, NULL, g);
+    DH_set0_key(dh, tmp_pub_key, priv_key);
+
+    if (DH_generate_key(dh) <= 0)
+        goto err;
+
+    DH_get0_key(dh, &pub_key, NULL);
+
+    if (pub_key == NULL)
+        goto err;
+
+    len = BN_num_bytes(pub_key);
+    if ((pub_key_bin = OPENSSL_malloc(len)) == NULL)
+        goto err;
+    BN_bn2bin(pub_key, pub_key_bin);
+
+    if (len != sizeof(dh_test_2048_pub_key) ||
+        memcmp(pub_key_bin, dh_test_2048_pub_key, len) != 0)
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (dh)
+        DH_free(dh);
+    else {
+        BN_free(p);
+        BN_free(g);
+        BN_free(priv_key);
+        BN_free(tmp_pub_key);
+    }
+
+    OPENSSL_free(pub_key_bin);
+    return ret;
+}
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_drbg_ctr.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_drbg_ctr.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,415 @@
+/* fips/rand/fips_drbg_ctr.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#include "fips_rand_lcl.h"
+
+static void inc_128(DRBG_CTR_CTX * cctx)
+{
+    int i;
+    unsigned char c;
+    unsigned char *p = cctx->V + 15;
+    for (i = 0; i < 16; i++) {
+        c = *p;
+        c++;
+        *p = c;
+        if (c)
+            return;
+        p--;
+    }
+}
+
+static void ctr_XOR(DRBG_CTR_CTX * cctx, const unsigned char *in,
+                    size_t inlen)
+{
+    size_t i, n;
+    /* Any zero padding will have no effect on the result as we
+     * are XORing. So just process however much input we have.
+     */
+
+    if (!in || !inlen)
+        return;
+
+    if (inlen < cctx->keylen)
+        n = inlen;
+    else
+        n = cctx->keylen;
+
+    for (i = 0; i < n; i++)
+        cctx->K[i] ^= in[i];
+    if (inlen <= cctx->keylen)
+        return;
+
+    n = inlen - cctx->keylen;
+    /* Should never happen */
+    if (n > 16)
+        n = 16;
+    for (i = 0; i < 16; i++)
+        cctx->V[i] ^= in[i + cctx->keylen];
+}
+
+/* Process a complete block using BCC algorithm of SPP 800-90 10.4.3 */
+
+static void ctr_BCC_block(DRBG_CTR_CTX * cctx, unsigned char *out,
+                          const unsigned char *in)
+{
+    int i;
+    for (i = 0; i < 16; i++)
+        out[i] ^= in[i];
+    AES_encrypt(out, out, &cctx->df_ks);
+#if 0
+    fprintf(stderr, "BCC in+out\n");
+    BIO_dump_fp(stderr, in, 16);
+    BIO_dump_fp(stderr, out, 16);
+#endif
+}
+
+/* Handle several BCC operations for as much data as we need for K and X */
+static void ctr_BCC_blocks(DRBG_CTR_CTX * cctx, const unsigned char *in)
+{
+    ctr_BCC_block(cctx, cctx->KX, in);
+    ctr_BCC_block(cctx, cctx->KX + 16, in);
+    if (cctx->keylen != 16)
+        ctr_BCC_block(cctx, cctx->KX + 32, in);
+}
+
+/* Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
+ * see 10.4.2 stage 7.
+ */
+static void ctr_BCC_init(DRBG_CTR_CTX * cctx)
+{
+    memset(cctx->KX, 0, 48);
+    memset(cctx->bltmp, 0, 16);
+    ctr_BCC_block(cctx, cctx->KX, cctx->bltmp);
+    cctx->bltmp[3] = 1;
+    ctr_BCC_block(cctx, cctx->KX + 16, cctx->bltmp);
+    if (cctx->keylen != 16) {
+        cctx->bltmp[3] = 2;
+        ctr_BCC_block(cctx, cctx->KX + 32, cctx->bltmp);
+    }
+}
+
+/* Process several blocks into BCC algorithm, some possibly partial */
+static void ctr_BCC_update(DRBG_CTR_CTX * cctx,
+                           const unsigned char *in, size_t inlen)
+{
+    if (!in || !inlen)
+        return;
+    /* If we have partial block handle it first */
+    if (cctx->bltmp_pos) {
+        size_t left = 16 - cctx->bltmp_pos;
+        /* If we now have a complete block process it */
+        if (inlen >= left) {
+            memcpy(cctx->bltmp + cctx->bltmp_pos, in, left);
+            ctr_BCC_blocks(cctx, cctx->bltmp);
+            cctx->bltmp_pos = 0;
+            inlen -= left;
+            in += left;
+        }
+    }
+    /* Process zero or more complete blocks */
+    while (inlen >= 16) {
+        ctr_BCC_blocks(cctx, in);
+        in += 16;
+        inlen -= 16;
+    }
+    /* Copy any remaining partial block to the temporary buffer */
+    if (inlen > 0) {
+        memcpy(cctx->bltmp + cctx->bltmp_pos, in, inlen);
+        cctx->bltmp_pos += inlen;
+    }
+}
+
+static void ctr_BCC_final(DRBG_CTR_CTX * cctx)
+{
+    if (cctx->bltmp_pos) {
+        memset(cctx->bltmp + cctx->bltmp_pos, 0, 16 - cctx->bltmp_pos);
+        ctr_BCC_blocks(cctx, cctx->bltmp);
+    }
+}
+
+static void ctr_df(DRBG_CTR_CTX * cctx,
+                   const unsigned char *in1, size_t in1len,
+                   const unsigned char *in2, size_t in2len,
+                   const unsigned char *in3, size_t in3len)
+{
+    size_t inlen;
+    unsigned char *p = cctx->bltmp;
+    static unsigned char c80 = 0x80;
+
+    ctr_BCC_init(cctx);
+    if (!in1)
+        in1len = 0;
+    if (!in2)
+        in2len = 0;
+    if (!in3)
+        in3len = 0;
+    inlen = in1len + in2len + in3len;
+    /* Initialise L||N in temporary block */
+    *p++ = (inlen >> 24) & 0xff;
+    *p++ = (inlen >> 16) & 0xff;
+    *p++ = (inlen >> 8) & 0xff;
+    *p++ = inlen & 0xff;
+    /* NB keylen is at most 32 bytes */
+    *p++ = 0;
+    *p++ = 0;
+    *p++ = 0;
+    *p = (unsigned char)((cctx->keylen + 16) & 0xff);
+    cctx->bltmp_pos = 8;
+    ctr_BCC_update(cctx, in1, in1len);
+    ctr_BCC_update(cctx, in2, in2len);
+    ctr_BCC_update(cctx, in3, in3len);
+    ctr_BCC_update(cctx, &c80, 1);
+    ctr_BCC_final(cctx);
+    /* Set up key K */
+    AES_set_encrypt_key(cctx->KX, cctx->keylen * 8, &cctx->df_kxks);
+    /* X follows key K */
+    AES_encrypt(cctx->KX + cctx->keylen, cctx->KX, &cctx->df_kxks);
+    AES_encrypt(cctx->KX, cctx->KX + 16, &cctx->df_kxks);
+    if (cctx->keylen != 16)
+        AES_encrypt(cctx->KX + 16, cctx->KX + 32, &cctx->df_kxks);
+#if 0
+    fprintf(stderr, "Output of ctr_df:\n");
+    BIO_dump_fp(stderr, cctx->KX, cctx->keylen + 16);
+#endif
+}
+
+/* NB the no-df  Update in SP800-90 specifies a constant input length
+ * of seedlen, however other uses of this algorithm pad the input with
+ * zeroes if necessary and have up to two parameters XORed together,
+ * handle both cases in this function instead.
+ */
+
+static void ctr_Update(DRBG_CTX *dctx,
+                       const unsigned char *in1, size_t in1len,
+                       const unsigned char *in2, size_t in2len,
+                       const unsigned char *nonce, size_t noncelen)
+{
+    DRBG_CTR_CTX *cctx = &dctx->d.ctr;
+    /* ks is already setup for correct key */
+    inc_128(cctx);
+    AES_encrypt(cctx->V, cctx->K, &cctx->ks);
+    /* If keylen longer than 128 bits need extra encrypt */
+    if (cctx->keylen != 16) {
+        inc_128(cctx);
+        AES_encrypt(cctx->V, cctx->K + 16, &cctx->ks);
+    }
+    inc_128(cctx);
+    AES_encrypt(cctx->V, cctx->V, &cctx->ks);
+    /* If 192 bit key part of V is on end of K */
+    if (cctx->keylen == 24) {
+        memcpy(cctx->V + 8, cctx->V, 8);
+        memcpy(cctx->V, cctx->K + 24, 8);
+    }
+
+    if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
+        /* If no input reuse existing derived value */
+        if (in1 || nonce || in2)
+            ctr_df(cctx, in1, in1len, nonce, noncelen, in2, in2len);
+        /* If this a reuse input in1len != 0 */
+        if (in1len)
+            ctr_XOR(cctx, cctx->KX, dctx->seedlen);
+    } else {
+        ctr_XOR(cctx, in1, in1len);
+        ctr_XOR(cctx, in2, in2len);
+    }
+
+    AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
+#if 0
+    fprintf(stderr, "K+V after update is:\n");
+    BIO_dump_fp(stderr, cctx->K, cctx->keylen);
+    BIO_dump_fp(stderr, cctx->V, 16);
+#endif
+}
+
+static int drbg_ctr_instantiate(DRBG_CTX *dctx,
+                                const unsigned char *ent, size_t entlen,
+                                const unsigned char *nonce, size_t noncelen,
+                                const unsigned char *pers, size_t perslen)
+{
+    DRBG_CTR_CTX *cctx = &dctx->d.ctr;
+    memset(cctx->K, 0, sizeof(cctx->K));
+    memset(cctx->V, 0, sizeof(cctx->V));
+    AES_set_encrypt_key(cctx->K, dctx->strength, &cctx->ks);
+    ctr_Update(dctx, ent, entlen, pers, perslen, nonce, noncelen);
+    return 1;
+}
+
+static int drbg_ctr_reseed(DRBG_CTX *dctx,
+                           const unsigned char *ent, size_t entlen,
+                           const unsigned char *adin, size_t adinlen)
+{
+    ctr_Update(dctx, ent, entlen, adin, adinlen, NULL, 0);
+    return 1;
+}
+
+static int drbg_ctr_generate(DRBG_CTX *dctx,
+                             unsigned char *out, size_t outlen,
+                             const unsigned char *adin, size_t adinlen)
+{
+    DRBG_CTR_CTX *cctx = &dctx->d.ctr;
+    if (adin && adinlen) {
+        ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
+        /* This means we reuse derived value */
+        if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
+            adin = NULL;
+            adinlen = 1;
+        }
+    } else
+        adinlen = 0;
+
+    for (;;) {
+        inc_128(cctx);
+        if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) {
+            AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
+            dctx->lb_valid = 1;
+            continue;
+        }
+        if (outlen < 16) {
+            /* Use K as temp space as it will be updated */
+            AES_encrypt(cctx->V, cctx->K, &cctx->ks);
+            if (!fips_drbg_cprng_test(dctx, cctx->K))
+                return 0;
+            memcpy(out, cctx->K, outlen);
+            break;
+        }
+        AES_encrypt(cctx->V, out, &cctx->ks);
+        if (!fips_drbg_cprng_test(dctx, out))
+            return 0;
+        out += 16;
+        outlen -= 16;
+        if (outlen == 0)
+            break;
+    }
+
+    ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
+
+    return 1;
+
+}
+
+static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
+{
+    memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
+    return 1;
+}
+
+int fips_drbg_ctr_init(DRBG_CTX *dctx)
+{
+    DRBG_CTR_CTX *cctx = &dctx->d.ctr;
+
+    size_t keylen;
+
+    switch (dctx->type) {
+    case NID_aes_128_ctr:
+        keylen = 16;
+        break;
+
+    case NID_aes_192_ctr:
+        keylen = 24;
+        break;
+
+    case NID_aes_256_ctr:
+        keylen = 32;
+        break;
+
+    default:
+        return -2;
+    }
+
+    dctx->instantiate = drbg_ctr_instantiate;
+    dctx->reseed = drbg_ctr_reseed;
+    dctx->generate = drbg_ctr_generate;
+    dctx->uninstantiate = drbg_ctr_uninstantiate;
+
+    cctx->keylen = keylen;
+    dctx->strength = keylen * 8;
+    dctx->blocklength = 16;
+    dctx->seedlen = keylen + 16;
+
+    if (dctx->xflags & DRBG_FLAG_CTR_USE_DF) {
+        /* df initialisation */
+        static unsigned char df_key[32] = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+        };
+        /* Set key schedule for df_key */
+        AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
+
+        dctx->min_entropy = cctx->keylen;
+        dctx->max_entropy = DRBG_MAX_LENGTH;
+        dctx->min_nonce = dctx->min_entropy / 2;
+        dctx->max_nonce = DRBG_MAX_LENGTH;
+        dctx->max_pers = DRBG_MAX_LENGTH;
+        dctx->max_adin = DRBG_MAX_LENGTH;
+    } else {
+        dctx->min_entropy = dctx->seedlen;
+        dctx->max_entropy = dctx->seedlen;
+        /* Nonce not used */
+        dctx->min_nonce = 0;
+        dctx->max_nonce = 0;
+        dctx->max_pers = dctx->seedlen;
+        dctx->max_adin = dctx->seedlen;
+    }
+
+    dctx->max_request = 1 << 16;
+    dctx->reseed_interval = 1 << 24;
+
+    return 1;
+}
Index: openssl-1.1.0i/crypto/fips/fips_drbg_hash.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_drbg_hash.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,361 @@
+/* fips/rand/fips_drbg_hash.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
+#include "internal/fips_int.h"
+#include <openssl/fips_rand.h>
+#include "fips_rand_lcl.h"
+
+/* This is Hash_df from SP 800-90 10.4.1 */
+
+static int hash_df(DRBG_CTX *dctx, unsigned char *out,
+                   const unsigned char *in1, size_t in1len,
+                   const unsigned char *in2, size_t in2len,
+                   const unsigned char *in3, size_t in3len,
+                   const unsigned char *in4, size_t in4len)
+{
+    EVP_MD_CTX *mctx = dctx->d.hash.mctx;
+    unsigned char *vtmp = dctx->d.hash.vtmp;
+    unsigned char tmp[6];
+    /* Standard only ever needs seedlen bytes which is always less than
+     * maximum permitted so no need to check length.
+     */
+    size_t outlen = dctx->seedlen;
+    tmp[0] = 1;
+    tmp[1] = ((outlen * 8) >> 24) & 0xff;
+    tmp[2] = ((outlen * 8) >> 16) & 0xff;
+    tmp[3] = ((outlen * 8) >> 8) & 0xff;
+    tmp[4] = (outlen * 8) & 0xff;
+    if (!in1) {
+        tmp[5] = (unsigned char)in1len;
+        in1 = tmp + 5;
+        in1len = 1;
+    }
+    for (;;) {
+        if (!FIPS_digestinit(mctx, dctx->d.hash.md))
+            return 0;
+        if (!FIPS_digestupdate(mctx, tmp, 5))
+            return 0;
+        if (in1 && !FIPS_digestupdate(mctx, in1, in1len))
+            return 0;
+        if (in2 && !FIPS_digestupdate(mctx, in2, in2len))
+            return 0;
+        if (in3 && !FIPS_digestupdate(mctx, in3, in3len))
+            return 0;
+        if (in4 && !FIPS_digestupdate(mctx, in4, in4len))
+            return 0;
+        if (outlen < dctx->blocklength) {
+            if (!FIPS_digestfinal(mctx, vtmp, NULL))
+                return 0;
+            memcpy(out, vtmp, outlen);
+            OPENSSL_cleanse(vtmp, dctx->blocklength);
+            return 1;
+        } else if (!FIPS_digestfinal(mctx, out, NULL))
+            return 0;
+
+        outlen -= dctx->blocklength;
+        if (outlen == 0)
+            return 1;
+        tmp[0]++;
+        out += dctx->blocklength;
+    }
+}
+
+/* Add an unsigned buffer to the buf value, storing the result in buf. For
+ * this algorithm the length of input never exceeds the seed length.
+ */
+
+static void ctx_add_buf(DRBG_CTX *dctx, unsigned char *buf,
+                        unsigned char *in, size_t inlen)
+{
+    size_t i = inlen;
+    const unsigned char *q;
+    unsigned char c, *p;
+    p = buf + dctx->seedlen;
+    q = in + inlen;
+
+    OPENSSL_assert(i <= dctx->seedlen);
+
+    /* Special case: zero length, just increment buffer */
+    if (i)
+        c = 0;
+    else
+        c = 1;
+
+    while (i) {
+        int r;
+        p--;
+        q--;
+        r = *p + *q + c;
+        /* Carry */
+        if (r > 0xff)
+            c = 1;
+        else
+            c = 0;
+        *p = r & 0xff;
+        i--;
+    }
+
+    i = dctx->seedlen - inlen;
+
+    /* If not adding whole buffer handle final carries */
+    if (c && i) {
+        do {
+            p--;
+            c = *p;
+            c++;
+            *p = c;
+            if (c)
+                return;
+        } while (i--);
+    }
+}
+
+/* Finalise and add hash to V */
+
+static int ctx_add_md(DRBG_CTX *dctx)
+{
+    if (!FIPS_digestfinal(dctx->d.hash.mctx, dctx->d.hash.vtmp, NULL))
+        return 0;
+    ctx_add_buf(dctx, dctx->d.hash.V, dctx->d.hash.vtmp, dctx->blocklength);
+    return 1;
+}
+
+static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
+{
+    DRBG_HASH_CTX *hctx = &dctx->d.hash;
+    if (outlen == 0)
+        return 1;
+    memcpy(hctx->vtmp, hctx->V, dctx->seedlen);
+    for (;;) {
+        FIPS_digestinit(hctx->mctx, hctx->md);
+        FIPS_digestupdate(hctx->mctx, hctx->vtmp, dctx->seedlen);
+        if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) {
+            FIPS_digestfinal(hctx->mctx, dctx->lb, NULL);
+            dctx->lb_valid = 1;
+        } else if (outlen < dctx->blocklength) {
+            FIPS_digestfinal(hctx->mctx, hctx->vtmp, NULL);
+            if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
+                return 0;
+            memcpy(out, hctx->vtmp, outlen);
+            return 1;
+        } else {
+            FIPS_digestfinal(hctx->mctx, out, NULL);
+            if (!fips_drbg_cprng_test(dctx, out))
+                return 0;
+            outlen -= dctx->blocklength;
+            if (outlen == 0)
+                return 1;
+            out += dctx->blocklength;
+        }
+        ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
+    }
+}
+
+static int drbg_hash_instantiate(DRBG_CTX *dctx,
+                                 const unsigned char *ent, size_t ent_len,
+                                 const unsigned char *nonce, size_t nonce_len,
+                                 const unsigned char *pstr, size_t pstr_len)
+{
+    DRBG_HASH_CTX *hctx = &dctx->d.hash;
+    if (!hash_df(dctx, hctx->V,
+                 ent, ent_len, nonce, nonce_len, pstr, pstr_len, NULL, 0))
+        return 0;
+    if (!hash_df(dctx, hctx->C,
+                 NULL, 0, hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
+        return 0;
+
+#ifdef HASH_DRBG_TRACE
+    fprintf(stderr, "V+C after instantiate:\n");
+    hexprint(stderr, hctx->V, dctx->seedlen);
+    hexprint(stderr, hctx->C, dctx->seedlen);
+#endif
+    return 1;
+}
+
+static int drbg_hash_reseed(DRBG_CTX *dctx,
+                            const unsigned char *ent, size_t ent_len,
+                            const unsigned char *adin, size_t adin_len)
+{
+    DRBG_HASH_CTX *hctx = &dctx->d.hash;
+    /* V about to be updated so use C as output instead */
+    if (!hash_df(dctx, hctx->C,
+                 NULL, 1, hctx->V, dctx->seedlen,
+                 ent, ent_len, adin, adin_len))
+        return 0;
+    memcpy(hctx->V, hctx->C, dctx->seedlen);
+    if (!hash_df(dctx, hctx->C, NULL, 0,
+                 hctx->V, dctx->seedlen, NULL, 0, NULL, 0))
+        return 0;
+#ifdef HASH_DRBG_TRACE
+    fprintf(stderr, "V+C after reseed:\n");
+    hexprint(stderr, hctx->V, dctx->seedlen);
+    hexprint(stderr, hctx->C, dctx->seedlen);
+#endif
+    return 1;
+}
+
+static int drbg_hash_generate(DRBG_CTX *dctx,
+                              unsigned char *out, size_t outlen,
+                              const unsigned char *adin, size_t adin_len)
+{
+    DRBG_HASH_CTX *hctx = &dctx->d.hash;
+    EVP_MD_CTX *mctx = hctx->mctx;
+    unsigned char tmp[4];
+    if (adin && adin_len) {
+        tmp[0] = 2;
+        if (!FIPS_digestinit(mctx, hctx->md))
+            return 0;
+        if (!EVP_DigestUpdate(mctx, tmp, 1))
+            return 0;
+        if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
+            return 0;
+        if (!EVP_DigestUpdate(mctx, adin, adin_len))
+            return 0;
+        if (!ctx_add_md(dctx))
+            return 0;
+    }
+    if (!hash_gen(dctx, out, outlen))
+        return 0;
+
+    tmp[0] = 3;
+    if (!FIPS_digestinit(mctx, hctx->md))
+        return 0;
+    if (!EVP_DigestUpdate(mctx, tmp, 1))
+        return 0;
+    if (!EVP_DigestUpdate(mctx, hctx->V, dctx->seedlen))
+        return 0;
+
+    if (!ctx_add_md(dctx))
+        return 0;
+
+    ctx_add_buf(dctx, hctx->V, hctx->C, dctx->seedlen);
+
+    tmp[0] = (dctx->reseed_counter >> 24) & 0xff;
+    tmp[1] = (dctx->reseed_counter >> 16) & 0xff;
+    tmp[2] = (dctx->reseed_counter >> 8) & 0xff;
+    tmp[3] = dctx->reseed_counter & 0xff;
+    ctx_add_buf(dctx, hctx->V, tmp, 4);
+#ifdef HASH_DRBG_TRACE
+    fprintf(stderr, "V+C after generate:\n");
+    hexprint(stderr, hctx->V, dctx->seedlen);
+    hexprint(stderr, hctx->C, dctx->seedlen);
+#endif
+    return 1;
+}
+
+static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
+{
+    EVP_MD_CTX_free(dctx->d.hash.mctx);
+    OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
+    return 1;
+}
+
+int fips_drbg_hash_init(DRBG_CTX *dctx)
+{
+    const EVP_MD *md;
+    DRBG_HASH_CTX *hctx = &dctx->d.hash;
+    md = FIPS_get_digestbynid(dctx->type);
+    if (!md)
+        return -2;
+    switch (dctx->type) {
+    case NID_sha1:
+        dctx->strength = 128;
+        break;
+
+    case NID_sha224:
+        dctx->strength = 192;
+        break;
+
+    default:
+        dctx->strength = 256;
+        break;
+    }
+
+    dctx->instantiate = drbg_hash_instantiate;
+    dctx->reseed = drbg_hash_reseed;
+    dctx->generate = drbg_hash_generate;
+    dctx->uninstantiate = drbg_hash_uninstantiate;
+
+    dctx->d.hash.md = md;
+    hctx->mctx = EVP_MD_CTX_new();
+    if (hctx->mctx == NULL)
+        return -1;
+
+    /* These are taken from SP 800-90 10.1 table 2 */
+
+    dctx->blocklength = EVP_MD_size(md);
+    if (dctx->blocklength > 32)
+        dctx->seedlen = 111;
+    else
+        dctx->seedlen = 55;
+
+    dctx->min_entropy = dctx->strength / 8;
+    dctx->max_entropy = DRBG_MAX_LENGTH;
+
+    dctx->min_nonce = dctx->min_entropy / 2;
+    dctx->max_nonce = DRBG_MAX_LENGTH;
+
+    dctx->max_pers = DRBG_MAX_LENGTH;
+    dctx->max_adin = DRBG_MAX_LENGTH;
+
+    dctx->max_request = 1 << 16;
+    dctx->reseed_interval = 1 << 24;
+
+    return 1;
+}
Index: openssl-1.1.0i/crypto/fips/fips_drbg_hmac.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_drbg_hmac.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,272 @@
+/* fips/rand/fips_drbg_hmac.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/aes.h>
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#include "fips_rand_lcl.h"
+
+static int drbg_hmac_update(DRBG_CTX *dctx,
+                            const unsigned char *in1, size_t in1len,
+                            const unsigned char *in2, size_t in2len,
+                            const unsigned char *in3, size_t in3len)
+{
+    static unsigned char c0 = 0, c1 = 1;
+    DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
+    HMAC_CTX *hctx = hmac->hctx;
+
+    if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
+        return 0;
+    if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
+        return 0;
+    if (!HMAC_Update(hctx, &c0, 1))
+        return 0;
+    if (in1len && !HMAC_Update(hctx, in1, in1len))
+        return 0;
+    if (in2len && !HMAC_Update(hctx, in2, in2len))
+        return 0;
+    if (in3len && !HMAC_Update(hctx, in3, in3len))
+        return 0;
+
+    if (!HMAC_Final(hctx, hmac->K, NULL))
+        return 0;
+
+    if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
+        return 0;
+    if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
+        return 0;
+
+    if (!HMAC_Final(hctx, hmac->V, NULL))
+        return 0;
+
+    if (!in1len && !in2len && !in3len)
+        return 1;
+
+    if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
+        return 0;
+    if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
+        return 0;
+    if (!HMAC_Update(hctx, &c1, 1))
+        return 0;
+    if (in1len && !HMAC_Update(hctx, in1, in1len))
+        return 0;
+    if (in2len && !HMAC_Update(hctx, in2, in2len))
+        return 0;
+    if (in3len && !HMAC_Update(hctx, in3, in3len))
+        return 0;
+
+    if (!HMAC_Final(hctx, hmac->K, NULL))
+        return 0;
+
+    if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
+        return 0;
+    if (!HMAC_Update(hctx, hmac->V, dctx->blocklength))
+        return 0;
+
+    if (!HMAC_Final(hctx, hmac->V, NULL))
+        return 0;
+
+    return 1;
+
+}
+
+static int drbg_hmac_instantiate(DRBG_CTX *dctx,
+                                 const unsigned char *ent, size_t ent_len,
+                                 const unsigned char *nonce, size_t nonce_len,
+                                 const unsigned char *pstr, size_t pstr_len)
+{
+    DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
+    memset(hmac->K, 0, dctx->blocklength);
+    memset(hmac->V, 1, dctx->blocklength);
+    if (!drbg_hmac_update(dctx,
+                          ent, ent_len, nonce, nonce_len, pstr, pstr_len))
+        return 0;
+
+#ifdef HMAC_DRBG_TRACE
+    fprintf(stderr, "K+V after instantiate:\n");
+    hexprint(stderr, hmac->K, hmac->blocklength);
+    hexprint(stderr, hmac->V, hmac->blocklength);
+#endif
+    return 1;
+}
+
+static int drbg_hmac_reseed(DRBG_CTX *dctx,
+                            const unsigned char *ent, size_t ent_len,
+                            const unsigned char *adin, size_t adin_len)
+{
+    if (!drbg_hmac_update(dctx, ent, ent_len, adin, adin_len, NULL, 0))
+        return 0;
+
+#ifdef HMAC_DRBG_TRACE
+    {
+        DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
+        fprintf(stderr, "K+V after reseed:\n");
+        hexprint(stderr, hmac->K, hmac->blocklength);
+        hexprint(stderr, hmac->V, hmac->blocklength);
+    }
+#endif
+    return 1;
+}
+
+static int drbg_hmac_generate(DRBG_CTX *dctx,
+                              unsigned char *out, size_t outlen,
+                              const unsigned char *adin, size_t adin_len)
+{
+    DRBG_HMAC_CTX *hmac = &dctx->d.hmac;
+    HMAC_CTX *hctx = hmac->hctx;
+    const unsigned char *Vtmp = hmac->V;
+    if (adin_len && !drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
+        return 0;
+    for (;;) {
+        if (!HMAC_Init_ex(hctx, hmac->K, dctx->blocklength, hmac->md, NULL))
+            return 0;
+        if (!HMAC_Update(hctx, Vtmp, dctx->blocklength))
+            return 0;
+        if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid) {
+            if (!HMAC_Final(hctx, dctx->lb, NULL))
+                return 0;
+            dctx->lb_valid = 1;
+            Vtmp = dctx->lb;
+            continue;
+        } else if (outlen > dctx->blocklength) {
+            if (!HMAC_Final(hctx, out, NULL))
+                return 0;
+            if (!fips_drbg_cprng_test(dctx, out))
+                return 0;
+            Vtmp = out;
+        } else {
+            if (!HMAC_Final(hctx, hmac->V, NULL))
+                return 0;
+            if (!fips_drbg_cprng_test(dctx, hmac->V))
+                return 0;
+            memcpy(out, hmac->V, outlen);
+            break;
+        }
+        out += dctx->blocklength;
+        outlen -= dctx->blocklength;
+    }
+    if (!drbg_hmac_update(dctx, adin, adin_len, NULL, 0, NULL, 0))
+        return 0;
+
+    return 1;
+}
+
+static int drbg_hmac_uninstantiate(DRBG_CTX *dctx)
+{
+    HMAC_CTX_free(dctx->d.hmac.hctx);
+    OPENSSL_cleanse(&dctx->d.hmac, sizeof(DRBG_HMAC_CTX));
+    return 1;
+}
+
+int fips_drbg_hmac_init(DRBG_CTX *dctx)
+{
+    const EVP_MD *md = NULL;
+    DRBG_HMAC_CTX *hctx = &dctx->d.hmac;
+    dctx->strength = 256;
+    switch (dctx->type) {
+    case NID_hmacWithSHA1:
+        md = EVP_sha1();
+        dctx->strength = 128;
+        break;
+
+    case NID_hmacWithSHA224:
+        md = EVP_sha224();
+        dctx->strength = 192;
+        break;
+
+    case NID_hmacWithSHA256:
+        md = EVP_sha256();
+        break;
+
+    case NID_hmacWithSHA384:
+        md = EVP_sha384();
+        break;
+
+    case NID_hmacWithSHA512:
+        md = EVP_sha512();
+        break;
+
+    default:
+        dctx->strength = 0;
+        return -2;
+    }
+    dctx->instantiate = drbg_hmac_instantiate;
+    dctx->reseed = drbg_hmac_reseed;
+    dctx->generate = drbg_hmac_generate;
+    dctx->uninstantiate = drbg_hmac_uninstantiate;
+    hctx->hctx = HMAC_CTX_new();
+    if (hctx->hctx == NULL)
+        return -1;
+    hctx->md = md;
+    dctx->blocklength = M_EVP_MD_size(md);
+    dctx->seedlen = M_EVP_MD_size(md);
+
+    dctx->min_entropy = dctx->strength / 8;
+    dctx->max_entropy = DRBG_MAX_LENGTH;
+
+    dctx->min_nonce = dctx->min_entropy / 2;
+    dctx->max_nonce = DRBG_MAX_LENGTH;
+
+    dctx->max_pers = DRBG_MAX_LENGTH;
+    dctx->max_adin = DRBG_MAX_LENGTH;
+
+    dctx->max_request = 1 << 16;
+    dctx->reseed_interval = 1 << 24;
+
+    return 1;
+}
Index: openssl-1.1.0i/crypto/fips/fips_drbg_lib.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_drbg_lib.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,555 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include "internal/fips_int.h"
+#include <openssl/fips_rand.h>
+#include "fips_locl.h"
+#include "fips_rand_lcl.h"
+
+/* Support framework for SP800-90 DRBGs */
+
+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
+{
+    int rv;
+    memset(dctx, 0, sizeof(DRBG_CTX));
+    dctx->status = DRBG_STATUS_UNINITIALISED;
+    dctx->xflags = flags;
+    dctx->type = type;
+
+    dctx->iflags = 0;
+    dctx->entropy_blocklen = 0;
+    dctx->health_check_cnt = 0;
+    dctx->health_check_interval = DRBG_HEALTH_INTERVAL;
+
+    rv = fips_drbg_hash_init(dctx);
+
+    if (rv == -2)
+        rv = fips_drbg_ctr_init(dctx);
+    if (rv == -2)
+        rv = fips_drbg_hmac_init(dctx);
+
+    if (rv <= 0) {
+        if (rv == -2)
+            FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
+        else
+            FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
+    }
+
+    /* If not in test mode run selftests on DRBG of the same type */
+
+    if (!(dctx->xflags & DRBG_FLAG_TEST)) {
+        if (!FIPS_drbg_health_check(dctx)) {
+            FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
+            return 0;
+        }
+    }
+
+    return rv;
+}
+
+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
+{
+    DRBG_CTX *dctx;
+    dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
+    if (!dctx) {
+        FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (type == 0) {
+        memset(dctx, 0, sizeof(DRBG_CTX));
+        dctx->type = 0;
+        dctx->status = DRBG_STATUS_UNINITIALISED;
+        return dctx;
+    }
+
+    if (FIPS_drbg_init(dctx, type, flags) <= 0) {
+        OPENSSL_free(dctx);
+        return NULL;
+    }
+
+    return dctx;
+}
+
+void FIPS_drbg_free(DRBG_CTX *dctx)
+{
+    if (dctx->uninstantiate)
+        dctx->uninstantiate(dctx);
+    /* Don't free up default DRBG */
+    if (dctx == FIPS_get_default_drbg()) {
+        memset(dctx, 0, sizeof(DRBG_CTX));
+        dctx->type = 0;
+        dctx->status = DRBG_STATUS_UNINITIALISED;
+    } else {
+        OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
+        OPENSSL_free(dctx);
+    }
+}
+
+static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
+                               int entropy, size_t min_len, size_t max_len)
+{
+    unsigned char *tout, *p;
+    size_t bl = dctx->entropy_blocklen, rv;
+    if (!dctx->get_entropy)
+        return 0;
+    if (dctx->xflags & DRBG_FLAG_TEST || !bl)
+        return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
+    rv = dctx->get_entropy(dctx, &tout, entropy + bl,
+                           min_len + bl, max_len + bl);
+    if (tout == NULL)
+        return 0;
+    *pout = tout + bl;
+    if (rv < (min_len + bl) || (rv % bl))
+        return 0;
+    /* Compare consecutive blocks for continuous PRNG test */
+    for (p = tout; p < tout + rv - bl; p += bl) {
+        if (!memcmp(p, p + bl, bl)) {
+            FIPSerr(FIPS_F_FIPS_GET_ENTROPY, FIPS_R_ENTROPY_SOURCE_STUCK);
+            return 0;
+        }
+    }
+    rv -= bl;
+    if (rv > max_len)
+        return max_len;
+    return rv;
+}
+
+static void fips_cleanup_entropy(DRBG_CTX *dctx,
+                                 unsigned char *out, size_t olen)
+{
+    size_t bl;
+    if (dctx->xflags & DRBG_FLAG_TEST)
+        bl = 0;
+    else
+        bl = dctx->entropy_blocklen;
+    /* Call cleanup with original arguments */
+    dctx->cleanup_entropy(dctx, out - bl, olen + bl);
+}
+
+int FIPS_drbg_instantiate(DRBG_CTX *dctx,
+                          const unsigned char *pers, size_t perslen)
+{
+    size_t entlen = 0, noncelen = 0;
+    unsigned char *nonce = NULL, *entropy = NULL;
+
+#if 0
+    /* Put here so error script picks them up */
+    FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE,
+            FIPS_R_PERSONALISATION_STRING_TOO_LONG);
+    FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_IN_ERROR_STATE);
+    FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ALREADY_INSTANTIATED);
+    FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
+    FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
+    FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
+    FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
+#endif
+
+    int r = 0;
+
+    if (perslen > dctx->max_pers) {
+        r = FIPS_R_PERSONALISATION_STRING_TOO_LONG;
+        goto end;
+    }
+
+    if (!dctx->instantiate) {
+        r = FIPS_R_DRBG_NOT_INITIALISED;
+        goto end;
+    }
+
+    if (dctx->status != DRBG_STATUS_UNINITIALISED) {
+        if (dctx->status == DRBG_STATUS_ERROR)
+            r = FIPS_R_IN_ERROR_STATE;
+        else
+            r = FIPS_R_ALREADY_INSTANTIATED;
+        goto end;
+    }
+
+    dctx->status = DRBG_STATUS_ERROR;
+
+    entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
+                              dctx->min_entropy, dctx->max_entropy);
+
+    if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
+        r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
+        goto end;
+    }
+
+    if (dctx->max_nonce > 0 && dctx->get_nonce) {
+        noncelen = dctx->get_nonce(dctx, &nonce,
+                                   dctx->strength / 2,
+                                   dctx->min_nonce, dctx->max_nonce);
+
+        if (noncelen < dctx->min_nonce || noncelen > dctx->max_nonce) {
+            r = FIPS_R_ERROR_RETRIEVING_NONCE;
+            goto end;
+        }
+
+    }
+
+    if (!dctx->instantiate(dctx,
+                           entropy, entlen, nonce, noncelen, pers, perslen)) {
+        r = FIPS_R_ERROR_INSTANTIATING_DRBG;
+        goto end;
+    }
+
+    dctx->status = DRBG_STATUS_READY;
+    if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
+        dctx->reseed_counter = 1;
+
+ end:
+
+    if (entropy && dctx->cleanup_entropy)
+        fips_cleanup_entropy(dctx, entropy, entlen);
+
+    if (nonce && dctx->cleanup_nonce)
+        dctx->cleanup_nonce(dctx, nonce, noncelen);
+
+    if (dctx->status == DRBG_STATUS_READY)
+        return 1;
+
+    if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
+        FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, r);
+
+    return 0;
+
+}
+
+static int drbg_reseed(DRBG_CTX *dctx,
+                       const unsigned char *adin, size_t adinlen, int hcheck)
+{
+    unsigned char *entropy = NULL;
+    size_t entlen = 0;
+    int r = 0;
+
+#if 0
+    FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
+    FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+#endif
+    if (dctx->status != DRBG_STATUS_READY
+        && dctx->status != DRBG_STATUS_RESEED) {
+        if (dctx->status == DRBG_STATUS_ERROR)
+            r = FIPS_R_IN_ERROR_STATE;
+        else if (dctx->status == DRBG_STATUS_UNINITIALISED)
+            r = FIPS_R_NOT_INSTANTIATED;
+        goto end;
+    }
+
+    if (!adin)
+        adinlen = 0;
+    else if (adinlen > dctx->max_adin) {
+        r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
+        goto end;
+    }
+
+    dctx->status = DRBG_STATUS_ERROR;
+    /* Peform health check on all reseed operations if not a prediction
+     * resistance request and not in test mode.
+     */
+    if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST)) {
+        if (!FIPS_drbg_health_check(dctx)) {
+            r = FIPS_R_SELFTEST_FAILURE;
+            goto end;
+        }
+    }
+
+    entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
+                              dctx->min_entropy, dctx->max_entropy);
+
+    if (entlen < dctx->min_entropy || entlen > dctx->max_entropy) {
+        r = FIPS_R_ERROR_RETRIEVING_ENTROPY;
+        goto end;
+    }
+
+    if (!dctx->reseed(dctx, entropy, entlen, adin, adinlen))
+        goto end;
+
+    dctx->status = DRBG_STATUS_READY;
+    if (!(dctx->iflags & DRBG_CUSTOM_RESEED))
+        dctx->reseed_counter = 1;
+ end:
+
+    if (entropy && dctx->cleanup_entropy)
+        fips_cleanup_entropy(dctx, entropy, entlen);
+
+    if (dctx->status == DRBG_STATUS_READY)
+        return 1;
+
+    if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
+        FIPSerr(FIPS_F_DRBG_RESEED, r);
+
+    return 0;
+}
+
+int FIPS_drbg_reseed(DRBG_CTX *dctx,
+                     const unsigned char *adin, size_t adinlen)
+{
+    return drbg_reseed(dctx, adin, adinlen, 1);
+}
+
+static int fips_drbg_check(DRBG_CTX *dctx)
+{
+    if (dctx->xflags & DRBG_FLAG_TEST)
+        return 1;
+    dctx->health_check_cnt++;
+    if (dctx->health_check_cnt >= dctx->health_check_interval) {
+        if (!FIPS_drbg_health_check(dctx)) {
+            FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen)
+{
+    int r = 0;
+
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
+        return 0;
+    }
+
+    if (!fips_drbg_check(dctx))
+        return 0;
+
+    if (dctx->status != DRBG_STATUS_READY
+        && dctx->status != DRBG_STATUS_RESEED) {
+        if (dctx->status == DRBG_STATUS_ERROR)
+            r = FIPS_R_IN_ERROR_STATE;
+        else if (dctx->status == DRBG_STATUS_UNINITIALISED)
+            r = FIPS_R_NOT_INSTANTIATED;
+        goto end;
+    }
+
+    if (outlen > dctx->max_request) {
+        r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
+        return 0;
+    }
+
+    if (adinlen > dctx->max_adin) {
+        r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
+        goto end;
+    }
+
+    if (dctx->iflags & DRBG_CUSTOM_RESEED)
+        dctx->generate(dctx, NULL, outlen, NULL, 0);
+    else if (dctx->reseed_counter >= dctx->reseed_interval)
+        dctx->status = DRBG_STATUS_RESEED;
+
+    if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) {
+        /* If prediction resistance request don't do health check */
+        int hcheck = prediction_resistance ? 0 : 1;
+
+        if (!drbg_reseed(dctx, adin, adinlen, hcheck)) {
+            r = FIPS_R_RESEED_ERROR;
+            goto end;
+        }
+        adin = NULL;
+        adinlen = 0;
+    }
+
+    if (!dctx->generate(dctx, out, outlen, adin, adinlen)) {
+        r = FIPS_R_GENERATE_ERROR;
+        dctx->status = DRBG_STATUS_ERROR;
+        goto end;
+    }
+    if (!(dctx->iflags & DRBG_CUSTOM_RESEED)) {
+        if (dctx->reseed_counter >= dctx->reseed_interval)
+            dctx->status = DRBG_STATUS_RESEED;
+        else
+            dctx->reseed_counter++;
+    }
+
+ end:
+    if (r) {
+        if (!(dctx->iflags & DRBG_FLAG_NOERR))
+            FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, r);
+        return 0;
+    }
+
+    return 1;
+}
+
+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
+{
+    int rv;
+    if (!dctx->uninstantiate)
+        rv = 1;
+    else
+        rv = dctx->uninstantiate(dctx);
+    /* Although we'd like to cleanse here we can't because we have to
+     * test the uninstantiate really zeroes the data.
+     */
+    memset(&dctx->d, 0, sizeof(dctx->d));
+    dctx->status = DRBG_STATUS_UNINITIALISED;
+    /* If method has problems uninstantiating, return error */
+    return rv;
+}
+
+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
+                            size_t (*get_entropy) (DRBG_CTX *ctx,
+                                                   unsigned char **pout,
+                                                   int entropy,
+                                                   size_t min_len,
+                                                   size_t max_len),
+                            void (*cleanup_entropy) (DRBG_CTX *ctx,
+                                                     unsigned char *out,
+                                                     size_t olen),
+                            size_t entropy_blocklen,
+                            size_t (*get_nonce) (DRBG_CTX *ctx,
+                                                 unsigned char **pout,
+                                                 int entropy, size_t min_len,
+                                                 size_t max_len),
+                            void (*cleanup_nonce) (DRBG_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t olen))
+{
+    if (dctx->status != DRBG_STATUS_UNINITIALISED)
+        return 0;
+    dctx->entropy_blocklen = entropy_blocklen;
+    dctx->get_entropy = get_entropy;
+    dctx->cleanup_entropy = cleanup_entropy;
+    dctx->get_nonce = get_nonce;
+    dctx->cleanup_nonce = cleanup_nonce;
+    return 1;
+}
+
+int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
+                                 size_t (*get_adin) (DRBG_CTX *ctx,
+                                                     unsigned char **pout),
+                                 void (*cleanup_adin) (DRBG_CTX *ctx,
+                                                       unsigned char *out,
+                                                       size_t olen),
+                                 int (*rand_seed_cb) (DRBG_CTX *ctx,
+                                                      const void *buf,
+                                                      int num),
+                                 int (*rand_add_cb) (DRBG_CTX *ctx,
+                                                     const void *buf, int num,
+                                                     double entropy))
+{
+    if (dctx->status != DRBG_STATUS_UNINITIALISED)
+        return 0;
+    dctx->get_adin = get_adin;
+    dctx->cleanup_adin = cleanup_adin;
+    dctx->rand_seed_cb = rand_seed_cb;
+    dctx->rand_add_cb = rand_add_cb;
+    return 1;
+}
+
+void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
+{
+    return dctx->app_data;
+}
+
+void FIPS_drbg_set_app_data(DRBG_CTX *dctx, void *app_data)
+{
+    dctx->app_data = app_data;
+}
+
+size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
+{
+    return dctx->blocklength;
+}
+
+int FIPS_drbg_get_strength(DRBG_CTX *dctx)
+{
+    return dctx->strength;
+}
+
+void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval)
+{
+    dctx->health_check_interval = interval;
+}
+
+void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
+{
+    dctx->reseed_interval = interval;
+}
+
+static int drbg_stick = 0;
+
+void FIPS_drbg_stick(int onoff)
+{
+    drbg_stick = onoff;
+}
+
+/* Continuous DRBG utility function */
+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
+{
+    /* No CPRNG in test mode */
+    if (dctx->xflags & DRBG_FLAG_TEST)
+        return 1;
+    /* Check block is valid: should never happen */
+    if (dctx->lb_valid == 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
+        fips_set_selftest_fail();
+        return 0;
+    }
+    if (drbg_stick)
+        memcpy(dctx->lb, out, dctx->blocklength);
+    /* Check against last block: fail if match */
+    if (!memcmp(dctx->lb, out, dctx->blocklength)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
+        fips_set_selftest_fail();
+        return 0;
+    }
+    /* Save last block for next comparison */
+    memcpy(dctx->lb, out, dctx->blocklength);
+    return 1;
+}
Index: openssl-1.1.0i/crypto/fips/fips_drbg_rand.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_drbg_rand.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,183 @@
+/* fips/rand/fips_drbg_rand.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include "internal/thread_once.h"
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#include "fips_rand_lcl.h"
+
+/* Mapping of SP800-90 DRBGs to OpenSSL RAND_METHOD */
+
+/* Since we only have one global PRNG used at any time in OpenSSL use a global
+ * variable to store context.
+ */
+
+static DRBG_CTX ossl_dctx;
+
+static CRYPTO_RWLOCK *fips_rand_lock = NULL;
+static CRYPTO_ONCE fips_rand_lock_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_fips_rand_lock_init)
+{
+    fips_rand_lock = CRYPTO_THREAD_lock_new();
+    return fips_rand_lock != NULL;
+}
+
+DRBG_CTX *FIPS_get_default_drbg(void)
+{
+    if (!RUN_ONCE(&fips_rand_lock_init, do_fips_rand_lock_init))
+        return NULL;
+    return &ossl_dctx;
+}
+
+static int fips_drbg_bytes(unsigned char *out, int count)
+{
+    DRBG_CTX *dctx = &ossl_dctx;
+    int rv = 0;
+    unsigned char *adin = NULL;
+    size_t adinlen = 0;
+    CRYPTO_THREAD_write_lock(fips_rand_lock);
+    do {
+        size_t rcnt;
+        if (count > (int)dctx->max_request)
+            rcnt = dctx->max_request;
+        else
+            rcnt = count;
+        if (dctx->get_adin) {
+            adinlen = dctx->get_adin(dctx, &adin);
+            if (adinlen && !adin) {
+                FIPSerr(FIPS_F_FIPS_DRBG_BYTES,
+                        FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT);
+                goto err;
+            }
+        }
+        rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen);
+        if (adin) {
+            if (dctx->cleanup_adin)
+                dctx->cleanup_adin(dctx, adin, adinlen);
+            adin = NULL;
+        }
+        if (!rv)
+            goto err;
+        out += rcnt;
+        count -= rcnt;
+    }
+    while (count);
+    rv = 1;
+ err:
+    CRYPTO_THREAD_unlock(fips_rand_lock);
+    return rv;
+}
+
+static int fips_drbg_pseudo(unsigned char *out, int count)
+{
+    if (fips_drbg_bytes(out, count) <= 0)
+        return -1;
+    return 1;
+}
+
+static int fips_drbg_status(void)
+{
+    DRBG_CTX *dctx = &ossl_dctx;
+    int rv;
+    CRYPTO_THREAD_read_lock(fips_rand_lock);
+    rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
+    CRYPTO_THREAD_unlock(fips_rand_lock);
+    return rv;
+}
+
+static void fips_drbg_cleanup(void)
+{
+    DRBG_CTX *dctx = &ossl_dctx;
+    CRYPTO_THREAD_write_lock(fips_rand_lock);
+    FIPS_drbg_uninstantiate(dctx);
+    CRYPTO_THREAD_unlock(fips_rand_lock);
+}
+
+static int fips_drbg_seed(const void *seed, int seedlen)
+{
+    DRBG_CTX *dctx = &ossl_dctx;
+    CRYPTO_THREAD_write_lock(fips_rand_lock);
+    if (dctx->rand_seed_cb)
+        return dctx->rand_seed_cb(dctx, seed, seedlen);
+    CRYPTO_THREAD_unlock(fips_rand_lock);
+    return 1;
+}
+
+static int fips_drbg_add(const void *seed, int seedlen, double add_entropy)
+{
+    DRBG_CTX *dctx = &ossl_dctx;
+    CRYPTO_THREAD_write_lock(fips_rand_lock);
+    if (dctx->rand_add_cb)
+        return dctx->rand_add_cb(dctx, seed, seedlen, add_entropy);
+    CRYPTO_THREAD_unlock(fips_rand_lock);
+    return 1;
+}
+
+static const RAND_METHOD rand_drbg_meth = {
+    fips_drbg_seed,
+    fips_drbg_bytes,
+    fips_drbg_cleanup,
+    fips_drbg_add,
+    fips_drbg_pseudo,
+    fips_drbg_status
+};
+
+const RAND_METHOD *FIPS_drbg_method(void)
+{
+    return &rand_drbg_meth;
+}
Index: openssl-1.1.0i/crypto/fips/fips_drbg_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_drbg_selftest.c	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,828 @@
+/* fips/rand/fips_drbg_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#include "fips_rand_lcl.h"
+#include "fips_locl.h"
+
+#include "fips_drbg_selftest.h"
+
+typedef struct {
+    int post;
+    int nid;
+    unsigned int flags;
+
+    /* KAT data for no PR */
+    const unsigned char *ent;
+    size_t entlen;
+    const unsigned char *nonce;
+    size_t noncelen;
+    const unsigned char *pers;
+    size_t perslen;
+    const unsigned char *adin;
+    size_t adinlen;
+    const unsigned char *entreseed;
+    size_t entreseedlen;
+    const unsigned char *adinreseed;
+    size_t adinreseedlen;
+    const unsigned char *adin2;
+    size_t adin2len;
+    const unsigned char *kat;
+    size_t katlen;
+    const unsigned char *kat2;
+    size_t kat2len;
+
+    /* KAT data for PR */
+    const unsigned char *ent_pr;
+    size_t entlen_pr;
+    const unsigned char *nonce_pr;
+    size_t noncelen_pr;
+    const unsigned char *pers_pr;
+    size_t perslen_pr;
+    const unsigned char *adin_pr;
+    size_t adinlen_pr;
+    const unsigned char *entpr_pr;
+    size_t entprlen_pr;
+    const unsigned char *ading_pr;
+    size_t adinglen_pr;
+    const unsigned char *entg_pr;
+    size_t entglen_pr;
+    const unsigned char *kat_pr;
+    size_t katlen_pr;
+    const unsigned char *kat2_pr;
+    size_t kat2len_pr;
+
+} DRBG_SELFTEST_DATA;
+
+#define make_drbg_test_data(nid, flag, pr, p) {p, nid, flag | DRBG_FLAG_TEST, \
+        pr##_entropyinput, sizeof(pr##_entropyinput), \
+        pr##_nonce, sizeof(pr##_nonce), \
+        pr##_personalizationstring, sizeof(pr##_personalizationstring), \
+        pr##_additionalinput, sizeof(pr##_additionalinput), \
+        pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
+        pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
+        pr##_additionalinput2, sizeof(pr##_additionalinput2), \
+        pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
+        pr##_returnedbits, sizeof(pr##_returnedbits), \
+        pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
+        pr##_pr_nonce, sizeof(pr##_pr_nonce), \
+        pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
+        pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
+        pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
+        pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
+        pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
+        pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
+        pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits), \
+        }
+
+#define make_drbg_test_data_df(nid, pr, p) \
+        make_drbg_test_data(nid, DRBG_FLAG_CTR_USE_DF, pr, p)
+
+#define make_drbg_test_data_ec(curve, md, pr, p) \
+        make_drbg_test_data((curve << 16) | md , 0, pr, p)
+
+static DRBG_SELFTEST_DATA drbg_test[] = {
+    make_drbg_test_data_df(NID_aes_128_ctr, aes_128_use_df, 0),
+    make_drbg_test_data_df(NID_aes_192_ctr, aes_192_use_df, 0),
+    make_drbg_test_data_df(NID_aes_256_ctr, aes_256_use_df, 1),
+    make_drbg_test_data(NID_aes_128_ctr, 0, aes_128_no_df, 0),
+    make_drbg_test_data(NID_aes_192_ctr, 0, aes_192_no_df, 0),
+    make_drbg_test_data(NID_aes_256_ctr, 0, aes_256_no_df, 1),
+    make_drbg_test_data(NID_sha1, 0, sha1, 0),
+    make_drbg_test_data(NID_sha224, 0, sha224, 0),
+    make_drbg_test_data(NID_sha256, 0, sha256, 1),
+    make_drbg_test_data(NID_sha384, 0, sha384, 0),
+    make_drbg_test_data(NID_sha512, 0, sha512, 0),
+    make_drbg_test_data(NID_hmacWithSHA1, 0, hmac_sha1, 0),
+    make_drbg_test_data(NID_hmacWithSHA224, 0, hmac_sha224, 0),
+    make_drbg_test_data(NID_hmacWithSHA256, 0, hmac_sha256, 1),
+    make_drbg_test_data(NID_hmacWithSHA384, 0, hmac_sha384, 0),
+    make_drbg_test_data(NID_hmacWithSHA512, 0, hmac_sha512, 0),
+    {0, 0, 0}
+};
+
+typedef struct {
+    const unsigned char *ent;
+    size_t entlen;
+    int entcnt;
+    const unsigned char *nonce;
+    size_t noncelen;
+    int noncecnt;
+} TEST_ENT;
+
+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len)
+{
+    TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
+    *pout = (unsigned char *)t->ent;
+    t->entcnt++;
+    return t->entlen;
+}
+
+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
+                         int entropy, size_t min_len, size_t max_len)
+{
+    TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
+    *pout = (unsigned char *)t->nonce;
+    t->noncecnt++;
+    return t->noncelen;
+}
+
+static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td,
+                                int quick)
+{
+    TEST_ENT t;
+    int rv = 0;
+    size_t adinlen;
+    unsigned char randout[1024];
+
+    /* Initial test without PR */
+
+    /* Instantiate DRBG with test entropy, nonce and personalisation
+     * string.
+     */
+
+    if (!FIPS_drbg_init(dctx, td->nid, td->flags))
+        return 0;
+    if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+        return 0;
+
+    FIPS_drbg_set_app_data(dctx, &t);
+
+    t.ent = td->ent;
+    t.entlen = td->entlen;
+    t.nonce = td->nonce;
+    t.noncelen = td->noncelen;
+    t.entcnt = 0;
+    t.noncecnt = 0;
+
+    if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
+        goto err;
+
+    /* Note for CTR without DF some additional input values
+     * ignore bytes after the keylength: so reduce adinlen
+     * to half to ensure invalid data is fed in.
+     */
+    if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
+        adinlen = td->adinlen / 2;
+    else
+        adinlen = td->adinlen;
+
+    /* Generate with no PR and verify output matches expected data */
+    if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, td->adin, adinlen))
+        goto err;
+
+    if (memcmp(randout, td->kat, td->katlen)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST1_FAILURE);
+        goto err2;
+    }
+    /* If abbreviated POST end of test */
+    if (quick) {
+        rv = 1;
+        goto err;
+    }
+    /* Reseed DRBG with test entropy and additional input */
+    t.ent = td->entreseed;
+    t.entlen = td->entreseedlen;
+
+    if (!FIPS_drbg_reseed(dctx, td->adinreseed, td->adinreseedlen))
+        goto err;
+
+    /* Generate with no PR and verify output matches expected data */
+    if (!FIPS_drbg_generate(dctx, randout, td->kat2len, 0,
+                            td->adin2, td->adin2len))
+        goto err;
+
+    if (memcmp(randout, td->kat2, td->kat2len)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_NOPR_TEST2_FAILURE);
+        goto err2;
+    }
+
+    FIPS_drbg_uninstantiate(dctx);
+
+    /* Now test with PR */
+
+    /* Instantiate DRBG with test entropy, nonce and personalisation
+     * string.
+     */
+    if (!FIPS_drbg_init(dctx, td->nid, td->flags))
+        return 0;
+    if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+        return 0;
+
+    FIPS_drbg_set_app_data(dctx, &t);
+
+    t.ent = td->ent_pr;
+    t.entlen = td->entlen_pr;
+    t.nonce = td->nonce_pr;
+    t.noncelen = td->noncelen_pr;
+    t.entcnt = 0;
+    t.noncecnt = 0;
+
+    if (!FIPS_drbg_instantiate(dctx, td->pers_pr, td->perslen_pr))
+        goto err;
+
+    /* Now generate with PR: we need to supply entropy as this will
+     * perform a reseed operation. Check output matches expected value.
+     */
+
+    t.ent = td->entpr_pr;
+    t.entlen = td->entprlen_pr;
+
+    /* Note for CTR without DF some additional input values
+     * ignore bytes after the keylength: so reduce adinlen
+     * to half to ensure invalid data is fed in.
+     */
+    if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags))
+        adinlen = td->adinlen_pr / 2;
+    else
+        adinlen = td->adinlen_pr;
+    if (!FIPS_drbg_generate(dctx, randout, td->katlen_pr, 1,
+                            td->adin_pr, adinlen))
+        goto err;
+
+    if (memcmp(randout, td->kat_pr, td->katlen_pr)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST1_FAILURE);
+        goto err2;
+    }
+
+    /* Now generate again with PR: supply new entropy again.
+     * Check output matches expected value.
+     */
+
+    t.ent = td->entg_pr;
+    t.entlen = td->entglen_pr;
+
+    if (!FIPS_drbg_generate(dctx, randout, td->kat2len_pr, 1,
+                            td->ading_pr, td->adinglen_pr))
+        goto err;
+
+    if (memcmp(randout, td->kat2_pr, td->kat2len_pr)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_PR_TEST2_FAILURE);
+        goto err2;
+    }
+    /* All OK, test complete */
+    rv = 1;
+
+ err:
+    if (rv == 0)
+        FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
+ err2:
+    FIPS_drbg_uninstantiate(dctx);
+
+    return rv;
+
+}
+
+/* Initialise a DRBG based on selftest data */
+
+static int do_drbg_init(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td, TEST_ENT * t)
+{
+
+    if (!FIPS_drbg_init(dctx, td->nid, td->flags))
+        return 0;
+
+    if (!FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, test_nonce, 0))
+        return 0;
+
+    FIPS_drbg_set_app_data(dctx, t);
+
+    t->ent = td->ent;
+    t->entlen = td->entlen;
+    t->nonce = td->nonce;
+    t->noncelen = td->noncelen;
+    t->entcnt = 0;
+    t->noncecnt = 0;
+    return 1;
+}
+
+/* Initialise and instantiate DRBG based on selftest data */
+static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td,
+                               TEST_ENT * t)
+{
+    if (!do_drbg_init(dctx, td, t))
+        return 0;
+    if (!FIPS_drbg_instantiate(dctx, td->pers, td->perslen))
+        return 0;
+
+    return 1;
+}
+
+/* This function performs extensive error checking as required by SP800-90.
+ * Induce several failure modes and check an error condition is set.
+ * This function along with fips_drbg_single_kat peforms the health checking
+ * operation.
+ */
+
+static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA * td)
+{
+    unsigned char randout[1024];
+    TEST_ENT t;
+    size_t i;
+    unsigned int reseed_counter_tmp;
+    unsigned char *p = (unsigned char *)dctx;
+
+    /* Initialise DRBG */
+
+    if (!do_drbg_init(dctx, td, &t))
+        goto err;
+
+    /* Don't report induced errors */
+    dctx->iflags |= DRBG_FLAG_NOERR;
+
+    /* Personalisation string tests */
+
+    /* Test detection of too large personlisation string */
+
+    if (FIPS_drbg_instantiate(dctx, td->pers, dctx->max_pers + 1) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_PERSONALISATION_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    /* Entropy source tests */
+
+    /* Test entropy source failure detecion: i.e. returns no data */
+
+    t.entlen = 0;
+
+    if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    /* Try to generate output from uninstantiated DRBG */
+    if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+                           td->adin, td->adinlen)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_GENERATE_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    dctx->iflags &= ~DRBG_FLAG_NOERR;
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    if (!do_drbg_init(dctx, td, &t))
+        goto err;
+
+    dctx->iflags |= DRBG_FLAG_NOERR;
+
+    /* Test insufficient entropy */
+
+    t.entlen = dctx->min_entropy - 1;
+
+    if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    dctx->iflags &= ~DRBG_FLAG_NOERR;
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    /* Test too much entropy */
+
+    if (!do_drbg_init(dctx, td, &t))
+        goto err;
+
+    dctx->iflags |= DRBG_FLAG_NOERR;
+
+    t.entlen = dctx->max_entropy + 1;
+
+    if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    dctx->iflags &= ~DRBG_FLAG_NOERR;
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    /* Nonce tests */
+
+    /* Test too small nonce */
+
+    if (dctx->min_nonce) {
+
+        if (!do_drbg_init(dctx, td, &t))
+            goto err;
+
+        dctx->iflags |= DRBG_FLAG_NOERR;
+
+        t.noncelen = dctx->min_nonce - 1;
+
+        if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
+            FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                    FIPS_R_NONCE_ERROR_UNDETECTED);
+            goto err;
+        }
+
+        dctx->iflags &= ~DRBG_FLAG_NOERR;
+        if (!FIPS_drbg_uninstantiate(dctx)) {
+            FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+            goto err;
+        }
+
+    }
+
+    /* Test too large nonce */
+
+    if (dctx->max_nonce) {
+
+        if (!do_drbg_init(dctx, td, &t))
+            goto err;
+
+        dctx->iflags |= DRBG_FLAG_NOERR;
+
+        t.noncelen = dctx->max_nonce + 1;
+
+        if (FIPS_drbg_instantiate(dctx, td->pers, td->perslen) > 0) {
+            FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                    FIPS_R_NONCE_ERROR_UNDETECTED);
+            goto err;
+        }
+
+        dctx->iflags &= ~DRBG_FLAG_NOERR;
+        if (!FIPS_drbg_uninstantiate(dctx)) {
+            FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+            goto err;
+        }
+
+    }
+
+    /* Instantiate with valid data. */
+    if (!do_drbg_instantiate(dctx, td, &t))
+        goto err;
+
+    /* Check generation is now OK */
+    if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+                            td->adin, td->adinlen))
+        goto err;
+
+    dctx->iflags |= DRBG_FLAG_NOERR;
+
+    /* Request too much data for one request */
+    if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0,
+                           td->adin, td->adinlen)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    /* Try too large additional input */
+    if (FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+                           td->adin, dctx->max_adin + 1)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    /* Check prediction resistance request fails if entropy source
+     * failure.
+     */
+
+    t.entlen = 0;
+
+    if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
+                           td->adin, td->adinlen)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    dctx->iflags &= ~DRBG_FLAG_NOERR;
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    /* Instantiate again with valid data */
+
+    if (!do_drbg_instantiate(dctx, td, &t))
+        goto err;
+    /* Test reseed counter works */
+    /* Save initial reseed counter */
+    reseed_counter_tmp = dctx->reseed_counter;
+    /* Set reseed counter to beyond interval */
+    dctx->reseed_counter = dctx->reseed_interval;
+
+    /* Generate output and check entropy has been requested for reseed */
+    t.entcnt = 0;
+    if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+                            td->adin, td->adinlen))
+        goto err;
+    if (t.entcnt != 1) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
+        goto err;
+    }
+    /* Check reseed counter has been reset */
+    if (dctx->reseed_counter != reseed_counter_tmp + 1) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
+        goto err;
+    }
+
+    dctx->iflags &= ~DRBG_FLAG_NOERR;
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    /* Check prediction resistance request fails if entropy source
+     * failure.
+     */
+
+    t.entlen = 0;
+
+    dctx->iflags |= DRBG_FLAG_NOERR;
+    if (FIPS_drbg_generate(dctx, randout, td->katlen, 1,
+                           td->adin, td->adinlen)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    dctx->iflags &= ~DRBG_FLAG_NOERR;
+
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    if (!do_drbg_instantiate(dctx, td, &t))
+        goto err;
+    /* Test reseed counter works */
+    /* Save initial reseed counter */
+    reseed_counter_tmp = dctx->reseed_counter;
+    /* Set reseed counter to beyond interval */
+    dctx->reseed_counter = dctx->reseed_interval;
+
+    /* Generate output and check entropy has been requested for reseed */
+    t.entcnt = 0;
+    if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0,
+                            td->adin, td->adinlen))
+        goto err;
+    if (t.entcnt != 1) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED);
+        goto err;
+    }
+    /* Check reseed counter has been reset */
+    if (dctx->reseed_counter != reseed_counter_tmp + 1) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_RESEED_COUNTER_ERROR);
+        goto err;
+    }
+
+    dctx->iflags &= ~DRBG_FLAG_NOERR;
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    /* Explicit reseed tests */
+
+    /* Test explicit reseed with too large additional input */
+    if (!do_drbg_init(dctx, td, &t))
+        goto err;
+
+    dctx->iflags |= DRBG_FLAG_NOERR;
+
+    if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    /* Test explicit reseed with entropy source failure */
+
+    t.entlen = 0;
+
+    if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    /* Test explicit reseed with too much entropy */
+
+    if (!do_drbg_init(dctx, td, &t))
+        goto err;
+
+    dctx->iflags |= DRBG_FLAG_NOERR;
+
+    t.entlen = dctx->max_entropy + 1;
+
+    if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    /* Test explicit reseed with too little entropy */
+
+    if (!do_drbg_init(dctx, td, &t))
+        goto err;
+
+    dctx->iflags |= DRBG_FLAG_NOERR;
+
+    t.entlen = dctx->min_entropy - 1;
+
+    if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                FIPS_R_ENTROPY_ERROR_UNDETECTED);
+        goto err;
+    }
+
+    if (!FIPS_drbg_uninstantiate(dctx)) {
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR);
+        goto err;
+    }
+
+    p = (unsigned char *)&dctx->d;
+    /* Standard says we have to check uninstantiate really zeroes
+     * the data...
+     */
+    for (i = 0; i < sizeof(dctx->d); i++) {
+        if (*p != 0) {
+            FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK,
+                    FIPS_R_UNINSTANTIATE_ZEROISE_ERROR);
+            goto err;
+        }
+        p++;
+    }
+
+    return 1;
+
+ err:
+    /* A real error as opposed to an induced one: underlying function will
+     * indicate the error.
+     */
+    if (!(dctx->iflags & DRBG_FLAG_NOERR))
+        FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_FUNCTION_ERROR);
+    FIPS_drbg_uninstantiate(dctx);
+    return 0;
+
+}
+
+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
+{
+    DRBG_SELFTEST_DATA *td;
+    flags |= DRBG_FLAG_TEST;
+    for (td = drbg_test; td->nid != 0; td++) {
+        if (td->nid == nid && td->flags == flags) {
+            if (!fips_drbg_single_kat(dctx, td, 0))
+                return 0;
+            return fips_drbg_error_check(dctx, td);
+        }
+    }
+    return 0;
+}
+
+int FIPS_drbg_health_check(DRBG_CTX *dctx)
+{
+    int rv;
+    DRBG_CTX *tctx = NULL;
+    tctx = FIPS_drbg_new(0, 0);
+    fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
+    if (!tctx)
+        return 0;
+    rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags);
+    if (tctx)
+        FIPS_drbg_free(tctx);
+    if (rv)
+        fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
+    else
+        fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags);
+    if (!rv)
+        dctx->status = DRBG_STATUS_ERROR;
+    else
+        dctx->health_check_cnt = 0;
+    return rv;
+}
+
+int FIPS_selftest_drbg(void)
+{
+    DRBG_CTX *dctx;
+    DRBG_SELFTEST_DATA *td;
+    int rv = 1;
+    dctx = FIPS_drbg_new(0, 0);
+    if (!dctx)
+        return 0;
+    for (td = drbg_test; td->nid != 0; td++) {
+        if (td->post != 1)
+            continue;
+        if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
+            return 1;
+        if (!fips_drbg_single_kat(dctx, td, 1)) {
+            fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
+            rv = 0;
+            continue;
+        }
+        if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
+            return 0;
+    }
+    FIPS_drbg_free(dctx);
+    return rv;
+}
+
+int FIPS_selftest_drbg_all(void)
+{
+    DRBG_CTX *dctx;
+    DRBG_SELFTEST_DATA *td;
+    int rv = 1;
+    dctx = FIPS_drbg_new(0, 0);
+    if (!dctx)
+        return 0;
+    for (td = drbg_test; td->nid != 0; td++) {
+        if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags))
+            return 1;
+        if (!fips_drbg_single_kat(dctx, td, 0)) {
+            fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
+            rv = 0;
+            continue;
+        }
+        if (!fips_drbg_error_check(dctx, td)) {
+            fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags);
+            rv = 0;
+            continue;
+        }
+        if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags))
+            return 0;
+    }
+    FIPS_drbg_free(dctx);
+    return rv;
+}
Index: openssl-1.1.0i/crypto/fips/fips_drbg_selftest.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_drbg_selftest.h	2019-01-18 12:58:06.830013636 +0100
@@ -0,0 +1,1791 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Selftest and health check data for the SP800-90 DRBG */
+
+#define __fips_constseg
+
+/* AES-128 use df PR  */
+__fips_constseg static const unsigned char aes_128_use_df_pr_entropyinput[] = {
+    0x61, 0x52, 0x7c, 0xe3, 0x23, 0x7d, 0x0a, 0x07, 0x10, 0x0c, 0x50, 0x33,
+    0xc8, 0xdb, 0xff, 0x12
+};
+
+__fips_constseg static const unsigned char aes_128_use_df_pr_nonce[] = {
+    0x51, 0x0d, 0x85, 0x77, 0xed, 0x22, 0x97, 0x28
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_pr_personalizationstring[] = {
+    0x59, 0x9f, 0xbb, 0xcd, 0xd5, 0x25, 0x69, 0xb5, 0xcb, 0xb5, 0x03, 0xfe,
+    0xd7, 0xd7, 0x01, 0x67
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_pr_additionalinput[] = {
+    0xef, 0x88, 0x76, 0x01, 0xaf, 0x3c, 0xfe, 0x8b, 0xaf, 0x26, 0x06, 0x9e,
+    0x9a, 0x47, 0x08, 0x76
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_pr_entropyinputpr[] = {
+    0xe2, 0x76, 0xf9, 0xf6, 0x3a, 0xba, 0x10, 0x9f, 0xbf, 0x47, 0x0e, 0x51,
+    0x09, 0xfb, 0xa3, 0xb6
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_pr_int_returnedbits[] = {
+    0xd4, 0x98, 0x8a, 0x46, 0x80, 0x4c, 0xdb, 0xa3, 0x59, 0x02, 0x57, 0x52,
+    0x66, 0x1c, 0xea, 0x5b
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_pr_additionalinput2[] = {
+    0x88, 0x8c, 0x91, 0xd6, 0xbe, 0x56, 0x6e, 0x08, 0x9a, 0x62, 0x2b, 0x11,
+    0x3f, 0x5e, 0x31, 0x06
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_pr_entropyinputpr2[] = {
+    0xc0, 0x5c, 0x6b, 0x98, 0x01, 0x0d, 0x58, 0x18, 0x51, 0x18, 0x96, 0xae,
+    0xa7, 0xe3, 0xa8, 0x67
+};
+
+__fips_constseg static const unsigned char aes_128_use_df_pr_returnedbits[] = {
+    0xcf, 0x01, 0xac, 0x22, 0x31, 0x06, 0x8e, 0xfc, 0xce, 0x56, 0xea, 0x24,
+    0x0f, 0x38, 0x43, 0xc6
+};
+
+/* AES-128 use df No PR  */
+__fips_constseg static const unsigned char aes_128_use_df_entropyinput[] = {
+    0x1f, 0x8e, 0x34, 0x82, 0x0c, 0xb7, 0xbe, 0xc5, 0x01, 0x3e, 0xd0, 0xa3,
+    0x9d, 0x7d, 0x1c, 0x9b
+};
+
+__fips_constseg static const unsigned char aes_128_use_df_nonce[] = {
+    0xd5, 0x4d, 0xbd, 0x4a, 0x93, 0x7f, 0xb8, 0x96
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_personalizationstring[] = {
+    0xab, 0xd6, 0x3f, 0x04, 0xfe, 0x27, 0x6b, 0x2d, 0xd7, 0xc3, 0x1c, 0xf3,
+    0x38, 0x66, 0xba, 0x1b
+};
+
+__fips_constseg static const unsigned char aes_128_use_df_additionalinput[] = {
+    0xfe, 0xf4, 0x09, 0xa8, 0xb7, 0x73, 0x27, 0x9c, 0x5f, 0xa7, 0xea, 0x46,
+    0xb5, 0xe2, 0xb2, 0x41
+};
+
+__fips_constseg static const unsigned char aes_128_use_df_int_returnedbits[] = {
+    0x42, 0xe4, 0x4e, 0x7b, 0x27, 0xdd, 0xcb, 0xbc, 0x0a, 0xcf, 0xa6, 0x67,
+    0xe7, 0x57, 0x11, 0xb4
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_entropyinputreseed[] = {
+    0x14, 0x26, 0x69, 0xd9, 0xf3, 0x65, 0x03, 0xd6, 0x6b, 0xb9, 0x44, 0x0b,
+    0xc7, 0xc4, 0x9e, 0x39
+};
+
+__fips_constseg
+    static const unsigned char aes_128_use_df_additionalinputreseed[] = {
+    0x55, 0x2e, 0x60, 0x9a, 0x05, 0x72, 0x8a, 0xa8, 0xef, 0x22, 0x81, 0x5a,
+    0xc8, 0x93, 0xfa, 0x84
+};
+
+__fips_constseg static const unsigned char aes_128_use_df_additionalinput2[] = {
+    0x3c, 0x40, 0xc8, 0xc4, 0x16, 0x0c, 0x21, 0xa4, 0x37, 0x2c, 0x8f, 0xa5,
+    0x06, 0x0c, 0x15, 0x2c
+};
+
+__fips_constseg static const unsigned char aes_128_use_df_returnedbits[] = {
+    0xe1, 0x3e, 0x99, 0x98, 0x86, 0x67, 0x0b, 0x63, 0x7b, 0xbe, 0x3f, 0x88,
+    0x46, 0x81, 0xc7, 0x19
+};
+
+/* AES-192 use df PR  */
+__fips_constseg static const unsigned char aes_192_use_df_pr_entropyinput[] = {
+    0x2b, 0x4e, 0x8b, 0xe1, 0xf1, 0x34, 0x80, 0x56, 0x81, 0xf9, 0x74, 0xec,
+    0x17, 0x44, 0x2a, 0xf1, 0x14, 0xb0, 0xbf, 0x97, 0x39, 0xb7, 0x04, 0x7d
+};
+
+__fips_constseg static const unsigned char aes_192_use_df_pr_nonce[] = {
+    0xd6, 0x9d, 0xeb, 0x14, 0x4e, 0x6c, 0x30, 0x1e, 0x39, 0x55, 0x73, 0xd0,
+    0xd1, 0x80, 0x78, 0xfa
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_pr_personalizationstring[] = {
+    0xfc, 0x43, 0x4a, 0xf8, 0x9a, 0x55, 0xb3, 0x53, 0x83, 0xe2, 0x18, 0x16,
+    0x0c, 0xdc, 0xcd, 0x5e, 0x4f, 0xa0, 0x03, 0x01, 0x2b, 0x9f, 0xe4, 0xd5,
+    0x7d, 0x49, 0xf0, 0x41, 0x9e, 0x3d, 0x99, 0x04
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_pr_additionalinput[] = {
+    0x5e, 0x9f, 0x49, 0x6f, 0x21, 0x8b, 0x1d, 0x32, 0xd5, 0x84, 0x5c, 0xac,
+    0xaf, 0xdf, 0xe4, 0x79, 0x9e, 0xaf, 0xa9, 0x82, 0xd0, 0xf8, 0x4f, 0xcb,
+    0x69, 0x10, 0x0a, 0x7e, 0x81, 0x57, 0xb5, 0x36
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_pr_entropyinputpr[] = {
+    0xd4, 0x81, 0x0c, 0xd7, 0x66, 0x39, 0xec, 0x42, 0x53, 0x87, 0x41, 0xa5,
+    0x1e, 0x7d, 0x80, 0x91, 0x8e, 0xbb, 0xed, 0xac, 0x14, 0x02, 0x1a, 0xd5
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_pr_int_returnedbits[] = {
+    0xdf, 0x1d, 0x39, 0x45, 0x7c, 0x9b, 0xc6, 0x2b, 0x7d, 0x8c, 0x93, 0xe9,
+    0x19, 0x30, 0x6b, 0x67
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_pr_additionalinput2[] = {
+    0x00, 0x71, 0x27, 0x4e, 0xd3, 0x14, 0xf1, 0x20, 0x7f, 0x4a, 0x41, 0x32,
+    0x2a, 0x97, 0x11, 0x43, 0x8f, 0x4a, 0x15, 0x7b, 0x9b, 0x51, 0x79, 0xda,
+    0x49, 0x3d, 0xde, 0xe8, 0xbc, 0x93, 0x91, 0x99
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_pr_entropyinputpr2[] = {
+    0x90, 0xee, 0x76, 0xa1, 0x45, 0x8d, 0xb7, 0x40, 0xb0, 0x11, 0xbf, 0xd0,
+    0x65, 0xd7, 0x3c, 0x7c, 0x4f, 0x20, 0x3f, 0x4e, 0x11, 0x9d, 0xb3, 0x5e
+};
+
+__fips_constseg static const unsigned char aes_192_use_df_pr_returnedbits[] = {
+    0x24, 0x3b, 0x20, 0xa4, 0x37, 0x66, 0xba, 0x72, 0x39, 0x3f, 0xcf, 0x3c,
+    0x7e, 0x1a, 0x2b, 0x83
+};
+
+/* AES-192 use df No PR  */
+__fips_constseg static const unsigned char aes_192_use_df_entropyinput[] = {
+    0x8d, 0x74, 0xa4, 0x50, 0x1a, 0x02, 0x68, 0x0c, 0x2a, 0x69, 0xc4, 0x82,
+    0x3b, 0xbb, 0xda, 0x0e, 0x7f, 0x77, 0xa3, 0x17, 0x78, 0x57, 0xb2, 0x7b
+};
+
+__fips_constseg static const unsigned char aes_192_use_df_nonce[] = {
+    0x75, 0xd5, 0x1f, 0xac, 0xa4, 0x8d, 0x42, 0x78, 0xd7, 0x69, 0x86, 0x9d,
+    0x77, 0xd7, 0x41, 0x0e
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_personalizationstring[] = {
+    0x4e, 0x33, 0x41, 0x3c, 0x9c, 0xc2, 0xd2, 0x53, 0xaf, 0x90, 0xea, 0xcf,
+    0x19, 0x50, 0x1e, 0xe6, 0x6f, 0x63, 0xc8, 0x32, 0x22, 0xdc, 0x07, 0x65,
+    0x9c, 0xd3, 0xf8, 0x30, 0x9e, 0xed, 0x35, 0x70
+};
+
+__fips_constseg static const unsigned char aes_192_use_df_additionalinput[] = {
+    0x5d, 0x8b, 0x8c, 0xc1, 0xdf, 0x0e, 0x02, 0x78, 0xfb, 0x19, 0xb8, 0x69,
+    0x78, 0x4e, 0x9c, 0x52, 0xbc, 0xc7, 0x20, 0xc9, 0xe6, 0x5e, 0x77, 0x22,
+    0x28, 0x3d, 0x0c, 0x9e, 0x68, 0xa8, 0x45, 0xd7
+};
+
+__fips_constseg static const unsigned char aes_192_use_df_int_returnedbits[] = {
+    0xd5, 0xe7, 0x08, 0xc5, 0x19, 0x99, 0xd5, 0x31, 0x03, 0x0a, 0x74, 0xb6,
+    0xb7, 0xed, 0xe9, 0xea
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_entropyinputreseed[] = {
+    0x9c, 0x26, 0xda, 0xf1, 0xac, 0xd9, 0x5a, 0xd6, 0xa8, 0x65, 0xf5, 0x02,
+    0x8f, 0xdc, 0xa2, 0x09, 0x54, 0xa6, 0xe2, 0xa4, 0xde, 0x32, 0xe0, 0x01
+};
+
+__fips_constseg
+    static const unsigned char aes_192_use_df_additionalinputreseed[] = {
+    0x9b, 0x90, 0xb0, 0x3a, 0x0e, 0x3a, 0x80, 0x07, 0x4a, 0xf4, 0xda, 0x76,
+    0x28, 0x30, 0x3c, 0xee, 0x54, 0x1b, 0x94, 0x59, 0x51, 0x43, 0x56, 0x77,
+    0xaf, 0x88, 0xdd, 0x63, 0x89, 0x47, 0x06, 0x65
+};
+
+__fips_constseg static const unsigned char aes_192_use_df_additionalinput2[] = {
+    0x3c, 0x11, 0x64, 0x7a, 0x96, 0xf5, 0xd8, 0xb8, 0xae, 0xd6, 0x70, 0x4e,
+    0x16, 0x96, 0xde, 0xe9, 0x62, 0xbc, 0xee, 0x28, 0x2f, 0x26, 0xa6, 0xf0,
+    0x56, 0xef, 0xa3, 0xf1, 0x6b, 0xa1, 0xb1, 0x77
+};
+
+__fips_constseg static const unsigned char aes_192_use_df_returnedbits[] = {
+    0x0b, 0xe2, 0x56, 0x03, 0x1e, 0xdb, 0x2c, 0x6d, 0x7f, 0x1b, 0x15, 0x58,
+    0x1a, 0xf9, 0x13, 0x28
+};
+
+/* AES-256 use df PR  */
+__fips_constseg static const unsigned char aes_256_use_df_pr_entropyinput[] = {
+    0x61, 0x68, 0xfc, 0x1a, 0xf0, 0xb5, 0x95, 0x6b, 0x85, 0x09, 0x9b, 0x74,
+    0x3f, 0x13, 0x78, 0x49, 0x3b, 0x85, 0xec, 0x93, 0x13, 0x3b, 0xa9, 0x4f,
+    0x96, 0xab, 0x2c, 0xe4, 0xc8, 0x8f, 0xdd, 0x6a
+};
+
+__fips_constseg static const unsigned char aes_256_use_df_pr_nonce[] = {
+    0xad, 0xd2, 0xbb, 0xba, 0xb7, 0x65, 0x89, 0xc3, 0x21, 0x6c, 0x55, 0x33,
+    0x2b, 0x36, 0xff, 0xa4
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_pr_personalizationstring[] = {
+    0x6e, 0xca, 0xe7, 0x20, 0x72, 0xd3, 0x84, 0x5a, 0x32, 0xd3, 0x4b, 0x24,
+    0x72, 0xc4, 0x63, 0x2b, 0x9d, 0x12, 0x24, 0x0c, 0x23, 0x26, 0x8e, 0x83,
+    0x16, 0x37, 0x0b, 0xd1, 0x06, 0x4f, 0x68, 0x6d
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_pr_additionalinput[] = {
+    0x7e, 0x08, 0x4a, 0xbb, 0xe3, 0x21, 0x7c, 0xc9, 0x23, 0xd2, 0xf8, 0xb0,
+    0x73, 0x98, 0xba, 0x84, 0x74, 0x23, 0xab, 0x06, 0x8a, 0xe2, 0x22, 0xd3,
+    0x7b, 0xce, 0x9b, 0xd2, 0x4a, 0x76, 0xb8, 0xde
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_pr_entropyinputpr[] = {
+    0x0b, 0x23, 0xaf, 0xdf, 0xf1, 0x62, 0xd7, 0xd3, 0x43, 0x97, 0xf8, 0x77,
+    0x04, 0xa8, 0x42, 0x20, 0xbd, 0xf6, 0x0f, 0xc1, 0x17, 0x2f, 0x9f, 0x54,
+    0xbb, 0x56, 0x17, 0x86, 0x68, 0x0e, 0xba, 0xa9
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_pr_int_returnedbits[] = {
+    0x31, 0x8e, 0xad, 0xaf, 0x40, 0xeb, 0x6b, 0x74, 0x31, 0x46, 0x80, 0xc7,
+    0x17, 0xab, 0x3c, 0x7a
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_pr_additionalinput2[] = {
+    0x94, 0x6b, 0xc9, 0x9f, 0xab, 0x8d, 0xc5, 0xec, 0x71, 0x88, 0x1d, 0x00,
+    0x8c, 0x89, 0x68, 0xe4, 0xc8, 0x07, 0x77, 0x36, 0x17, 0x6d, 0x79, 0x78,
+    0xc7, 0x06, 0x4e, 0x99, 0x04, 0x28, 0x29, 0xc3
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_pr_entropyinputpr2[] = {
+    0xbf, 0x6c, 0x59, 0x2a, 0x0d, 0x44, 0x0f, 0xae, 0x9a, 0x5e, 0x03, 0x73,
+    0xd8, 0xa6, 0xe1, 0xcf, 0x25, 0x61, 0x38, 0x24, 0x86, 0x9e, 0x53, 0xe8,
+    0xa4, 0xdf, 0x56, 0xf4, 0x06, 0x07, 0x9c, 0x0f
+};
+
+__fips_constseg static const unsigned char aes_256_use_df_pr_returnedbits[] = {
+    0x22, 0x4a, 0xb4, 0xb8, 0xb6, 0xee, 0x7d, 0xb1, 0x9e, 0xc9, 0xf9, 0xa0,
+    0xd9, 0xe2, 0x97, 0x00
+};
+
+/* AES-256 use df No PR  */
+__fips_constseg static const unsigned char aes_256_use_df_entropyinput[] = {
+    0xa5, 0x3e, 0x37, 0x10, 0x17, 0x43, 0x91, 0x93, 0x59, 0x1e, 0x47, 0x50,
+    0x87, 0xaa, 0xdd, 0xd5, 0xc1, 0xc3, 0x86, 0xcd, 0xca, 0x0d, 0xdb, 0x68,
+    0xe0, 0x02, 0xd8, 0x0f, 0xdc, 0x40, 0x1a, 0x47
+};
+
+__fips_constseg static const unsigned char aes_256_use_df_nonce[] = {
+    0xa9, 0x4d, 0xa5, 0x5a, 0xfd, 0xc5, 0x0c, 0xe5, 0x1c, 0x9a, 0x3b, 0x8a,
+    0x4c, 0x44, 0x84, 0x40
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_personalizationstring[] = {
+    0x8b, 0x52, 0xa2, 0x4a, 0x93, 0xc3, 0x4e, 0xa7, 0x1e, 0x1c, 0xa7, 0x05,
+    0xeb, 0x82, 0x9b, 0xa6, 0x5d, 0xe4, 0xd4, 0xe0, 0x7f, 0xa3, 0xd8, 0x6b,
+    0x37, 0x84, 0x5f, 0xf1, 0xc7, 0xd5, 0xf6, 0xd2
+};
+
+__fips_constseg static const unsigned char aes_256_use_df_additionalinput[] = {
+    0x20, 0xf4, 0x22, 0xed, 0xf8, 0x5c, 0xa1, 0x6a, 0x01, 0xcf, 0xbe, 0x5f,
+    0x8d, 0x6c, 0x94, 0x7f, 0xae, 0x12, 0xa8, 0x57, 0xdb, 0x2a, 0xa9, 0xbf,
+    0xc7, 0xb3, 0x65, 0x81, 0x80, 0x8d, 0x0d, 0x46
+};
+
+__fips_constseg static const unsigned char aes_256_use_df_int_returnedbits[] = {
+    0x4e, 0x44, 0xfd, 0xf3, 0x9e, 0x29, 0xa2, 0xb8, 0x0f, 0x5d, 0x6c, 0xe1,
+    0x28, 0x0c, 0x3b, 0xc1
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_entropyinputreseed[] = {
+    0xdd, 0x40, 0xe5, 0x98, 0x7b, 0x27, 0x16, 0x73, 0x15, 0x68, 0xd2, 0x76,
+    0xbf, 0x0c, 0x67, 0x15, 0x75, 0x79, 0x03, 0xd3, 0xde, 0xde, 0x91, 0x46,
+    0x42, 0xdd, 0xd4, 0x67, 0xc8, 0x79, 0xc8, 0x1e
+};
+
+__fips_constseg
+    static const unsigned char aes_256_use_df_additionalinputreseed[] = {
+    0x7f, 0xd8, 0x1f, 0xbd, 0x2a, 0xb5, 0x1c, 0x11, 0x5d, 0x83, 0x4e, 0x99,
+    0xf6, 0x5c, 0xa5, 0x40, 0x20, 0xed, 0x38, 0x8e, 0xd5, 0x9e, 0xe0, 0x75,
+    0x93, 0xfe, 0x12, 0x5e, 0x5d, 0x73, 0xfb, 0x75
+};
+
+__fips_constseg static const unsigned char aes_256_use_df_additionalinput2[] = {
+    0xcd, 0x2c, 0xff, 0x14, 0x69, 0x3e, 0x4c, 0x9e, 0xfd, 0xfe, 0x26, 0x0d,
+    0xe9, 0x86, 0x00, 0x49, 0x30, 0xba, 0xb1, 0xc6, 0x50, 0x57, 0x77, 0x2a,
+    0x62, 0x39, 0x2c, 0x3b, 0x74, 0xeb, 0xc9, 0x0d
+};
+
+__fips_constseg static const unsigned char aes_256_use_df_returnedbits[] = {
+    0x4f, 0x78, 0xbe, 0xb9, 0x4d, 0x97, 0x8c, 0xe9, 0xd0, 0x97, 0xfe, 0xad,
+    0xfa, 0xfd, 0x35, 0x5e
+};
+
+/* AES-128 no df PR  */
+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinput[] = {
+    0x9a, 0x25, 0x65, 0x10, 0x67, 0xd5, 0xb6, 0x6b, 0x70, 0xa1, 0xb3, 0xa4,
+    0x43, 0x95, 0x80, 0xc0, 0x84, 0x0a, 0x79, 0xb0, 0x88, 0x74, 0xf2, 0xbf,
+    0x31, 0x6c, 0x33, 0x38, 0x0b, 0x00, 0xb2, 0x5a
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_pr_nonce[] = {
+    0x78, 0x47, 0x6b, 0xf7, 0x90, 0x8e, 0x87, 0xf1
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_pr_personalizationstring[] = {
+    0xf7, 0x22, 0x1d, 0x3a, 0xbe, 0x1d, 0xca, 0x32, 0x1b, 0xbd, 0x87, 0x0c,
+    0x51, 0x24, 0x19, 0xee, 0xa3, 0x23, 0x09, 0x63, 0x33, 0x3d, 0xa8, 0x0c,
+    0x1c, 0xfa, 0x42, 0x89, 0xcc, 0x6f, 0xa0, 0xa8
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_pr_additionalinput[] = {
+    0xc9, 0xe0, 0x80, 0xbf, 0x8c, 0x45, 0x58, 0x39, 0xff, 0x00, 0xab, 0x02,
+    0x4c, 0x3e, 0x3a, 0x95, 0x9b, 0x80, 0xa8, 0x21, 0x2a, 0xee, 0xba, 0x73,
+    0xb1, 0xd9, 0xcf, 0x28, 0xf6, 0x8f, 0x9b, 0x12
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_pr_entropyinputpr[] = {
+    0x4c, 0xa8, 0xc5, 0xf0, 0x59, 0x9e, 0xa6, 0x8d, 0x26, 0x53, 0xd7, 0x8a,
+    0xa9, 0xd8, 0xf7, 0xed, 0xb2, 0xf9, 0x12, 0x42, 0xe1, 0xe5, 0xbd, 0xe7,
+    0xe7, 0x1d, 0x74, 0x99, 0x00, 0x9d, 0x31, 0x3e
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_pr_int_returnedbits[] = {
+    0xe2, 0xac, 0x20, 0xf0, 0x80, 0xe7, 0xbc, 0x7e, 0x9c, 0x7b, 0x65, 0x71,
+    0xaf, 0x19, 0x32, 0x16
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_pr_additionalinput2[] = {
+    0x32, 0x7f, 0x38, 0x8b, 0x73, 0x0a, 0x78, 0x83, 0xdc, 0x30, 0xbe, 0x9f,
+    0x10, 0x1f, 0xf5, 0x1f, 0xca, 0x00, 0xb5, 0x0d, 0xd6, 0x9d, 0x60, 0x83,
+    0x51, 0x54, 0x7d, 0x38, 0x23, 0x3a, 0x52, 0x50
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_pr_entropyinputpr2[] = {
+    0x18, 0x61, 0x53, 0x56, 0xed, 0xed, 0xd7, 0x20, 0xfb, 0x71, 0x04, 0x7a,
+    0xb2, 0xac, 0xc1, 0x28, 0xcd, 0xf2, 0xc2, 0xfc, 0xaa, 0xb1, 0x06, 0x07,
+    0xe9, 0x46, 0x95, 0x02, 0x48, 0x01, 0x78, 0xf9
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_pr_returnedbits[] = {
+    0x29, 0xc8, 0x1b, 0x15, 0xb1, 0xd1, 0xc2, 0xf6, 0x71, 0x86, 0x68, 0x33,
+    0x57, 0x82, 0x33, 0xaf
+};
+
+/* AES-128 no df No PR  */
+__fips_constseg static const unsigned char aes_128_no_df_entropyinput[] = {
+    0xc9, 0xc5, 0x79, 0xbc, 0xe8, 0xc5, 0x19, 0xd8, 0xbc, 0x66, 0x73, 0x67,
+    0xf6, 0xd3, 0x72, 0xaa, 0xa6, 0x16, 0xb8, 0x50, 0xb7, 0x47, 0x3a, 0x42,
+    0xab, 0xf4, 0x16, 0xb2, 0x96, 0xd2, 0xb6, 0x60
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_nonce[] = {
+    0x5f, 0xbf, 0x97, 0x0c, 0x4b, 0xa4, 0x87, 0x13
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_personalizationstring[] = {
+    0xce, 0xfb, 0x7b, 0x3f, 0xd4, 0x6b, 0x29, 0x0d, 0x69, 0x06, 0xff, 0xbb,
+    0xf2, 0xe5, 0xc6, 0x6c, 0x0a, 0x10, 0xa0, 0xcf, 0x1a, 0x48, 0xc7, 0x8b,
+    0x3c, 0x16, 0x88, 0xed, 0x50, 0x13, 0x81, 0xce
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_additionalinput[] = {
+    0x4b, 0x22, 0x46, 0x18, 0x02, 0x7b, 0xd2, 0x1b, 0x22, 0x42, 0x7c, 0x37,
+    0xd9, 0xf6, 0xe8, 0x9b, 0x12, 0x30, 0x5f, 0xe9, 0x90, 0xe8, 0x08, 0x24,
+    0x4f, 0x06, 0x66, 0xdb, 0x19, 0x2b, 0x13, 0x95
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_int_returnedbits[] = {
+    0x2e, 0x96, 0x70, 0x64, 0xfa, 0xdf, 0xdf, 0x57, 0xb5, 0x82, 0xee, 0xd6,
+    0xed, 0x3e, 0x65, 0xc2
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_entropyinputreseed[] = {
+    0x26, 0xc0, 0x72, 0x16, 0x3a, 0x4b, 0xb7, 0x99, 0xd4, 0x07, 0xaf, 0x66,
+    0x62, 0x36, 0x96, 0xa4, 0x51, 0x17, 0xfa, 0x07, 0x8b, 0x17, 0x5e, 0xa1,
+    0x2f, 0x3c, 0x10, 0xe7, 0x90, 0xd0, 0x46, 0x00
+};
+
+__fips_constseg
+    static const unsigned char aes_128_no_df_additionalinputreseed[] = {
+    0x83, 0x39, 0x37, 0x7b, 0x02, 0x06, 0xd2, 0x12, 0x13, 0x8d, 0x8b, 0xf2,
+    0xf0, 0xf6, 0x26, 0xeb, 0xa4, 0x22, 0x7b, 0xc2, 0xe7, 0xba, 0x79, 0xe4,
+    0x3b, 0x77, 0x5d, 0x4d, 0x47, 0xb2, 0x2d, 0xb4
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_additionalinput2[] = {
+    0x0b, 0xb9, 0x67, 0x37, 0xdb, 0x83, 0xdf, 0xca, 0x81, 0x8b, 0xf9, 0x3f,
+    0xf1, 0x11, 0x1b, 0x2f, 0xf0, 0x61, 0xa6, 0xdf, 0xba, 0xa3, 0xb1, 0xac,
+    0xd3, 0xe6, 0x09, 0xb8, 0x2c, 0x6a, 0x67, 0xd6
+};
+
+__fips_constseg static const unsigned char aes_128_no_df_returnedbits[] = {
+    0x1e, 0xa7, 0xa4, 0xe4, 0xe1, 0xa6, 0x7c, 0x69, 0x9a, 0x44, 0x6c, 0x36,
+    0x81, 0x37, 0x19, 0xd4
+};
+
+/* AES-192 no df PR  */
+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinput[] = {
+    0x9d, 0x2c, 0xd2, 0x55, 0x66, 0xea, 0xe0, 0xbe, 0x18, 0xb7, 0x76, 0xe7,
+    0x73, 0x35, 0xd8, 0x1f, 0xad, 0x3a, 0xe3, 0x81, 0x0e, 0x92, 0xd0, 0x61,
+    0xc9, 0x12, 0x26, 0xf6, 0x1c, 0xdf, 0xfe, 0x47, 0xaa, 0xfe, 0x7d, 0x5a,
+    0x17, 0x1f, 0x8d, 0x9a
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_pr_nonce[] = {
+    0x44, 0x82, 0xed, 0xe8, 0x4c, 0x28, 0x5a, 0x14, 0xff, 0x88, 0x8d, 0x19,
+    0x61, 0x5c, 0xee, 0x0f
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_pr_personalizationstring[] = {
+    0x47, 0xd7, 0x9b, 0x99, 0xaa, 0xcb, 0xe7, 0xd2, 0x57, 0x66, 0x2c, 0xe1,
+    0x78, 0xd6, 0x2c, 0xea, 0xa3, 0x23, 0x5f, 0x2a, 0xc1, 0x3a, 0xf0, 0xa4,
+    0x20, 0x3b, 0xfa, 0x07, 0xd5, 0x05, 0x02, 0xe4, 0x57, 0x01, 0xb6, 0x10,
+    0x57, 0x2e, 0xe7, 0x55
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_pr_additionalinput[] = {
+    0x4b, 0x74, 0x0b, 0x40, 0xce, 0x6b, 0xc2, 0x6a, 0x24, 0xb4, 0xf3, 0xad,
+    0x7a, 0xa5, 0x7a, 0xa2, 0x15, 0xe2, 0xc8, 0x61, 0x15, 0xc6, 0xb7, 0x85,
+    0x69, 0x11, 0xad, 0x7b, 0x14, 0xd2, 0xf6, 0x12, 0xa1, 0x95, 0x5d, 0x3f,
+    0xe2, 0xd0, 0x0c, 0x2f
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_pr_entropyinputpr[] = {
+    0x0c, 0x9c, 0xad, 0x05, 0xee, 0xae, 0x48, 0x23, 0x89, 0x59, 0xa1, 0x94,
+    0xd7, 0xd8, 0x75, 0xd5, 0x54, 0x93, 0xc7, 0x4a, 0xd9, 0x26, 0xde, 0xeb,
+    0xba, 0xb0, 0x7e, 0x30, 0x1d, 0x5f, 0x69, 0x40, 0x9c, 0x3b, 0x17, 0x58,
+    0x1d, 0x30, 0xb3, 0x78
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_pr_int_returnedbits[] = {
+    0xf7, 0x93, 0xb0, 0x6d, 0x77, 0x83, 0xd5, 0x38, 0x01, 0xe1, 0x52, 0x40,
+    0x7e, 0x3e, 0x0c, 0x26
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_pr_additionalinput2[] = {
+    0xbc, 0x4b, 0x37, 0x44, 0x1c, 0xc5, 0x45, 0x5f, 0x8f, 0x51, 0x62, 0x8a,
+    0x85, 0x30, 0x1d, 0x7c, 0xe4, 0xcf, 0xf7, 0x44, 0xce, 0x32, 0x3e, 0x57,
+    0x95, 0xa4, 0x2a, 0xdf, 0xfd, 0x9e, 0x38, 0x41, 0xb3, 0xf6, 0xc5, 0xee,
+    0x0c, 0x4b, 0xee, 0x6e
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_pr_entropyinputpr2[] = {
+    0xec, 0xaf, 0xf6, 0x4f, 0xb1, 0xa0, 0x54, 0xb5, 0x5b, 0xe3, 0x46, 0xb0,
+    0x76, 0x5a, 0x7c, 0x3f, 0x7b, 0x94, 0x69, 0x21, 0x51, 0x02, 0xe5, 0x9f,
+    0x04, 0x59, 0x02, 0x98, 0xc6, 0x43, 0x2c, 0xcc, 0x26, 0x4c, 0x87, 0x6b,
+    0x8e, 0x0a, 0x83, 0xdf
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_pr_returnedbits[] = {
+    0x74, 0x45, 0xfb, 0x53, 0x84, 0x96, 0xbe, 0xff, 0x15, 0xcc, 0x41, 0x91,
+    0xb9, 0xa1, 0x21, 0x68
+};
+
+/* AES-192 no df No PR  */
+__fips_constseg static const unsigned char aes_192_no_df_entropyinput[] = {
+    0x3c, 0x7d, 0xb5, 0xe0, 0x54, 0xd9, 0x6e, 0x8c, 0xa9, 0x86, 0xce, 0x4e,
+    0x6b, 0xaf, 0xeb, 0x2f, 0xe7, 0x75, 0xe0, 0x8b, 0xa4, 0x3b, 0x07, 0xfe,
+    0xbe, 0x33, 0x75, 0x93, 0x80, 0x27, 0xb5, 0x29, 0x47, 0x8b, 0xc7, 0x28,
+    0x94, 0xc3, 0x59, 0x63
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_nonce[] = {
+    0x43, 0xf1, 0x7d, 0xb8, 0xc3, 0xfe, 0xd0, 0x23, 0x6b, 0xb4, 0x92, 0xdb,
+    0x29, 0xfd, 0x45, 0x71
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_personalizationstring[] = {
+    0x9f, 0x24, 0x29, 0x99, 0x9e, 0x01, 0xab, 0xe9, 0x19, 0xd8, 0x23, 0x08,
+    0xb7, 0xd6, 0x7e, 0x8c, 0xc0, 0x9e, 0x7f, 0x6e, 0x5b, 0x33, 0x20, 0x96,
+    0x0b, 0x23, 0x2c, 0xa5, 0x6a, 0xf8, 0x1b, 0x04, 0x26, 0xdb, 0x2e, 0x2b,
+    0x3b, 0x88, 0xce, 0x35
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_additionalinput[] = {
+    0x94, 0xe9, 0x7c, 0x3d, 0xa7, 0xdb, 0x60, 0x83, 0x1f, 0x98, 0x3f, 0x0b,
+    0x88, 0x59, 0x57, 0x51, 0x88, 0x9f, 0x76, 0x49, 0x9f, 0xa6, 0xda, 0x71,
+    0x1d, 0x0d, 0x47, 0x16, 0x63, 0xc5, 0x68, 0xe4, 0x5d, 0x39, 0x69, 0xb3,
+    0x3e, 0xbe, 0xd4, 0x8e
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_int_returnedbits[] = {
+    0xf9, 0xd7, 0xad, 0x69, 0xab, 0x8f, 0x23, 0x56, 0x70, 0x17, 0x4f, 0x2a,
+    0x45, 0xe7, 0x4a, 0xc5
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_entropyinputreseed[] = {
+    0xa6, 0x71, 0x6a, 0x3d, 0xba, 0xd1, 0xe8, 0x66, 0xa6, 0xef, 0xb2, 0x0e,
+    0xa8, 0x9c, 0xaa, 0x4e, 0xaf, 0x17, 0x89, 0x50, 0x00, 0xda, 0xa1, 0xb1,
+    0x0b, 0xa4, 0xd9, 0x35, 0x89, 0xc8, 0xe5, 0xb0, 0xd9, 0xb7, 0xc4, 0x33,
+    0x9b, 0xcb, 0x7e, 0x75
+};
+
+__fips_constseg
+    static const unsigned char aes_192_no_df_additionalinputreseed[] = {
+    0x27, 0x21, 0xfc, 0xc2, 0xbd, 0xf3, 0x3c, 0xce, 0xc3, 0xca, 0xc1, 0x01,
+    0xe0, 0xff, 0x93, 0x12, 0x7d, 0x54, 0x42, 0xe3, 0x9f, 0x03, 0xdf, 0x27,
+    0x04, 0x07, 0x3c, 0x53, 0x7f, 0xa8, 0x66, 0xc8, 0x97, 0x4b, 0x61, 0x40,
+    0x5d, 0x7a, 0x25, 0x79
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_additionalinput2[] = {
+    0x2d, 0x8e, 0x16, 0x5d, 0x0b, 0x9f, 0xeb, 0xaa, 0xd6, 0xec, 0x28, 0x71,
+    0x7c, 0x0b, 0xc1, 0x1d, 0xd4, 0x44, 0x19, 0x47, 0xfd, 0x1d, 0x7c, 0xe5,
+    0xf3, 0x27, 0xe1, 0xb6, 0x72, 0x0a, 0xe0, 0xec, 0x0e, 0xcd, 0xef, 0x1a,
+    0x91, 0x6a, 0xe3, 0x5f
+};
+
+__fips_constseg static const unsigned char aes_192_no_df_returnedbits[] = {
+    0xe5, 0xda, 0xb8, 0xe0, 0x63, 0x59, 0x5a, 0xcc, 0x3d, 0xdc, 0x9f, 0xe8,
+    0x66, 0x67, 0x2c, 0x92
+};
+
+/* AES-256 no df PR  */
+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinput[] = {
+    0x15, 0xc7, 0x5d, 0xcb, 0x41, 0x4b, 0x16, 0x01, 0x3a, 0xd1, 0x44, 0xe8,
+    0x22, 0x32, 0xc6, 0x9c, 0x3f, 0xe7, 0x43, 0xf5, 0x9a, 0xd3, 0xea, 0xf2,
+    0xd7, 0x4e, 0x6e, 0x6a, 0x55, 0x73, 0x40, 0xef, 0x89, 0xad, 0x0d, 0x03,
+    0x96, 0x7e, 0x78, 0x81, 0x2f, 0x91, 0x1b, 0x44, 0xb0, 0x02, 0xba, 0x1c
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_pr_nonce[] = {
+    0xdc, 0xe4, 0xd4, 0x27, 0x7a, 0x90, 0xd7, 0x99, 0x43, 0xa1, 0x3c, 0x30,
+    0xcc, 0x4b, 0xee, 0x2e
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_pr_personalizationstring[] = {
+    0xe3, 0xe6, 0xb9, 0x11, 0xe4, 0x7a, 0xa4, 0x40, 0x6b, 0xf8, 0x73, 0xf7,
+    0x7e, 0xec, 0xc7, 0xb9, 0x97, 0xbf, 0xf8, 0x25, 0x7b, 0xbe, 0x11, 0x9b,
+    0x5b, 0x6a, 0x0c, 0x2e, 0x2b, 0x01, 0x51, 0xcd, 0x41, 0x4b, 0x6b, 0xac,
+    0x31, 0xa8, 0x0b, 0xf7, 0xe6, 0x59, 0x42, 0xb8, 0x03, 0x0c, 0xf8, 0x06
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_pr_additionalinput[] = {
+    0x6a, 0x9f, 0x00, 0x91, 0xae, 0xfe, 0xcf, 0x84, 0x99, 0xce, 0xb1, 0x40,
+    0x6d, 0x5d, 0x33, 0x28, 0x84, 0xf4, 0x8c, 0x63, 0x4c, 0x7e, 0xbd, 0x2c,
+    0x80, 0x76, 0xee, 0x5a, 0xaa, 0x15, 0x07, 0x31, 0xd8, 0xbb, 0x8c, 0x69,
+    0x9d, 0x9d, 0xbc, 0x7e, 0x49, 0xae, 0xec, 0x39, 0x6b, 0xd1, 0x1f, 0x7e
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_pr_entropyinputpr[] = {
+    0xf3, 0xb9, 0x75, 0x9c, 0xbd, 0x88, 0xea, 0xa2, 0x50, 0xad, 0xd6, 0x16,
+    0x1a, 0x12, 0x3c, 0x86, 0x68, 0xaf, 0x6f, 0xbe, 0x19, 0xf2, 0xee, 0xcc,
+    0xa5, 0x70, 0x84, 0x53, 0x50, 0xcb, 0x9f, 0x14, 0xa9, 0xe5, 0xee, 0xb9,
+    0x48, 0x45, 0x40, 0xe2, 0xc7, 0xc9, 0x9a, 0x74, 0xff, 0x8c, 0x99, 0x1f
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_pr_int_returnedbits[] = {
+    0x2e, 0xf2, 0x45, 0x4c, 0x62, 0x2e, 0x0a, 0xb9, 0x6b, 0xa2, 0xfd, 0x56,
+    0x79, 0x60, 0x93, 0xcf
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_pr_additionalinput2[] = {
+    0xaf, 0x69, 0x20, 0xe9, 0x3b, 0x37, 0x9d, 0x3f, 0xb4, 0x80, 0x02, 0x7a,
+    0x25, 0x7d, 0xb8, 0xde, 0x71, 0xc5, 0x06, 0x0c, 0xb4, 0xe2, 0x8f, 0x35,
+    0xd8, 0x14, 0x0d, 0x7f, 0x76, 0x63, 0x4e, 0xb5, 0xee, 0xe9, 0x6f, 0x34,
+    0xc7, 0x5f, 0x56, 0x14, 0x4a, 0xe8, 0x73, 0x95, 0x5b, 0x1c, 0xb9, 0xcb
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_pr_entropyinputpr2[] = {
+    0xe5, 0xb0, 0x2e, 0x7e, 0x52, 0x30, 0xe3, 0x63, 0x82, 0xb6, 0x44, 0xd3,
+    0x25, 0x19, 0x05, 0x24, 0x9a, 0x9f, 0x5f, 0x27, 0x6a, 0x29, 0xab, 0xfa,
+    0x07, 0xa2, 0x42, 0x0f, 0xc5, 0xa8, 0x94, 0x7c, 0x17, 0x7b, 0x85, 0x83,
+    0x0c, 0x25, 0x0e, 0x63, 0x0b, 0xe9, 0x12, 0x60, 0xcd, 0xef, 0x80, 0x0f
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_pr_returnedbits[] = {
+    0x5e, 0xf2, 0x26, 0xef, 0x9f, 0x58, 0x5d, 0xd5, 0x4a, 0x10, 0xfe, 0xa7,
+    0x2d, 0x5f, 0x4a, 0x46
+};
+
+/* AES-256 no df No PR  */
+__fips_constseg static const unsigned char aes_256_no_df_entropyinput[] = {
+    0xfb, 0xcf, 0x1b, 0x61, 0x16, 0x89, 0x78, 0x23, 0xf5, 0xd8, 0x96, 0xe3,
+    0x4e, 0x64, 0x0b, 0x29, 0x9a, 0x3f, 0xf8, 0xa5, 0xed, 0xf2, 0xfe, 0xdb,
+    0x16, 0xca, 0x7f, 0x10, 0xfa, 0x5e, 0x18, 0x76, 0x2c, 0x63, 0x5e, 0x96,
+    0xcf, 0xb3, 0xd6, 0xfc, 0xaf, 0x99, 0x39, 0x28, 0x9c, 0x61, 0xe8, 0xb3
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_nonce[] = {
+    0x12, 0x96, 0xf0, 0x52, 0xf3, 0x8d, 0x81, 0xcf, 0xde, 0x86, 0xf2, 0x99,
+    0x43, 0x96, 0xb9, 0xf0
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_personalizationstring[] = {
+    0x63, 0x0d, 0x78, 0xf5, 0x90, 0x8e, 0x32, 0x47, 0xb0, 0x4d, 0x37, 0x60,
+    0x09, 0x96, 0xbc, 0xbf, 0x97, 0x7a, 0x62, 0x14, 0x45, 0xbd, 0x8d, 0xcc,
+    0x69, 0xfb, 0x03, 0xe1, 0x80, 0x1c, 0xc7, 0xe2, 0x2a, 0xf9, 0x37, 0x3f,
+    0x66, 0x4d, 0x62, 0xd9, 0x10, 0xe0, 0xad, 0xc8, 0x9a, 0xf0, 0xa8, 0x6d
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_additionalinput[] = {
+    0x36, 0xc6, 0x13, 0x60, 0xbb, 0x14, 0xad, 0x22, 0xb0, 0x38, 0xac, 0xa6,
+    0x18, 0x16, 0x93, 0x25, 0x86, 0xb7, 0xdc, 0xdc, 0x36, 0x98, 0x2b, 0xf9,
+    0x68, 0x33, 0xd3, 0xc6, 0xff, 0xce, 0x8d, 0x15, 0x59, 0x82, 0x76, 0xed,
+    0x6f, 0x8d, 0x49, 0x74, 0x2f, 0xda, 0xdc, 0x1f, 0x17, 0xd0, 0xde, 0x17
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_int_returnedbits[] = {
+    0x16, 0x2f, 0x8e, 0x3f, 0x21, 0x7a, 0x1c, 0x20, 0x56, 0xd1, 0x92, 0xf6,
+    0xd2, 0x25, 0x75, 0x0e
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_entropyinputreseed[] = {
+    0x91, 0x79, 0x76, 0xee, 0xe0, 0xcf, 0x9e, 0xc2, 0xd5, 0xd4, 0x23, 0x9b,
+    0x12, 0x8c, 0x7e, 0x0a, 0xb7, 0xd2, 0x8b, 0xd6, 0x7c, 0xa3, 0xc6, 0xe5,
+    0x0e, 0xaa, 0xc7, 0x6b, 0xae, 0x0d, 0xfa, 0x53, 0x06, 0x79, 0xa1, 0xed,
+    0x4d, 0x6a, 0x0e, 0xd8, 0x9d, 0xbe, 0x1b, 0x31, 0x93, 0x7b, 0xec, 0xfb
+};
+
+__fips_constseg
+    static const unsigned char aes_256_no_df_additionalinputreseed[] = {
+    0xd2, 0x46, 0x50, 0x22, 0x10, 0x14, 0x63, 0xf7, 0xea, 0x0f, 0xb9, 0x7e,
+    0x0d, 0xe1, 0x94, 0x07, 0xaf, 0x09, 0x44, 0x31, 0xea, 0x64, 0xa4, 0x18,
+    0x5b, 0xf9, 0xd8, 0xc2, 0xfa, 0x03, 0x47, 0xc5, 0x39, 0x43, 0xd5, 0x3b,
+    0x62, 0x86, 0x64, 0xea, 0x2c, 0x73, 0x8c, 0xae, 0x9d, 0x98, 0x98, 0x29
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_additionalinput2[] = {
+    0x8c, 0xab, 0x18, 0xf8, 0xc3, 0xec, 0x18, 0x5c, 0xb3, 0x1e, 0x9d, 0xbe,
+    0x3f, 0x03, 0xb4, 0x00, 0x98, 0x9d, 0xae, 0xeb, 0xf4, 0x94, 0xf8, 0x42,
+    0x8f, 0xe3, 0x39, 0x07, 0xe1, 0xc9, 0xad, 0x0b, 0x1f, 0xed, 0xc0, 0xba,
+    0xf6, 0xd1, 0xec, 0x27, 0x86, 0x7b, 0xd6, 0x55, 0x9b, 0x60, 0xa5, 0xc6
+};
+
+__fips_constseg static const unsigned char aes_256_no_df_returnedbits[] = {
+    0xef, 0xd2, 0xd8, 0x5c, 0xdc, 0x62, 0x25, 0x9f, 0xaa, 0x1e, 0x2c, 0x67,
+    0xf6, 0x02, 0x32, 0xe2
+};
+
+/* SHA-1 PR  */
+__fips_constseg static const unsigned char sha1_pr_entropyinput[] = {
+    0xd2, 0x36, 0xa5, 0x27, 0x31, 0x73, 0xdd, 0x11, 0x4f, 0x93, 0xbd, 0xe2,
+    0x31, 0xa5, 0x91, 0x13
+};
+
+__fips_constseg static const unsigned char sha1_pr_nonce[] = {
+    0xb5, 0xb3, 0x60, 0xef, 0xf7, 0x63, 0x31, 0xf3
+};
+
+__fips_constseg static const unsigned char sha1_pr_personalizationstring[] = {
+    0xd4, 0xbb, 0x02, 0x10, 0xb2, 0x71, 0xdb, 0x81, 0xd6, 0xf0, 0x42, 0x60,
+    0xda, 0xea, 0x77, 0x52
+};
+
+__fips_constseg static const unsigned char sha1_pr_additionalinput[] = {
+    0x4d, 0xd2, 0x6c, 0x87, 0xfb, 0x2c, 0x4f, 0xa6, 0x8d, 0x16, 0x63, 0x22,
+    0x6a, 0x51, 0xe3, 0xf8
+};
+
+__fips_constseg static const unsigned char sha1_pr_entropyinputpr[] = {
+    0xc9, 0x83, 0x9e, 0x16, 0xf6, 0x1c, 0x0f, 0xb2, 0xec, 0x60, 0x31, 0xa9,
+    0xcb, 0xa9, 0x36, 0x7a
+};
+
+__fips_constseg static const unsigned char sha1_pr_int_returnedbits[] = {
+    0xa8, 0x13, 0x4f, 0xf4, 0x31, 0x02, 0x44, 0xe3, 0xd3, 0x3d, 0x61, 0x9e,
+    0xe5, 0xc6, 0x3e, 0x89, 0xb5, 0x9b, 0x0f, 0x35
+};
+
+__fips_constseg static const unsigned char sha1_pr_additionalinput2[] = {
+    0xf9, 0xe8, 0xd2, 0x72, 0x13, 0x34, 0x95, 0x6f, 0x15, 0x49, 0x47, 0x99,
+    0x16, 0x03, 0x19, 0x47
+};
+
+__fips_constseg static const unsigned char sha1_pr_entropyinputpr2[] = {
+    0x4e, 0x8c, 0x49, 0x9b, 0x4a, 0x5c, 0x9b, 0x9c, 0x3a, 0xee, 0xfb, 0xd2,
+    0xae, 0xcd, 0x8c, 0xc4
+};
+
+__fips_constseg static const unsigned char sha1_pr_returnedbits[] = {
+    0x50, 0xb4, 0xb4, 0xcd, 0x68, 0x57, 0xfc, 0x2e, 0xc1, 0x52, 0xcc, 0xf6,
+    0x68, 0xa4, 0x81, 0xed, 0x7e, 0xe4, 0x1d, 0x87
+};
+
+/* SHA-1 No PR  */
+__fips_constseg static const unsigned char sha1_entropyinput[] = {
+    0xa9, 0x47, 0x1b, 0x29, 0x2d, 0x1c, 0x05, 0xdf, 0x76, 0xd0, 0x62, 0xf9,
+    0xe2, 0x7f, 0x4c, 0x7b
+};
+
+__fips_constseg static const unsigned char sha1_nonce[] = {
+    0x53, 0x23, 0x24, 0xe3, 0xec, 0x0c, 0x54, 0x14
+};
+
+__fips_constseg static const unsigned char sha1_personalizationstring[] = {
+    0x7a, 0x87, 0xa1, 0xac, 0x1c, 0xfd, 0xab, 0xae, 0xf7, 0xd6, 0xfb, 0x76,
+    0x28, 0xec, 0x6d, 0xca
+};
+
+__fips_constseg static const unsigned char sha1_additionalinput[] = {
+    0xfc, 0x92, 0x35, 0xd6, 0x7e, 0xb7, 0x24, 0x65, 0xfd, 0x12, 0x27, 0x35,
+    0xc0, 0x72, 0xca, 0x28
+};
+
+__fips_constseg static const unsigned char sha1_int_returnedbits[] = {
+    0x57, 0x88, 0x82, 0xe5, 0x25, 0xa5, 0x2c, 0x4a, 0x06, 0x20, 0x6c, 0x72,
+    0x55, 0x61, 0xdd, 0x90, 0x71, 0x9f, 0x95, 0xea
+};
+
+__fips_constseg static const unsigned char sha1_entropyinputreseed[] = {
+    0x69, 0xa5, 0x40, 0x62, 0x98, 0x47, 0x56, 0x73, 0x4a, 0x8f, 0x60, 0x96,
+    0xd6, 0x99, 0x27, 0xed
+};
+
+__fips_constseg static const unsigned char sha1_additionalinputreseed[] = {
+    0xe5, 0x40, 0x4e, 0xbd, 0x50, 0x00, 0xf5, 0x15, 0xa6, 0xee, 0x45, 0xda,
+    0x84, 0x3d, 0xd4, 0xc0
+};
+
+__fips_constseg static const unsigned char sha1_additionalinput2[] = {
+    0x11, 0x51, 0x14, 0xf0, 0x09, 0x1b, 0x4e, 0x56, 0x0d, 0xe9, 0xf6, 0x1e,
+    0x52, 0x65, 0xcd, 0x96
+};
+
+__fips_constseg static const unsigned char sha1_returnedbits[] = {
+    0xa1, 0x9c, 0x94, 0x6e, 0x29, 0xe1, 0x33, 0x0d, 0x32, 0xd6, 0xaa, 0xce,
+    0x71, 0x3f, 0x52, 0x72, 0x8b, 0x42, 0xa8, 0xd7
+};
+
+/* SHA-224 PR  */
+__fips_constseg static const unsigned char sha224_pr_entropyinput[] = {
+    0x12, 0x69, 0x32, 0x4f, 0x83, 0xa6, 0xf5, 0x14, 0xe3, 0x49, 0x3e, 0x75,
+    0x3e, 0xde, 0xad, 0xa1, 0x29, 0xc3, 0xf3, 0x19, 0x20, 0xb5, 0x4c, 0xd9
+};
+
+__fips_constseg static const unsigned char sha224_pr_nonce[] = {
+    0x6a, 0x78, 0xd0, 0xeb, 0xbb, 0x5a, 0xf0, 0xee, 0xe8, 0xc3, 0xba, 0x71
+};
+
+__fips_constseg static const unsigned char sha224_pr_personalizationstring[] = {
+    0xd5, 0xb8, 0xb6, 0xbc, 0xc1, 0x5b, 0x60, 0x31, 0x3c, 0xf5, 0xe5, 0xc0,
+    0x8e, 0x52, 0x7a, 0xbd, 0xea, 0x47, 0xa9, 0x5f, 0x8f, 0xf9, 0x8b, 0xae
+};
+
+__fips_constseg static const unsigned char sha224_pr_additionalinput[] = {
+    0x1f, 0x55, 0xec, 0xae, 0x16, 0x12, 0x84, 0xba, 0x84, 0x16, 0x19, 0x88,
+    0x8e, 0xb8, 0x33, 0x25, 0x54, 0xff, 0xca, 0x79, 0xaf, 0x07, 0x25, 0x50
+};
+
+__fips_constseg static const unsigned char sha224_pr_entropyinputpr[] = {
+    0x92, 0xa3, 0x32, 0xa8, 0x9a, 0x0a, 0x58, 0x7c, 0x1d, 0x5a, 0x7e, 0xe1,
+    0xb2, 0x73, 0xab, 0x0e, 0x16, 0x79, 0x23, 0xd3, 0x29, 0x89, 0x81, 0xe1
+};
+
+__fips_constseg static const unsigned char sha224_pr_int_returnedbits[] = {
+    0xf3, 0x38, 0x91, 0x40, 0x37, 0x7a, 0x51, 0x72, 0x42, 0x74, 0x78, 0x0a,
+    0x69, 0xfd, 0xa6, 0x44, 0x43, 0x45, 0x6c, 0x0c, 0x5a, 0x19, 0xff, 0xf1,
+    0x54, 0x60, 0xee, 0x6a
+};
+
+__fips_constseg static const unsigned char sha224_pr_additionalinput2[] = {
+    0x75, 0xf3, 0x04, 0x25, 0xdd, 0x36, 0xa8, 0x37, 0x46, 0xae, 0x0c, 0x52,
+    0x05, 0x79, 0x4c, 0x26, 0xdb, 0xe9, 0x71, 0x16, 0x4c, 0x0a, 0xf2, 0x60
+};
+
+__fips_constseg static const unsigned char sha224_pr_entropyinputpr2[] = {
+    0xea, 0xc5, 0x03, 0x0a, 0x4f, 0xb0, 0x38, 0x8d, 0x23, 0xd4, 0xc8, 0x77,
+    0xe2, 0x6d, 0x9c, 0x0b, 0x44, 0xf7, 0x2d, 0x5b, 0xbf, 0x5d, 0x2a, 0x11
+};
+
+__fips_constseg static const unsigned char sha224_pr_returnedbits[] = {
+    0x60, 0x50, 0x2b, 0xe7, 0x86, 0xd8, 0x26, 0x73, 0xe3, 0x1d, 0x95, 0x20,
+    0xb3, 0x2c, 0x32, 0x1c, 0xf5, 0xce, 0x57, 0xa6, 0x67, 0x2b, 0xdc, 0x4e,
+    0xdd, 0x11, 0x4c, 0xc4
+};
+
+/* SHA-224 No PR  */
+__fips_constseg static const unsigned char sha224_entropyinput[] = {
+    0xb2, 0x1c, 0x77, 0x4d, 0xf6, 0xd3, 0xb6, 0x40, 0xb7, 0x30, 0x3e, 0x29,
+    0xb0, 0x85, 0x1c, 0xbe, 0x4a, 0xea, 0x6b, 0x5a, 0xb5, 0x8a, 0x97, 0xeb
+};
+
+__fips_constseg static const unsigned char sha224_nonce[] = {
+    0x42, 0x02, 0x0a, 0x1c, 0x98, 0x9a, 0x77, 0x9e, 0x9f, 0x80, 0xba, 0xe0
+};
+
+__fips_constseg static const unsigned char sha224_personalizationstring[] = {
+    0x98, 0xb8, 0x04, 0x41, 0xfc, 0xc1, 0x5d, 0xc5, 0xe9, 0xb9, 0x08, 0xda,
+    0xf9, 0xfa, 0x0d, 0x90, 0xce, 0xdf, 0x1d, 0x10, 0xa9, 0x8d, 0x50, 0x0c
+};
+
+__fips_constseg static const unsigned char sha224_additionalinput[] = {
+    0x9a, 0x8d, 0x39, 0x49, 0x42, 0xd5, 0x0b, 0xae, 0xe1, 0xaf, 0xb7, 0x00,
+    0x02, 0xfa, 0x96, 0xb1, 0xa5, 0x1d, 0x2d, 0x25, 0x78, 0xee, 0x83, 0x3f
+};
+
+__fips_constseg static const unsigned char sha224_int_returnedbits[] = {
+    0xe4, 0xf5, 0x53, 0x79, 0x5a, 0x97, 0x58, 0x06, 0x08, 0xba, 0x7b, 0xfa,
+    0xf0, 0x83, 0x05, 0x8c, 0x22, 0xc0, 0xc9, 0xdb, 0x15, 0xe7, 0xde, 0x20,
+    0x55, 0x22, 0x9a, 0xad
+};
+
+__fips_constseg static const unsigned char sha224_entropyinputreseed[] = {
+    0x67, 0x09, 0x48, 0xaa, 0x07, 0x16, 0x99, 0x89, 0x7f, 0x6d, 0xa0, 0xe5,
+    0x8f, 0xdf, 0xbc, 0xdb, 0xfe, 0xe5, 0x6c, 0x7a, 0x95, 0x4a, 0x66, 0x17
+};
+
+__fips_constseg static const unsigned char sha224_additionalinputreseed[] = {
+    0x0f, 0x4b, 0x1c, 0x6f, 0xb7, 0xe3, 0x47, 0xe5, 0x5d, 0x7d, 0x38, 0xd6,
+    0x28, 0x9b, 0xeb, 0x55, 0x63, 0x09, 0x3e, 0x7c, 0x56, 0xea, 0xf8, 0x19
+};
+
+__fips_constseg static const unsigned char sha224_additionalinput2[] = {
+    0x2d, 0x26, 0x7c, 0x37, 0xe4, 0x7a, 0x28, 0x5e, 0x5a, 0x3c, 0xaf, 0x3d,
+    0x5a, 0x8e, 0x55, 0xa2, 0x1a, 0x6e, 0xc0, 0xe5, 0xf6, 0x21, 0xd3, 0xf6
+};
+
+__fips_constseg static const unsigned char sha224_returnedbits[] = {
+    0x4d, 0x83, 0x35, 0xdf, 0x67, 0xa9, 0xfc, 0x17, 0xda, 0x70, 0xcc, 0x8b,
+    0x7f, 0x77, 0xae, 0xa2, 0x5f, 0xb9, 0x7e, 0x74, 0x4c, 0x26, 0xc1, 0x7a,
+    0x3b, 0xa7, 0x5c, 0x93
+};
+
+/* SHA-256 PR  */
+__fips_constseg static const unsigned char sha256_pr_entropyinput[] = {
+    0xce, 0x49, 0x00, 0x7a, 0x56, 0xe3, 0x67, 0x8f, 0xe1, 0xb6, 0xa7, 0xd4,
+    0x4f, 0x08, 0x7a, 0x1b, 0x01, 0xf4, 0xfa, 0x6b, 0xef, 0xb7, 0xe5, 0xeb,
+    0x07, 0x3d, 0x11, 0x0d, 0xc8, 0xea, 0x2b, 0xfe
+};
+
+__fips_constseg static const unsigned char sha256_pr_nonce[] = {
+    0x73, 0x41, 0xc8, 0x92, 0x94, 0xe2, 0xc5, 0x5f, 0x93, 0xfd, 0x39, 0x5d,
+    0x2b, 0x91, 0x4d, 0x38
+};
+
+__fips_constseg static const unsigned char sha256_pr_personalizationstring[] = {
+    0x50, 0x6d, 0x01, 0x01, 0x07, 0x5a, 0x80, 0x35, 0x7a, 0x56, 0x1a, 0x56,
+    0x2f, 0x9a, 0x0b, 0x35, 0xb2, 0xb1, 0xc9, 0xe5, 0xca, 0x69, 0x61, 0x48,
+    0xff, 0xfb, 0x0f, 0xd9, 0x4b, 0x79, 0x1d, 0xba
+};
+
+__fips_constseg static const unsigned char sha256_pr_additionalinput[] = {
+    0x20, 0xb8, 0xdf, 0x44, 0x77, 0x5a, 0xb8, 0xd3, 0xbf, 0xf6, 0xcf, 0xac,
+    0x5e, 0xa6, 0x96, 0x62, 0x73, 0x44, 0x40, 0x4a, 0x30, 0xfb, 0x38, 0xa5,
+    0x7b, 0x0d, 0xe4, 0x0d, 0xc6, 0xe4, 0x9a, 0x1f
+};
+
+__fips_constseg static const unsigned char sha256_pr_entropyinputpr[] = {
+    0x04, 0xc4, 0x65, 0xf4, 0xd3, 0xbf, 0x83, 0x4b, 0xab, 0xc8, 0x41, 0xa8,
+    0xc2, 0xe0, 0x44, 0x63, 0x77, 0x4c, 0x6f, 0x6c, 0x49, 0x46, 0xff, 0x94,
+    0x17, 0xea, 0xe6, 0x1a, 0x9d, 0x5e, 0x66, 0x78
+};
+
+__fips_constseg static const unsigned char sha256_pr_int_returnedbits[] = {
+    0x07, 0x4d, 0xac, 0x9b, 0x86, 0xca, 0x4a, 0xaa, 0x6e, 0x7a, 0x03, 0xa2,
+    0x5d, 0x10, 0xea, 0x0b, 0xf9, 0x83, 0xcc, 0xd1, 0xfc, 0xe2, 0x07, 0xc7,
+    0x06, 0x34, 0x60, 0x6f, 0x83, 0x94, 0x99, 0x76
+};
+
+__fips_constseg static const unsigned char sha256_pr_additionalinput2[] = {
+    0x89, 0x4e, 0x45, 0x8c, 0x11, 0xf9, 0xbc, 0x5b, 0xac, 0x74, 0x8b, 0x4b,
+    0x5f, 0xf7, 0x19, 0xf3, 0xf5, 0x24, 0x54, 0x14, 0xd1, 0x15, 0xb1, 0x43,
+    0x12, 0xa4, 0x5f, 0xd4, 0xec, 0xfc, 0xcd, 0x09
+};
+
+__fips_constseg static const unsigned char sha256_pr_entropyinputpr2[] = {
+    0x0e, 0xeb, 0x1f, 0xd7, 0xfc, 0xd1, 0x9d, 0xd4, 0x05, 0x36, 0x8b, 0xb2,
+    0xfb, 0xe4, 0xf4, 0x51, 0x0c, 0x87, 0x9b, 0x02, 0x44, 0xd5, 0x92, 0x4d,
+    0x44, 0xfe, 0x1a, 0x03, 0x43, 0x56, 0xbd, 0x86
+};
+
+__fips_constseg static const unsigned char sha256_pr_returnedbits[] = {
+    0x02, 0xaa, 0xb6, 0x1d, 0x7e, 0x2a, 0x40, 0x03, 0x69, 0x2d, 0x49, 0xa3,
+    0x41, 0xe7, 0x44, 0x0b, 0xaf, 0x7b, 0x85, 0xe4, 0x5f, 0x53, 0x3b, 0x64,
+    0xbc, 0x89, 0xc8, 0x82, 0xd4, 0x78, 0x37, 0xa2
+};
+
+/* SHA-256 No PR  */
+__fips_constseg static const unsigned char sha256_entropyinput[] = {
+    0x5b, 0x1b, 0xec, 0x4d, 0xa9, 0x38, 0x74, 0x5a, 0x34, 0x0b, 0x7b, 0xc5,
+    0xe5, 0xd7, 0x66, 0x7c, 0xbc, 0x82, 0xb9, 0x0e, 0x2d, 0x1f, 0x92, 0xd7,
+    0xc1, 0xbc, 0x67, 0x69, 0xec, 0x6b, 0x03, 0x3c
+};
+
+__fips_constseg static const unsigned char sha256_nonce[] = {
+    0xa4, 0x0c, 0xd8, 0x9c, 0x61, 0xd8, 0xc3, 0x54, 0xfe, 0x53, 0xc9, 0xe5,
+    0x5d, 0x6f, 0x6d, 0x35
+};
+
+__fips_constseg static const unsigned char sha256_personalizationstring[] = {
+    0x22, 0x5e, 0x62, 0x93, 0x42, 0x83, 0x78, 0x24, 0xd8, 0x40, 0x8c, 0xde,
+    0x6f, 0xf9, 0xa4, 0x7a, 0xc5, 0xa7, 0x3b, 0x88, 0xa3, 0xee, 0x42, 0x20,
+    0xfd, 0x61, 0x56, 0xc6, 0x4c, 0x13, 0x41, 0x9c
+};
+
+__fips_constseg static const unsigned char sha256_additionalinput[] = {
+    0xbf, 0x74, 0x5b, 0xf6, 0xc5, 0x64, 0x5e, 0x99, 0x34, 0x8f, 0xbc, 0xa4,
+    0xe2, 0xbd, 0xd8, 0x85, 0x26, 0x37, 0xea, 0xba, 0x4f, 0xf2, 0x9a, 0x9a,
+    0x66, 0xfc, 0xdf, 0x63, 0x26, 0x26, 0x19, 0x87
+};
+
+__fips_constseg static const unsigned char sha256_int_returnedbits[] = {
+    0xb3, 0xc6, 0x07, 0x07, 0xd6, 0x75, 0xf6, 0x2b, 0xd6, 0x21, 0x96, 0xf1,
+    0xae, 0xdb, 0x2b, 0xac, 0x25, 0x2a, 0xae, 0xae, 0x41, 0x72, 0x03, 0x5e,
+    0xbf, 0xd3, 0x64, 0xbc, 0x59, 0xf9, 0xc0, 0x76
+};
+
+__fips_constseg static const unsigned char sha256_entropyinputreseed[] = {
+    0xbf, 0x20, 0x33, 0x56, 0x29, 0xa8, 0x37, 0x04, 0x1f, 0x78, 0x34, 0x3d,
+    0x81, 0x2a, 0xc9, 0x86, 0xc6, 0x7a, 0x2f, 0x88, 0x5e, 0xd5, 0xbe, 0x34,
+    0x46, 0x20, 0xa4, 0x35, 0xeb, 0xc7, 0xe2, 0x9d
+};
+
+__fips_constseg static const unsigned char sha256_additionalinputreseed[] = {
+    0x9b, 0xae, 0x2d, 0x2d, 0x61, 0xa4, 0x89, 0xeb, 0x43, 0x46, 0xa7, 0xda,
+    0xef, 0x40, 0xca, 0x4a, 0x99, 0x11, 0x41, 0xdc, 0x5c, 0x94, 0xe9, 0xac,
+    0xd4, 0xd0, 0xe6, 0xbd, 0xfb, 0x03, 0x9c, 0xa8
+};
+
+__fips_constseg static const unsigned char sha256_additionalinput2[] = {
+    0x23, 0xaa, 0x0c, 0xbd, 0x28, 0x33, 0xe2, 0x51, 0xfc, 0x71, 0xd2, 0x15,
+    0x1f, 0x76, 0xfd, 0x0d, 0xe0, 0xb7, 0xb5, 0x84, 0x75, 0x5b, 0xbe, 0xf3,
+    0x5c, 0xca, 0xc5, 0x30, 0xf2, 0x75, 0x1f, 0xda
+};
+
+__fips_constseg static const unsigned char sha256_returnedbits[] = {
+    0x90, 0x3c, 0xc1, 0x10, 0x8c, 0x12, 0x01, 0xc6, 0xa6, 0x3a, 0x0f, 0x4d,
+    0xb6, 0x3a, 0x4f, 0x41, 0x9c, 0x61, 0x75, 0x84, 0xe9, 0x74, 0x75, 0xfd,
+    0xfe, 0xf2, 0x1f, 0x43, 0xd8, 0x5e, 0x24, 0xa3
+};
+
+/* SHA-384 PR  */
+__fips_constseg static const unsigned char sha384_pr_entropyinput[] = {
+    0x71, 0x9d, 0xb2, 0x5a, 0x71, 0x6d, 0x04, 0xe9, 0x1e, 0xc7, 0x92, 0x24,
+    0x6e, 0x12, 0x33, 0xa9, 0x52, 0x64, 0x31, 0xef, 0x71, 0xeb, 0x22, 0x55,
+    0x28, 0x97, 0x06, 0x6a, 0xc0, 0x0c, 0xa0, 0x7e
+};
+
+__fips_constseg static const unsigned char sha384_pr_nonce[] = {
+    0xf5, 0x0d, 0xfa, 0xb0, 0xec, 0x6a, 0x7c, 0xd6, 0xbd, 0x9b, 0x05, 0xfd,
+    0x38, 0x3e, 0x2e, 0x56
+};
+
+__fips_constseg static const unsigned char sha384_pr_personalizationstring[] = {
+    0x74, 0xac, 0x7e, 0x6d, 0xb1, 0xa4, 0xe7, 0x21, 0xd1, 0x1e, 0x6e, 0x96,
+    0x6d, 0x4d, 0x53, 0x46, 0x82, 0x96, 0x6e, 0xcf, 0xaa, 0x81, 0x8d, 0x7d,
+    0x9e, 0xe1, 0x0f, 0x15, 0xea, 0x41, 0xbf, 0xe3
+};
+
+__fips_constseg static const unsigned char sha384_pr_additionalinput[] = {
+    0xda, 0x95, 0xd4, 0xd0, 0xb8, 0x11, 0xd3, 0x49, 0x27, 0x5d, 0xa9, 0x39,
+    0x68, 0xf3, 0xa8, 0xe9, 0x5d, 0x19, 0x8a, 0x2b, 0x66, 0xe8, 0x69, 0x06,
+    0x7c, 0x9e, 0x03, 0xa1, 0x8b, 0x26, 0x2d, 0x6e
+};
+
+__fips_constseg static const unsigned char sha384_pr_entropyinputpr[] = {
+    0x49, 0xdf, 0x44, 0x00, 0xe4, 0x1c, 0x75, 0x0b, 0x26, 0x5a, 0x59, 0x64,
+    0x1f, 0x4e, 0xb1, 0xb2, 0x13, 0xf1, 0x22, 0x4e, 0xb4, 0x6d, 0x9a, 0xcc,
+    0xa0, 0x48, 0xe6, 0xcf, 0x1d, 0xd1, 0x92, 0x0d
+};
+
+__fips_constseg static const unsigned char sha384_pr_int_returnedbits[] = {
+    0xc8, 0x52, 0xae, 0xbf, 0x04, 0x3c, 0x27, 0xb7, 0x78, 0x18, 0xaa, 0x8f,
+    0xff, 0xcf, 0xa4, 0xf1, 0xcc, 0xe7, 0x68, 0xfa, 0x22, 0xa2, 0x13, 0x45,
+    0xe8, 0xdd, 0x87, 0xe6, 0xf2, 0x6e, 0xdd, 0xc7, 0x52, 0x90, 0x9f, 0x7b,
+    0xfa, 0x61, 0x2d, 0x9d, 0x9e, 0xcf, 0x98, 0xac, 0x52, 0x40, 0xce, 0xaf
+};
+
+__fips_constseg static const unsigned char sha384_pr_additionalinput2[] = {
+    0x61, 0x7c, 0x03, 0x9a, 0x3e, 0x50, 0x57, 0x60, 0xc5, 0x83, 0xc9, 0xb2,
+    0xd1, 0x87, 0x85, 0x66, 0x92, 0x5d, 0x84, 0x0e, 0x53, 0xfb, 0x70, 0x03,
+    0x72, 0xfd, 0xba, 0xae, 0x9c, 0x8f, 0xf8, 0x18
+};
+
+__fips_constseg static const unsigned char sha384_pr_entropyinputpr2[] = {
+    0xf8, 0xeb, 0x89, 0xb1, 0x8d, 0x78, 0xbe, 0x21, 0xe0, 0xbb, 0x9d, 0xb7,
+    0x95, 0x0e, 0xd9, 0x46, 0x0c, 0x8c, 0xe2, 0x63, 0xb7, 0x9d, 0x67, 0x90,
+    0xbd, 0xc7, 0x0b, 0xa5, 0xce, 0xb2, 0x65, 0x81
+};
+
+__fips_constseg static const unsigned char sha384_pr_returnedbits[] = {
+    0xe6, 0x9f, 0xfe, 0x68, 0xd6, 0xb5, 0x79, 0xf1, 0x06, 0x5f, 0xa3, 0xbb,
+    0x23, 0x85, 0xd8, 0xf0, 0x29, 0x5a, 0x68, 0x9e, 0xf5, 0xf4, 0xa6, 0x12,
+    0xe0, 0x9a, 0xe2, 0xac, 0x00, 0x1d, 0x98, 0x26, 0xfc, 0x53, 0x95, 0x53,
+    0xe4, 0x3e, 0x17, 0xd5, 0x08, 0x0b, 0x70, 0x3d, 0x67, 0x99, 0xac, 0x66
+};
+
+/* SHA-384 No PR  */
+__fips_constseg static const unsigned char sha384_entropyinput[] = {
+    0x07, 0x15, 0x27, 0x2a, 0xaf, 0x74, 0x24, 0x37, 0xbc, 0xd5, 0x14, 0x69,
+    0xce, 0x11, 0xff, 0xa2, 0x6b, 0xb8, 0x05, 0x67, 0x34, 0xf8, 0xbd, 0x6d,
+    0x6a, 0xcc, 0xcd, 0x60, 0xa3, 0x68, 0xca, 0xf4
+};
+
+__fips_constseg static const unsigned char sha384_nonce[] = {
+    0x70, 0x17, 0xc2, 0x5b, 0x5d, 0x22, 0x0b, 0x06, 0x15, 0x54, 0x78, 0x77,
+    0x44, 0xaf, 0x2f, 0x09
+};
+
+__fips_constseg static const unsigned char sha384_personalizationstring[] = {
+    0x89, 0x39, 0x28, 0xb0, 0x60, 0xeb, 0x3d, 0xdc, 0x55, 0x75, 0x86, 0xeb,
+    0xae, 0xa2, 0x8f, 0xbc, 0x1b, 0x75, 0xd4, 0xe1, 0x0f, 0xaa, 0x38, 0xca,
+    0x62, 0x8b, 0xcb, 0x2c, 0x26, 0xf6, 0xbc, 0xb1
+};
+
+__fips_constseg static const unsigned char sha384_additionalinput[] = {
+    0x30, 0x2b, 0x42, 0x35, 0xef, 0xda, 0x40, 0x55, 0x28, 0xc6, 0x95, 0xfb,
+    0x54, 0x01, 0x62, 0xd7, 0x87, 0x14, 0x48, 0x6d, 0x90, 0x4c, 0xa9, 0x02,
+    0x54, 0x40, 0x22, 0xc8, 0x66, 0xa5, 0x48, 0x48
+};
+
+__fips_constseg static const unsigned char sha384_int_returnedbits[] = {
+    0x82, 0xc4, 0xa1, 0x9c, 0x21, 0xd2, 0xe7, 0xa5, 0xa6, 0xf6, 0x5f, 0x04,
+    0x5c, 0xc7, 0x31, 0x9d, 0x8d, 0x59, 0x74, 0x50, 0x19, 0x89, 0x2f, 0x63,
+    0xd5, 0xb7, 0x7e, 0xeb, 0x15, 0xe3, 0x70, 0x83, 0xa1, 0x24, 0x59, 0xfa,
+    0x2c, 0x56, 0xf6, 0x88, 0x3a, 0x92, 0x93, 0xa1, 0xfb, 0x79, 0xc1, 0x7a
+};
+
+__fips_constseg static const unsigned char sha384_entropyinputreseed[] = {
+    0x39, 0xa6, 0xe8, 0x5c, 0x82, 0x17, 0x71, 0x26, 0x57, 0x4f, 0x9f, 0xc2,
+    0x55, 0xff, 0x5c, 0x9b, 0x53, 0x1a, 0xd1, 0x5f, 0xbc, 0x62, 0xe4, 0x27,
+    0x2d, 0x32, 0xf0, 0xe4, 0x52, 0x8c, 0xc5, 0x0c
+};
+
+__fips_constseg static const unsigned char sha384_additionalinputreseed[] = {
+    0x8d, 0xcb, 0x8d, 0xce, 0x08, 0xea, 0x80, 0xe8, 0x9b, 0x61, 0xa8, 0x0f,
+    0xaf, 0x49, 0x20, 0x9e, 0x74, 0xcb, 0x57, 0x80, 0x42, 0xb0, 0x84, 0x5e,
+    0x30, 0x2a, 0x67, 0x08, 0xf4, 0xe3, 0x40, 0x22
+};
+
+__fips_constseg static const unsigned char sha384_additionalinput2[] = {
+    0x7c, 0x8f, 0xc2, 0xae, 0x22, 0x4a, 0xd6, 0xf6, 0x05, 0xa4, 0x7a, 0xea,
+    0xbb, 0x25, 0xd0, 0xb7, 0x5a, 0xd6, 0xcf, 0x9d, 0xf3, 0x6c, 0xe2, 0xb2,
+    0x4e, 0xb4, 0xbd, 0xf4, 0xe5, 0x40, 0x80, 0x94
+};
+
+__fips_constseg static const unsigned char sha384_returnedbits[] = {
+    0x9e, 0x7e, 0xfb, 0x59, 0xbb, 0xaa, 0x3c, 0xf7, 0xe1, 0xf8, 0x76, 0xdd,
+    0x63, 0x5f, 0xaf, 0x23, 0xd6, 0x64, 0x61, 0xc0, 0x9a, 0x09, 0x47, 0xc9,
+    0x33, 0xdf, 0x6d, 0x55, 0x91, 0x34, 0x79, 0x70, 0xc4, 0x99, 0x6e, 0x54,
+    0x09, 0x64, 0x21, 0x1a, 0xbd, 0x1e, 0x80, 0x40, 0x34, 0xad, 0xfa, 0xd7
+};
+
+/* SHA-512 PR  */
+__fips_constseg static const unsigned char sha512_pr_entropyinput[] = {
+    0x13, 0xf7, 0x61, 0x75, 0x65, 0x28, 0xa2, 0x59, 0x13, 0x5a, 0x4a, 0x4f,
+    0x56, 0x60, 0x8c, 0x53, 0x7d, 0xb0, 0xbd, 0x06, 0x4f, 0xed, 0xcc, 0xd2,
+    0xa2, 0xb5, 0xfd, 0x5b, 0x3a, 0xab, 0xec, 0x28
+};
+
+__fips_constseg static const unsigned char sha512_pr_nonce[] = {
+    0xbe, 0xa3, 0x91, 0x93, 0x1d, 0xc3, 0x31, 0x3a, 0x23, 0x33, 0x50, 0x67,
+    0x88, 0xc7, 0xa2, 0xc4
+};
+
+__fips_constseg static const unsigned char sha512_pr_personalizationstring[] = {
+    0x1f, 0x59, 0x4d, 0x7b, 0xe6, 0x46, 0x91, 0x48, 0xc1, 0x25, 0xfa, 0xff,
+    0x89, 0x12, 0x77, 0x35, 0xdf, 0x3e, 0xf4, 0x80, 0x5f, 0xd9, 0xb0, 0x07,
+    0x22, 0x41, 0xdd, 0x48, 0x78, 0x6b, 0x77, 0x2b
+};
+
+__fips_constseg static const unsigned char sha512_pr_additionalinput[] = {
+    0x30, 0xff, 0x63, 0x6f, 0xac, 0xd9, 0x84, 0x39, 0x6f, 0xe4, 0x99, 0xce,
+    0x91, 0x7d, 0x7e, 0xc8, 0x58, 0xf2, 0x12, 0xc3, 0xb6, 0xad, 0xda, 0x22,
+    0x04, 0xa0, 0xd2, 0x21, 0xfe, 0xf2, 0x95, 0x1d
+};
+
+__fips_constseg static const unsigned char sha512_pr_entropyinputpr[] = {
+    0x64, 0x54, 0x13, 0xec, 0x4f, 0x77, 0xda, 0xb2, 0x92, 0x2e, 0x52, 0x80,
+    0x11, 0x10, 0xc2, 0xf8, 0xe6, 0xa7, 0xcd, 0x4b, 0xfc, 0x32, 0x2e, 0x9e,
+    0xeb, 0xbb, 0xb1, 0xbf, 0x15, 0x5c, 0x73, 0x08
+};
+
+__fips_constseg static const unsigned char sha512_pr_int_returnedbits[] = {
+    0xef, 0x1e, 0xdc, 0x0a, 0xa4, 0x36, 0x91, 0x9c, 0x3d, 0x27, 0x97, 0x50,
+    0x8d, 0x36, 0x29, 0x8d, 0xce, 0x6a, 0x0c, 0xf7, 0x21, 0xc0, 0x91, 0xae,
+    0x0c, 0x96, 0x72, 0xbd, 0x52, 0x81, 0x58, 0xfc, 0x6d, 0xe5, 0xf7, 0xa5,
+    0xfd, 0x5d, 0xa7, 0x58, 0x68, 0xc8, 0x99, 0x58, 0x8e, 0xc8, 0xce, 0x95,
+    0x01, 0x7d, 0xff, 0xa4, 0xc8, 0xf7, 0x63, 0xfe, 0x5f, 0x69, 0x83, 0x53,
+    0xe2, 0xc6, 0x8b, 0xc3
+};
+
+__fips_constseg static const unsigned char sha512_pr_additionalinput2[] = {
+    0xe6, 0x9b, 0xc4, 0x88, 0x34, 0xca, 0xea, 0x29, 0x2f, 0x98, 0x05, 0xa4,
+    0xd3, 0xc0, 0x7b, 0x11, 0xe8, 0xbb, 0x75, 0xf2, 0xbd, 0x29, 0xb7, 0x40,
+    0x25, 0x7f, 0xc1, 0xb7, 0xb1, 0xf1, 0x25, 0x61
+};
+
+__fips_constseg static const unsigned char sha512_pr_entropyinputpr2[] = {
+    0x23, 0x6d, 0xff, 0xde, 0xfb, 0xd1, 0xba, 0x33, 0x18, 0xe6, 0xbe, 0xb5,
+    0x48, 0x77, 0x6d, 0x7f, 0xa7, 0xe1, 0x4d, 0x48, 0x1e, 0x3c, 0xa7, 0x34,
+    0x1a, 0xc8, 0x60, 0xdb, 0x8f, 0x99, 0x15, 0x99
+};
+
+__fips_constseg static const unsigned char sha512_pr_returnedbits[] = {
+    0x70, 0x27, 0x31, 0xdb, 0x92, 0x70, 0x21, 0xfe, 0x16, 0xb6, 0xc8, 0x51,
+    0x34, 0x87, 0x65, 0xd0, 0x4e, 0xfd, 0xfe, 0x68, 0xec, 0xac, 0xdc, 0x93,
+    0x41, 0x38, 0x92, 0x90, 0xb4, 0x94, 0xf9, 0x0d, 0xa4, 0xf7, 0x4e, 0x80,
+    0x92, 0x67, 0x48, 0x40, 0xa7, 0x08, 0xc7, 0xbc, 0x66, 0x00, 0xfd, 0xf7,
+    0x4c, 0x8b, 0x17, 0x6e, 0xd1, 0x8f, 0x9b, 0xf3, 0x6f, 0xf6, 0x34, 0xdd,
+    0x67, 0xf7, 0x68, 0xdd
+};
+
+/* SHA-512 No PR  */
+__fips_constseg static const unsigned char sha512_entropyinput[] = {
+    0xb6, 0x0b, 0xb7, 0xbc, 0x84, 0x56, 0xf6, 0x12, 0xaf, 0x45, 0x67, 0x17,
+    0x7c, 0xd1, 0xb2, 0x78, 0x2b, 0xa0, 0xf2, 0xbe, 0xb6, 0x6d, 0x8b, 0x56,
+    0xc6, 0xbc, 0x4d, 0xe1, 0xf7, 0xbe, 0xce, 0xbd
+};
+
+__fips_constseg static const unsigned char sha512_nonce[] = {
+    0x9d, 0xed, 0xc0, 0xe5, 0x5a, 0x98, 0x6a, 0xcb, 0x51, 0x7d, 0x76, 0x31,
+    0x5a, 0x64, 0xf0, 0xf7
+};
+
+__fips_constseg static const unsigned char sha512_personalizationstring[] = {
+    0xc2, 0x6d, 0xa3, 0xc3, 0x06, 0x74, 0xe5, 0x01, 0x5c, 0x10, 0x17, 0xc7,
+    0xaf, 0x83, 0x9d, 0x59, 0x8d, 0x2d, 0x29, 0x38, 0xc5, 0x59, 0x70, 0x8b,
+    0x46, 0x48, 0x2d, 0xcf, 0x36, 0x7d, 0x59, 0xc0
+};
+
+__fips_constseg static const unsigned char sha512_additionalinput[] = {
+    0xec, 0x8c, 0xd4, 0xf7, 0x61, 0x6e, 0x0d, 0x95, 0x79, 0xb7, 0x28, 0xad,
+    0x5f, 0x69, 0x74, 0x5f, 0x2d, 0x36, 0x06, 0x8a, 0x6b, 0xac, 0x54, 0x97,
+    0xc4, 0xa1, 0x12, 0x85, 0x0a, 0xdf, 0x4b, 0x34
+};
+
+__fips_constseg static const unsigned char sha512_int_returnedbits[] = {
+    0x84, 0x2f, 0x1f, 0x68, 0x6a, 0xa3, 0xad, 0x1e, 0xfb, 0xf4, 0x15, 0xbd,
+    0xde, 0x38, 0xd4, 0x30, 0x80, 0x51, 0xe9, 0xd3, 0xc7, 0x20, 0x88, 0xe9,
+    0xf5, 0xcc, 0xdf, 0x57, 0x5c, 0x47, 0x2f, 0x57, 0x3c, 0x5f, 0x13, 0x56,
+    0xcc, 0xc5, 0x4f, 0x84, 0xf8, 0x10, 0x41, 0xd5, 0x7e, 0x58, 0x6e, 0x19,
+    0x19, 0x9e, 0xaf, 0xc2, 0x22, 0x58, 0x41, 0x50, 0x79, 0xc2, 0xd8, 0x04,
+    0x28, 0xd4, 0x39, 0x9a
+};
+
+__fips_constseg static const unsigned char sha512_entropyinputreseed[] = {
+    0xfa, 0x7f, 0x46, 0x51, 0x83, 0x62, 0x98, 0x16, 0x9a, 0x19, 0xa2, 0x49,
+    0xa9, 0xe6, 0x4a, 0xd8, 0x85, 0xe7, 0xd4, 0x3b, 0x2c, 0x82, 0xc5, 0x82,
+    0xbf, 0x11, 0xf9, 0x9e, 0xbc, 0xd0, 0x01, 0xee
+};
+
+__fips_constseg static const unsigned char sha512_additionalinputreseed[] = {
+    0xb9, 0x12, 0xe0, 0x4f, 0xf7, 0xa7, 0xc4, 0xd8, 0xd0, 0x8e, 0x99, 0x29,
+    0x7c, 0x9a, 0xe9, 0xcf, 0xc4, 0x6c, 0xf8, 0xc3, 0xa7, 0x41, 0x83, 0xd6,
+    0x2e, 0xfa, 0xb8, 0x5e, 0x8e, 0x6b, 0x78, 0x20
+};
+
+__fips_constseg static const unsigned char sha512_additionalinput2[] = {
+    0xd7, 0x07, 0x52, 0xb9, 0x83, 0x2c, 0x03, 0x71, 0xee, 0xc9, 0xc0, 0x85,
+    0xe1, 0x57, 0xb2, 0xcd, 0x3a, 0xf0, 0xc9, 0x34, 0x24, 0x41, 0x1c, 0x42,
+    0x99, 0xb2, 0x84, 0xe9, 0x17, 0xd2, 0x76, 0x92
+};
+
+__fips_constseg static const unsigned char sha512_returnedbits[] = {
+    0x36, 0x17, 0x5d, 0x98, 0x2b, 0x65, 0x25, 0x8e, 0xc8, 0x29, 0xdf, 0x27,
+    0x05, 0x36, 0x26, 0x12, 0x8a, 0x68, 0x74, 0x27, 0x37, 0xd4, 0x7f, 0x32,
+    0xb1, 0x12, 0xd6, 0x85, 0x83, 0xeb, 0x2e, 0xa0, 0xed, 0x4b, 0xb5, 0x7b,
+    0x6f, 0x39, 0x3c, 0x71, 0x77, 0x02, 0x12, 0xcc, 0x2c, 0x3a, 0x8e, 0x63,
+    0xdf, 0x4a, 0xbd, 0x6f, 0x6e, 0x2e, 0xed, 0x0a, 0x85, 0xa5, 0x2f, 0xa2,
+    0x68, 0xde, 0x42, 0xb5
+};
+
+/* HMAC SHA-1 PR  */
+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinput[] = {
+    0x26, 0x5f, 0x36, 0x14, 0xff, 0x3d, 0x83, 0xfa, 0x73, 0x5e, 0x75, 0xdc,
+    0x2c, 0x18, 0x17, 0x1b
+};
+
+__fips_constseg static const unsigned char hmac_sha1_pr_nonce[] = {
+    0xc8, 0xe3, 0x57, 0xa5, 0x7b, 0x74, 0x86, 0x6e
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha1_pr_personalizationstring[] = {
+    0x6e, 0xdb, 0x0d, 0xfe, 0x7d, 0xac, 0x79, 0xd0, 0xa5, 0x3a, 0x48, 0x85,
+    0x80, 0xe2, 0x7f, 0x2a
+};
+
+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput[] = {
+    0x31, 0xcd, 0x5e, 0x43, 0xdc, 0xfb, 0x7a, 0x79, 0xca, 0x88, 0xde, 0x1f,
+    0xd7, 0xbb, 0x42, 0x09
+};
+
+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr[] = {
+    0x7c, 0x23, 0x95, 0x38, 0x00, 0x95, 0xc1, 0x78, 0x1f, 0x8f, 0xd7, 0x63,
+    0x23, 0x87, 0x2a, 0xed
+};
+
+__fips_constseg static const unsigned char hmac_sha1_pr_int_returnedbits[] = {
+    0xbb, 0x34, 0xe7, 0x93, 0xa3, 0x02, 0x2c, 0x4a, 0xd0, 0x89, 0xda, 0x7f,
+    0xed, 0xf4, 0x4c, 0xde, 0x17, 0xec, 0xe5, 0x6c
+};
+
+__fips_constseg static const unsigned char hmac_sha1_pr_additionalinput2[] = {
+    0x49, 0xbc, 0x2d, 0x2c, 0xb7, 0x32, 0xcb, 0x20, 0xdf, 0xf5, 0x77, 0x58,
+    0xa0, 0x4b, 0x93, 0x6e
+};
+
+__fips_constseg static const unsigned char hmac_sha1_pr_entropyinputpr2[] = {
+    0x3c, 0xaa, 0xb0, 0x21, 0x42, 0xb0, 0xdd, 0x34, 0xf0, 0x16, 0x7f, 0x0c,
+    0x0f, 0xff, 0x2e, 0xaf
+};
+
+__fips_constseg static const unsigned char hmac_sha1_pr_returnedbits[] = {
+    0x8e, 0xcb, 0xa3, 0x64, 0xb2, 0xb8, 0x33, 0x6c, 0x64, 0x3b, 0x78, 0x16,
+    0x99, 0x35, 0xc8, 0x30, 0xcb, 0x3e, 0xa0, 0xd8
+};
+
+/* HMAC SHA-1 No PR  */
+__fips_constseg static const unsigned char hmac_sha1_entropyinput[] = {
+    0x32, 0x9a, 0x2a, 0x87, 0x7b, 0x89, 0x7c, 0xf6, 0xcb, 0x95, 0xd5, 0x40,
+    0x17, 0xfe, 0x47, 0x70
+};
+
+__fips_constseg static const unsigned char hmac_sha1_nonce[] = {
+    0x16, 0xd8, 0xe0, 0xc7, 0x52, 0xcf, 0x4a, 0x25
+};
+
+__fips_constseg static const unsigned char hmac_sha1_personalizationstring[] = {
+    0x35, 0x35, 0xa9, 0xa5, 0x40, 0xbe, 0x9b, 0xd1, 0x56, 0xdd, 0x44, 0x00,
+    0x72, 0xf7, 0xd3, 0x5e
+};
+
+__fips_constseg static const unsigned char hmac_sha1_additionalinput[] = {
+    0x1b, 0x2c, 0x84, 0x2d, 0x4a, 0x89, 0x8f, 0x69, 0x19, 0xf1, 0xf3, 0xdb,
+    0xbb, 0xe3, 0xaa, 0xea
+};
+
+__fips_constseg static const unsigned char hmac_sha1_int_returnedbits[] = {
+    0xcf, 0xfa, 0x7d, 0x72, 0x0f, 0xe6, 0xc7, 0x96, 0xa0, 0x69, 0x31, 0x11,
+    0x9b, 0x0b, 0x1a, 0x20, 0x1f, 0x3f, 0xaa, 0xd1
+};
+
+__fips_constseg static const unsigned char hmac_sha1_entropyinputreseed[] = {
+    0x90, 0x75, 0x15, 0x04, 0x95, 0xf1, 0xba, 0x81, 0x0c, 0x37, 0x94, 0x6f,
+    0x86, 0x52, 0x6d, 0x9c
+};
+
+__fips_constseg static const unsigned char hmac_sha1_additionalinputreseed[] = {
+    0x5b, 0x40, 0xba, 0x5f, 0x17, 0x70, 0xf0, 0x4b, 0xdf, 0xc9, 0x97, 0x92,
+    0x79, 0xc5, 0x82, 0x28
+};
+
+__fips_constseg static const unsigned char hmac_sha1_additionalinput2[] = {
+    0x97, 0xc8, 0x80, 0x90, 0xb3, 0xaa, 0x6e, 0x60, 0xea, 0x83, 0x7a, 0xe3,
+    0x8a, 0xca, 0xa4, 0x7f
+};
+
+__fips_constseg static const unsigned char hmac_sha1_returnedbits[] = {
+    0x90, 0xbd, 0x05, 0x56, 0x6d, 0xb5, 0x22, 0xd5, 0xb9, 0x5a, 0x29, 0x2d,
+    0xe9, 0x0b, 0xe1, 0xac, 0xde, 0x27, 0x0b, 0xb0
+};
+
+/* HMAC SHA-224 PR  */
+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinput[] = {
+    0x17, 0x32, 0x2b, 0x2e, 0x6f, 0x1b, 0x9c, 0x6d, 0x31, 0xe0, 0x34, 0x07,
+    0xcf, 0xed, 0xf6, 0xb6, 0x5a, 0x76, 0x4c, 0xbc, 0x62, 0x85, 0x01, 0x90
+};
+
+__fips_constseg static const unsigned char hmac_sha224_pr_nonce[] = {
+    0x38, 0xbf, 0x5f, 0x20, 0xb3, 0x68, 0x2f, 0x43, 0x61, 0x05, 0x8f, 0x23
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha224_pr_personalizationstring[] = {
+    0xc0, 0xc9, 0x45, 0xac, 0x8d, 0x27, 0x77, 0x08, 0x0b, 0x17, 0x6d, 0xed,
+    0xc1, 0x7d, 0xd5, 0x07, 0x9d, 0x6e, 0xf8, 0x23, 0x2a, 0x22, 0x13, 0xbd
+};
+
+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput[] = {
+    0xa4, 0x3c, 0xe7, 0x3b, 0xea, 0x19, 0x45, 0x32, 0xc2, 0x83, 0x6d, 0x21,
+    0x8a, 0xc0, 0xee, 0x67, 0x45, 0xde, 0x13, 0x7d, 0x9d, 0x61, 0x00, 0x3b
+};
+
+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr[] = {
+    0x15, 0x05, 0x74, 0x4a, 0x7f, 0x8d, 0x5c, 0x60, 0x16, 0xe5, 0x7b, 0xad,
+    0xf5, 0x41, 0x8f, 0x55, 0x60, 0xc4, 0x09, 0xee, 0x1e, 0x11, 0x81, 0xab
+};
+
+__fips_constseg static const unsigned char hmac_sha224_pr_int_returnedbits[] = {
+    0x6f, 0xf5, 0x9a, 0xe2, 0x54, 0x53, 0x30, 0x3d, 0x5a, 0x27, 0x29, 0x38,
+    0x27, 0xf2, 0x0d, 0x05, 0xe9, 0x26, 0xcb, 0x16, 0xc3, 0x51, 0x5f, 0x13,
+    0x41, 0xfe, 0x99, 0xf2
+};
+
+__fips_constseg static const unsigned char hmac_sha224_pr_additionalinput2[] = {
+    0x73, 0x81, 0x88, 0x84, 0x8f, 0xed, 0x6f, 0x10, 0x9f, 0x93, 0xbf, 0x17,
+    0x35, 0x7c, 0xef, 0xd5, 0x8d, 0x26, 0xa6, 0x7a, 0xe8, 0x09, 0x36, 0x4f
+};
+
+__fips_constseg static const unsigned char hmac_sha224_pr_entropyinputpr2[] = {
+    0xe6, 0xcf, 0xcf, 0x7e, 0x12, 0xe5, 0x43, 0xd2, 0x38, 0xd8, 0x24, 0x6f,
+    0x5a, 0x37, 0x68, 0xbf, 0x4f, 0xa0, 0xff, 0xd5, 0x61, 0x8a, 0x93, 0xe0
+};
+
+__fips_constseg static const unsigned char hmac_sha224_pr_returnedbits[] = {
+    0xaf, 0xf9, 0xd8, 0x19, 0x91, 0x30, 0x82, 0x6f, 0xa9, 0x1e, 0x9d, 0xd7,
+    0xf3, 0x50, 0xe0, 0xc7, 0xd5, 0x64, 0x96, 0x7d, 0x4c, 0x4d, 0x78, 0x03,
+    0x6d, 0xd8, 0x9e, 0x72
+};
+
+/* HMAC SHA-224 No PR  */
+__fips_constseg static const unsigned char hmac_sha224_entropyinput[] = {
+    0x11, 0x82, 0xfd, 0xd9, 0x42, 0xf4, 0xfa, 0xc8, 0xf2, 0x41, 0xe6, 0x54,
+    0x01, 0xae, 0x22, 0x6e, 0xc6, 0xaf, 0xaf, 0xd0, 0xa6, 0xb2, 0xe2, 0x6d
+};
+
+__fips_constseg static const unsigned char hmac_sha224_nonce[] = {
+    0xa9, 0x48, 0xd7, 0x92, 0x39, 0x7e, 0x2a, 0xdc, 0x30, 0x1f, 0x0e, 0x2b
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha224_personalizationstring[] = {
+    0x11, 0xd5, 0xf4, 0xbd, 0x67, 0x8c, 0x31, 0xcf, 0xa3, 0x3f, 0x1e, 0x6b,
+    0xa8, 0x07, 0x02, 0x0b, 0xc8, 0x2e, 0x6c, 0x64, 0x41, 0x5b, 0xc8, 0x37
+};
+
+__fips_constseg static const unsigned char hmac_sha224_additionalinput[] = {
+    0x68, 0x18, 0xc2, 0x06, 0xeb, 0x3e, 0x04, 0x95, 0x44, 0x5e, 0xfb, 0xe6,
+    0x41, 0xc1, 0x5c, 0xcc, 0x40, 0x2f, 0xb7, 0xd2, 0x0f, 0xf3, 0x6b, 0xe7
+};
+
+__fips_constseg static const unsigned char hmac_sha224_int_returnedbits[] = {
+    0x7f, 0x45, 0xc7, 0x5d, 0x32, 0xe6, 0x17, 0x60, 0xba, 0xdc, 0xb8, 0x42,
+    0x1b, 0x9c, 0xf1, 0xfa, 0x3b, 0x4d, 0x29, 0x54, 0xc6, 0x90, 0xff, 0x5c,
+    0xcd, 0xd6, 0xa9, 0xcc
+};
+
+__fips_constseg static const unsigned char hmac_sha224_entropyinputreseed[] = {
+    0xc4, 0x8e, 0x37, 0x95, 0x69, 0x53, 0x28, 0xd7, 0x37, 0xbb, 0x70, 0x95,
+    0x1c, 0x07, 0x1d, 0xd9, 0xb7, 0xe6, 0x1b, 0xbb, 0xfe, 0x41, 0xeb, 0xc9
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha224_additionalinputreseed[] = {
+    0x53, 0x17, 0xa1, 0x6a, 0xfa, 0x77, 0x47, 0xb0, 0x95, 0x56, 0x9a, 0x20,
+    0x57, 0xde, 0x5c, 0x89, 0x9f, 0x7f, 0xe2, 0xde, 0x17, 0x3a, 0x50, 0x23
+};
+
+__fips_constseg static const unsigned char hmac_sha224_additionalinput2[] = {
+    0x3a, 0x32, 0xf9, 0x85, 0x0c, 0xc1, 0xed, 0x76, 0x2d, 0xdf, 0x40, 0xc3,
+    0x06, 0x22, 0x66, 0xd4, 0x9a, 0x9a, 0xff, 0x5a, 0x7e, 0x7a, 0xf3, 0x96
+};
+
+__fips_constseg static const unsigned char hmac_sha224_returnedbits[] = {
+    0x43, 0xb4, 0x57, 0x5c, 0x38, 0x25, 0x9d, 0xae, 0xec, 0x96, 0xd1, 0x85,
+    0x3a, 0x84, 0x8d, 0xfe, 0x68, 0xd5, 0x0e, 0x5c, 0x8f, 0x65, 0xa5, 0x4e,
+    0x45, 0x84, 0xa8, 0x94
+};
+
+/* HMAC SHA-256 PR  */
+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinput[] = {
+    0x4d, 0xb0, 0x43, 0xd8, 0x34, 0x4b, 0x10, 0x70, 0xb1, 0x8b, 0xed, 0xea,
+    0x07, 0x92, 0x9f, 0x6c, 0x79, 0x31, 0xaf, 0x81, 0x29, 0xeb, 0x6e, 0xca,
+    0x32, 0x48, 0x28, 0xe7, 0x02, 0x5d, 0xa6, 0xa6
+};
+
+__fips_constseg static const unsigned char hmac_sha256_pr_nonce[] = {
+    0x3a, 0xae, 0x15, 0xa9, 0x99, 0xdc, 0xe4, 0x67, 0x34, 0x3b, 0x70, 0x15,
+    0xaa, 0xd3, 0x30, 0x9a
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha256_pr_personalizationstring[] = {
+    0x13, 0x1d, 0x24, 0x04, 0xb0, 0x18, 0x81, 0x15, 0x21, 0x51, 0x2a, 0x24,
+    0x52, 0x61, 0xbe, 0x64, 0x82, 0x6b, 0x55, 0x2f, 0xe2, 0xf1, 0x40, 0x7d,
+    0x71, 0xd8, 0x01, 0x86, 0x15, 0xb7, 0x8b, 0xb5
+};
+
+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput[] = {
+    0x8f, 0xa6, 0x54, 0x5f, 0xb1, 0xd0, 0xd8, 0xc3, 0xe7, 0x0c, 0x15, 0xa9,
+    0x23, 0x6e, 0xfe, 0xfb, 0x93, 0xf7, 0x3a, 0xbd, 0x59, 0x01, 0xfa, 0x18,
+    0x8e, 0xe9, 0x1a, 0xa9, 0x78, 0xfc, 0x79, 0x0b
+};
+
+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr[] = {
+    0xcf, 0x24, 0xb9, 0xeb, 0xb3, 0xd4, 0xcd, 0x17, 0x37, 0x38, 0x75, 0x79,
+    0x15, 0xcb, 0x2d, 0x75, 0x51, 0xf1, 0xcc, 0xaa, 0x32, 0xa4, 0xa7, 0x36,
+    0x7c, 0x5c, 0xe4, 0x47, 0xf1, 0x3e, 0x1d, 0xe5
+};
+
+__fips_constseg static const unsigned char hmac_sha256_pr_int_returnedbits[] = {
+    0x52, 0x42, 0xfa, 0xeb, 0x85, 0xe0, 0x30, 0x22, 0x79, 0x00, 0x16, 0xb2,
+    0x88, 0x2f, 0x14, 0x6a, 0xb7, 0xfc, 0xb7, 0x53, 0xdc, 0x4a, 0x12, 0xef,
+    0x54, 0xd6, 0x33, 0xe9, 0x20, 0xd6, 0xfd, 0x56
+};
+
+__fips_constseg static const unsigned char hmac_sha256_pr_additionalinput2[] = {
+    0xf4, 0xf6, 0x49, 0xa1, 0x2d, 0x64, 0x2b, 0x30, 0x58, 0xf8, 0xbd, 0xb8,
+    0x75, 0xeb, 0xbb, 0x5e, 0x1c, 0x9b, 0x81, 0x6a, 0xda, 0x14, 0x86, 0x6e,
+    0xd0, 0xda, 0x18, 0xb7, 0x88, 0xfb, 0x59, 0xf3
+};
+
+__fips_constseg static const unsigned char hmac_sha256_pr_entropyinputpr2[] = {
+    0x21, 0xcd, 0x6e, 0x46, 0xad, 0x99, 0x07, 0x17, 0xb4, 0x3d, 0x76, 0x0a,
+    0xff, 0x5b, 0x52, 0x50, 0x78, 0xdf, 0x1f, 0x24, 0x06, 0x0d, 0x3f, 0x74,
+    0xa9, 0xc9, 0x37, 0xcf, 0xd8, 0x26, 0x25, 0x91
+};
+
+__fips_constseg static const unsigned char hmac_sha256_pr_returnedbits[] = {
+    0xa7, 0xaf, 0x2f, 0x29, 0xe0, 0x3a, 0x72, 0x95, 0x96, 0x1c, 0xa9, 0xf0,
+    0x4a, 0x17, 0x4d, 0x66, 0x06, 0x10, 0xbf, 0x39, 0x89, 0x88, 0xb8, 0x91,
+    0x37, 0x18, 0x99, 0xcf, 0x8c, 0x53, 0x3b, 0x7e
+};
+
+/* HMAC SHA-256 No PR  */
+__fips_constseg static const unsigned char hmac_sha256_entropyinput[] = {
+    0x96, 0xb7, 0x53, 0x22, 0x1e, 0x52, 0x2a, 0x96, 0xb1, 0x15, 0x3c, 0x35,
+    0x5a, 0x8b, 0xd3, 0x4a, 0xa6, 0x6c, 0x83, 0x0a, 0x7d, 0xa3, 0x23, 0x3d,
+    0x43, 0xa1, 0x07, 0x2c, 0x2d, 0xe3, 0x81, 0xcc
+};
+
+__fips_constseg static const unsigned char hmac_sha256_nonce[] = {
+    0xf1, 0xac, 0x97, 0xcb, 0x5e, 0x06, 0x48, 0xd2, 0x94, 0xbe, 0x15, 0x2e,
+    0xc7, 0xfc, 0xc2, 0x01
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha256_personalizationstring[] = {
+    0x98, 0xc5, 0x1e, 0x35, 0x5e, 0x89, 0x0d, 0xce, 0x64, 0x6d, 0x18, 0xa7,
+    0x5a, 0xc6, 0xf3, 0xe7, 0xd6, 0x9e, 0xc0, 0xea, 0xb7, 0x3a, 0x8d, 0x65,
+    0xb8, 0xeb, 0x10, 0xd7, 0x57, 0x18, 0xa0, 0x32
+};
+
+__fips_constseg static const unsigned char hmac_sha256_additionalinput[] = {
+    0x1b, 0x10, 0xaf, 0xac, 0xd0, 0x65, 0x95, 0xad, 0x04, 0xad, 0x03, 0x1c,
+    0xe0, 0x40, 0xd6, 0x3e, 0x1c, 0x46, 0x53, 0x39, 0x7c, 0xe2, 0xbc, 0xda,
+    0x8c, 0xa2, 0x33, 0xa7, 0x9a, 0x26, 0xd3, 0x27
+};
+
+__fips_constseg static const unsigned char hmac_sha256_int_returnedbits[] = {
+    0xba, 0x61, 0x0e, 0x55, 0xfe, 0x11, 0x8a, 0x9e, 0x0f, 0x80, 0xdf, 0x1d,
+    0x03, 0x0a, 0xfe, 0x15, 0x94, 0x28, 0x4b, 0xba, 0xf4, 0x9f, 0x51, 0x25,
+    0x88, 0xe5, 0x4e, 0xfb, 0xaf, 0xce, 0x69, 0x90
+};
+
+__fips_constseg static const unsigned char hmac_sha256_entropyinputreseed[] = {
+    0x62, 0x7f, 0x1e, 0x6b, 0xe8, 0x8e, 0xe1, 0x35, 0x7d, 0x9b, 0x4f, 0xc7,
+    0xec, 0xc8, 0xac, 0xef, 0x6b, 0x13, 0x9e, 0x05, 0x56, 0xc1, 0x08, 0xf9,
+    0x2f, 0x0f, 0x27, 0x9c, 0xd4, 0x15, 0xed, 0x2d
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha256_additionalinputreseed[] = {
+    0xc7, 0x76, 0x6e, 0xa9, 0xd2, 0xb2, 0x76, 0x40, 0x82, 0x25, 0x2c, 0xb3,
+    0x6f, 0xac, 0xe9, 0x74, 0xef, 0x8f, 0x3c, 0x8e, 0xcd, 0xf1, 0xbf, 0xb3,
+    0x49, 0x77, 0x34, 0x88, 0x52, 0x36, 0xe6, 0x2e
+};
+
+__fips_constseg static const unsigned char hmac_sha256_additionalinput2[] = {
+    0x8d, 0xb8, 0x0c, 0xd1, 0xbf, 0x70, 0xf6, 0x19, 0xc3, 0x41, 0x80, 0x9f,
+    0xe1, 0xa5, 0xa4, 0x1f, 0x2c, 0x26, 0xb1, 0xe5, 0xd8, 0xeb, 0xbe, 0xf8,
+    0xdf, 0x88, 0x6a, 0x89, 0xd6, 0x05, 0xd8, 0x9d
+};
+
+__fips_constseg static const unsigned char hmac_sha256_returnedbits[] = {
+    0x43, 0x12, 0x2a, 0x2c, 0x40, 0x53, 0x2e, 0x7c, 0x66, 0x34, 0xac, 0xc3,
+    0x43, 0xe3, 0xe0, 0x6a, 0xfc, 0xfa, 0xea, 0x87, 0x21, 0x1f, 0xe2, 0x26,
+    0xc4, 0xf9, 0x09, 0x9a, 0x0d, 0x6e, 0x7f, 0xe0
+};
+
+/* HMAC SHA-384 PR  */
+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinput[] = {
+    0x69, 0x81, 0x98, 0x88, 0x44, 0xf5, 0xd6, 0x2e, 0x00, 0x08, 0x3b, 0xc5,
+    0xfb, 0xd7, 0x8e, 0x6f, 0x23, 0xf8, 0x6d, 0x09, 0xd6, 0x85, 0x49, 0xd1,
+    0xf8, 0x6d, 0xa4, 0x58, 0x54, 0xfd, 0x88, 0xa9
+};
+
+__fips_constseg static const unsigned char hmac_sha384_pr_nonce[] = {
+    0x6e, 0x38, 0x81, 0xca, 0xb7, 0xe8, 0x6e, 0x66, 0x49, 0x8a, 0xb2, 0x59,
+    0xee, 0x16, 0xc9, 0xde
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha384_pr_personalizationstring[] = {
+    0xfe, 0x4c, 0xd9, 0xf4, 0x78, 0x3b, 0x08, 0x41, 0x8d, 0x8f, 0x55, 0xc4,
+    0x43, 0x56, 0xb6, 0x12, 0x36, 0x6b, 0x30, 0xb7, 0x5e, 0xe1, 0xb9, 0x47,
+    0x04, 0xb1, 0x4e, 0xa9, 0x00, 0xa1, 0x52, 0xa1
+};
+
+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput[] = {
+    0x89, 0xe9, 0xcc, 0x8f, 0x27, 0x3c, 0x26, 0xd1, 0x95, 0xc8, 0x7d, 0x0f,
+    0x5b, 0x1a, 0xf0, 0x78, 0x39, 0x56, 0x6f, 0xa4, 0x23, 0xe7, 0xd1, 0xda,
+    0x7c, 0x66, 0x33, 0xa0, 0x90, 0xc9, 0x92, 0x88
+};
+
+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr[] = {
+    0xbe, 0x3d, 0x7c, 0x0d, 0xca, 0xda, 0x7c, 0x49, 0xb8, 0x12, 0x36, 0xc0,
+    0xdb, 0xad, 0x35, 0xa8, 0xc7, 0x0b, 0x2a, 0x2c, 0x69, 0x6d, 0x25, 0x56,
+    0x63, 0x82, 0x11, 0x3e, 0xa7, 0x33, 0x70, 0x72
+};
+
+__fips_constseg static const unsigned char hmac_sha384_pr_int_returnedbits[] = {
+    0x82, 0x3d, 0xe6, 0x54, 0x80, 0x42, 0xf8, 0xba, 0x90, 0x4f, 0x06, 0xa6,
+    0xd2, 0x7f, 0xbf, 0x79, 0x7c, 0x12, 0x7d, 0xa6, 0xa2, 0x66, 0xe8, 0xa6,
+    0xc0, 0xd6, 0x4a, 0x55, 0xbf, 0xd8, 0x0a, 0xc5, 0xf8, 0x03, 0x88, 0xdd,
+    0x8e, 0x87, 0xd1, 0x5a, 0x48, 0x26, 0x72, 0x2a, 0x8e, 0xcf, 0xee, 0xba
+};
+
+__fips_constseg static const unsigned char hmac_sha384_pr_additionalinput2[] = {
+    0x8f, 0xff, 0xd9, 0x84, 0xbb, 0x85, 0x3a, 0x66, 0xa1, 0x21, 0xce, 0xb2,
+    0x3a, 0x3a, 0x17, 0x22, 0x19, 0xae, 0xc7, 0xb6, 0x63, 0x81, 0xd5, 0xff,
+    0x0d, 0xc8, 0xe1, 0xaf, 0x57, 0xd2, 0xcb, 0x60
+};
+
+__fips_constseg static const unsigned char hmac_sha384_pr_entropyinputpr2[] = {
+    0xd7, 0xfb, 0xc9, 0xe8, 0xe2, 0xf2, 0xaa, 0x4c, 0xb8, 0x51, 0x2f, 0xe1,
+    0x22, 0xba, 0xf3, 0xda, 0x0a, 0x19, 0x76, 0x71, 0x57, 0xb2, 0x1d, 0x94,
+    0x09, 0x69, 0x6c, 0xd3, 0x97, 0x51, 0x81, 0x87
+};
+
+__fips_constseg static const unsigned char hmac_sha384_pr_returnedbits[] = {
+    0xe6, 0x19, 0x28, 0xa8, 0x21, 0xce, 0x5e, 0xdb, 0x24, 0x79, 0x8c, 0x76,
+    0x5d, 0x73, 0xb2, 0xdf, 0xac, 0xef, 0x85, 0xa7, 0x3b, 0x19, 0x09, 0x8b,
+    0x7f, 0x98, 0x28, 0xa9, 0x93, 0xd8, 0x7a, 0xad, 0x55, 0x8b, 0x24, 0x9d,
+    0xe6, 0x98, 0xfe, 0x47, 0xd5, 0x48, 0xc1, 0x23, 0xd8, 0x1d, 0x62, 0x75
+};
+
+/* HMAC SHA-384 No PR  */
+__fips_constseg static const unsigned char hmac_sha384_entropyinput[] = {
+    0xc3, 0x56, 0x2b, 0x1d, 0xc2, 0xbb, 0xa8, 0xf0, 0xae, 0x1b, 0x0d, 0xd3,
+    0x5a, 0x6c, 0xda, 0x57, 0x8e, 0xa5, 0x8a, 0x0d, 0x6c, 0x4b, 0x18, 0xb1,
+    0x04, 0x3e, 0xb4, 0x99, 0x35, 0xc4, 0xc0, 0x5f
+};
+
+__fips_constseg static const unsigned char hmac_sha384_nonce[] = {
+    0xc5, 0x49, 0x1e, 0x66, 0x27, 0x92, 0xbe, 0xec, 0xb5, 0x1e, 0x4b, 0xb1,
+    0x38, 0xe3, 0xeb, 0x62
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha384_personalizationstring[] = {
+    0xbe, 0xe7, 0x6b, 0x57, 0xde, 0x88, 0x11, 0x96, 0x9b, 0x6e, 0xea, 0xe5,
+    0x63, 0x83, 0x4c, 0xb6, 0x8d, 0x66, 0xaa, 0x1f, 0x8b, 0x54, 0xe7, 0x62,
+    0x6d, 0x5a, 0xfc, 0xbf, 0x97, 0xba, 0xcd, 0x77
+};
+
+__fips_constseg static const unsigned char hmac_sha384_additionalinput[] = {
+    0xe5, 0x28, 0x5f, 0x43, 0xf5, 0x83, 0x6e, 0x0a, 0x83, 0x5c, 0xe3, 0x81,
+    0x03, 0xf2, 0xf8, 0x78, 0x00, 0x7c, 0x95, 0x87, 0x16, 0xd6, 0x6c, 0x58,
+    0x33, 0x6c, 0x53, 0x35, 0x0d, 0x66, 0xe3, 0xce
+};
+
+__fips_constseg static const unsigned char hmac_sha384_int_returnedbits[] = {
+    0xe2, 0x1f, 0xf3, 0xda, 0x0d, 0x19, 0x99, 0x87, 0xc4, 0x90, 0xa2, 0x31,
+    0xca, 0x2a, 0x89, 0x58, 0x43, 0x44, 0xb8, 0xde, 0xcf, 0xa4, 0xbe, 0x3b,
+    0x53, 0x26, 0x22, 0x31, 0x76, 0x41, 0x22, 0xb5, 0xa8, 0x70, 0x2f, 0x4b,
+    0x64, 0x95, 0x4d, 0x48, 0x96, 0x35, 0xe6, 0xbd, 0x3c, 0x34, 0xdb, 0x1b
+};
+
+__fips_constseg static const unsigned char hmac_sha384_entropyinputreseed[] = {
+    0x77, 0x61, 0xba, 0xbc, 0xf2, 0xc1, 0xf3, 0x4b, 0x86, 0x65, 0xfd, 0x48,
+    0x0e, 0x3c, 0x02, 0x5e, 0xa2, 0x7a, 0x6b, 0x7c, 0xed, 0x21, 0x5e, 0xf9,
+    0xcd, 0xcd, 0x77, 0x07, 0x2b, 0xbe, 0xc5, 0x5c
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha384_additionalinputreseed[] = {
+    0x18, 0x24, 0x5f, 0xc6, 0x84, 0xd1, 0x67, 0xc3, 0x9a, 0x11, 0xa5, 0x8c,
+    0x07, 0x39, 0x21, 0x83, 0x4d, 0x04, 0xc4, 0x6a, 0x28, 0x19, 0xcf, 0x92,
+    0x21, 0xd9, 0x9e, 0x41, 0x72, 0x6c, 0x9e, 0x63
+};
+
+__fips_constseg static const unsigned char hmac_sha384_additionalinput2[] = {
+    0x96, 0x67, 0x41, 0x28, 0x9b, 0xb7, 0x92, 0x8d, 0x64, 0x3b, 0xe4, 0xcf,
+    0x7e, 0xaa, 0x1e, 0xb1, 0x4b, 0x1d, 0x09, 0x56, 0x67, 0x9c, 0xc6, 0x6d,
+    0x3b, 0xe8, 0x91, 0x9d, 0xe1, 0x8a, 0xb7, 0x32
+};
+
+__fips_constseg static const unsigned char hmac_sha384_returnedbits[] = {
+    0xe3, 0x59, 0x61, 0x38, 0x92, 0xec, 0xe2, 0x3c, 0xff, 0xb7, 0xdb, 0x19,
+    0x0f, 0x5b, 0x93, 0x68, 0x0d, 0xa4, 0x94, 0x40, 0x72, 0x0b, 0xe0, 0xed,
+    0x4d, 0xcd, 0x68, 0xa0, 0x1e, 0xfe, 0x67, 0xb2, 0xfa, 0x21, 0x56, 0x74,
+    0xa4, 0xad, 0xcf, 0xb7, 0x60, 0x66, 0x2e, 0x40, 0xde, 0x82, 0xca, 0xfb
+};
+
+/* HMAC SHA-512 PR  */
+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinput[] = {
+    0xaa, 0x9e, 0x45, 0x67, 0x0e, 0x00, 0x2a, 0x67, 0x98, 0xd6, 0xda, 0x0b,
+    0x0f, 0x17, 0x7e, 0xac, 0xfd, 0x27, 0xc4, 0xca, 0x84, 0xdf, 0xde, 0xba,
+    0x85, 0xd9, 0xbe, 0x8f, 0xf3, 0xff, 0x91, 0x4d
+};
+
+__fips_constseg static const unsigned char hmac_sha512_pr_nonce[] = {
+    0x8c, 0x49, 0x2f, 0x58, 0x1e, 0x7a, 0xda, 0x4b, 0x7e, 0x8a, 0x30, 0x7b,
+    0x86, 0xea, 0xaf, 0xa2
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha512_pr_personalizationstring[] = {
+    0x71, 0xe1, 0xbb, 0xad, 0xa7, 0x4b, 0x2e, 0x31, 0x3b, 0x0b, 0xec, 0x24,
+    0x99, 0x38, 0xbc, 0xaa, 0x05, 0x4c, 0x46, 0x44, 0xfa, 0xad, 0x8e, 0x02,
+    0xc1, 0x7e, 0xad, 0xec, 0x54, 0xa6, 0xd0, 0xad
+};
+
+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput[] = {
+    0x3d, 0x6e, 0xa6, 0xa8, 0x29, 0x2a, 0xb2, 0xf5, 0x98, 0x42, 0xe4, 0x92,
+    0x78, 0x22, 0x67, 0xfd, 0x1b, 0x15, 0x1e, 0x29, 0xaa, 0x71, 0x3c, 0x3c,
+    0xe7, 0x05, 0x20, 0xa9, 0x29, 0xc6, 0x75, 0x71
+};
+
+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr[] = {
+    0xab, 0xb9, 0x16, 0xd8, 0x55, 0x35, 0x54, 0xb7, 0x97, 0x3f, 0x94, 0xbc,
+    0x2f, 0x7c, 0x70, 0xc7, 0xd0, 0xed, 0xb7, 0x4b, 0xf7, 0xf6, 0x6c, 0x03,
+    0x0c, 0xb0, 0x03, 0xd8, 0xbb, 0x71, 0xd9, 0x10
+};
+
+__fips_constseg static const unsigned char hmac_sha512_pr_int_returnedbits[] = {
+    0x8e, 0xd3, 0xfd, 0x52, 0x9e, 0x83, 0x08, 0x49, 0x18, 0x6e, 0x23, 0x56,
+    0x5c, 0x45, 0x93, 0x34, 0x05, 0xe2, 0x98, 0x8f, 0x0c, 0xd4, 0x32, 0x0c,
+    0xfd, 0xda, 0x5f, 0x92, 0x3a, 0x8c, 0x81, 0xbd, 0xf6, 0x6c, 0x55, 0xfd,
+    0xb8, 0x20, 0xce, 0x8d, 0x97, 0x27, 0xe8, 0xe8, 0xe0, 0xb3, 0x85, 0x50,
+    0xa2, 0xc2, 0xb2, 0x95, 0x1d, 0x48, 0xd3, 0x7b, 0x4b, 0x78, 0x13, 0x35,
+    0x05, 0x17, 0xbe, 0x0d
+};
+
+__fips_constseg static const unsigned char hmac_sha512_pr_additionalinput2[] = {
+    0xc3, 0xfc, 0x95, 0xaa, 0x69, 0x06, 0xae, 0x59, 0x41, 0xce, 0x26, 0x08,
+    0x29, 0x6d, 0x45, 0xda, 0xe8, 0xb3, 0x6c, 0x95, 0x60, 0x0f, 0x70, 0x2c,
+    0x10, 0xba, 0x38, 0x8c, 0xcf, 0x29, 0x99, 0xaa
+};
+
+__fips_constseg static const unsigned char hmac_sha512_pr_entropyinputpr2[] = {
+    0x3b, 0x9a, 0x25, 0xce, 0xd7, 0xf9, 0x5c, 0xd1, 0x3a, 0x3e, 0xaa, 0x71,
+    0x14, 0x3e, 0x19, 0xe8, 0xce, 0xe6, 0xfe, 0x51, 0x84, 0xe9, 0x1b, 0xfe,
+    0x3f, 0xa7, 0xf2, 0xfd, 0x76, 0x5f, 0x6a, 0xe7
+};
+
+__fips_constseg static const unsigned char hmac_sha512_pr_returnedbits[] = {
+    0xb7, 0x82, 0xa9, 0x57, 0x81, 0x67, 0x53, 0xb5, 0xa1, 0xe9, 0x3d, 0x35,
+    0xf9, 0xe4, 0x97, 0xbe, 0xa6, 0xca, 0xf1, 0x01, 0x13, 0x09, 0xe7, 0x21,
+    0xc0, 0xed, 0x93, 0x5d, 0x4b, 0xf4, 0xeb, 0x8d, 0x53, 0x25, 0x8a, 0xc4,
+    0xb1, 0x6f, 0x6e, 0x37, 0xcd, 0x2e, 0xac, 0x39, 0xb2, 0xb6, 0x99, 0xa3,
+    0x82, 0x00, 0xb0, 0x21, 0xf0, 0xc7, 0x2f, 0x4c, 0x73, 0x92, 0xfd, 0x00,
+    0xb6, 0xaf, 0xbc, 0xd3
+};
+
+/* HMAC SHA-512 No PR  */
+__fips_constseg static const unsigned char hmac_sha512_entropyinput[] = {
+    0x6e, 0x85, 0xe6, 0x25, 0x96, 0x29, 0xa7, 0x52, 0x5b, 0x60, 0xba, 0xaa,
+    0xde, 0xdb, 0x36, 0x0a, 0x51, 0x9a, 0x15, 0xae, 0x6e, 0x18, 0xd3, 0xfe,
+    0x39, 0xb9, 0x4a, 0x96, 0xf8, 0x77, 0xcb, 0x95
+};
+
+__fips_constseg static const unsigned char hmac_sha512_nonce[] = {
+    0xe0, 0xa6, 0x5d, 0x08, 0xc3, 0x7c, 0xae, 0x25, 0x2e, 0x80, 0xd1, 0x3e,
+    0xd9, 0xaf, 0x43, 0x3c
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha512_personalizationstring[] = {
+    0x53, 0x99, 0x52, 0x5f, 0x11, 0xa9, 0x64, 0x66, 0x20, 0x5e, 0x1b, 0x5f,
+    0x42, 0xb3, 0xf4, 0xda, 0xed, 0xbb, 0x63, 0xc1, 0x23, 0xaf, 0xd0, 0x01,
+    0x90, 0x3b, 0xd0, 0x78, 0xe4, 0x0b, 0xa7, 0x20
+};
+
+__fips_constseg static const unsigned char hmac_sha512_additionalinput[] = {
+    0x85, 0x90, 0x80, 0xd3, 0x98, 0xf1, 0x53, 0x6d, 0x68, 0x15, 0x8f, 0xe5,
+    0x60, 0x3f, 0x17, 0x29, 0x55, 0x8d, 0x33, 0xb1, 0x45, 0x64, 0x64, 0x8d,
+    0x50, 0x21, 0x89, 0xae, 0xf6, 0xfd, 0x32, 0x73
+};
+
+__fips_constseg static const unsigned char hmac_sha512_int_returnedbits[] = {
+    0x28, 0x56, 0x30, 0x6f, 0xf4, 0xa1, 0x48, 0xe0, 0xc9, 0xf5, 0x75, 0x90,
+    0xcc, 0xfb, 0xdf, 0xdf, 0x71, 0x3d, 0x0a, 0x9a, 0x03, 0x65, 0x3b, 0x18,
+    0x61, 0xe3, 0xd1, 0xda, 0xcc, 0x4a, 0xfe, 0x55, 0x38, 0xf8, 0x21, 0x6b,
+    0xfa, 0x18, 0x01, 0x42, 0x39, 0x2f, 0x99, 0x53, 0x38, 0x15, 0x82, 0x34,
+    0xc5, 0x93, 0x92, 0xbc, 0x4d, 0x75, 0x1a, 0x5f, 0x21, 0x27, 0xcc, 0xa1,
+    0xb1, 0x57, 0x69, 0xe8
+};
+
+__fips_constseg static const unsigned char hmac_sha512_entropyinputreseed[] = {
+    0x8c, 0x52, 0x7e, 0x77, 0x72, 0x3f, 0xa3, 0x04, 0x97, 0x10, 0x9b, 0x41,
+    0xbd, 0xe8, 0xff, 0x89, 0xed, 0x80, 0xe3, 0xbd, 0xaa, 0x12, 0x2d, 0xca,
+    0x75, 0x82, 0x36, 0x77, 0x88, 0xcd, 0xa6, 0x73
+};
+
+__fips_constseg
+    static const unsigned char hmac_sha512_additionalinputreseed[] = {
+    0x7e, 0x32, 0xe3, 0x69, 0x69, 0x07, 0x34, 0xa2, 0x16, 0xa2, 0x5d, 0x1a,
+    0x10, 0x91, 0xd3, 0xe2, 0x21, 0xa2, 0xa3, 0xdd, 0xcd, 0x0c, 0x09, 0x86,
+    0x11, 0xe1, 0x50, 0xff, 0x5c, 0xb7, 0xeb, 0x5c
+};
+
+__fips_constseg static const unsigned char hmac_sha512_additionalinput2[] = {
+    0x7f, 0x78, 0x66, 0xd8, 0xfb, 0x67, 0xcf, 0x8d, 0x8c, 0x08, 0x30, 0xa5,
+    0xf8, 0x7d, 0xcf, 0x44, 0x59, 0xce, 0xf8, 0xdf, 0x58, 0xd3, 0x60, 0xcb,
+    0xa8, 0x60, 0xb9, 0x07, 0xc4, 0xb1, 0x95, 0x48
+};
+
+__fips_constseg static const unsigned char hmac_sha512_returnedbits[] = {
+    0xdf, 0xa7, 0x36, 0xd4, 0xdc, 0x5d, 0x4d, 0x31, 0xad, 0x69, 0x46, 0x9f,
+    0xf1, 0x7c, 0xd7, 0x3b, 0x4f, 0x55, 0xf2, 0xd7, 0xb9, 0x9d, 0xad, 0x7a,
+    0x79, 0x08, 0x59, 0xa5, 0xdc, 0x74, 0xf5, 0x9b, 0x73, 0xd2, 0x13, 0x25,
+    0x0b, 0x81, 0x08, 0x08, 0x25, 0xfb, 0x39, 0xf2, 0xf0, 0xa3, 0xa4, 0x8d,
+    0xef, 0x05, 0x9e, 0xb8, 0xc7, 0x52, 0xe4, 0x0e, 0x42, 0xaa, 0x7c, 0x79,
+    0xc2, 0xd6, 0xfd, 0xa5
+};
Index: openssl-1.1.0i/crypto/fips/fips_dsa_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_dsa_selftest.c	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,195 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include "internal/fips_int.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+static const unsigned char dsa_test_2048_p[] = {
+    0xa8, 0x53, 0x78, 0xd8, 0xfd, 0x3f, 0x8d, 0x72, 0xec, 0x74, 0x18, 0x08,
+    0x0d, 0xa2, 0x13, 0x17, 0xe4, 0x3e, 0xc4, 0xb6, 0x2b, 0xa8, 0xc8, 0x62,
+    0x3b, 0x7e, 0x4d, 0x04, 0x44, 0x1d, 0xd1, 0xa0, 0x65, 0x86, 0x62, 0x59,
+    0x64, 0x93, 0xca, 0x8e, 0x9e, 0x8f, 0xbb, 0x7e, 0x34, 0xaa, 0xdd, 0xb6,
+    0x2e, 0x5d, 0x67, 0xb6, 0xd0, 0x9a, 0x6e, 0x61, 0xb7, 0x69, 0xe7, 0xc3,
+    0x52, 0xaa, 0x2b, 0x10, 0xe2, 0x0c, 0xa0, 0x63, 0x69, 0x63, 0xb5, 0x52,
+    0x3e, 0x86, 0x47, 0x0d, 0xec, 0xbb, 0xed, 0xa0, 0x27, 0xe7, 0x97, 0xe7,
+    0xb6, 0x76, 0x35, 0xd4, 0xd4, 0x9c, 0x30, 0x70, 0x0e, 0x74, 0xaf, 0x8a,
+    0x0f, 0xf1, 0x56, 0xa8, 0x01, 0xaf, 0x57, 0xa2, 0x6e, 0x70, 0x78, 0xf1,
+    0xd8, 0x2f, 0x74, 0x90, 0x8e, 0xcb, 0x6d, 0x07, 0xe7, 0x0b, 0x35, 0x03,
+    0xee, 0xd9, 0x4f, 0xa3, 0x2c, 0xf1, 0x7a, 0x7f, 0xc3, 0xd6, 0xcf, 0x40,
+    0xdc, 0x7b, 0x00, 0x83, 0x0e, 0x6a, 0x25, 0x66, 0xdc, 0x07, 0x3e, 0x34,
+    0x33, 0x12, 0x51, 0x7c, 0x6a, 0xa5, 0x15, 0x2b, 0x4b, 0xfe, 0xcd, 0x2e,
+    0x55, 0x1f, 0xee, 0x34, 0x63, 0x18, 0xa1, 0x53, 0x42, 0x3c, 0x99, 0x6b,
+    0x0d, 0x5d, 0xcb, 0x91, 0x02, 0xae, 0xdd, 0x38, 0x79, 0x86, 0x16, 0xf1,
+    0xf1, 0xe0, 0xd6, 0xc4, 0x03, 0x52, 0x5b, 0x1f, 0x9b, 0x3d, 0x4d, 0xc7,
+    0x66, 0xde, 0x2d, 0xfc, 0x4a, 0x56, 0xd7, 0xb8, 0xba, 0x59, 0x63, 0xd6,
+    0x0f, 0x3e, 0x16, 0x31, 0x88, 0x70, 0xad, 0x43, 0x69, 0x52, 0xe5, 0x57,
+    0x65, 0x37, 0x4e, 0xab, 0x85, 0xe8, 0xec, 0x17, 0xd6, 0xb9, 0xa4, 0x54,
+    0x7b, 0x9b, 0x5f, 0x27, 0x52, 0xf3, 0x10, 0x5b, 0xe8, 0x09, 0xb2, 0x3a,
+    0x2c, 0x8d, 0x74, 0x69, 0xdb, 0x02, 0xe2, 0x4d, 0x59, 0x23, 0x94, 0xa7,
+    0xdb, 0xa0, 0x69, 0xe9
+};
+
+static const unsigned char dsa_test_2048_q[] = {
+    0xd2, 0x77, 0x04, 0x4e, 0x50, 0xf5, 0xa4, 0xe3, 0xf5, 0x10, 0xa5, 0x0a,
+    0x0b, 0x84, 0xfd, 0xff, 0xbc, 0xa0, 0x47, 0xed, 0x27, 0x60, 0x20, 0x56,
+    0x74, 0x41, 0xa0, 0xa5
+};
+
+static const unsigned char dsa_test_2048_g[] = {
+    0x13, 0xd7, 0x54, 0xe2, 0x1f, 0xd2, 0x41, 0x65, 0x5d, 0xa8, 0x91, 0xc5,
+    0x22, 0xa6, 0x5a, 0x72, 0xa8, 0x9b, 0xdc, 0x64, 0xec, 0x9b, 0x54, 0xa8,
+    0x21, 0xed, 0x4a, 0x89, 0x8b, 0x49, 0x0e, 0x0c, 0x4f, 0xcb, 0x72, 0x19,
+    0x2a, 0x4a, 0x20, 0xf5, 0x41, 0xf3, 0xf2, 0x92, 0x53, 0x99, 0xf0, 0xba,
+    0xec, 0xf9, 0x29, 0xaa, 0xfb, 0xf7, 0x9d, 0xfe, 0x43, 0x32, 0x39, 0x3b,
+    0x32, 0xcd, 0x2e, 0x2f, 0xcf, 0x27, 0x2f, 0x32, 0xa6, 0x27, 0x43, 0x4a,
+    0x0d, 0xf2, 0x42, 0xb7, 0x5b, 0x41, 0x4d, 0xf3, 0x72, 0x12, 0x1e, 0x53,
+    0xa5, 0x53, 0xf2, 0x22, 0xf8, 0x36, 0xb0, 0x00, 0xf0, 0x16, 0x48, 0x5b,
+    0x6b, 0xd0, 0x89, 0x84, 0x51, 0x80, 0x1d, 0xcd, 0x8d, 0xe6, 0x4c, 0xd5,
+    0x36, 0x56, 0x96, 0xff, 0xc5, 0x32, 0xd5, 0x28, 0xc5, 0x06, 0x62, 0x0a,
+    0x94, 0x2a, 0x03, 0x05, 0x04, 0x6d, 0x8f, 0x18, 0x76, 0x34, 0x1f, 0x1e,
+    0x57, 0x0b, 0xc3, 0x97, 0x4b, 0xa6, 0xb9, 0xa4, 0x38, 0xe9, 0x70, 0x23,
+    0x02, 0xa2, 0xe6, 0xe6, 0x7b, 0xfd, 0x06, 0xd3, 0x2b, 0xc6, 0x79, 0x96,
+    0x22, 0x71, 0xd7, 0xb4, 0x0c, 0xd7, 0x2f, 0x38, 0x6e, 0x64, 0xe0, 0xd7,
+    0xef, 0x86, 0xca, 0x8c, 0xa5, 0xd1, 0x42, 0x28, 0xdc, 0x2a, 0x4f, 0x16,
+    0xe3, 0x18, 0x98, 0x86, 0xb5, 0x99, 0x06, 0x74, 0xf4, 0x20, 0x0f, 0x3a,
+    0x4c, 0xf6, 0x5a, 0x3f, 0x0d, 0xdb, 0xa1, 0xfa, 0x67, 0x2d, 0xff, 0x2f,
+    0x5e, 0x14, 0x3d, 0x10, 0xe4, 0xe9, 0x7a, 0xe8, 0x4f, 0x6d, 0xa0, 0x95,
+    0x35, 0xd5, 0xb9, 0xdf, 0x25, 0x91, 0x81, 0xa7, 0x9b, 0x63, 0xb0, 0x69,
+    0xe9, 0x49, 0x97, 0x2b, 0x02, 0xba, 0x36, 0xb3, 0x58, 0x6a, 0xab, 0x7e,
+    0x45, 0xf3, 0x22, 0xf8, 0x2e, 0x4e, 0x85, 0xca, 0x3a, 0xb8, 0x55, 0x91,
+    0xb3, 0xc2, 0xa9, 0x66
+};
+
+static const unsigned char dsa_test_2048_pub_key[] = {
+    0x24, 0x52, 0xf3, 0xcc, 0xbe, 0x9e, 0xd5, 0xca, 0x7d, 0xc7, 0x4c, 0x60,
+    0x2b, 0x99, 0x22, 0x6e, 0x8f, 0x2f, 0xab, 0x38, 0xe7, 0xd7, 0xdd, 0xfb,
+    0x75, 0x53, 0x9b, 0x17, 0x15, 0x5e, 0x9f, 0xcf, 0xd1, 0xab, 0xa5, 0x64,
+    0xeb, 0x85, 0x35, 0xd8, 0x12, 0xc9, 0xc2, 0xdc, 0xf9, 0x72, 0x84, 0x44,
+    0x1b, 0xc4, 0x82, 0x24, 0x36, 0x24, 0xc7, 0xf4, 0x57, 0x58, 0x0c, 0x1c,
+    0x38, 0xa5, 0x7c, 0x46, 0xc4, 0x57, 0x39, 0x24, 0x70, 0xed, 0xb5, 0x2c,
+    0xb5, 0xa6, 0xe0, 0x3f, 0xe6, 0x28, 0x7b, 0xb6, 0xf4, 0x9a, 0x42, 0xa2,
+    0x06, 0x5a, 0x05, 0x4f, 0x03, 0x08, 0x39, 0xdf, 0x1f, 0xd3, 0x14, 0x9c,
+    0x4c, 0xa0, 0x53, 0x1d, 0xd8, 0xca, 0x8a, 0xaa, 0x9c, 0xc7, 0x33, 0x71,
+    0x93, 0x38, 0x73, 0x48, 0x33, 0x61, 0x18, 0x22, 0x45, 0x45, 0xe8, 0x8c,
+    0x80, 0xff, 0xd8, 0x76, 0x5d, 0x74, 0x36, 0x03, 0x33, 0xcc, 0xab, 0x99,
+    0x72, 0x77, 0x9b, 0x65, 0x25, 0xa6, 0x5b, 0xdd, 0x0d, 0x10, 0xc6, 0x75,
+    0xc1, 0x09, 0xbb, 0xd3, 0xe5, 0xbe, 0x4d, 0x72, 0xef, 0x6e, 0xba, 0x6e,
+    0x43, 0x8d, 0x52, 0x26, 0x23, 0x7d, 0xb8, 0x88, 0x37, 0x9c, 0x5f, 0xcc,
+    0x47, 0xa3, 0x84, 0x7f, 0xf6, 0x37, 0x11, 0xba, 0xed, 0x6d, 0x03, 0xaf,
+    0xe8, 0x1e, 0x69, 0x4a, 0x41, 0x3b, 0x68, 0x0b, 0xd3, 0x8a, 0xb4, 0x90,
+    0x3f, 0x83, 0x70, 0xa7, 0x07, 0xef, 0x55, 0x1d, 0x49, 0x41, 0x02, 0x6d,
+    0x95, 0x79, 0xd6, 0x91, 0xde, 0x8e, 0xda, 0xa1, 0x61, 0x05, 0xeb, 0x9d,
+    0xba, 0x3c, 0x2f, 0x4c, 0x1b, 0xec, 0x50, 0x82, 0x75, 0xaa, 0x02, 0x07,
+    0xe2, 0x51, 0xb5, 0xec, 0xcb, 0x28, 0x6a, 0x4b, 0x01, 0xd4, 0x49, 0xd3,
+    0x0a, 0xcb, 0x67, 0x37, 0x17, 0xa0, 0xd2, 0xfb, 0x3b, 0x50, 0xc8, 0x93,
+    0xf7, 0xda, 0xb1, 0x4f
+};
+
+static const unsigned char dsa_test_2048_priv_key[] = {
+    0x0c, 0x4b, 0x30, 0x89, 0xd1, 0xb8, 0x62, 0xcb, 0x3c, 0x43, 0x64, 0x91,
+    0xf0, 0x91, 0x54, 0x70, 0xc5, 0x27, 0x96, 0xe3, 0xac, 0xbe, 0xe8, 0x00,
+    0xec, 0x55, 0xf6, 0xcc
+};
+
+int FIPS_selftest_dsa()
+{
+    DSA *dsa = NULL;
+    EVP_PKEY *pk = NULL;
+    int ret = -1;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
+
+    fips_load_key_component(p, dsa_test_2048);
+    fips_load_key_component(q, dsa_test_2048);
+    fips_load_key_component(g, dsa_test_2048);
+    fips_load_key_component(pub_key, dsa_test_2048);
+    fips_load_key_component(priv_key, dsa_test_2048);
+
+    dsa = DSA_new();
+
+    if (dsa == NULL)
+        goto err;
+
+    DSA_set0_pqg(dsa, p, q, g);
+
+    DSA_set0_key(dsa, pub_key, priv_key);
+
+    if ((pk = EVP_PKEY_new()) == NULL)
+        goto err;
+
+    EVP_PKEY_assign_DSA(pk, dsa);
+
+    if (!fips_pkey_signature_test(pk, NULL, 0,
+                                  NULL, 0, EVP_sha256(), 0, "DSA SHA256"))
+        goto err;
+    ret = 1;
+
+ err:
+    if (pk)
+        EVP_PKEY_free(pk);
+    else if (dsa)
+        DSA_free(dsa);
+    else {
+        BN_free(p);
+        BN_free(q);
+        BN_free(g);
+        BN_free(pub_key);
+        BN_free(priv_key);
+    }
+    return ret;
+}
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_ecdh_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_ecdh_selftest.c	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,242 @@
+/* fips/ecdh/fips_ecdh_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2011.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+# include "fips_locl.h"
+
+static const unsigned char p256_qcavsx[] = {
+    0x52, 0xc6, 0xa5, 0x75, 0xf3, 0x04, 0x98, 0xb3, 0x29, 0x66, 0x0c, 0x62,
+    0x18, 0x60, 0x55, 0x41, 0x59, 0xd4, 0x60, 0x85, 0x99, 0xc1, 0x51, 0x13,
+    0x6f, 0x97, 0x85, 0x93, 0x33, 0x34, 0x07, 0x50
+};
+
+static const unsigned char p256_qcavsy[] = {
+    0x6f, 0x69, 0x24, 0xeb, 0xe9, 0x3b, 0xa7, 0xcc, 0x47, 0x17, 0xaa, 0x3f,
+    0x70, 0xfc, 0x10, 0x73, 0x0a, 0xcd, 0x21, 0xee, 0x29, 0x19, 0x1f, 0xaf,
+    0xb4, 0x1c, 0x1e, 0xc2, 0x8e, 0x97, 0x81, 0x6e
+};
+
+static const unsigned char p256_qiutx[] = {
+    0x71, 0x46, 0x88, 0x08, 0x92, 0x21, 0x1b, 0x10, 0x21, 0x74, 0xff, 0x0c,
+    0x94, 0xde, 0x34, 0x7c, 0x86, 0x74, 0xbe, 0x67, 0x41, 0x68, 0xd4, 0xc1,
+    0xe5, 0x75, 0x63, 0x9c, 0xa7, 0x46, 0x93, 0x6f
+};
+
+static const unsigned char p256_qiuty[] = {
+    0x33, 0x40, 0xa9, 0x6a, 0xf5, 0x20, 0xb5, 0x9e, 0xfc, 0x60, 0x1a, 0xae,
+    0x3d, 0xf8, 0x21, 0xd2, 0xa7, 0xca, 0x52, 0x34, 0xb9, 0x5f, 0x27, 0x75,
+    0x6c, 0x81, 0xbe, 0x32, 0x4d, 0xba, 0xbb, 0xf8
+};
+
+static const unsigned char p256_qiutd[] = {
+    0x1a, 0x48, 0x55, 0x6b, 0x11, 0xbe, 0x92, 0xd4, 0x1c, 0xd7, 0x45, 0xc3,
+    0x82, 0x81, 0x51, 0xf1, 0x23, 0x40, 0xb7, 0x83, 0xfd, 0x01, 0x6d, 0xbc,
+    0xa1, 0x66, 0xaf, 0x0a, 0x03, 0x23, 0xcd, 0xc8
+};
+
+static const unsigned char p256_ziut[] = {
+    0x77, 0x2a, 0x1e, 0x37, 0xee, 0xe6, 0x51, 0x02, 0x71, 0x40, 0xf8, 0x6a,
+    0x36, 0xf8, 0x65, 0x61, 0x2b, 0x18, 0x71, 0x82, 0x23, 0xe6, 0xf2, 0x77,
+    0xce, 0xec, 0xb8, 0x49, 0xc7, 0xbf, 0x36, 0x4f
+};
+
+typedef struct {
+    int curve;
+    const unsigned char *x1;
+    size_t x1len;
+    const unsigned char *y1;
+    size_t y1len;
+    const unsigned char *d1;
+    size_t d1len;
+    const unsigned char *x2;
+    size_t x2len;
+    const unsigned char *y2;
+    size_t y2len;
+    const unsigned char *z;
+    size_t zlen;
+} ECDH_SELFTEST_DATA;
+
+# define make_ecdh_test(nid, pr) { nid, \
+                                pr##_qiutx, sizeof(pr##_qiutx), \
+                                pr##_qiuty, sizeof(pr##_qiuty), \
+                                pr##_qiutd, sizeof(pr##_qiutd), \
+                                pr##_qcavsx, sizeof(pr##_qcavsx), \
+                                pr##_qcavsy, sizeof(pr##_qcavsy), \
+                                pr##_ziut, sizeof(pr##_ziut) }
+
+static ECDH_SELFTEST_DATA test_ecdh_data[] = {
+    make_ecdh_test(NID_X9_62_prime256v1, p256),
+};
+
+int FIPS_selftest_ecdh(void)
+{
+    EC_KEY *ec1 = NULL, *ec2 = NULL;
+    const EC_POINT *ecp = NULL;
+    BIGNUM *x = NULL, *y = NULL, *d = NULL;
+    unsigned char *ztmp = NULL;
+    int rv = 1;
+    size_t i;
+
+    for (i = 0; i < sizeof(test_ecdh_data) / sizeof(ECDH_SELFTEST_DATA); i++) {
+        ECDH_SELFTEST_DATA *ecd = test_ecdh_data + i;
+        if (!fips_post_started(FIPS_TEST_ECDH, ecd->curve, 0))
+            continue;
+        ztmp = OPENSSL_malloc(ecd->zlen);
+
+        x = BN_bin2bn(ecd->x1, ecd->x1len, x);
+        y = BN_bin2bn(ecd->y1, ecd->y1len, y);
+        d = BN_bin2bn(ecd->d1, ecd->d1len, d);
+
+        if (!x || !y || !d || !ztmp) {
+            rv = -1;
+            goto err;
+        }
+
+        ec1 = EC_KEY_new_by_curve_name(ecd->curve);
+        if (!ec1) {
+            rv = -1;
+            goto err;
+        }
+        EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
+
+        if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) {
+            rv = -1;
+            goto err;
+        }
+
+        if (!EC_KEY_set_private_key(ec1, d)) {
+            rv = -1;
+            goto err;
+        }
+
+        x = BN_bin2bn(ecd->x2, ecd->x2len, x);
+        y = BN_bin2bn(ecd->y2, ecd->y2len, y);
+
+        if (!x || !y) {
+            rv = -1;
+            goto err;
+        }
+
+        ec2 = EC_KEY_new_by_curve_name(ecd->curve);
+        if (!ec2) {
+            rv = -1;
+            goto err;
+        }
+        EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
+
+        if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) {
+            rv = -1;
+            goto err;
+        }
+
+        ecp = EC_KEY_get0_public_key(ec2);
+        if (!ecp) {
+            rv = -1;
+            goto err;
+        }
+
+        if (!ECDH_compute_key(ztmp, ecd->zlen, ecp, ec1, 0)) {
+            rv = -1;
+            goto err;
+        }
+
+        if (!fips_post_corrupt(FIPS_TEST_ECDH, ecd->curve, NULL))
+            ztmp[0] ^= 0x1;
+
+        if (memcmp(ztmp, ecd->z, ecd->zlen)) {
+            fips_post_failed(FIPS_TEST_ECDH, ecd->curve, 0);
+            rv = 0;
+        } else if (!fips_post_success(FIPS_TEST_ECDH, ecd->curve, 0))
+            goto err;
+
+        EC_KEY_free(ec1);
+        ec1 = NULL;
+        EC_KEY_free(ec2);
+        ec2 = NULL;
+        OPENSSL_free(ztmp);
+        ztmp = NULL;
+    }
+
+ err:
+
+    if (x)
+        BN_clear_free(x);
+    if (y)
+        BN_clear_free(y);
+    if (d)
+        BN_clear_free(d);
+    if (ec1)
+        EC_KEY_free(ec1);
+    if (ec2)
+        EC_KEY_free(ec2);
+    if (ztmp)
+        OPENSSL_free(ztmp);
+
+    return rv;
+
+}
+
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_ecdsa_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_ecdsa_selftest.c	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,166 @@
+/* fips/ecdsa/fips_ecdsa_selftest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2011.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/fips.h>
+#include "internal/fips_int.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+static const char P_256_name[] = "ECDSA P-256";
+
+static const unsigned char P_256_d[] = {
+    0x51, 0xbd, 0x06, 0xa1, 0x1c, 0xda, 0xe2, 0x12, 0x99, 0xc9, 0x52, 0x3f,
+    0xea, 0xa4, 0xd2, 0xd1, 0xf4, 0x7f, 0xd4, 0x3e, 0xbd, 0xf8, 0xfc, 0x87,
+    0xdc, 0x82, 0x53, 0x21, 0xee, 0xa0, 0xdc, 0x64
+};
+
+static const unsigned char P_256_qx[] = {
+    0x23, 0x89, 0xe0, 0xf4, 0x69, 0xe0, 0x49, 0xe5, 0xc7, 0xe5, 0x40, 0x6e,
+    0x8f, 0x25, 0xdd, 0xad, 0x11, 0x16, 0x14, 0x9b, 0xab, 0x44, 0x06, 0x31,
+    0xbf, 0x5e, 0xa6, 0x44, 0xac, 0x86, 0x00, 0x07
+};
+
+static const unsigned char P_256_qy[] = {
+    0xb3, 0x05, 0x0d, 0xd0, 0xdc, 0xf7, 0x40, 0xe6, 0xf9, 0xd8, 0x6d, 0x7b,
+    0x63, 0xca, 0x97, 0xe6, 0x12, 0xf9, 0xd4, 0x18, 0x59, 0xbe, 0xb2, 0x5e,
+    0x4a, 0x6a, 0x77, 0x23, 0xf4, 0x11, 0x9d, 0xeb
+};
+
+typedef struct {
+    int curve;
+    const char *name;
+    const unsigned char *x;
+    size_t xlen;
+    const unsigned char *y;
+    size_t ylen;
+    const unsigned char *d;
+    size_t dlen;
+} EC_SELFTEST_DATA;
+
+# define make_ecdsa_test(nid, pr) { nid, pr##_name, \
+                                pr##_qx, sizeof(pr##_qx), \
+                                pr##_qy, sizeof(pr##_qy), \
+                                pr##_d, sizeof(pr##_d)}
+
+static EC_SELFTEST_DATA test_ec_data[] = {
+    make_ecdsa_test(NID_X9_62_prime256v1, P_256),
+};
+
+int FIPS_selftest_ecdsa()
+{
+    EC_KEY *ec = NULL;
+    BIGNUM *x = NULL, *y = NULL, *d = NULL;
+    EVP_PKEY *pk = NULL;
+    int rv = 0;
+    size_t i;
+
+    for (i = 0; i < sizeof(test_ec_data) / sizeof(EC_SELFTEST_DATA); i++) {
+        EC_SELFTEST_DATA *ecd = test_ec_data + i;
+
+        x = BN_bin2bn(ecd->x, ecd->xlen, x);
+        y = BN_bin2bn(ecd->y, ecd->ylen, y);
+        d = BN_bin2bn(ecd->d, ecd->dlen, d);
+
+        if (!x || !y || !d)
+            goto err;
+
+        ec = EC_KEY_new_by_curve_name(ecd->curve);
+        if (!ec)
+            goto err;
+
+        if (!EC_KEY_set_public_key_affine_coordinates(ec, x, y))
+            goto err;
+
+        if (!EC_KEY_set_private_key(ec, d))
+            goto err;
+
+        if ((pk = EVP_PKEY_new()) == NULL)
+            goto err;
+
+        EVP_PKEY_assign_EC_KEY(pk, ec);
+
+        if (!fips_pkey_signature_test(pk, NULL, 0,
+                                      NULL, 0, EVP_sha256(), 0, ecd->name))
+            goto err;
+    }
+
+    rv = 1;
+
+ err:
+
+    if (x)
+        BN_clear_free(x);
+    if (y)
+        BN_clear_free(y);
+    if (d)
+        BN_clear_free(d);
+    if (pk)
+        EVP_PKEY_free(pk);
+    else if (ec)
+        EC_KEY_free(ec);
+
+    return rv;
+
+}
+
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_enc.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_enc.c	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,189 @@
+/* fipe/evp/fips_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
+{
+    switch (nid) {
+    case NID_aes_128_cbc:
+        return EVP_aes_128_cbc();
+
+    case NID_aes_128_ccm:
+        return EVP_aes_128_ccm();
+
+    case NID_aes_128_cfb1:
+        return EVP_aes_128_cfb1();
+
+    case NID_aes_128_cfb128:
+        return EVP_aes_128_cfb128();
+
+    case NID_aes_128_cfb8:
+        return EVP_aes_128_cfb8();
+
+    case NID_aes_128_ctr:
+        return EVP_aes_128_ctr();
+
+    case NID_aes_128_ecb:
+        return EVP_aes_128_ecb();
+
+    case NID_aes_128_gcm:
+        return EVP_aes_128_gcm();
+
+    case NID_aes_128_ofb128:
+        return EVP_aes_128_ofb();
+
+    case NID_aes_128_xts:
+        return EVP_aes_128_xts();
+
+    case NID_aes_192_cbc:
+        return EVP_aes_192_cbc();
+
+    case NID_aes_192_ccm:
+        return EVP_aes_192_ccm();
+
+    case NID_aes_192_cfb1:
+        return EVP_aes_192_cfb1();
+
+    case NID_aes_192_cfb128:
+        return EVP_aes_192_cfb128();
+
+    case NID_aes_192_cfb8:
+        return EVP_aes_192_cfb8();
+
+    case NID_aes_192_ctr:
+        return EVP_aes_192_ctr();
+
+    case NID_aes_192_ecb:
+        return EVP_aes_192_ecb();
+
+    case NID_aes_192_gcm:
+        return EVP_aes_192_gcm();
+
+    case NID_aes_192_ofb128:
+        return EVP_aes_192_ofb();
+
+    case NID_aes_256_cbc:
+        return EVP_aes_256_cbc();
+
+    case NID_aes_256_ccm:
+        return EVP_aes_256_ccm();
+
+    case NID_aes_256_cfb1:
+        return EVP_aes_256_cfb1();
+
+    case NID_aes_256_cfb128:
+        return EVP_aes_256_cfb128();
+
+    case NID_aes_256_cfb8:
+        return EVP_aes_256_cfb8();
+
+    case NID_aes_256_ctr:
+        return EVP_aes_256_ctr();
+
+    case NID_aes_256_ecb:
+        return EVP_aes_256_ecb();
+
+    case NID_aes_256_gcm:
+        return EVP_aes_256_gcm();
+
+    case NID_aes_256_ofb128:
+        return EVP_aes_256_ofb();
+
+    case NID_aes_256_xts:
+        return EVP_aes_256_xts();
+
+    case NID_des_ede_ecb:
+        return EVP_des_ede();
+
+    case NID_des_ede3_ecb:
+        return EVP_des_ede3();
+
+    case NID_des_ede3_cbc:
+        return EVP_des_ede3_cbc();
+
+    case NID_des_ede3_cfb1:
+        return EVP_des_ede3_cfb1();
+
+    case NID_des_ede3_cfb64:
+        return EVP_des_ede3_cfb64();
+
+    case NID_des_ede3_cfb8:
+        return EVP_des_ede3_cfb8();
+
+    case NID_des_ede3_ofb64:
+        return EVP_des_ede3_ofb();
+
+    case NID_des_ede_cbc:
+        return EVP_des_ede_cbc();
+
+    case NID_des_ede_cfb64:
+        return EVP_des_ede_cfb64();
+
+    case NID_des_ede_ofb64:
+        return EVP_des_ede_ofb();
+
+    default:
+        return NULL;
+
+    }
+}
Index: openssl-1.1.0i/crypto/fips/fips_err.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_err.h	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,196 @@
+/* crypto/fips_err.h */
+/* ====================================================================
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
+
+static ERR_STRING_DATA FIPS_str_functs[] = {
+    {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"},
+    {ERR_FUNC(FIPS_F_DRBG_RESEED), "drbg_reseed"},
+    {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"},
+    {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
+    {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
+    {ERR_FUNC(FIPS_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
+    {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_NEW), "EVP_CIPHER_CTX_new"},
+    {ERR_FUNC(FIPS_F_EVP_CIPHER_CTX_RESET), "EVP_CIPHER_CTX_reset"},
+    {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "fips_check_dsa"},
+    {ERR_FUNC(FIPS_F_FIPS_CHECK_EC), "fips_check_ec"},
+    {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "fips_drbg_bytes"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "fips_drbg_check"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "fips_drbg_cprng_test"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "fips_drbg_error_check"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"},
+    {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"},
+    {ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "fips_get_entropy"},
+    {ERR_FUNC(FIPS_F_FIPS_MODULE_MODE_SET), "FIPS_module_mode_set"},
+    {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"},
+    {ERR_FUNC(FIPS_F_FIPS_RAND_BYTES), "FIPS_rand_bytes"},
+    {ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"},
+    {ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"},
+    {ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"},
+    {ERR_FUNC(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_XTS), "FIPS_selftest_aes_xts"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
+    {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA2), "FIPS_selftest_sha2"},
+    {ERR_FUNC(FIPS_F_OSSL_ECDSA_SIGN_SIG), "ossl_ecdsa_sign_sig"},
+    {ERR_FUNC(FIPS_F_OSSL_ECDSA_VERIFY_SIG), "ossl_ecdsa_verify_sig"},
+    {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"},
+    {ERR_FUNC(FIPS_F_RSA_OSSL_INIT), "rsa_ossl_init"},
+    {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
+    {ERR_FUNC(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
+    {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
+    {ERR_FUNC(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA FIPS_str_reasons[] = {
+    {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
+     "additional input error undetected"},
+    {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
+     "additional input too long"},
+    {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED), "already instantiated"},
+    {ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED), "drbg not initialised"},
+    {ERR_REASON(FIPS_R_DRBG_STUCK), "drbg stuck"},
+    {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED), "entropy error undetected"},
+    {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
+     "entropy not requested for reseed"},
+    {ERR_REASON(FIPS_R_ENTROPY_SOURCE_STUCK), "entropy source stuck"},
+    {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG), "error initialising drbg"},
+    {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"},
+    {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
+     "error retrieving additional input"},
+    {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY), "error retrieving entropy"},
+    {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE), "error retrieving nonce"},
+    {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
+     "fingerprint does not match"},
+    {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"},
+    {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"},
+    {ERR_REASON(FIPS_R_FUNCTION_ERROR), "function error"},
+    {ERR_REASON(FIPS_R_GENERATE_ERROR), "generate error"},
+    {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),
+     "generate error undetected"},
+    {ERR_REASON(FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
+    {ERR_REASON(FIPS_R_INTERNAL_ERROR), "internal error"},
+    {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_REASON(FIPS_R_IN_ERROR_STATE), "in error state"},
+    {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"},
+    {ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED), "nonce error undetected"},
+    {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"},
+    {ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE), "nopr test1 failure"},
+    {ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE), "nopr test2 failure"},
+    {ERR_REASON(FIPS_R_NOT_INSTANTIATED), "not instantiated"},
+    {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"},
+    {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
+     "personalisation error undetected"},
+    {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),
+     "personalisation string too long"},
+    {ERR_REASON(FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
+    {ERR_REASON(FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
+    {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
+     "request length error undetected"},
+    {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
+     "request too large for drbg"},
+    {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR), "reseed counter error"},
+    {ERR_REASON(FIPS_R_RESEED_ERROR), "reseed error"},
+    {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"},
+    {ERR_REASON(FIPS_R_SELFTEST_FAILURE), "selftest failure"},
+    {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"},
+    {ERR_REASON(FIPS_R_UNINSTANTIATE_ERROR), "uninstantiate error"},
+    {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
+     "uninstantiate zeroise error"},
+    {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE), "unsupported drbg type"},
+    {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_FIPS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, FIPS_str_functs);
+        ERR_load_strings(0, FIPS_str_reasons);
+    }
+#endif
+    return 1;
+}
Index: openssl-1.1.0i/crypto/fips/fips_ers.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_ers.c	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+# include "fips_err.h"
+#else
+static void *dummy = &dummy;
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_hmac_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_hmac_selftest.c	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,134 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+#include <openssl/hmac.h>
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+    const EVP_MD *(*alg) (void);
+    const char *key, *iv;
+    unsigned char kaval[EVP_MAX_MD_SIZE];
+} HMAC_KAT;
+
+static const HMAC_KAT vector[] = {
+    {EVP_sha1,
+     /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
+     "0123456789:;<=>?@ABC",
+     "Sample #2",
+     {0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19,
+      0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c,
+      0xc6, 0xc7, 0x5d, 0x24}
+     },
+    {EVP_sha224,
+     /* just keep extending the above... */
+     "0123456789:;<=>?@ABC",
+     "Sample #2",
+     {0xdd, 0xef, 0x0a, 0x40, 0xcb, 0x7d, 0x50, 0xfb,
+      0x6e, 0xe6, 0xce, 0xa1, 0x20, 0xba, 0x26, 0xaa,
+      0x08, 0xf3, 0x07, 0x75, 0x87, 0xb8, 0xad, 0x1b,
+      0x8c, 0x8d, 0x12, 0xc7}
+     },
+    {EVP_sha256,
+     "0123456789:;<=>?@ABC",
+     "Sample #2",
+     {0xb8, 0xf2, 0x0d, 0xb5, 0x41, 0xea, 0x43, 0x09,
+      0xca, 0x4e, 0xa9, 0x38, 0x0c, 0xd0, 0xe8, 0x34,
+      0xf7, 0x1f, 0xbe, 0x91, 0x74, 0xa2, 0x61, 0x38,
+      0x0d, 0xc1, 0x7e, 0xae, 0x6a, 0x34, 0x51, 0xd9}
+     },
+    {EVP_sha384,
+     "0123456789:;<=>?@ABC",
+     "Sample #2",
+     {0x08, 0xbc, 0xb0, 0xda, 0x49, 0x1e, 0x87, 0xad,
+      0x9a, 0x1d, 0x6a, 0xce, 0x23, 0xc5, 0x0b, 0xf6,
+      0xb7, 0x18, 0x06, 0xa5, 0x77, 0xcd, 0x49, 0x04,
+      0x89, 0xf1, 0xe6, 0x23, 0x44, 0x51, 0x51, 0x9f,
+      0x85, 0x56, 0x80, 0x79, 0x0c, 0xbd, 0x4d, 0x50,
+      0xa4, 0x5f, 0x29, 0xe3, 0x93, 0xf0, 0xe8, 0x7f}
+     },
+    {EVP_sha512,
+     "0123456789:;<=>?@ABC",
+     "Sample #2",
+     {0x80, 0x9d, 0x44, 0x05, 0x7c, 0x5b, 0x95, 0x41,
+      0x05, 0xbd, 0x04, 0x13, 0x16, 0xdb, 0x0f, 0xac,
+      0x44, 0xd5, 0xa4, 0xd5, 0xd0, 0x89, 0x2b, 0xd0,
+      0x4e, 0x86, 0x64, 0x12, 0xc0, 0x90, 0x77, 0x68,
+      0xf1, 0x87, 0xb7, 0x7c, 0x4f, 0xae, 0x2c, 0x2f,
+      0x21, 0xa5, 0xb5, 0x65, 0x9a, 0x4f, 0x4b, 0xa7,
+      0x47, 0x02, 0xa3, 0xde, 0x9b, 0x51, 0xf1, 0x45,
+      0xbd, 0x4f, 0x25, 0x27, 0x42, 0x98, 0x99, 0x05}
+     },
+};
+
+int FIPS_selftest_hmac()
+{
+    int n;
+    unsigned int outlen;
+    unsigned char out[EVP_MAX_MD_SIZE];
+    const EVP_MD *md;
+    const HMAC_KAT *t;
+
+    for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
+        md = (*t->alg) ();
+        HMAC(md, t->key, strlen(t->key),
+             (const unsigned char *)t->iv, strlen(t->iv), out, &outlen);
+
+        if (memcmp(out, t->kaval, outlen)) {
+            FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED);
+            return 0;
+        }
+    }
+    return 1;
+}
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_locl.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_locl.h	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,71 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef OPENSSL_FIPS
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define FIPS_MAX_CIPHER_TEST_SIZE       32
+# define fips_load_key_component(comp, pre) \
+        comp = BN_bin2bn(pre##_##comp, sizeof(pre##_##comp), NULL); \
+        if (!comp) \
+                goto err
+
+# define fips_post_started(id, subid, ex) 1
+# define fips_post_success(id, subid, ex) 1
+# define fips_post_failed(id, subid, ex) 1
+# define fips_post_corrupt(id, subid, ex) 1
+# define fips_post_status() 1
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_md.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_md.c	2019-01-18 12:58:06.870013851 +0100
@@ -0,0 +1,144 @@
+/* fips/evp/fips_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Minimal standalone FIPS versions of Digest operations */
+
+#define OPENSSL_FIPSAPI
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+const EVP_MD *FIPS_get_digestbynid(int nid)
+{
+    switch (nid) {
+    case NID_sha1:
+        return EVP_sha1();
+
+    case NID_sha224:
+        return EVP_sha224();
+
+    case NID_sha256:
+        return EVP_sha256();
+
+    case NID_sha384:
+        return EVP_sha384();
+
+    case NID_sha512:
+        return EVP_sha512();
+
+    default:
+        return NULL;
+    }
+}
Index: openssl-1.1.0i/crypto/fips/fips_post.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_post.c	2019-01-18 12:58:06.874013873 +0100
@@ -0,0 +1,222 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/hmac.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <limits.h>
+
+#ifdef OPENSSL_FIPS
+
+/* Power on self test (POST) support functions */
+
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+# include "fips_locl.h"
+
+/* Run all selftests */
+int FIPS_selftest(void)
+{
+    int rv = 1;
+    if (!FIPS_selftest_drbg())
+        rv = 0;
+    if (!FIPS_selftest_sha1())
+        rv = 0;
+    if (!FIPS_selftest_sha2())
+        rv = 0;
+    if (!FIPS_selftest_hmac())
+        rv = 0;
+    if (!FIPS_selftest_cmac())
+        rv = 0;
+    if (!FIPS_selftest_aes())
+        rv = 0;
+    if (!FIPS_selftest_aes_ccm())
+        rv = 0;
+    if (!FIPS_selftest_aes_gcm())
+        rv = 0;
+    if (!FIPS_selftest_aes_xts())
+        rv = 0;
+    if (!FIPS_selftest_des())
+        rv = 0;
+    if (!FIPS_selftest_rsa())
+        rv = 0;
+    if (!FIPS_selftest_ecdsa())
+        rv = 0;
+    if (!FIPS_selftest_dsa())
+        rv = 0;
+    if (!FIPS_selftest_dh())
+        rv = 0;
+    if (!FIPS_selftest_ecdh())
+        rv = 0;
+    return rv;
+}
+
+/* Generalized public key test routine. Signs and verifies the data
+ * supplied in tbs using mesage digest md and setting option digest
+ * flags md_flags. If the 'kat' parameter is not NULL it will
+ * additionally check the signature matches it: a known answer test
+ * The string "fail_str" is used for identification purposes in case
+ * of failure. If "pkey" is NULL just perform a message digest check.
+ */
+
+int fips_pkey_signature_test(EVP_PKEY *pkey,
+                             const unsigned char *tbs, int tbslen,
+                             const unsigned char *kat, unsigned int katlen,
+                             const EVP_MD *digest, unsigned int flags,
+                             const char *fail_str)
+{
+    int ret = 0;
+    unsigned char sigtmp[256], *sig = sigtmp;
+    size_t siglen = sizeof(sigtmp);
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx;
+
+    if (digest == NULL)
+        digest = EVP_sha256();
+
+    mctx = EVP_MD_CTX_new();
+
+    if ((EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
+        && (RSA_size(EVP_PKEY_get0_RSA(pkey)) > sizeof(sigtmp))) {
+        sig = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pkey)));
+        siglen = RSA_size(EVP_PKEY_get0_RSA(pkey));
+    }
+    if (!sig || ! mctx) {
+        EVP_MD_CTX_free(mctx);
+        FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (tbslen == -1)
+        tbslen = strlen((char *)tbs);
+
+    if (EVP_DigestSignInit(mctx, &pctx, digest, NULL, pkey) <= 0)
+        goto error;
+
+    if (flags == EVP_MD_CTX_FLAG_PAD_PSS) {
+        EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING);
+        EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0);
+    }
+
+    if (EVP_DigestSignUpdate(mctx, tbs, tbslen) <= 0)
+        goto error;
+
+    if (EVP_DigestSignFinal(mctx, sig, &siglen) <= 0)
+        goto error;
+
+    if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
+        goto error;
+
+    if (EVP_DigestVerifyInit(mctx, &pctx, digest, NULL, pkey) <= 0)
+        goto error;
+
+    if (flags == EVP_MD_CTX_FLAG_PAD_PSS) {
+        EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING);
+        EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 0);
+    }
+
+    if (EVP_DigestVerifyUpdate(mctx, tbs, tbslen) <= 0)
+        goto error;
+
+    ret = EVP_DigestVerifyFinal(mctx, sig, siglen);
+
+ error:
+    if (sig != sigtmp)
+        OPENSSL_free(sig);
+    EVP_MD_CTX_free(mctx);
+    if (ret <= 0) {
+        FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, FIPS_R_TEST_FAILURE);
+        if (fail_str)
+            ERR_add_error_data(2, "Type=", fail_str);
+        return 0;
+    }
+    return 1;
+}
+
+/* Generalized symmetric cipher test routine. Encrypt data, verify result
+ * against known answer, decrypt and compare with original plaintext.
+ */
+
+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                     const unsigned char *key,
+                     const unsigned char *iv,
+                     const unsigned char *plaintext,
+                     const unsigned char *ciphertext, int len)
+{
+    unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
+    unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
+
+    OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
+    memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
+    memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
+
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
+        return 0;
+    if (EVP_Cipher(ctx, citmp, plaintext, len) <= 0)
+        return 0;
+    if (memcmp(citmp, ciphertext, len))
+        return 0;
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
+        return 0;
+    if (EVP_Cipher(ctx, pltmp, citmp, len) <= 0)
+        return 0;
+    if (memcmp(pltmp, plaintext, len))
+        return 0;
+    return 1;
+}
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_rand_lcl.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_rand_lcl.h	2019-01-18 12:58:06.874013873 +0100
@@ -0,0 +1,209 @@
+/* fips/rand/fips_rand_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+typedef struct drbg_hash_ctx_st DRBG_HASH_CTX;
+typedef struct drbg_hmac_ctx_st DRBG_HMAC_CTX;
+typedef struct drbg_ctr_ctx_st DRBG_CTR_CTX;
+
+/* 888 bits from 10.1 table 2 */
+#define HASH_PRNG_MAX_SEEDLEN   111
+
+struct drbg_hash_ctx_st {
+    const EVP_MD *md;
+    EVP_MD_CTX *mctx;
+    unsigned char V[HASH_PRNG_MAX_SEEDLEN];
+    unsigned char C[HASH_PRNG_MAX_SEEDLEN];
+    /* Temporary value storage: should always exceed max digest length */
+    unsigned char vtmp[HASH_PRNG_MAX_SEEDLEN];
+};
+
+struct drbg_hmac_ctx_st {
+    const EVP_MD *md;
+    HMAC_CTX *hctx;
+    unsigned char K[EVP_MAX_MD_SIZE];
+    unsigned char V[EVP_MAX_MD_SIZE];
+};
+
+struct drbg_ctr_ctx_st {
+    AES_KEY ks;
+    size_t keylen;
+    unsigned char K[32];
+    unsigned char V[16];
+    /* Temp variables used by derivation function */
+    AES_KEY df_ks;
+    AES_KEY df_kxks;
+    /* Temporary block storage used by ctr_df */
+    unsigned char bltmp[16];
+    size_t bltmp_pos;
+    unsigned char KX[48];
+};
+
+/* DRBG internal flags */
+
+/* Functions shouldn't call err library */
+#define DRBG_FLAG_NOERR                 0x1
+/* Custom reseed checking */
+#define DRBG_CUSTOM_RESEED              0x2
+
+/* DRBG status values */
+/* not initialised */
+#define DRBG_STATUS_UNINITIALISED       0
+/* ok and ready to generate random bits */
+#define DRBG_STATUS_READY               1
+/* reseed required */
+#define DRBG_STATUS_RESEED              2
+/* fatal error condition */
+#define DRBG_STATUS_ERROR               3
+
+/* A default maximum length: larger than any reasonable value used in pratice */
+
+#define DRBG_MAX_LENGTH                 0x7ffffff0
+/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
+ * so use max digest length.
+ */
+#define DRBG_MAX_BLOCK                  EVP_MAX_MD_SIZE
+
+#define DRBG_HEALTH_INTERVAL            (1 << 24)
+
+/* DRBG context structure */
+
+struct drbg_ctx_st {
+    /* First types common to all implementations */
+    /* DRBG type: a NID for the underlying algorithm */
+    int type;
+    /* Various external flags */
+    unsigned int xflags;
+    /* Various internal use only flags */
+    unsigned int iflags;
+    /* Used for periodic health checks */
+    int health_check_cnt, health_check_interval;
+
+    /* The following parameters are setup by mechanism drbg_init() call */
+    int strength;
+    size_t blocklength;
+    size_t max_request;
+
+    size_t min_entropy, max_entropy;
+    size_t min_nonce, max_nonce;
+    size_t max_pers, max_adin;
+    unsigned int reseed_counter;
+    unsigned int reseed_interval;
+    size_t seedlen;
+    int status;
+    /* Application data: typically used by test get_entropy */
+    void *app_data;
+    /* Implementation specific structures */
+    union {
+        DRBG_HASH_CTX hash;
+        DRBG_HMAC_CTX hmac;
+        DRBG_CTR_CTX ctr;
+    } d;
+    /* Initialiase PRNG and setup callbacks below */
+    int (*init) (DRBG_CTX *ctx, int nid, int security, unsigned int flags);
+    /* Intantiate PRNG */
+    int (*instantiate) (DRBG_CTX *ctx,
+                        const unsigned char *ent, size_t entlen,
+                        const unsigned char *nonce, size_t noncelen,
+                        const unsigned char *pers, size_t perslen);
+    /* reseed */
+    int (*reseed) (DRBG_CTX *ctx,
+                   const unsigned char *ent, size_t entlen,
+                   const unsigned char *adin, size_t adinlen);
+    /* generat output */
+    int (*generate) (DRBG_CTX *ctx,
+                     unsigned char *out, size_t outlen,
+                     const unsigned char *adin, size_t adinlen);
+    /* uninstantiate */
+    int (*uninstantiate) (DRBG_CTX *ctx);
+
+    /* Entropy source block length */
+    size_t entropy_blocklen;
+
+    /* entropy gathering function */
+    size_t (*get_entropy) (DRBG_CTX *ctx, unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len);
+    /* Indicates we have finished with entropy buffer */
+    void (*cleanup_entropy) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
+
+    /* nonce gathering function */
+    size_t (*get_nonce) (DRBG_CTX *ctx, unsigned char **pout,
+                         int entropy, size_t min_len, size_t max_len);
+    /* Indicates we have finished with nonce buffer */
+    void (*cleanup_nonce) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
+
+    /* Continuous random number test temporary area */
+    /* Last block */
+    unsigned char lb[EVP_MAX_MD_SIZE];
+    /* set if lb is valid */
+    int lb_valid;
+
+    /* Callbacks used when called through RAND interface */
+    /* Get any additional input for generate */
+    size_t (*get_adin) (DRBG_CTX *ctx, unsigned char **pout);
+    void (*cleanup_adin) (DRBG_CTX *ctx, unsigned char *out, size_t olen);
+    /* Callback for RAND_seed(), RAND_add() */
+    int (*rand_seed_cb) (DRBG_CTX *ctx, const void *buf, int num);
+    int (*rand_add_cb) (DRBG_CTX *ctx,
+                        const void *buf, int num, double entropy);
+};
+
+int fips_drbg_ctr_init(DRBG_CTX *dctx);
+int fips_drbg_hash_init(DRBG_CTX *dctx);
+int fips_drbg_hmac_init(DRBG_CTX *dctx);
+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);
+int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out);
+
+#define FIPS_digestinit EVP_DigestInit
+#define FIPS_digestupdate EVP_DigestUpdate
+#define FIPS_digestfinal EVP_DigestFinal
+#define M_EVP_MD_size EVP_MD_size
Index: openssl-1.1.0i/crypto/fips/fips_rand_lib.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_rand_lib.c	2019-01-18 12:58:06.874013873 +0100
@@ -0,0 +1,234 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
+   be defined and gettimeofday() won't be declared with strict compilers
+   like DEC C in ANSI C mode.  */
+#ifndef _XOPEN_SOURCE_EXTENDED
+# define _XOPEN_SOURCE_EXTENDED 1
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include "internal/fips_int.h"
+#include <openssl/fips_rand.h>
+#include "e_os.h"
+
+#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS))
+# include <sys/time.h>
+#endif
+#if defined(OPENSSL_SYS_VXWORKS)
+# include <time.h>
+#endif
+#ifndef OPENSSL_SYS_WIN32
+# ifdef OPENSSL_UNISTD
+#  include OPENSSL_UNISTD
+# else
+#  include <unistd.h>
+# endif
+#endif
+
+/* FIPS API for PRNG use. Similar to RAND functionality but without
+ * ENGINE and additional checking for non-FIPS rand methods.
+ */
+
+static const RAND_METHOD *fips_rand_meth = NULL;
+static int fips_approved_rand_meth = 0;
+static int fips_rand_bits = 0;
+
+/* Allows application to override number of bits and uses non-FIPS methods */
+void FIPS_rand_set_bits(int nbits)
+{
+    fips_rand_bits = nbits;
+}
+
+int FIPS_rand_set_method(const RAND_METHOD *meth)
+{
+    if (!fips_rand_bits) {
+        if (meth == FIPS_drbg_method())
+            fips_approved_rand_meth = 1;
+        else {
+            fips_approved_rand_meth = 0;
+            if (FIPS_module_mode()) {
+                FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD);
+                return 0;
+            }
+        }
+    }
+    fips_rand_meth = meth;
+    return 1;
+}
+
+const RAND_METHOD *FIPS_rand_get_method(void)
+{
+    return fips_rand_meth;
+}
+
+void FIPS_rand_reset(void)
+{
+    if (fips_rand_meth && fips_rand_meth->cleanup)
+        fips_rand_meth->cleanup();
+}
+
+int FIPS_rand_seed(const void *buf, int num)
+{
+    if (!fips_approved_rand_meth && FIPS_module_mode()) {
+        FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
+        return 0;
+    }
+    if (fips_rand_meth && fips_rand_meth->seed)
+        fips_rand_meth->seed(buf, num);
+    return 1;
+}
+
+int FIPS_rand_bytes(unsigned char *buf, int num)
+{
+    if (!fips_approved_rand_meth && FIPS_module_mode()) {
+        FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
+        return 0;
+    }
+    if (fips_rand_meth && fips_rand_meth->bytes)
+        return fips_rand_meth->bytes(buf, num);
+    return 0;
+}
+
+int FIPS_rand_status(void)
+{
+    if (!fips_approved_rand_meth && FIPS_module_mode()) {
+        FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
+        return 0;
+    }
+    if (fips_rand_meth && fips_rand_meth->status)
+        return fips_rand_meth->status();
+    return 0;
+}
+
+/* Return instantiated strength of PRNG. For DRBG this is an internal
+ * parameter. Any other type of PRNG is not approved and returns 0 in
+ * FIPS mode and maximum 256 outside FIPS mode.
+ */
+
+int FIPS_rand_strength(void)
+{
+    if (fips_rand_bits)
+        return fips_rand_bits;
+    if (fips_approved_rand_meth == 1)
+        return FIPS_drbg_get_strength(FIPS_get_default_drbg());
+    else if (fips_approved_rand_meth == 0) {
+        if (FIPS_module_mode())
+            return 0;
+        else
+            return 256;
+    }
+    return 0;
+}
+
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr)
+{
+# ifdef OPENSSL_SYS_WIN32
+    FILETIME ft;
+# elif defined(OPENSSL_SYS_VXWORKS)
+    struct timespec ts;
+# else
+    struct timeval tv;
+# endif
+
+# ifndef GETPID_IS_MEANINGLESS
+    unsigned long pid;
+# endif
+
+# ifdef OPENSSL_SYS_WIN32
+    GetSystemTimeAsFileTime(&ft);
+    buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff);
+    buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff);
+    buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff);
+    buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff);
+    buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff);
+    buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff);
+    buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff);
+    buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff);
+# elif defined(OPENSSL_SYS_VXWORKS)
+    clock_gettime(CLOCK_REALTIME, &ts);
+    buf[0] = (unsigned char)(ts.tv_sec & 0xff);
+    buf[1] = (unsigned char)((ts.tv_sec >> 8) & 0xff);
+    buf[2] = (unsigned char)((ts.tv_sec >> 16) & 0xff);
+    buf[3] = (unsigned char)((ts.tv_sec >> 24) & 0xff);
+    buf[4] = (unsigned char)(ts.tv_nsec & 0xff);
+    buf[5] = (unsigned char)((ts.tv_nsec >> 8) & 0xff);
+    buf[6] = (unsigned char)((ts.tv_nsec >> 16) & 0xff);
+    buf[7] = (unsigned char)((ts.tv_nsec >> 24) & 0xff);
+# else
+    gettimeofday(&tv, NULL);
+    buf[0] = (unsigned char)(tv.tv_sec & 0xff);
+    buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff);
+    buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff);
+    buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff);
+    buf[4] = (unsigned char)(tv.tv_usec & 0xff);
+    buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff);
+    buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff);
+    buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff);
+# endif
+    buf[8] = (unsigned char)(*pctr & 0xff);
+    buf[9] = (unsigned char)((*pctr >> 8) & 0xff);
+    buf[10] = (unsigned char)((*pctr >> 16) & 0xff);
+    buf[11] = (unsigned char)((*pctr >> 24) & 0xff);
+
+    (*pctr)++;
+
+# ifndef GETPID_IS_MEANINGLESS
+    pid = (unsigned long)getpid();
+    buf[12] = (unsigned char)(pid & 0xff);
+    buf[13] = (unsigned char)((pid >> 8) & 0xff);
+    buf[14] = (unsigned char)((pid >> 16) & 0xff);
+    buf[15] = (unsigned char)((pid >> 24) & 0xff);
+# endif
+}
+
Index: openssl-1.1.0i/crypto/fips/fips_randtest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_randtest.c	2019-01-18 12:58:06.874013873 +0100
@@ -0,0 +1,247 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#include "e_os.h"
+
+#ifndef OPENSSL_FIPS
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RAND support\n");
+    return (0);
+}
+
+#else
+
+# include "fips_utl.h"
+# include <openssl/fips.h>
+
+typedef struct {
+    unsigned char DT[16];
+    unsigned char V[16];
+    unsigned char R[16];
+} AES_PRNG_MCT;
+
+static const unsigned char aes_128_mct_key[16] =
+    { 0x9f, 0x5b, 0x51, 0x20, 0x0b, 0xf3, 0x34, 0xb5,
+    0xd8, 0x2b, 0xe8, 0xc3, 0x72, 0x55, 0xc8, 0x48
+};
+
+static const AES_PRNG_MCT aes_128_mct_tv = {
+    /* DT */
+    {0x63, 0x76, 0xbb, 0xe5, 0x29, 0x02, 0xba, 0x3b,
+     0x67, 0xc9, 0x25, 0xfa, 0x70, 0x1f, 0x11, 0xac},
+    /* V */
+    {0x57, 0x2c, 0x8e, 0x76, 0x87, 0x26, 0x47, 0x97,
+     0x7e, 0x74, 0xfb, 0xdd, 0xc4, 0x95, 0x01, 0xd1},
+    /* R */
+    {0x48, 0xe9, 0xbd, 0x0d, 0x06, 0xee, 0x18, 0xfb,
+     0xe4, 0x57, 0x90, 0xd5, 0xc3, 0xfc, 0x9b, 0x73}
+};
+
+static const unsigned char aes_192_mct_key[24] =
+    { 0xb7, 0x6c, 0x34, 0xd1, 0x09, 0x67, 0xab, 0x73,
+    0x4d, 0x5a, 0xd5, 0x34, 0x98, 0x16, 0x0b, 0x91,
+    0xbc, 0x35, 0x51, 0x16, 0x6b, 0xae, 0x93, 0x8a
+};
+
+static const AES_PRNG_MCT aes_192_mct_tv = {
+    /* DT */
+    {0x84, 0xce, 0x22, 0x7d, 0x91, 0x5a, 0xa3, 0xc9,
+     0x84, 0x3c, 0x0a, 0xb3, 0xa9, 0x63, 0x15, 0x52},
+    /* V */
+    {0xb6, 0xaf, 0xe6, 0x8f, 0x99, 0x9e, 0x90, 0x64,
+     0xdd, 0xc7, 0x7a, 0xc1, 0xbb, 0x90, 0x3a, 0x6d},
+    /* R */
+    {0xfc, 0x85, 0x60, 0x9a, 0x29, 0x6f, 0xef, 0x21,
+     0xdd, 0x86, 0x20, 0x32, 0x8a, 0x29, 0x6f, 0x47}
+};
+
+static const unsigned char aes_256_mct_key[32] =
+    { 0x9b, 0x05, 0xc8, 0x68, 0xff, 0x47, 0xf8, 0x3a,
+    0xa6, 0x3a, 0xa8, 0xcb, 0x4e, 0x71, 0xb2, 0xe0,
+    0xb8, 0x7e, 0xf1, 0x37, 0xb6, 0xb4, 0xf6, 0x6d,
+    0x86, 0x32, 0xfc, 0x1f, 0x5e, 0x1d, 0x1e, 0x50
+};
+
+static const AES_PRNG_MCT aes_256_mct_tv = {
+    /* DT */
+    {0x31, 0x6e, 0x35, 0x9a, 0xb1, 0x44, 0xf0, 0xee,
+     0x62, 0x6d, 0x04, 0x46, 0xe0, 0xa3, 0x92, 0x4c},
+    /* V */
+    {0x4f, 0xcd, 0xc1, 0x87, 0x82, 0x1f, 0x4d, 0xa1,
+     0x3e, 0x0e, 0x56, 0x44, 0x59, 0xe8, 0x83, 0xca},
+    /* R */
+    {0xc8, 0x87, 0xc2, 0x61, 0x5b, 0xd0, 0xb9, 0xe1,
+     0xe7, 0xf3, 0x8b, 0xd7, 0x5b, 0xd5, 0xf1, 0x8d}
+};
+
+static void dump(const unsigned char *b, int n)
+{
+    while (n-- > 0) {
+        printf(" %02x", *b++);
+    }
+}
+
+static void compare(const unsigned char *result,
+                    const unsigned char *expected, int n)
+{
+    int i;
+
+    for (i = 0; i < n; ++i)
+        if (result[i] != expected[i]) {
+            puts("Random test failed, got:");
+            dump(result, n);
+            puts("\n               expected:");
+            dump(expected, n);
+            putchar('\n');
+            EXIT(1);
+        }
+}
+
+static void run_test(const unsigned char *key, int keylen,
+                     const AES_PRNG_MCT * tv)
+{
+    unsigned char buf[16], dt[16];
+    int i, j;
+    FIPS_x931_reset();
+    FIPS_x931_test_mode();
+    FIPS_x931_set_key(key, keylen);
+    FIPS_x931_seed(tv->V, 16);
+    memcpy(dt, tv->DT, 16);
+    for (i = 0; i < 10000; i++) {
+        FIPS_x931_set_dt(dt);
+        FIPS_x931_bytes(buf, 16);
+        /* Increment DT */
+        for (j = 15; j >= 0; j--) {
+            dt[j]++;
+            if (dt[j])
+                break;
+        }
+    }
+
+    compare(buf, tv->R, 16);
+}
+
+int main()
+{
+    run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
+    printf("FIPS PRNG test 1 done\n");
+    run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
+    printf("FIPS PRNG test 2 done\n");
+    run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
+    printf("FIPS PRNG test 3 done\n");
+    return 0;
+}
+
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_rsa_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_rsa_selftest.c	2019-01-18 12:58:06.874013873 +0100
@@ -0,0 +1,578 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+#endif
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+static int setrsakey(RSA *key)
+{
+    static const unsigned char keydata_n[] = {
+        0x00, 0xc9, 0xd5, 0x6d, 0x9d, 0x90, 0xdb, 0x43, 0xd6, 0x02, 0xed, 0x96, 0x88, 0x13, 0x8a,
+        0xb2, 0xbf, 0x6e, 0xa1, 0x06, 0x10, 0xb2, 0x78, 0x37, 0xa7, 0x14, 0xa8, 0xff, 0xdd, 0x00,
+        0xdd, 0xb4, 0x93, 0xa0, 0x45, 0xcc, 0x96, 0x90, 0xed, 0xad, 0xa9, 0xdd, 0xc4, 0xd6, 0xca,
+        0x0c, 0xf0, 0xed, 0x4f, 0x72, 0x5e, 0x21, 0x49, 0x9a, 0x18, 0x12, 0x15, 0x8f, 0x90, 0x5a,
+        0xdb, 0xb6, 0x33, 0x99, 0xa3, 0xe6, 0xb4, 0xf0, 0xc4, 0x97, 0x21, 0x26, 0xbb, 0xe3, 0xba,
+        0xf2, 0xff, 0xa0, 0x72, 0xda, 0x89, 0x63, 0x8e, 0x8b, 0x3e, 0x08, 0x9d, 0x92, 0x2a, 0xbe,
+        0x16, 0xe1, 0x43, 0x15, 0xfc, 0x57, 0xc7, 0x1f, 0x09, 0x11, 0x67, 0x1c, 0xa9, 0x96, 0xd1,
+        0x8b, 0x3e, 0x80, 0x93, 0xc1, 0x59, 0xd0, 0x6d, 0x39, 0xf2, 0xac, 0x95, 0xcc, 0x10, 0x75,
+        0xe9, 0x31, 0x24, 0xd1, 0x43, 0xaf, 0x68, 0x52, 0x4b, 0xe7, 0x16, 0xd7, 0x49, 0x65, 0x6f,
+        0x26, 0xc0, 0x86, 0xad, 0xc0, 0x07, 0x0a, 0xc1, 0xe1, 0x2f, 0x87, 0x85, 0x86, 0x3b, 0xdc,
+        0x5a, 0x99, 0xbe, 0xe9, 0xf9, 0xb9, 0xe9, 0x82, 0x27, 0x51, 0x04, 0x15, 0xab, 0x06, 0x0e,
+        0x76, 0x5a, 0x28, 0x8d, 0x92, 0xbd, 0xc5, 0xb5, 0x7b, 0xa8, 0xdf, 0x4e, 0x47, 0xa2, 0xc1,
+        0xe7, 0x52, 0xbf, 0x47, 0xf7, 0x62, 0xe0, 0x3a, 0x6f, 0x4d, 0x6a, 0x4d, 0x4e, 0xd4, 0xb9,
+        0x59, 0x69, 0xfa, 0xb2, 0x14, 0xc1, 0xee, 0xe6, 0x2f, 0x95, 0xcd, 0x94, 0x72, 0xae, 0xe4,
+        0xdb, 0x18, 0x9a, 0xc4, 0xcd, 0x70, 0xbd, 0xee, 0x31, 0x16, 0xb7, 0x49, 0x65, 0xac, 0x40,
+        0x19, 0x0e, 0xb5, 0x6d, 0x83, 0xf1, 0x36, 0xbb, 0x08, 0x2f, 0x2e, 0x4e, 0x92, 0x62, 0xa4,
+        0xff, 0x50, 0xdb, 0x20, 0x45, 0xa2, 0xeb, 0x16, 0x7a, 0xf2, 0xd5, 0x28, 0xc1, 0xfd, 0x4e,
+        0x03, 0x71
+    };
+
+    static const unsigned char keydata_e[] = { 0x01, 0x00, 0x01 };
+
+    static const unsigned char keydata_d[] = {
+        0x36, 0x27, 0x3d, 0xb1, 0xf9, 0x1b, 0xdb, 0xa7, 0xa0, 0x41, 0x7f, 0x12, 0x23, 0xac, 0x23,
+        0x29, 0x99, 0xd5, 0x3a, 0x7b, 0x60, 0x67, 0x41, 0x07, 0x63, 0x53, 0xb4, 0xd2, 0xe7, 0x58,
+        0x95, 0x0a, 0xc7, 0x05, 0xf3, 0x4e, 0xb2, 0xb4, 0x12, 0xd4, 0x70, 0xdc, 0x4f, 0x85, 0x06,
+        0xd3, 0xdd, 0xd8, 0x63, 0x27, 0x3e, 0x67, 0x31, 0x21, 0x24, 0x39, 0x04, 0xbc, 0x06, 0xa4,
+        0xcc, 0xce, 0x2b, 0x7a, 0xfe, 0x7b, 0xad, 0xde, 0x11, 0x6e, 0xa3, 0xa5, 0xe6, 0x04, 0x53,
+        0x0e, 0xa3, 0x4e, 0x2d, 0xb4, 0x8f, 0x31, 0xbf, 0xca, 0x75, 0x25, 0x52, 0x02, 0x85, 0xde,
+        0x3d, 0xb2, 0x72, 0x43, 0xb2, 0x89, 0x8a, 0x9a, 0x34, 0x41, 0x26, 0x3f, 0x9a, 0x67, 0xbe,
+        0xa4, 0x96, 0x7b, 0x0e, 0x75, 0xba, 0xa6, 0x93, 0xd5, 0xb8, 0xd8, 0xb8, 0x57, 0xf2, 0x4b,
+        0x0f, 0x14, 0x81, 0xd1, 0x57, 0x4e, 0xf6, 0x45, 0x4c, 0xa6, 0x3b, 0xd0, 0x70, 0xca, 0xd3,
+        0x9d, 0x55, 0xde, 0x22, 0x05, 0xe7, 0x8e, 0x28, 0x4d, 0xee, 0x11, 0xcf, 0xb6, 0x67, 0x76,
+        0x09, 0xd3, 0xe3, 0x3c, 0x13, 0xf9, 0x99, 0x34, 0x10, 0x7b, 0xec, 0x81, 0x38, 0xf0, 0xb6,
+        0x34, 0x9c, 0x9b, 0x50, 0x6f, 0x0b, 0x91, 0x81, 0x4d, 0x89, 0x94, 0x04, 0x7b, 0xf0, 0x3c,
+        0xf4, 0xb1, 0xb2, 0x00, 0x48, 0x8d, 0x5a, 0x8f, 0x88, 0x9e, 0xc5, 0xab, 0x3a, 0x9e, 0x44,
+        0x3f, 0x54, 0xe7, 0xd9, 0x6e, 0x47, 0xaa, 0xa1, 0xbd, 0x40, 0x46, 0x31, 0xf9, 0xf0, 0x34,
+        0xb6, 0x04, 0xe1, 0x2b, 0x5b, 0x73, 0x86, 0xdd, 0x3a, 0x92, 0x1b, 0x71, 0xc7, 0x3f, 0x32,
+        0xe5, 0xc3, 0xc2, 0xab, 0xa1, 0x7e, 0xbf, 0xa4, 0x52, 0xa0, 0xb0, 0x68, 0x90, 0xd1, 0x20,
+        0x12, 0x79, 0xe9, 0xd7, 0xc9, 0x40, 0xba, 0xf2, 0x19, 0xc7, 0xa5, 0x00, 0x92, 0x86, 0x0d,
+        0x01
+    };
+
+    static const unsigned char keydata_p[] = {
+        0x00, 0xfc, 0x5c, 0x6e, 0x16, 0xce, 0x1f, 0x03, 0x7b, 0xcd, 0xf7, 0xb3, 0x72, 0xb2, 0x8f,
+        0x16, 0x72, 0xb8, 0x56, 0xae, 0xf7, 0xcd, 0x67, 0xd8, 0x4e, 0x7d, 0x07, 0xaf, 0xd5, 0x43,
+        0x26, 0xc3, 0x35, 0xbe, 0x43, 0x8f, 0x4e, 0x2f, 0x1c, 0x43, 0x4e, 0x6b, 0xd2, 0xb2, 0xec,
+        0x52, 0x6d, 0x97, 0x52, 0x2b, 0xcc, 0x5c, 0x3a, 0x6b, 0xf4, 0x14, 0xc6, 0x74, 0xda, 0x66,
+        0x38, 0x1c, 0x7a, 0x3f, 0x84, 0x2f, 0xe3, 0xf9, 0x5a, 0xb8, 0x65, 0x69, 0x46, 0x06, 0xa3,
+        0x37, 0x79, 0xb2, 0xa1, 0x5b, 0x58, 0xed, 0x5e, 0xa7, 0x5f, 0x8c, 0x65, 0x66, 0xbb, 0xd1,
+        0x24, 0x36, 0xe6, 0x37, 0xa7, 0x3d, 0x49, 0x77, 0x8a, 0x8c, 0x34, 0xd8, 0x69, 0x29, 0xf3,
+        0x4d, 0x58, 0x22, 0xb0, 0x51, 0x24, 0xb6, 0x40, 0xa8, 0x86, 0x59, 0x0a, 0xb7, 0xba, 0x5c,
+        0x97, 0xda, 0x57, 0xe8, 0x36, 0xda, 0x7a, 0x9c, 0xad
+    };
+
+    static const unsigned char keydata_q[] = {
+        0x00, 0xcc, 0xbe, 0x7b, 0x09, 0x69, 0x06, 0xee, 0x45, 0xbf, 0x88, 0x47, 0x38, 0xa8, 0xf8,
+        0x17, 0xe5, 0xb6, 0xba, 0x67, 0x55, 0xe3, 0xe8, 0x05, 0x8b, 0xb8, 0xe2, 0x53, 0xd6, 0x8e,
+        0xef, 0x2c, 0xe7, 0x4f, 0x4a, 0xf7, 0x4e, 0x26, 0x8d, 0x85, 0x0b, 0x3f, 0xec, 0xc3, 0x1c,
+        0xd4, 0xeb, 0xec, 0x6a, 0xc8, 0x72, 0x2a, 0x25, 0x7d, 0xfd, 0xa6, 0x77, 0x96, 0xf0, 0x1e,
+        0xcd, 0x28, 0x57, 0xf8, 0x37, 0x30, 0x75, 0x6b, 0xbd, 0xd4, 0x7b, 0x0c, 0x87, 0xc5, 0x6c,
+        0x87, 0x40, 0xa5, 0xbb, 0x27, 0x2c, 0x78, 0xc9, 0x74, 0x5a, 0x54, 0x5b, 0x0b, 0x30, 0x6f,
+        0x44, 0x4a, 0xfa, 0x71, 0xe4, 0x21, 0x61, 0x66, 0xf9, 0xee, 0x65, 0xde, 0x7c, 0x04, 0xd7,
+        0xfd, 0xa9, 0x15, 0x5b, 0x7f, 0xe2, 0x7a, 0xba, 0x69, 0x86, 0x72, 0xa6, 0x06, 0x8d, 0x9b,
+        0x90, 0x55, 0x60, 0x9e, 0x4c, 0x5d, 0xa9, 0xb6, 0x55
+    };
+
+    static const unsigned char keydata_dmp1[] = {
+        0x7a, 0xd6, 0x12, 0xd0, 0x0e, 0xec, 0x91, 0xa9, 0x85, 0x8b, 0xf8, 0x50, 0xf0, 0x11, 0x2e,
+        0x00, 0x11, 0x32, 0x40, 0x60, 0x66, 0x1f, 0x11, 0xee, 0xc2, 0x75, 0x27, 0x65, 0x4b, 0x16,
+        0x67, 0x16, 0x95, 0xd2, 0x14, 0xc3, 0x1d, 0xb3, 0x48, 0x1f, 0xb7, 0xe4, 0x0b, 0x2b, 0x74,
+        0xc3, 0xdb, 0x50, 0x27, 0xf9, 0x85, 0x3a, 0xfa, 0xa9, 0x08, 0x23, 0xc1, 0x65, 0x3d, 0x34,
+        0x3a, 0xc8, 0x56, 0x7a, 0x65, 0x45, 0x36, 0x6e, 0xae, 0x2a, 0xce, 0x9f, 0x43, 0x43, 0xd7,
+        0x10, 0xe9, 0x9e, 0x18, 0xf4, 0xa4, 0x35, 0xda, 0x8a, 0x6b, 0xb0, 0x3f, 0xdd, 0x53, 0xe3,
+        0xa8, 0xc5, 0x4e, 0x79, 0x9d, 0x1f, 0x51, 0x8c, 0xa2, 0xca, 0x66, 0x3c, 0x6a, 0x2a, 0xff,
+        0x8e, 0xd2, 0xf3, 0xb7, 0xcb, 0x82, 0xda, 0xde, 0x2c, 0xe6, 0xd2, 0x8c, 0xb3, 0xad, 0xb6,
+        0x4c, 0x95, 0x55, 0x76, 0xbd, 0xc9, 0xc8, 0xd1
+    };
+
+    static const unsigned char keydata_dmq1[] = {
+        0x00, 0x83, 0x23, 0x1d, 0xbb, 0x11, 0x42, 0x17, 0x2b, 0x25, 0x5a, 0x2c, 0x03, 0xe6, 0x75,
+        0xc1, 0x18, 0xa8, 0xc9, 0x0b, 0x96, 0xbf, 0xba, 0xc4, 0x92, 0x91, 0x80, 0xa5, 0x22, 0x2f,
+        0xba, 0x91, 0x90, 0x36, 0x01, 0x56, 0x15, 0x00, 0x2c, 0x74, 0xa2, 0x97, 0xf7, 0x15, 0xa1,
+        0x49, 0xdf, 0x32, 0x35, 0xd2, 0xdd, 0x0c, 0x91, 0xa6, 0xf8, 0xe7, 0xbe, 0x81, 0x36, 0x9b,
+        0x03, 0xdc, 0x6b, 0x3b, 0xd8, 0x5d, 0x79, 0x57, 0xe0, 0xe6, 0x4f, 0x49, 0xdf, 0x4c, 0x5c,
+        0x0e, 0xe5, 0x21, 0x41, 0x95, 0xfd, 0xad, 0xff, 0x9a, 0x3e, 0xa0, 0xf9, 0x0f, 0x59, 0x9e,
+        0x6a, 0xa7, 0x7b, 0x71, 0xa7, 0x24, 0x9a, 0x36, 0x52, 0xae, 0x97, 0x20, 0xc1, 0x5e, 0x78,
+        0xd9, 0x47, 0x8b, 0x1e, 0x67, 0xf2, 0xaf, 0x98, 0xe6, 0x2d, 0xef, 0x10, 0xd7, 0xf1, 0xab,
+        0x49, 0xee, 0xe5, 0x4b, 0x7e, 0xae, 0x1f, 0x1d, 0x61
+    };
+
+    static const unsigned char keydata_iqmp[] = {
+        0x23, 0x96, 0xc1, 0x91, 0x17, 0x5e, 0x0a, 0x83, 0xd2, 0xdc, 0x7b, 0x69, 0xb2, 0x59, 0x1d,
+        0x33, 0x58, 0x52, 0x3f, 0x18, 0xc7, 0x09, 0x50, 0x1c, 0xb9, 0xa1, 0xbb, 0x4c, 0xa2, 0x38,
+        0x40, 0x4c, 0x9a, 0x8e, 0xfe, 0x9c, 0x90, 0x92, 0xd0, 0x71, 0x9f, 0x89, 0x99, 0x50, 0x91,
+        0x1f, 0x34, 0x8b, 0x74, 0x53, 0x11, 0x11, 0x4a, 0x70, 0xe2, 0xf7, 0x30, 0xd8, 0x8c, 0x80,
+        0xe1, 0xcc, 0x9f, 0xf1, 0x63, 0x17, 0x1a, 0x7d, 0x67, 0x29, 0x4c, 0xcb, 0x4e, 0x74, 0x7b,
+        0xe0, 0x3e, 0x9e, 0x2f, 0xf4, 0x67, 0x8f, 0xec, 0xb9, 0x5c, 0x00, 0x1e, 0x7e, 0xa2, 0x7b,
+        0x92, 0xc9, 0x6f, 0x4c, 0xe4, 0x0e, 0xf9, 0x48, 0x63, 0xcd, 0x50, 0x22, 0x5d, 0xbf, 0xb6,
+        0x9d, 0x01, 0x33, 0x6a, 0xf4, 0x50, 0xbe, 0x86, 0x98, 0x4f, 0xca, 0x3f, 0x3a, 0xfa, 0xcf,
+        0x07, 0x40, 0xc4, 0xaa, 0xad, 0xae, 0xbe, 0xbf
+    };
+
+    int rv = 0;
+    BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+
+    fips_load_key_component(n, keydata);
+    fips_load_key_component(e, keydata);
+    fips_load_key_component(d, keydata);
+    fips_load_key_component(p, keydata);
+    fips_load_key_component(q, keydata);
+    fips_load_key_component(dmp1, keydata);
+    fips_load_key_component(dmq1, keydata);
+    fips_load_key_component(iqmp, keydata);
+
+    RSA_set0_key(key, n, e, d);
+    RSA_set0_factors(key, p, q);
+    RSA_set0_crt_params(key, dmp1, dmq1, iqmp);
+
+    rv = 1;
+err:
+    if (!rv) {
+        BN_free(n);
+        BN_free(e);
+        BN_free(d);
+        BN_free(p);
+        BN_free(q);
+        BN_free(dmp1);
+        BN_free(dmq1);
+        BN_free(iqmp);
+    }
+    return rv;
+}
+
+/* Known Answer Test (KAT) data for the above RSA private key signing
+ * kat_tbs.
+ */
+
+static const unsigned char kat_tbs[] =
+    "OpenSSL FIPS 140-2 Public Key RSA KAT";
+
+static const unsigned char kat_RSA_PSS_SHA1[] = {
+    0xC2, 0x80, 0x82, 0x56, 0xD8, 0xA7, 0xB2, 0x9C, 0xF5, 0xD6, 0x3C, 0xE3,
+    0xBF, 0xE9, 0x3A, 0x53, 0x40, 0xAE, 0xF2, 0xA9, 0x6A, 0x39, 0x49, 0x5B,
+    0x05, 0x7F, 0x67, 0x38, 0x2E, 0x1D, 0xE1, 0x93, 0x22, 0x65, 0x79, 0x84,
+    0x68, 0xFA, 0xD8, 0xAF, 0xA1, 0x98, 0x61, 0x6F, 0x44, 0x27, 0xA6, 0x8B,
+    0xCF, 0x0E, 0x13, 0xA9, 0xCE, 0xD7, 0x6C, 0xD2, 0x38, 0xB5, 0x16, 0xB9,
+    0x66, 0x94, 0x48, 0xDE, 0x9E, 0x19, 0x3D, 0x6F, 0xB3, 0xA1, 0x9A, 0x19,
+    0xDF, 0xFB, 0xAB, 0xA5, 0x9F, 0x38, 0xDA, 0xC9, 0x21, 0x8F, 0xCE, 0x98,
+    0x01, 0x3A, 0xC8, 0xE0, 0xDF, 0xDA, 0xFC, 0xF0, 0xA6, 0x86, 0x29, 0xB5,
+    0x7F, 0x61, 0xFB, 0xBA, 0xC5, 0x49, 0xB2, 0x7C, 0x6A, 0x26, 0x82, 0xC4,
+    0x8F, 0xAA, 0x5B, 0x10, 0xD5, 0xEE, 0xA0, 0x55, 0x42, 0xEF, 0x32, 0x5A,
+    0x3F, 0x55, 0xB3, 0x2C, 0x22, 0xE9, 0x65, 0xDA, 0x8D, 0x0A, 0xB9, 0x70,
+    0x43, 0xCC, 0x3F, 0x64, 0x9C, 0xB5, 0x65, 0x49, 0xBD, 0x7F, 0x35, 0xC1,
+    0x20, 0x85, 0x24, 0xFE, 0xAA, 0x6B, 0x37, 0x04, 0xA1, 0x0E, 0x9D, 0x5C,
+    0xBA, 0x7F, 0x14, 0x69, 0xC5, 0x93, 0xB2, 0x33, 0xC2, 0xC0, 0xC7, 0xDF,
+    0x7E, 0x9E, 0xA4, 0xB0, 0xA0, 0x64, 0xD2, 0xAC, 0xFC, 0xFD, 0xFD, 0x99,
+    0x8F, 0x6A, 0x40, 0x26, 0xC1, 0x2E, 0x4E, 0x8B, 0x33, 0xBE, 0xF1, 0x45,
+    0x59, 0x8F, 0x33, 0x40, 0x1D, 0x2A, 0xD2, 0xF7, 0x50, 0x83, 0x89, 0xCF,
+    0x94, 0xC6, 0xF8, 0x36, 0xF0, 0x84, 0x0B, 0x85, 0xA5, 0x02, 0xA9, 0x0F,
+    0x41, 0x7A, 0x77, 0xA3, 0x2F, 0x47, 0x1E, 0x1D, 0xEC, 0xE6, 0xD3, 0x01,
+    0x1E, 0x6F, 0x7A, 0x96, 0x50, 0x37, 0x37, 0x4B, 0x27, 0x52, 0x0B, 0xDC,
+    0xDB, 0xC7, 0xA9, 0x31, 0xB2, 0x40, 0xEE, 0x60, 0x41, 0x26, 0x6A, 0x05,
+    0xCE, 0x08, 0x1D, 0x89
+};
+
+static const unsigned char kat_RSA_PSS_SHA224[] = {
+    0xB4, 0x01, 0x93, 0x16, 0x05, 0xF6, 0xEB, 0xE2, 0xA4, 0xEB, 0x48, 0xAA,
+    0x00, 0xF4, 0xA1, 0x99, 0x0A, 0xB4, 0xB6, 0x63, 0xE9, 0x68, 0xCA, 0xB3,
+    0x13, 0xD7, 0x66, 0x6A, 0xCD, 0xCB, 0x33, 0x9F, 0xE5, 0x84, 0xE2, 0xC3,
+    0x0B, 0x53, 0xE5, 0x8B, 0x96, 0x4B, 0xDB, 0x2D, 0x80, 0xA4, 0x1D, 0xE3,
+    0x81, 0xDC, 0x52, 0x99, 0xBA, 0x9B, 0x6A, 0x9D, 0x48, 0x1F, 0x73, 0xF7,
+    0xAC, 0x09, 0x13, 0xA1, 0x16, 0x2C, 0x60, 0xFB, 0xBC, 0x25, 0xF7, 0x53,
+    0xD1, 0x04, 0x5A, 0x3F, 0x95, 0x09, 0x5E, 0xE5, 0xA2, 0x7D, 0xFC, 0x2A,
+    0x51, 0x1D, 0x21, 0xCE, 0x2B, 0x4E, 0x1B, 0xB8, 0xCB, 0xDD, 0x24, 0xEE,
+    0x99, 0x1D, 0x37, 0xDC, 0xED, 0x5F, 0x2F, 0x48, 0x5E, 0x33, 0x94, 0x06,
+    0x19, 0xCD, 0x5A, 0x26, 0x85, 0x77, 0x9D, 0xAF, 0x86, 0x97, 0xC9, 0x08,
+    0xD5, 0x81, 0x0E, 0xB8, 0x9F, 0xB6, 0xAF, 0x20, 0x72, 0xDC, 0x13, 0x4D,
+    0x7A, 0xE4, 0x5C, 0x81, 0xDE, 0xC0, 0x3D, 0x19, 0x9C, 0x33, 0x11, 0x07,
+    0xD5, 0xA9, 0x51, 0x67, 0xCD, 0xFD, 0x37, 0x61, 0x14, 0x9F, 0xE7, 0x70,
+    0x18, 0x32, 0xC3, 0x34, 0x54, 0x0D, 0x4F, 0xB4, 0xAE, 0x9F, 0xEC, 0x64,
+    0xD8, 0xB2, 0x16, 0xA4, 0xB2, 0x99, 0x92, 0xCB, 0x7F, 0x1F, 0x06, 0x17,
+    0x5F, 0xA1, 0x07, 0x68, 0xAE, 0xA7, 0x2D, 0x03, 0x91, 0x2A, 0x9D, 0x69,
+    0xC2, 0x9D, 0x90, 0xF7, 0xF9, 0x66, 0x5D, 0x13, 0xB7, 0x7F, 0xD3, 0x97,
+    0x45, 0x97, 0x43, 0xD8, 0xCE, 0x3C, 0xF2, 0x98, 0x98, 0xDD, 0xE2, 0x2D,
+    0xCF, 0xA1, 0xC4, 0x25, 0x46, 0x2E, 0xD2, 0xE5, 0x5F, 0xC6, 0x01, 0xC5,
+    0x4F, 0x42, 0x2B, 0xDE, 0x0F, 0xEA, 0x4A, 0x4F, 0xC3, 0x5B, 0xDF, 0x9B,
+    0x5D, 0x30, 0x18, 0x93, 0xD0, 0xDE, 0xC5, 0x09, 0xAA, 0x57, 0x57, 0xBD,
+    0x2D, 0x84, 0x03, 0xB7
+};
+
+static const unsigned char kat_RSA_PSS_SHA256[] = {
+    0x38, 0xDA, 0x99, 0x51, 0x26, 0x38, 0xC6, 0x7F, 0xC4, 0x81, 0x57, 0x19,
+    0x35, 0xC6, 0xF6, 0x1E, 0x90, 0x47, 0x20, 0x55, 0x47, 0x56, 0x26, 0xE9,
+    0xF2, 0xA8, 0x39, 0x6C, 0xD5, 0xCD, 0xCB, 0x55, 0xFC, 0x0C, 0xC5, 0xCB,
+    0xF7, 0x40, 0x17, 0x3B, 0xCF, 0xE4, 0x05, 0x03, 0x3B, 0xA0, 0xB2, 0xC9,
+    0x0D, 0x5E, 0x48, 0x3A, 0xE9, 0xAD, 0x28, 0x71, 0x7D, 0x8F, 0x89, 0x16,
+    0x59, 0x93, 0x35, 0xDC, 0x4D, 0x7B, 0xDF, 0x84, 0xE4, 0x68, 0xAA, 0x33,
+    0xAA, 0xDC, 0x66, 0x50, 0xC8, 0xA9, 0x32, 0x12, 0xDC, 0xC6, 0x90, 0x49,
+    0x0B, 0x75, 0xFF, 0x9B, 0x95, 0x00, 0x9A, 0x90, 0xE0, 0xD4, 0x0E, 0x67,
+    0xAB, 0x3C, 0x47, 0x36, 0xC5, 0x2E, 0x1C, 0x46, 0xF0, 0x2D, 0xD3, 0x8B,
+    0x42, 0x08, 0xDE, 0x0D, 0xB6, 0x2C, 0x86, 0xB0, 0x35, 0x71, 0x18, 0x6B,
+    0x89, 0x67, 0xC0, 0x05, 0xAD, 0xF4, 0x1D, 0x62, 0x4E, 0x75, 0xEC, 0xD6,
+    0xC2, 0xDB, 0x07, 0xB0, 0xB6, 0x8D, 0x15, 0xAD, 0xCD, 0xBF, 0xF5, 0x60,
+    0x76, 0xAE, 0x48, 0xB8, 0x77, 0x7F, 0xC5, 0x01, 0xD9, 0x29, 0xBB, 0xD6,
+    0x17, 0xA2, 0x20, 0x5A, 0xC0, 0x4A, 0x3B, 0x34, 0xC8, 0xB9, 0x39, 0xCF,
+    0x06, 0x89, 0x95, 0x6F, 0xC7, 0xCA, 0xC4, 0xE4, 0x43, 0xDF, 0x5A, 0x23,
+    0xE2, 0x89, 0xA3, 0x38, 0x78, 0x31, 0x38, 0xC6, 0xA4, 0x6F, 0x5F, 0x73,
+    0x5A, 0xE5, 0x9E, 0x09, 0xE7, 0x6F, 0xD4, 0xF8, 0x3E, 0xB7, 0xB0, 0x56,
+    0x9A, 0xF3, 0x65, 0xF0, 0xC2, 0xA6, 0x8A, 0x08, 0xBA, 0x44, 0xAC, 0x97,
+    0xDE, 0xB4, 0x16, 0x83, 0xDF, 0xE3, 0xEE, 0x71, 0xFA, 0xF9, 0x51, 0x50,
+    0x14, 0xDC, 0xFD, 0x6A, 0x82, 0x20, 0x68, 0x64, 0x7D, 0x4E, 0x82, 0x68,
+    0xD7, 0x45, 0xFA, 0x6A, 0xE4, 0xE5, 0x29, 0x3A, 0x70, 0xFB, 0xE4, 0x62,
+    0x2B, 0x31, 0xB9, 0x7D
+};
+
+static const unsigned char kat_RSA_PSS_SHA384[] = {
+    0x99, 0x02, 0xC9, 0x1E, 0x31, 0x82, 0xB4, 0xE6, 0x1B, 0x32, 0xCE, 0x5D,
+    0x41, 0x1D, 0x00, 0x2F, 0x04, 0x8B, 0xBD, 0x37, 0x79, 0xCF, 0x77, 0x03,
+    0x05, 0x6A, 0x21, 0xC7, 0x8D, 0x24, 0x60, 0x49, 0x39, 0x58, 0xC5, 0x27,
+    0x8F, 0xC5, 0x97, 0x4A, 0xB2, 0xE1, 0xD4, 0x36, 0x57, 0xBD, 0x43, 0xCC,
+    0x7B, 0xCE, 0xF2, 0xA5, 0x30, 0xF8, 0x72, 0x14, 0xBB, 0xD0, 0x9F, 0xC1,
+    0x49, 0xC8, 0x1C, 0xAF, 0xCD, 0x95, 0x78, 0x72, 0x25, 0xF9, 0x45, 0xC6,
+    0x5B, 0x62, 0x5E, 0x01, 0xD7, 0x40, 0x5E, 0xC8, 0xCA, 0x0A, 0xF3, 0xBA,
+    0x08, 0x07, 0x88, 0xCA, 0x49, 0x36, 0x84, 0x7D, 0xF6, 0xFC, 0x5A, 0xDB,
+    0xFC, 0x50, 0xD3, 0xEB, 0x3D, 0x83, 0xB0, 0xF5, 0x94, 0x5E, 0x88, 0xC3,
+    0x82, 0xCD, 0x53, 0x40, 0x96, 0x18, 0x6B, 0x4A, 0x6C, 0x9C, 0xFE, 0xE5,
+    0x3B, 0x75, 0xF9, 0xEB, 0xA5, 0x77, 0x11, 0xEF, 0x88, 0x1C, 0x25, 0x70,
+    0x7D, 0x88, 0x5D, 0xC3, 0xCA, 0xE1, 0x49, 0x14, 0x90, 0xAD, 0xF2, 0x5E,
+    0x49, 0xD7, 0x99, 0xA5, 0x7B, 0x77, 0x3B, 0x8E, 0xB8, 0xDB, 0xF1, 0x4C,
+    0xD6, 0x9A, 0xDC, 0xE5, 0x7A, 0x1C, 0xE1, 0xCE, 0x9D, 0xF1, 0xF3, 0xA0,
+    0x0A, 0x35, 0x52, 0x9D, 0xB9, 0x46, 0x94, 0x82, 0x0F, 0xF7, 0xB2, 0x62,
+    0x51, 0x70, 0x75, 0xD2, 0x37, 0x96, 0x67, 0x2F, 0xD0, 0x22, 0xD8, 0x07,
+    0x8D, 0x69, 0x9E, 0x6D, 0x0B, 0x40, 0x4F, 0x70, 0xEC, 0x0B, 0xCA, 0x88,
+    0x80, 0x8D, 0x9A, 0xF4, 0xF9, 0x18, 0x50, 0x27, 0x08, 0xFA, 0xCC, 0xC7,
+    0x3F, 0xE4, 0x84, 0x83, 0xA1, 0xB6, 0x1D, 0x23, 0x34, 0xFE, 0x48, 0xE5,
+    0xE3, 0xAE, 0x4D, 0x98, 0xBC, 0xA6, 0x8A, 0x9F, 0xFD, 0x4D, 0xDB, 0x9D,
+    0xF7, 0xEB, 0x4E, 0xB6, 0x6F, 0x25, 0xEA, 0x7A, 0xE9, 0x85, 0xB2, 0xEF,
+    0x90, 0xD2, 0xA6, 0x2B
+};
+
+static const unsigned char kat_RSA_PSS_SHA512[] = {
+    0x3F, 0x83, 0x43, 0x78, 0x25, 0xBE, 0x81, 0xB2, 0x6E, 0x78, 0x11, 0x32,
+    0xD0, 0x88, 0x05, 0x53, 0x95, 0xED, 0x81, 0x12, 0xCE, 0x50, 0xD9, 0x06,
+    0x42, 0x89, 0xA0, 0x55, 0x7A, 0x05, 0x13, 0x94, 0x35, 0x9B, 0xCA, 0x5D,
+    0xCB, 0xB2, 0x32, 0xE1, 0x04, 0x99, 0xEC, 0xE7, 0xA6, 0x69, 0x4D, 0x2B,
+    0xC1, 0x57, 0x13, 0x48, 0x0D, 0x6B, 0x4D, 0x83, 0x28, 0x06, 0x79, 0x9D,
+    0xB4, 0x70, 0xCE, 0xC0, 0xFC, 0x3B, 0x69, 0xB3, 0x91, 0x54, 0xA9, 0x44,
+    0x2E, 0xDA, 0x4A, 0xC5, 0xC2, 0x99, 0xF0, 0xDE, 0xCA, 0x77, 0x99, 0x6B,
+    0x0C, 0x79, 0xE5, 0x29, 0x74, 0x83, 0x69, 0xEA, 0xB8, 0x72, 0x30, 0x3D,
+    0x7A, 0x30, 0xE1, 0x03, 0x7B, 0x09, 0xE6, 0x11, 0xC0, 0xDC, 0xFF, 0xFD,
+    0xBD, 0xEC, 0x9C, 0xCC, 0x46, 0x7B, 0x4C, 0x4C, 0x59, 0xBE, 0x82, 0x7C,
+    0xF5, 0x60, 0x5A, 0xC3, 0xE8, 0xA8, 0x8A, 0x38, 0x9E, 0x01, 0x57, 0xF1,
+    0x79, 0x3A, 0x7C, 0xA3, 0x9F, 0x12, 0x1A, 0x4F, 0x2E, 0xA2, 0xE5, 0x0A,
+    0xAB, 0xC0, 0xF4, 0xA5, 0xE3, 0x5F, 0x89, 0x1C, 0x8F, 0xA4, 0x5E, 0xCE,
+    0x0D, 0x91, 0x05, 0x1B, 0x17, 0x62, 0x48, 0xFE, 0xA5, 0x4C, 0xEF, 0x2D,
+    0x28, 0xF1, 0x5E, 0xE6, 0xD1, 0x30, 0x89, 0x0A, 0xAD, 0x18, 0xAF, 0x6F,
+    0x04, 0x09, 0x36, 0x9A, 0xFF, 0xCA, 0xA1, 0xA7, 0x05, 0x7F, 0xD4, 0xBF,
+    0x3A, 0xB5, 0x42, 0x6D, 0xE9, 0x07, 0x29, 0x65, 0x8B, 0xAD, 0x4D, 0x0F,
+    0x22, 0xE1, 0x59, 0x43, 0x68, 0x87, 0xA8, 0x8B, 0xBC, 0x69, 0xA1, 0x94,
+    0x22, 0x3E, 0x8A, 0x49, 0xE8, 0xA3, 0x6F, 0xC2, 0x93, 0x58, 0xE7, 0xAE,
+    0xC9, 0x1F, 0xCF, 0x61, 0x93, 0xFC, 0xC1, 0xF6, 0xF3, 0x27, 0x7F, 0x0A,
+    0x90, 0xE0, 0x65, 0x32, 0x57, 0x47, 0xE2, 0xED, 0x08, 0x59, 0xA6, 0xF0,
+    0x17, 0x2C, 0x13, 0xE0
+};
+
+static const unsigned char kat_RSA_SHA1[] = {
+    0x3B, 0x60, 0x4B, 0xFC, 0x54, 0x28, 0x23, 0xE6, 0x2F, 0x05, 0x04, 0xBA,
+    0x9D, 0xE4, 0x3C, 0xB8, 0x5B, 0x60, 0x5C, 0xCD, 0x9D, 0xEA, 0xC3, 0x4C,
+    0xC2, 0x33, 0xE6, 0xC6, 0x21, 0x48, 0x76, 0xEC, 0xB2, 0xF5, 0x11, 0xDE,
+    0x44, 0xB4, 0xAF, 0x16, 0x11, 0xC3, 0x18, 0x16, 0xB3, 0x69, 0xBB, 0x94,
+    0xED, 0xE8, 0xB3, 0x9E, 0xB1, 0x43, 0x8E, 0xCE, 0xB4, 0x34, 0x9B, 0x08,
+    0x22, 0xAF, 0x31, 0x73, 0xB5, 0xFA, 0x11, 0x7E, 0x8F, 0x13, 0x52, 0xEC,
+    0xC9, 0x03, 0xEE, 0x0D, 0x2B, 0x91, 0x32, 0xF2, 0x8E, 0xDF, 0x02, 0xE0,
+    0x0A, 0x47, 0xD2, 0x0A, 0x51, 0x00, 0x1A, 0x30, 0x6F, 0x0C, 0xB3, 0x54,
+    0x64, 0x20, 0x90, 0x0C, 0x01, 0xBE, 0xC0, 0x42, 0x8C, 0x5D, 0x18, 0x6F,
+    0x32, 0x75, 0x45, 0x7B, 0x1C, 0x04, 0xA2, 0x9F, 0x84, 0xD7, 0xF5, 0x3A,
+    0x95, 0xD4, 0xE8, 0x8D, 0xEC, 0x99, 0xEF, 0x18, 0x5E, 0x64, 0xD3, 0xAF,
+    0xF8, 0xD4, 0xFF, 0x3C, 0x87, 0xA0, 0x3F, 0xC7, 0x22, 0x05, 0xFD, 0xFD,
+    0x29, 0x8A, 0x28, 0xDA, 0xA9, 0x8A, 0x8B, 0x23, 0x62, 0x9D, 0x42, 0xB8,
+    0x4A, 0x76, 0x0D, 0x9F, 0x9A, 0xE0, 0xE6, 0xDD, 0xAD, 0x5E, 0x5F, 0xD5,
+    0x32, 0xE9, 0x4B, 0x97, 0x7D, 0x62, 0x0A, 0xB3, 0xBE, 0xF2, 0x8C, 0x1F,
+    0x2B, 0x22, 0x06, 0x15, 0x33, 0x71, 0xED, 0x9B, 0xA0, 0x82, 0xCE, 0xBF,
+    0x3B, 0x08, 0x5F, 0xA7, 0x20, 0x94, 0x09, 0xEB, 0x82, 0xA5, 0x41, 0x60,
+    0xF1, 0x08, 0xEB, 0x8D, 0xCC, 0x8D, 0xC9, 0x52, 0x0A, 0xAF, 0xF4, 0xF9,
+    0x9F, 0x82, 0xD8, 0x0B, 0x75, 0x5E, 0xE4, 0xAF, 0x65, 0x96, 0xAF, 0xFC,
+    0x33, 0xBF, 0x9F, 0x3E, 0xA4, 0x7B, 0x86, 0xC7, 0xF7, 0x47, 0xAB, 0x37,
+    0x05, 0xD6, 0x0D, 0x31, 0x72, 0x8C, 0x80, 0x1E, 0xA9, 0x54, 0xFC, 0xDF,
+    0x27, 0x90, 0xE2, 0x01
+};
+
+static const unsigned char kat_RSA_SHA224[] = {
+    0xA2, 0xD8, 0x42, 0x53, 0xDD, 0xBF, 0x1F, 0x6B, 0x07, 0xE0, 0x60, 0x86,
+    0x5A, 0x60, 0x06, 0x8F, 0x44, 0xD9, 0xB0, 0x4A, 0xAA, 0x90, 0x71, 0xB8,
+    0xB2, 0xBC, 0x30, 0x41, 0x50, 0xBB, 0xFD, 0x46, 0x98, 0x4D, 0xC0, 0x89,
+    0x57, 0x85, 0x8A, 0x97, 0x49, 0x25, 0xA8, 0x0C, 0x69, 0x70, 0x19, 0x39,
+    0x66, 0x24, 0xB4, 0x69, 0x47, 0xD2, 0x7C, 0xDE, 0x2D, 0x37, 0x59, 0xB3,
+    0xE3, 0xC7, 0x6B, 0xDD, 0xBE, 0xE1, 0xE6, 0x28, 0x9A, 0x8D, 0x42, 0x3E,
+    0x28, 0x01, 0xD7, 0x03, 0xC9, 0x73, 0xC3, 0x6B, 0x03, 0xEC, 0x1E, 0xF8,
+    0x53, 0x8B, 0x52, 0x42, 0x89, 0x55, 0xB7, 0x87, 0xA9, 0x94, 0xC2, 0xB4,
+    0x4B, 0x76, 0xF5, 0x61, 0x47, 0xE1, 0x44, 0x7B, 0xEC, 0xB4, 0x25, 0x66,
+    0xC0, 0xFF, 0xEB, 0x86, 0x24, 0xAA, 0xA8, 0x72, 0xC7, 0xFB, 0xFB, 0xF6,
+    0x84, 0xA7, 0x5B, 0xD4, 0x87, 0xE5, 0x84, 0x56, 0x1E, 0x4C, 0xE5, 0xBC,
+    0x87, 0x94, 0xAC, 0x9C, 0x1B, 0x3D, 0xF7, 0xD4, 0x36, 0x85, 0x9F, 0xC9,
+    0xF6, 0x43, 0x3F, 0xB6, 0x25, 0x33, 0x48, 0x0F, 0xE5, 0x7C, 0xCD, 0x53,
+    0x48, 0xEB, 0x02, 0x11, 0xB9, 0x9E, 0xC3, 0xB4, 0xE1, 0x54, 0xD6, 0xAA,
+    0x1A, 0x9E, 0x10, 0xE1, 0x27, 0x25, 0xF2, 0xE1, 0xAB, 0xAB, 0x6C, 0x45,
+    0x61, 0xD5, 0xA3, 0x6C, 0xB6, 0x33, 0x52, 0xAE, 0x3D, 0xFD, 0x22, 0xFC,
+    0x3A, 0xAB, 0x63, 0x94, 0xB5, 0x3A, 0x69, 0x11, 0xAC, 0x99, 0x4F, 0x33,
+    0x67, 0x0A, 0x1A, 0x70, 0x1E, 0xB9, 0xE2, 0x26, 0x27, 0x68, 0xEA, 0xF5,
+    0x97, 0x55, 0xAC, 0x83, 0x6A, 0x40, 0x3B, 0x56, 0xAE, 0x13, 0x88, 0xE8,
+    0x98, 0x72, 0x52, 0x91, 0x7F, 0x78, 0x0A, 0x18, 0xD4, 0x44, 0x78, 0x83,
+    0x0D, 0x44, 0x77, 0xA6, 0xF3, 0x04, 0xF1, 0x8C, 0xBC, 0x2F, 0xF9, 0x5B,
+    0xDB, 0x70, 0x00, 0xF6
+};
+
+static const unsigned char kat_RSA_SHA256[] = {
+    0xC2, 0xB1, 0x97, 0x00, 0x9A, 0xE5, 0x80, 0x6A, 0xE2, 0x51, 0x68, 0xB9,
+    0x7A, 0x0C, 0xF2, 0xB4, 0x77, 0xED, 0x15, 0x0C, 0x4E, 0xE1, 0xDC, 0xFF,
+    0x8E, 0xBC, 0xDE, 0xC7, 0x9A, 0x96, 0xF1, 0x47, 0x45, 0x24, 0x9D, 0x6F,
+    0xA6, 0xF3, 0x1D, 0x0D, 0x35, 0x4C, 0x1A, 0xF3, 0x58, 0x2C, 0x6C, 0x06,
+    0xD6, 0x22, 0x37, 0x77, 0x8C, 0x33, 0xE5, 0x07, 0x53, 0x93, 0x28, 0xCF,
+    0x67, 0xFA, 0xC4, 0x1F, 0x1B, 0x24, 0xDB, 0x4C, 0xC5, 0x2A, 0x51, 0xA2,
+    0x60, 0x15, 0x8C, 0x54, 0xB4, 0x30, 0xE2, 0x24, 0x47, 0x86, 0xF2, 0xF8,
+    0x6C, 0xD6, 0x12, 0x59, 0x2C, 0x74, 0x9A, 0x37, 0xF3, 0xC4, 0xA2, 0xD5,
+    0x4E, 0x1F, 0x77, 0xF0, 0x27, 0xCE, 0x77, 0xF8, 0x4A, 0x79, 0x03, 0xBE,
+    0xC8, 0x06, 0x2D, 0xA7, 0xA6, 0x46, 0xF5, 0x55, 0x79, 0xD7, 0x5C, 0xC6,
+    0x5B, 0xB1, 0x00, 0x4E, 0x7C, 0xD9, 0x11, 0x85, 0xE0, 0xB1, 0x4D, 0x2D,
+    0x13, 0xD7, 0xAC, 0xEA, 0x64, 0xD1, 0xAC, 0x8F, 0x8D, 0x8F, 0xEA, 0x42,
+    0x7F, 0xF9, 0xB7, 0x7D, 0x2C, 0x68, 0x49, 0x07, 0x7A, 0x74, 0xEF, 0xB4,
+    0xC9, 0x97, 0x16, 0x5C, 0x6C, 0x6E, 0x5C, 0x09, 0x2E, 0x8E, 0x13, 0x2E,
+    0x1A, 0x8D, 0xA6, 0x0C, 0x6E, 0x0C, 0x1C, 0x0F, 0xCC, 0xB2, 0x78, 0x8A,
+    0x07, 0xFC, 0x5C, 0xC2, 0xF5, 0x65, 0xEC, 0xAB, 0x8B, 0x3C, 0xCA, 0x91,
+    0x6F, 0x84, 0x7C, 0x21, 0x0E, 0xB8, 0xDA, 0x7B, 0x6C, 0xF7, 0xDF, 0xAB,
+    0x7E, 0x15, 0xFD, 0x85, 0x0B, 0x33, 0x9B, 0x6A, 0x3A, 0xC3, 0xEF, 0x65,
+    0x04, 0x6E, 0xB2, 0xAC, 0x98, 0xFD, 0xEB, 0x02, 0xF5, 0xC0, 0x0B, 0x5E,
+    0xCB, 0xD4, 0x83, 0x82, 0x18, 0x1B, 0xDA, 0xB4, 0xCD, 0xE8, 0x71, 0x6B,
+    0x1D, 0xB5, 0x4F, 0xE9, 0xD6, 0x43, 0xA0, 0x0A, 0x14, 0xA0, 0xE7, 0x5D,
+    0x47, 0x9D, 0x18, 0xD7
+};
+
+static const unsigned char kat_RSA_SHA384[] = {
+    0x11, 0x5E, 0x63, 0xFE, 0x47, 0xAA, 0x6A, 0x84, 0xEB, 0x44, 0x9A, 0x00,
+    0x96, 0x4A, 0xED, 0xD2, 0xA7, 0x67, 0x3A, 0x64, 0x82, 0x30, 0x61, 0x2D,
+    0xE3, 0xF5, 0x49, 0x68, 0x5E, 0x60, 0xD2, 0x4D, 0xEF, 0xF2, 0xA4, 0xB2,
+    0x9A, 0x81, 0x1D, 0x41, 0xA5, 0x73, 0x59, 0xEB, 0xBB, 0xC4, 0x9E, 0x2B,
+    0xEB, 0xC3, 0xDE, 0x3A, 0xEA, 0xF5, 0xAD, 0xDA, 0x87, 0x08, 0x68, 0xCF,
+    0x12, 0x9B, 0xC1, 0xE4, 0xA7, 0x71, 0xF8, 0xBD, 0x6B, 0x6F, 0x50, 0xF1,
+    0xD1, 0xFF, 0xCE, 0x6C, 0xD9, 0xBE, 0xDA, 0x76, 0xF3, 0xEB, 0xAB, 0x9C,
+    0x41, 0x6E, 0x4F, 0x35, 0x7A, 0x61, 0x27, 0xBC, 0x03, 0x3E, 0xAE, 0x3E,
+    0x1B, 0xDD, 0xAC, 0xD9, 0x1A, 0xFF, 0xD3, 0xF5, 0x66, 0x43, 0x07, 0x76,
+    0x8A, 0x69, 0x2D, 0x14, 0xB1, 0xBE, 0x55, 0x49, 0x90, 0x89, 0x4B, 0xC4,
+    0x11, 0x67, 0xD5, 0x9D, 0xB0, 0xB2, 0xEE, 0x8D, 0x0A, 0x47, 0x4A, 0xD9,
+    0x0E, 0xD1, 0x24, 0xF0, 0x30, 0x2B, 0xF2, 0x79, 0x47, 0xDB, 0x70, 0xB4,
+    0x46, 0xF2, 0xF8, 0xB7, 0xB4, 0xF6, 0x34, 0x79, 0xA8, 0x2D, 0x3D, 0x56,
+    0xD5, 0x9A, 0x60, 0x7A, 0x04, 0xC7, 0x66, 0x1D, 0xCD, 0x3C, 0xD5, 0x39,
+    0x37, 0x12, 0x51, 0x5E, 0x9F, 0xF8, 0x1A, 0xAF, 0x13, 0xC1, 0x13, 0x00,
+    0x35, 0xD5, 0x8D, 0x17, 0xE3, 0x02, 0x28, 0xD9, 0xEC, 0xDE, 0xD1, 0x2F,
+    0x93, 0x49, 0x03, 0x11, 0x3E, 0x56, 0x9D, 0xC2, 0x31, 0xF8, 0xAF, 0x2D,
+    0xD9, 0x99, 0xB7, 0x8A, 0xAC, 0x5A, 0x86, 0x20, 0x3A, 0x83, 0x29, 0x26,
+    0x9D, 0x03, 0x52, 0x2B, 0x34, 0x56, 0x40, 0x16, 0x53, 0x50, 0x82, 0xC9,
+    0xC7, 0xD5, 0x51, 0x4C, 0xED, 0xB3, 0xE2, 0xE1, 0xCF, 0xA8, 0xCE, 0xBD,
+    0xB1, 0x48, 0xA6, 0x8A, 0x79, 0x17, 0x55, 0x11, 0xEF, 0xE8, 0x14, 0xF4,
+    0x7E, 0x37, 0x1D, 0x96
+};
+
+static const unsigned char kat_RSA_SHA512[] = {
+    0x35, 0x6D, 0xF1, 0x9E, 0xCF, 0xB1, 0xF6, 0x0C, 0x04, 0x21, 0x17, 0xB3,
+    0xC4, 0x9D, 0xFE, 0x62, 0x1C, 0x1A, 0x45, 0x00, 0x2E, 0x6B, 0xB6, 0x9F,
+    0x5C, 0xB1, 0xCB, 0xCF, 0xF9, 0x67, 0xEA, 0x62, 0x8A, 0xEB, 0x77, 0x02,
+    0x42, 0x30, 0x88, 0xB1, 0x48, 0xDF, 0x12, 0x60, 0x6E, 0x92, 0xBB, 0x4B,
+    0x09, 0x68, 0xD1, 0x70, 0x2B, 0x59, 0xEE, 0x57, 0x96, 0xF9, 0xEA, 0xA3,
+    0x4C, 0xE9, 0xC9, 0xBD, 0x25, 0x34, 0x66, 0x15, 0x6C, 0xC9, 0x81, 0xD1,
+    0x48, 0x0F, 0x33, 0x5F, 0x05, 0x4F, 0xC2, 0xC4, 0xDD, 0x09, 0x54, 0x79,
+    0xA1, 0x57, 0x07, 0x70, 0xA0, 0x33, 0x02, 0x4D, 0x5D, 0xE9, 0x24, 0xD1,
+    0xEF, 0xF0, 0x61, 0xD0, 0x1D, 0x41, 0xE2, 0x9B, 0x2B, 0x7C, 0xD0, 0x4E,
+    0x55, 0xD9, 0x6D, 0xA1, 0x16, 0x9F, 0xDA, 0xC3, 0x3B, 0xF1, 0x74, 0xD1,
+    0x99, 0xF1, 0x63, 0x57, 0xAD, 0xC7, 0x55, 0xF4, 0x97, 0x43, 0x1C, 0xED,
+    0x1B, 0x7A, 0x32, 0xCB, 0x24, 0xA6, 0x3D, 0x93, 0x37, 0x90, 0x74, 0xEE,
+    0xD2, 0x8D, 0x4B, 0xBC, 0x72, 0xDA, 0x25, 0x2B, 0x64, 0xE9, 0xCA, 0x69,
+    0x36, 0xB6, 0xEC, 0x6E, 0x8F, 0x33, 0x0E, 0x74, 0x40, 0x48, 0x51, 0xE2,
+    0x54, 0x6F, 0xAF, 0x6E, 0x36, 0x54, 0x3A, 0xEC, 0x78, 0x37, 0xE6, 0x1F,
+    0x76, 0xA5, 0x4D, 0xA6, 0xD9, 0xB3, 0x6B, 0x17, 0x6D, 0x61, 0xFC, 0xA3,
+    0x85, 0x4A, 0xCC, 0xDA, 0x52, 0xAC, 0x5B, 0xDA, 0x51, 0xE5, 0x7F, 0x5B,
+    0x52, 0x8B, 0x74, 0x75, 0x99, 0x5C, 0x01, 0xFD, 0x25, 0x3E, 0xCD, 0x86,
+    0x6F, 0x7A, 0xC0, 0xD8, 0x17, 0x6F, 0xD1, 0xD2, 0x6B, 0xAB, 0x14, 0x1F,
+    0x3B, 0xB8, 0x15, 0x05, 0x86, 0x40, 0x36, 0xCF, 0xDA, 0x59, 0x2B, 0x9A,
+    0xE9, 0x1E, 0x6E, 0xD3, 0x6B, 0xA1, 0x19, 0xC5, 0xE6, 0x3F, 0xE9, 0x2E,
+    0x43, 0xA8, 0x34, 0x0A
+};
+
+static int fips_rsa_encrypt_test(RSA *rsa, const unsigned char *plaintext,
+                                 int ptlen)
+{
+    unsigned char *ctbuf = NULL, *ptbuf = NULL;
+    int ret = 0;
+    int len;
+
+    ctbuf = OPENSSL_malloc(RSA_size(rsa));
+    if (!ctbuf)
+        goto err;
+
+    len = RSA_public_encrypt(ptlen, plaintext, ctbuf, rsa, RSA_PKCS1_PADDING);
+    if (len <= 0)
+        goto err;
+    /* Check ciphertext doesn't match plaintext */
+    if (len >= ptlen && !memcmp(plaintext, ctbuf, ptlen))
+        goto err;
+
+    ptbuf = OPENSSL_malloc(RSA_size(rsa));
+    if (!ptbuf)
+        goto err;
+
+    len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
+    if (len != ptlen)
+        goto err;
+    if (memcmp(ptbuf, plaintext, len))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (ctbuf)
+        OPENSSL_free(ctbuf);
+    if (ptbuf)
+        OPENSSL_free(ptbuf);
+    return ret;
+}
+
+int FIPS_selftest_rsa()
+{
+    int ret = 0;
+    RSA *key;
+    EVP_PKEY *pk = NULL;
+
+    if ((key = RSA_new()) == NULL)
+        goto err;
+
+    if (!setrsakey(key))
+        goto err;
+
+    if ((pk = EVP_PKEY_new()) == NULL)
+        goto err;
+
+    EVP_PKEY_set1_RSA(pk, key);
+
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+                                  EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                  "RSA SHA1 PKCS#1"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
+                                  EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                  "RSA SHA224 PKCS#1"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
+                                  EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                  "RSA SHA256 PKCS#1"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
+                                  EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                  "RSA SHA384 PKCS#1"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
+                                  EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                  "RSA SHA512 PKCS#1"))
+        goto err;
+
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
+                                  EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
+                                  "RSA SHA1 PSS"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_PSS_SHA224,
+                                  sizeof(kat_RSA_PSS_SHA224), EVP_sha224(),
+                                  EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA224 PSS"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_PSS_SHA256,
+                                  sizeof(kat_RSA_PSS_SHA256), EVP_sha256(),
+                                  EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA256 PSS"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_PSS_SHA384,
+                                  sizeof(kat_RSA_PSS_SHA384), EVP_sha384(),
+                                  EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA384 PSS"))
+        goto err;
+    if (!fips_pkey_signature_test(pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                  kat_RSA_PSS_SHA512,
+                                  sizeof(kat_RSA_PSS_SHA512), EVP_sha512(),
+                                  EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA512 PSS"))
+        goto err;
+
+    if (!fips_rsa_encrypt_test(key, kat_tbs, sizeof(kat_tbs) - 1))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (pk)
+        EVP_PKEY_free(pk);
+    if (key)
+        RSA_free(key);
+    return ret;
+}
+
+#endif                          /* def OPENSSL_FIPS */
Index: openssl-1.1.0i/crypto/fips/fips_sha_selftest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_sha_selftest.c	2019-01-18 12:58:06.874013873 +0100
@@ -0,0 +1,138 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef OPENSSL_FIPS
+static const char test[][60] = {
+    "",
+    "abc",
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+};
+
+static const unsigned char ret[][SHA_DIGEST_LENGTH] = {
+    {0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55,
+     0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09},
+    {0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e,
+     0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d},
+    {0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae,
+     0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1},
+};
+
+int FIPS_selftest_sha1()
+{
+    int n;
+
+    for (n = 0; n < sizeof(test) / sizeof(test[0]); ++n) {
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        EVP_Digest(test[n], strlen(test[n]), md, NULL,
+                   EVP_sha1(), NULL);
+        if (memcmp(md, ret[n], sizeof md)) {
+            FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1, FIPS_R_SELFTEST_FAILED);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static const unsigned char msg_sha256[] =
+    { 0xfa, 0x48, 0x59, 0x2a, 0xe1, 0xae, 0x1f, 0x30,
+    0xfc
+};
+
+static const unsigned char dig_sha256[] =
+    { 0xf7, 0x26, 0xd8, 0x98, 0x47, 0x91, 0x68, 0x5b,
+    0x9e, 0x39, 0xb2, 0x58, 0xbb, 0x75, 0xbf, 0x01,
+    0x17, 0x0c, 0x84, 0x00, 0x01, 0x7a, 0x94, 0x83,
+    0xf3, 0x0b, 0x15, 0x84, 0x4b, 0x69, 0x88, 0x8a
+};
+
+static const unsigned char msg_sha512[] =
+    { 0x37, 0xd1, 0x35, 0x9d, 0x18, 0x41, 0xe9, 0xb7,
+    0x6d, 0x9a, 0x13, 0xda, 0x5f, 0xf3, 0xbd
+};
+
+static const unsigned char dig_sha512[] =
+    { 0x11, 0x13, 0xc4, 0x19, 0xed, 0x2b, 0x1d, 0x16,
+    0x11, 0xeb, 0x9b, 0xbe, 0xf0, 0x7f, 0xcf, 0x44,
+    0x8b, 0xd7, 0x57, 0xbd, 0x8d, 0xa9, 0x25, 0xb0,
+    0x47, 0x25, 0xd6, 0x6c, 0x9a, 0x54, 0x7f, 0x8f,
+    0x0b, 0x53, 0x1a, 0x10, 0x68, 0x32, 0x03, 0x38,
+    0x82, 0xc4, 0x87, 0xc4, 0xea, 0x0e, 0xd1, 0x04,
+    0xa9, 0x98, 0xc1, 0x05, 0xa3, 0xf3, 0xf8, 0xb1,
+    0xaf, 0xbc, 0xd9, 0x78, 0x7e, 0xee, 0x3d, 0x43
+};
+
+int FIPS_selftest_sha2(void)
+{
+    unsigned char md[SHA512_DIGEST_LENGTH];
+
+    EVP_Digest(msg_sha256, sizeof(msg_sha256), md, NULL, EVP_sha256(), NULL);
+    if (memcmp(dig_sha256, md, sizeof(dig_sha256))) {
+        FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED);
+        return 0;
+    }
+
+    EVP_Digest(msg_sha512, sizeof(msg_sha512), md, NULL, EVP_sha512(), NULL);
+    if (memcmp(dig_sha512, md, sizeof(dig_sha512))) {
+        FIPSerr(FIPS_F_FIPS_SELFTEST_SHA2, FIPS_R_SELFTEST_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#endif
Index: openssl-1.1.0i/crypto/fips/fips_standalone_hmac.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/fips/fips_standalone_hmac.c	2019-01-18 12:58:06.874013873 +0100
@@ -0,0 +1,127 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/hmac.h>
+#include <openssl/sha.h>
+
+int main(int argc, char **argv)
+{
+#ifdef OPENSSL_FIPS
+    static char key[] = "orboDeJITITejsirpADONivirpUkvarP";
+    int n, binary = 0;
+
+    if (argc < 2) {
+        fprintf(stderr, "%s [<file>]+\n", argv[0]);
+        exit(1);
+    }
+
+    n = 1;
+    if (!strcmp(argv[n], "-binary")) {
+        n++;
+        binary = 1;             /* emit binary fingerprint... */
+    }
+
+    for (; n < argc; ++n) {
+        FILE *f = fopen(argv[n], "rb");
+        HMAC_CTX *hmac_ctx;
+        unsigned char mac[EVP_MAX_MD_SIZE];
+        unsigned int len;
+        unsigned int i;
+
+        if (!f) {
+            perror(argv[n]);
+            exit(2);
+        }
+        hmac_ctx = HMAC_CTX_new();
+        if (!hmac_ctx)
+            exit(3);
+
+        if (HMAC_Init_ex(hmac_ctx, key, strlen(key), EVP_sha256(), NULL) <= 0) {
+            fprintf(stderr, "HMAC SHA256 initialization failed.\n");
+            exit(4);
+        }
+
+        for (;;) {
+            char buf[1024];
+            size_t l = fread(buf, 1, sizeof buf, f);
+
+            if (l == 0) {
+                if (ferror(f)) {
+                    perror(argv[n]);
+                    exit(3);
+                } else
+                    break;
+            }
+            if (HMAC_Update(hmac_ctx, buf, l) <= 0) {
+                fprintf(stderr, "HMAC_Update() failed.\n");
+                exit(4);
+            }
+        }
+        if (HMAC_Final(hmac_ctx, mac, &len) <= 0) {
+            fprintf(stderr, "HMAC_Final() failed.\n");
+            exit(4);
+        }
+
+        if (binary) {
+            fwrite(mac, len, 1, stdout);
+            break;              /* ... for single(!) file */
+        }
+
+/*      printf("HMAC-SHA1(%s)= ",argv[n]); */
+        for (i = 0; i < len; ++i)
+            printf("%02x", mac[i]);
+        printf("\n");
+    }
+#endif
+    return 0;
+}
Index: openssl-1.1.0i/crypto/hmac/hmac.c
===================================================================
--- openssl-1.1.0i.orig/crypto/hmac/hmac.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/hmac/hmac.c	2019-01-18 12:58:06.874013873 +0100
@@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const vo
     }
 
     if (key != NULL) {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(EVP_MD_flags(md) & EVP_MD_FLAG_FIPS)
+            && (!EVP_MD_CTX_test_flags(ctx->md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+                || !EVP_MD_CTX_test_flags(ctx->i_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+                || !EVP_MD_CTX_test_flags(ctx->o_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
+            goto err;
+#endif
         reset = 1;
         j = EVP_MD_block_size(md);
         OPENSSL_assert(j <= (int)sizeof(ctx->key));
Index: openssl-1.1.0i/crypto/include/internal/fips_int.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/crypto/include/internal/fips_int.h	2019-01-18 12:58:06.878013893 +0100
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+
+#ifndef OPENSSL_FIPS
+# error FIPS is disabled.
+#endif
+
+#ifdef OPENSSL_FIPS
+
+int FIPS_module_mode_set(int onoff);
+int FIPS_module_mode(void);
+int FIPS_module_installed(void);
+int FIPS_selftest_sha1(void);
+int FIPS_selftest_sha2(void);
+int FIPS_selftest_aes_ccm(void);
+int FIPS_selftest_aes_gcm(void);
+int FIPS_selftest_aes_xts(void);
+int FIPS_selftest_aes(void);
+int FIPS_selftest_des(void);
+int FIPS_selftest_rsa(void);
+int FIPS_selftest_dsa(void);
+int FIPS_selftest_ecdsa(void);
+int FIPS_selftest_ecdh(void);
+int FIPS_selftest_dh(void);
+void FIPS_drbg_stick(int onoff);
+int FIPS_selftest_hmac(void);
+int FIPS_selftest_drbg(void);
+int FIPS_selftest_cmac(void);
+
+int fips_pkey_signature_test(EVP_PKEY *pkey,
+                                 const unsigned char *tbs, int tbslen,
+                                 const unsigned char *kat,
+                                 unsigned int katlen,
+                                 const EVP_MD *digest,
+                                 unsigned int md_flags, const char *fail_str);
+
+int fips_cipher_test(EVP_CIPHER_CTX *ctx,
+                         const EVP_CIPHER *cipher,
+                         const unsigned char *key,
+                         const unsigned char *iv,
+                         const unsigned char *plaintext,
+                         const unsigned char *ciphertext, int len);
+
+void fips_set_selftest_fail(void);
+
+const EVP_MD *FIPS_get_digestbynid(int nid);
+
+const EVP_CIPHER *FIPS_get_cipherbynid(int nid);
+
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+
+#endif
Index: openssl-1.1.0i/crypto/o_fips.c
===================================================================
--- openssl-1.1.0i.orig/crypto/o_fips.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/o_fips.c	2019-01-18 12:58:06.878013893 +0100
@@ -9,7 +9,10 @@
 
 #include "internal/cryptlib.h"
 #ifdef OPENSSL_FIPS
+# include <openssl/rand.h>
 # include <openssl/fips.h>
+# include <openssl/fips_rand.h>
+# include "internal/fips_int.h"
 #endif
 
 int FIPS_mode(void)
@@ -24,7 +27,15 @@ int FIPS_mode(void)
 int FIPS_mode_set(int r)
 {
 #ifdef OPENSSL_FIPS
-    return FIPS_module_mode_set(r);
+    if (r && FIPS_module_mode()) /* can be implicitly initialized by OPENSSL_init() */
+        return 1;
+    if (!FIPS_module_mode_set(r))
+        return 0;
+    if (r)
+        RAND_set_rand_method(FIPS_rand_get_method());
+    else
+        RAND_set_rand_method(NULL);
+    return 1;
 #else
     if (r == 0)
         return 1;
Index: openssl-1.1.0i/crypto/o_init.c
===================================================================
--- openssl-1.1.0i.orig/crypto/o_init.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/o_init.c	2019-01-18 12:58:06.878013893 +0100
@@ -7,11 +7,50 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <e_os.h>
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
-# include <openssl/fips.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <errno.h>
+# include <stdlib.h>
 # include <openssl/rand.h>
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+
+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
+static void init_fips_mode(void)
+{
+    char buf[2] = "0";
+    int fd;
+
+    /* Ensure the selftests always run */
+    FIPS_mode_set(1);
+
+    if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+        buf[0] = '1';
+    } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
+        while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
+        close(fd);
+    }
+    /* Failure reading the fips mode switch file means just not
+     * switching into FIPS mode. We would break too many things
+     * otherwise..
+     */
+
+    if (buf[0] != '1') {
+        /* drop down to non-FIPS mode if it is not requested */
+        FIPS_mode_set(0);
+    } else {
+        /* abort if selftest failed */
+        FIPS_selftest_check();
+    }
+}
 #endif
 
 /*
@@ -19,16 +58,29 @@
  * sets FIPS callbacks
  */
 
-void OPENSSL_init(void)
+void __attribute__ ((constructor)) OPENSSL_init_library(void)
 {
     static int done = 0;
     if (done)
         return;
     done = 1;
 #ifdef OPENSSL_FIPS
-    FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-    FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-    FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
+    if (!FIPS_module_installed()) {
+        return;
+    }
     RAND_init_fips();
+    init_fips_mode();
+    if (!FIPS_mode()) {
+        /* Clean up prematurely set default rand method */
+        RAND_set_rand_method(NULL);
+    }
+#endif
+#if 0
+    fprintf(stderr, "Called OPENSSL_init\n");
 #endif
 }
+
+void OPENSSL_init(void)
+{
+    OPENSSL_init_library();
+}
Index: openssl-1.1.0i/crypto/rand/md_rand.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rand/md_rand.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rand/md_rand.c	2019-01-18 12:58:06.878013893 +0100
@@ -360,7 +360,7 @@ static int rand_bytes(unsigned char *buf
     CRYPTO_THREAD_unlock(rand_tmp_lock);
     crypto_lock_rand = 1;
 
-    if (!initialized) {
+    if (!initialized || FIPS_mode()) {
         RAND_poll();
         initialized = 1;
     }
Index: openssl-1.1.0i/crypto/rand/rand_err.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rand/rand_err.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rand/rand_err.c	2019-01-18 12:58:06.878013893 +0100
@@ -20,10 +20,13 @@
 
 static ERR_STRING_DATA RAND_str_functs[] = {
     {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"},
+    {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"},
     {0, NULL}
 };
 
 static ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising DRBG"},
+    {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating DRBG"},
     {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
     {0, NULL}
 };
Index: openssl-1.1.0i/crypto/rand/rand_lcl.h
===================================================================
--- openssl-1.1.0i.orig/crypto/rand/rand_lcl.h	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rand/rand_lcl.h	2019-01-18 12:58:06.878013893 +0100
@@ -10,7 +10,7 @@
 #ifndef HEADER_RAND_LCL_H
 # define HEADER_RAND_LCL_H
 
-# define ENTROPY_NEEDED 32      /* require 256 bits = 32 bytes of randomness */
+# define ENTROPY_NEEDED 48      /* require 384 bits = 48 bytes of randomness */
 
 # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
 #  define USE_SHA1_RAND
Index: openssl-1.1.0i/crypto/rand/rand_lib.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rand/rand_lib.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rand/rand_lib.c	2019-01-18 12:58:06.878013893 +0100
@@ -18,6 +18,8 @@
 #ifdef OPENSSL_FIPS
 # include <openssl/fips.h>
 # include <openssl/fips_rand.h>
+# include "rand_lcl.h"
+# include "internal/fips_int.h"
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
@@ -162,3 +164,127 @@ int RAND_status(void)
         return meth->status();
     return 0;
 }
+
+#ifdef OPENSSL_FIPS
+
+/*
+ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest
+ * of OpenSSL.
+ */
+
+/*
+ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
+ * entropy internally through RAND_poll().
+ */
+
+static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
+                               int entropy, size_t min_len, size_t max_len)
+{
+    /* Round up request to multiple of block size */
+    min_len = ((min_len + 19) / 20) * 20;
+    *pout = OPENSSL_malloc(min_len);
+    if (!*pout)
+        return 0;
+    if (RAND_OpenSSL()->bytes(*pout, min_len) <= 0) {
+        OPENSSL_free(*pout);
+        *pout = NULL;
+        return 0;
+    }
+    return min_len;
+}
+
+static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
+{
+    if (out) {
+        OPENSSL_cleanse(out, olen);
+        OPENSSL_free(out);
+    }
+}
+
+/*
+ * Set "additional input" when generating random data. This uses the current
+ * PID, a time value and a counter.
+ */
+
+static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
+{
+    /* Use of static variables is OK as this happens under a lock */
+    static unsigned char buf[16];
+    static unsigned long counter;
+    FIPS_get_timevec(buf, &counter);
+    *pout = buf;
+    return sizeof(buf);
+}
+
+/*
+ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is
+ * correctly seeded by RAND_poll().
+ */
+
+static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
+                         double entropy)
+{
+    RAND_OpenSSL()->add(in, inlen, entropy);
+    if (FIPS_rand_status()) {
+        FIPS_drbg_reseed(ctx, NULL, 0);
+    }
+    return 1;
+}
+
+static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
+{
+    RAND_OpenSSL()->seed(in, inlen);
+    if (FIPS_rand_status()) {
+        FIPS_drbg_reseed(ctx, NULL, 0);
+    }
+    return 1;
+}
+
+# ifndef OPENSSL_DRBG_DEFAULT_TYPE
+#  define OPENSSL_DRBG_DEFAULT_TYPE       NID_aes_256_ctr
+# endif
+# ifndef OPENSSL_DRBG_DEFAULT_FLAGS
+#  define OPENSSL_DRBG_DEFAULT_FLAGS      DRBG_FLAG_CTR_USE_DF
+# endif
+
+static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
+static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
+
+void RAND_set_fips_drbg_type(int type, int flags)
+{
+    fips_drbg_type = type;
+    fips_drbg_flags = flags;
+}
+
+int RAND_init_fips(void)
+{
+    DRBG_CTX *dctx;
+    size_t plen;
+    unsigned char pers[32], *p;
+
+    dctx = FIPS_get_default_drbg();
+    if (dctx == NULL ||
+        FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) {
+        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
+        return 0;
+    }
+
+    FIPS_drbg_set_callbacks(dctx,
+                            drbg_get_entropy, drbg_free_entropy, 20,
+                            drbg_get_entropy, drbg_free_entropy);
+    FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
+                                 drbg_rand_seed, drbg_rand_add);
+    /* Personalisation string: a string followed by date time vector */
+    strcpy((char *)pers, "OpenSSL DRBG2.0");
+    plen = drbg_get_adin(dctx, &p);
+    memcpy(pers + 16, p, plen);
+
+    if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) {
+        RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
+        return 0;
+    }
+    FIPS_rand_set_method(FIPS_drbg_method());
+    return 1;
+}
+
+#endif
Index: openssl-1.1.0i/crypto/rsa/rsa_crpt.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_crpt.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rsa/rsa_crpt.c	2019-01-18 12:58:06.878013893 +0100
@@ -28,24 +28,52 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                        RSA *rsa, int padding)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+        return -1;
+    }
+#endif
     return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
 }
 
 int RSA_private_encrypt(int flen, const unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT,
+               RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return -1;
+    }
+#endif
     return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
 }
 
 int RSA_private_decrypt(int flen, const unsigned char *from,
                         unsigned char *to, RSA *rsa, int padding)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+        return -1;
+    }
+#endif
     return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
 }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                        RSA *rsa, int padding)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_PUBLIC_DECRYPT,
+               RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return -1;
+    }
+#endif
     return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
 }
 
Index: openssl-1.1.0i/crypto/rsa/rsa_err.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_err.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rsa/rsa_err.c	2019-01-18 12:58:06.878013893 +0100
@@ -21,6 +21,7 @@
 static ERR_STRING_DATA RSA_str_functs[] = {
     {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
     {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"},
+    {ERR_FUNC(RSA_F_FIPS_RSA_BUILTIN_KEYGEN), "fips_rsa_builtin_keygen"},
     {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
     {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
     {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
@@ -33,6 +34,7 @@ static ERR_STRING_DATA RSA_str_functs[]
     {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
     {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
     {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
     {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"},
     {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"},
     {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"},
@@ -76,8 +78,14 @@ static ERR_STRING_DATA RSA_str_functs[]
     {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
     {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
     {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"},
+    {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
     {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"},
     {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"},
+    {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
+    {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
+    {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
     {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
     {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
     {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
@@ -135,10 +143,13 @@ static ERR_STRING_DATA RSA_str_reasons[]
     {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
     {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
     {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+    {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"},
     {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
      "null before block missing"},
     {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
     {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
+    {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
+     "operation not allowed in FIPS mode"},
     {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
      "operation not supported for this keytype"},
     {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
Index: openssl-1.1.0i/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_gen.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rsa/rsa_gen.c	2019-01-18 12:58:06.878013893 +0100
@@ -18,6 +18,75 @@
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include "rsa_locl.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include "internal/fips_int.h"
+
+int fips_check_rsa(RSA *rsa)
+{
+    const unsigned char tbs[] = "RSA Pairwise Check Data";
+    unsigned char *ctbuf = NULL, *ptbuf = NULL;
+    int len, ret = 0;
+    EVP_PKEY *pk;
+
+    if ((pk = EVP_PKEY_new()) == NULL)
+        goto err;
+
+    EVP_PKEY_set1_RSA(pk, rsa);
+
+    /* Perform pairwise consistency signature test */
+    if (!fips_pkey_signature_test(pk, tbs, -1,
+                                  NULL, 0, EVP_sha1(),
+                                  EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
+        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
+                                     EVP_MD_CTX_FLAG_PAD_X931, NULL)
+        || !fips_pkey_signature_test(pk, tbs, -1, NULL, 0, EVP_sha1(),
+                                     EVP_MD_CTX_FLAG_PAD_PSS, NULL))
+        goto err;
+    /* Now perform pairwise consistency encrypt/decrypt test */
+    ctbuf = OPENSSL_malloc(RSA_size(rsa));
+    if (!ctbuf)
+        goto err;
+
+    len =
+        RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa,
+                           RSA_PKCS1_PADDING);
+    if (len <= 0)
+        goto err;
+    /* Check ciphertext doesn't match plaintext */
+    if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
+        goto err;
+    ptbuf = OPENSSL_malloc(RSA_size(rsa));
+
+    if (!ptbuf)
+        goto err;
+    len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
+    if (len != (sizeof(tbs) - 1))
+        goto err;
+    if (memcmp(ptbuf, tbs, len))
+        goto err;
+
+    ret = 1;
+
+    if (!ptbuf)
+        goto err;
+
+ err:
+    if (ret == 0) {
+        fips_set_selftest_fail();
+        FIPSerr(FIPS_F_FIPS_CHECK_RSA, FIPS_R_PAIRWISE_TEST_FAILED);
+    }
+
+    if (ctbuf)
+        OPENSSL_free(ctbuf);
+    if (ptbuf)
+        OPENSSL_free(ptbuf);
+    if (pk)
+        EVP_PKEY_free(pk);
+
+    return ret;
+}
+#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
                               BN_GENCB *cb);
@@ -31,11 +100,281 @@ static int rsa_builtin_keygen(RSA *rsa,
  */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+        return 0;
+    }
+#endif
     if (rsa->meth->rsa_keygen)
         return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
     return rsa_builtin_keygen(rsa, bits, e_value, cb);
 }
 
+#ifdef OPENSSL_FIPS
+static int fips_rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+                                   BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
+    BN_CTX *ctx = NULL;
+    int ok = -1;
+    int i;
+    int n = 0;
+    int test = 0;
+    int pbits = bits / 2;
+    unsigned long error = 0;
+
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
+        return 0;
+    }
+
+    if ((pbits & 0xFF)
+        || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits < 2048)) {
+        FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+
+    if (r3 == NULL)
+        goto err;
+
+    /* We need the RSA components non-NULL */
+    if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+        goto err;
+    if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+        goto err;
+    if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
+        goto err;
+
+    if (!BN_set_word(r0, RSA_F4))
+        goto err;
+    if (BN_cmp(e_value, r0) < 0 || BN_num_bits(e_value) > 256) {
+        ok = 0;                 /* we set our own err */
+        RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, RSA_R_BAD_E_VALUE);
+        goto err;
+    }
+
+    /* prepare approximate minimum p and q */
+    if (!BN_set_word(r0, 0xB504F334))
+        goto err;
+    if (!BN_lshift(r0, r0, pbits - 32))
+        goto err;
+
+    /* prepare minimum p and q difference */
+    if (!BN_one(r3))
+        goto err;
+    if (!BN_lshift(r3, r3, pbits - 100))
+        goto err;
+
+    BN_copy(rsa->e, e_value);
+
+    if (!BN_is_zero(rsa->p) && !BN_is_zero(rsa->q))
+        test = 1;
+
+    BN_set_flags(r0, BN_FLG_CONSTTIME);
+    BN_set_flags(r1, BN_FLG_CONSTTIME);
+    BN_set_flags(r2, BN_FLG_CONSTTIME);
+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+
+ retry:
+    /* generate p and q */
+    for (i = 0; i < 5 * pbits; i++) {
+ ploop:
+        if (!test)
+            if (!BN_rand(rsa->p, pbits, 0, 1))
+                goto err;
+        if (BN_cmp(rsa->p, r0) < 0) {
+            if (test)
+                goto err;
+            goto ploop;
+        }
+
+        if (!BN_sub(r2, rsa->p, BN_value_one()))
+            goto err;
+        ERR_set_mark();
+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+            /* GCD == 1 since inverse exists */
+            int r;
+            r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
+                                        cb);
+            if (r == -1 || (test && r <= 0))
+                goto err;
+            if (r > 0)
+                break;
+        } else {
+            error = ERR_peek_last_error();
+            if (ERR_GET_LIB(error) == ERR_LIB_BN
+                && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+                /* GCD != 1 */
+                ERR_pop_to_mark();
+            } else {
+                goto err;
+            }
+        }
+        if (!BN_GENCB_call(cb, 2, n++))
+            goto err;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 0))
+        goto err;
+
+    if (i >= 5 * pbits)
+        /* prime not found */
+        goto err;
+
+    for (i = 0; i < 5 * pbits; i++) {
+ qloop:
+        if (!test)
+            if (!BN_rand(rsa->q, pbits, 0, 1))
+                goto err;
+        if (BN_cmp(rsa->q, r0) < 0) {
+            if (test)
+                goto err;
+            goto qloop;
+        }
+        if (!BN_sub(r2, rsa->q, rsa->p))
+            goto err;
+        if (BN_ucmp(r2, r3) <= 0) {
+            if (test)
+                goto err;
+            goto qloop;
+        }
+
+        if (!BN_sub(r2, rsa->q, BN_value_one()))
+            goto err;
+        ERR_set_mark();
+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+            /* GCD == 1 since inverse exists */
+            int r;
+            r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
+                                        cb);
+            if (r == -1 || (test && r <= 0))
+                goto err;
+            if (r > 0)
+                break;
+        } else {
+            error = ERR_peek_last_error();
+            if (ERR_GET_LIB(error) == ERR_LIB_BN
+                && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+                /* GCD != 1 */
+                ERR_pop_to_mark();
+            } else {
+                goto err;
+            }
+        }
+        if (!BN_GENCB_call(cb, 2, n++))
+            goto err;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    if (i >= 5 * pbits)
+        /* prime not found */
+        goto err;
+
+    if (test) {
+        /* do not try to calculate the remaining key values */
+        BN_clear(rsa->n);
+        ok = 1;
+        goto err;
+    }
+
+    if (BN_cmp(rsa->p, rsa->q) < 0) {
+        tmp = rsa->p;
+        rsa->p = rsa->q;
+        rsa->q = tmp;
+    }
+
+    /* calculate n */
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+
+    /* note that computing gcd is not safe to timing attacks */
+    if (!BN_gcd(r0, r1, r2, ctx))
+        goto err;
+
+    {
+        if (!BN_div(r0, NULL, r1, r0, ctx))
+            goto err;
+
+        if (!BN_mul(r0, r0, r2, ctx)) /* lcm(p-1, q-1) */
+            goto err;
+
+        if (!BN_mod_inverse(rsa->d, rsa->e, r0, ctx)) /* d */
+            goto err;
+    }
+
+    if (BN_num_bits(rsa->d) < pbits)
+        goto retry;             /* d is too small */
+
+    {
+        BIGNUM *d = BN_new();
+
+        if (d == NULL)
+            goto err;
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (/* calculate d mod (p-1) */
+            !BN_mod(rsa->dmp1, d, r1, ctx)
+            /* calculate d mod (q-1) */
+            || !BN_mod(rsa->dmq1, d, r2, ctx)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    /* calculate inverse of q mod p */
+    if (!BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx))
+        goto err;
+
+    if (!fips_check_rsa(rsa))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok == -1) {
+        RSAerr(RSA_F_FIPS_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+        ok = 0;
+    }
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+
+    return ok;
+}
+#endif
+
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
                               BN_GENCB *cb)
 {
@@ -44,6 +383,16 @@ static int rsa_builtin_keygen(RSA *rsa,
     BN_CTX *ctx = NULL;
     unsigned long error = 0;
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode()) {
+        if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
+            FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT);
+            return 0;
+        }
+        return fips_rsa_builtin_keygen(rsa, bits, e_value, cb);
+    }
+#endif
+
     /*
      * When generating ridiculously small keys, we can get stuck
      * continually regenerating the same prime values.
Index: openssl-1.1.0i/crypto/rsa/rsa_lib.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_lib.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rsa/rsa_lib.c	2019-01-18 12:58:06.878013893 +0100
@@ -32,6 +32,12 @@ int RSA_set_method(RSA *rsa, const RSA_M
      * to deal with which ENGINE it comes from.
      */
     const RSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
+        RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
+        return 0;
+    }
+#endif
     mtmp = rsa->meth;
     if (mtmp->finish)
         mtmp->finish(rsa);
@@ -64,7 +70,6 @@ RSA *RSA_new_method(ENGINE *engine)
 
     ret->meth = RSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
-    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
     if (engine) {
         if (!ENGINE_init(engine)) {
             RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
@@ -81,8 +86,19 @@ RSA *RSA_new_method(ENGINE *engine)
         }
     }
 #endif
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
+# ifndef OPENSSL_NO_ENGINE
+        if (ret->engine)
+            ENGINE_finish(ret->engine);
+# endif
+        OPENSSL_free(ret);
+        return NULL;
+    }
+#endif
 
-    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    ret->flags = ret->meth->flags;
     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
         goto err;
     }
Index: openssl-1.1.0i/crypto/rsa/rsa_ossl.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_ossl.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rsa/rsa_ossl.c	2019-01-18 12:58:06.878013893 +0100
@@ -11,6 +11,10 @@
 #include "internal/bn_int.h"
 #include "rsa_locl.h"
 
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding);
 static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
@@ -45,6 +49,12 @@ static const RSA_METHOD *default_RSA_met
 
 void RSA_set_default_method(const RSA_METHOD *meth)
 {
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
+        RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_RSA_METHOD);
+        return;
+    }
+#endif
     default_RSA_meth = meth;
 }
 
@@ -66,6 +76,22 @@ static int rsa_ossl_public_encrypt(int f
     unsigned char *buf = NULL;
     BN_CTX *ctx = NULL;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode()) {
+        if (FIPS_selftest_failed()) {
+            FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT,
+                    FIPS_R_FIPS_SELFTEST_FAILED);
+            goto err;
+        }
+
+        if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+            && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+            return -1;
+        }
+    }
+# endif
+
     if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
         RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
         return -1;
@@ -240,6 +266,22 @@ static int rsa_ossl_private_encrypt(int
     BIGNUM *unblind = NULL;
     BN_BLINDING *blinding = NULL;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode()) {
+        if (FIPS_selftest_failed()) {
+            FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT,
+                    FIPS_R_FIPS_SELFTEST_FAILED);
+            return -1;
+        }
+
+        if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+            && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+            return -1;
+        }
+    }
+# endif
+
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
     BN_CTX_start(ctx);
@@ -370,6 +412,22 @@ static int rsa_ossl_private_decrypt(int
     BIGNUM *unblind = NULL;
     BN_BLINDING *blinding = NULL;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode()) {
+        if (FIPS_selftest_failed()) {
+            FIPSerr(FIPS_F_RSA_OSSL_PRIVATE_DECRYPT,
+                    FIPS_R_FIPS_SELFTEST_FAILED);
+            return -1;
+        }
+
+        if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+            && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+            return -1;
+        }
+    }
+# endif
+
     if ((ctx = BN_CTX_new()) == NULL)
         goto err;
     BN_CTX_start(ctx);
@@ -492,6 +550,22 @@ static int rsa_ossl_public_decrypt(int f
     unsigned char *buf = NULL;
     BN_CTX *ctx = NULL;
 
+# ifdef OPENSSL_FIPS
+    if (FIPS_mode()) {
+        if (FIPS_selftest_failed()) {
+            FIPSerr(FIPS_F_RSA_OSSL_PUBLIC_DECRYPT,
+                    FIPS_R_FIPS_SELFTEST_FAILED);
+            goto err;
+        }
+
+        if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+            && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+            return -1;
+        }
+    }
+# endif
+
     if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
         RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
         return -1;
Index: openssl-1.1.0i/crypto/rsa/rsa_sign.c
===================================================================
--- openssl-1.1.0i.orig/crypto/rsa/rsa_sign.c	2018-08-14 14:45:07.000000000 +0200
+++ openssl-1.1.0i/crypto/rsa/rsa_sign.c	2019-01-18 12:58:06.882013915 +0100
@@ -73,6 +73,13 @@ int RSA_sign(int type, const unsigned ch
     unsigned char *tmps = NULL;
     const unsigned char *encoded = NULL;
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
+        return 0;
+    }
+#endif
     if (rsa->meth->rsa_sign) {
         return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
     }
@@ -100,8 +107,9 @@ int RSA_sign(int type, const unsigned ch
         RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
         goto err;
     }
-    encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa,
-                                      RSA_PKCS1_PADDING);
+    /* NB: call underlying method directly to avoid FIPS blocking */
+    encrypt_len = rsa->meth->rsa_priv_enc ? rsa->meth->rsa_priv_enc(encoded_len, encoded, sigret, rsa,
+                                                                    RSA_PKCS1_PADDING) : 0;
     if (encrypt_len <= 0)
         goto err;
 
Index: openssl-1.1.0i/crypto/sha/sha_locl.h
===================================================================
--- openssl-1.1.0i.orig/crypto/sha/sha_locl.h	2018-08-14 14:45:08.000000000 +0200
+++ openssl-1.1.0i/crypto/sha/sha_locl.h	2019-01-18 12:58:06.882013915 +0100
@@ -52,6 +52,9 @@ void sha1_block_data_order(SHA_CTX *c, c
 
 int HASH_INIT(SHA_CTX *c)
 {
+#if defined(OPENSSL_FIPS)
+    FIPS_selftest_check();
+#endif
     memset(c, 0, sizeof(*c));
     c->h0 = INIT_DATA_h0;
     c->h1 = INIT_DATA_h1;
Index: openssl-1.1.0i/crypto/sha/sha256.c
===================================================================
--- openssl-1.1.0i.orig/crypto/sha/sha256.c	2018-08-14 14:45:08.000000000 +0200
+++ openssl-1.1.0i/crypto/sha/sha256.c	2019-01-18 12:58:06.882013915 +0100
@@ -18,6 +18,9 @@
 
 int SHA224_Init(SHA256_CTX *c)
 {
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
     memset(c, 0, sizeof(*c));
     c->h[0] = 0xc1059ed8UL;
     c->h[1] = 0x367cd507UL;
@@ -33,6 +36,9 @@ int SHA224_Init(SHA256_CTX *c)
 
 int SHA256_Init(SHA256_CTX *c)
 {
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
     memset(c, 0, sizeof(*c));
     c->h[0] = 0x6a09e667UL;
     c->h[1] = 0xbb67ae85UL;
Index: openssl-1.1.0i/crypto/sha/sha512.c
===================================================================
--- openssl-1.1.0i.orig/crypto/sha/sha512.c	2018-08-14 14:45:08.000000000 +0200
+++ openssl-1.1.0i/crypto/sha/sha512.c	2019-01-18 12:58:06.882013915 +0100
@@ -62,6 +62,9 @@
 
 int SHA384_Init(SHA512_CTX *c)
 {
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
     c->h[0] = U64(0xcbbb9d5dc1059ed8);
     c->h[1] = U64(0x629a292a367cd507);
     c->h[2] = U64(0x9159015a3070dd17);
@@ -80,6 +83,9 @@ int SHA384_Init(SHA512_CTX *c)
 
 int SHA512_Init(SHA512_CTX *c)
 {
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
     c->h[0] = U64(0x6a09e667f3bcc908);
     c->h[1] = U64(0xbb67ae8584caa73b);
     c->h[2] = U64(0x3c6ef372fe94f82b);
Index: openssl-1.1.0i/doc/crypto/DSA_generate_parameters.pod
===================================================================
--- openssl-1.1.0i.orig/doc/crypto/DSA_generate_parameters.pod	2018-08-14 14:45:08.000000000 +0200
+++ openssl-1.1.0i/doc/crypto/DSA_generate_parameters.pod	2019-01-18 12:58:06.882013915 +0100
@@ -29,8 +29,10 @@ B<bits> is the length of the prime p to
 For lengths under 2048 bits, the length of q is 160 bits; for lengths
 greater than or equal to 2048 bits, the length of q is set to 256 bits.
 
-If B<seed> is NULL, the primes will be generated at random.
-If B<seed_len> is less than the length of q, an error is returned.
+If B<seed> is NULL, or it does not generate primes, the primes will be
+generated at random.
+If B<seed_len> is less than the length of q, an error is returned
+if old DSA parameter generation method is used as a backend.
 
 DSA_generate_parameters_ex() places the iteration count in
 *B<counter_ret> and a counter used for finding a generator in
Index: openssl-1.1.0i/include/openssl/crypto.h
===================================================================
--- openssl-1.1.0i.orig/include/openssl/crypto.h	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/include/openssl/crypto.h	2019-01-18 12:58:06.882013915 +0100
@@ -336,6 +336,11 @@ int OPENSSL_isservice(void);
 int FIPS_mode(void);
 int FIPS_mode_set(int r);
 
+# ifdef OPENSSL_FIPS
+/* die if FIPS selftest failed */
+void FIPS_selftest_check(void);
+# endif
+
 void OPENSSL_init(void);
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
Index: openssl-1.1.0i/include/openssl/dh.h
===================================================================
--- openssl-1.1.0i.orig/include/openssl/dh.h	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/include/openssl/dh.h	2019-01-18 12:58:06.882013915 +0100
@@ -30,6 +30,7 @@ extern "C" {
 # endif
 
 # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
 
 # define DH_FLAG_CACHE_MONT_P     0x01
 
@@ -325,6 +326,9 @@ int ERR_load_DH_strings(void);
 # define DH_F_DH_CMS_DECRYPT                              114
 # define DH_F_DH_CMS_SET_PEERKEY                          115
 # define DH_F_DH_CMS_SET_SHARED_INFO                      116
+# define DH_F_DH_COMPUTE_KEY                              203
+# define DH_F_DH_GENERATE_KEY                             202
+# define DH_F_DH_GENERATE_PARAMETERS_EX                   201
 # define DH_F_DH_METH_DUP                                 117
 # define DH_F_DH_METH_NEW                                 118
 # define DH_F_DH_METH_SET1_NAME                           119
@@ -346,10 +350,12 @@ int ERR_load_DH_strings(void);
 # define DH_R_DECODE_ERROR                                104
 # define DH_R_INVALID_PUBKEY                              102
 # define DH_R_KDF_PARAMETER_ERROR                         112
+# define DH_R_KEY_SIZE_TOO_SMALL                          201
 # define DH_R_KEYS_NOT_SET                                108
 # define DH_R_MODULUS_TOO_LARGE                           103
 # define DH_R_NO_PARAMETERS_SET                           107
 # define DH_R_NO_PRIVATE_VALUE                            100
+# define DH_R_NON_FIPS_METHOD                             202
 # define DH_R_PARAMETER_ENCODING_ERROR                    105
 # define DH_R_PEER_KEY_ERROR                              111
 # define DH_R_SHARED_INFO_ERROR                           113
Index: openssl-1.1.0i/include/openssl/dsa.h
===================================================================
--- openssl-1.1.0i.orig/include/openssl/dsa.h	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/include/openssl/dsa.h	2019-01-18 12:58:06.882013915 +0100
@@ -36,6 +36,7 @@ extern "C" {
 # endif
 
 # define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048
 
 # define DSA_FLAG_CACHE_MONT_P   0x01
 # if OPENSSL_API_COMPAT < 0x10100000L
@@ -243,8 +244,11 @@ int ERR_load_DSA_strings(void);
 /* Function codes. */
 # define DSA_F_DSAPARAMS_PRINT                            100
 # define DSA_F_DSAPARAMS_PRINT_FP                         101
+# define DSA_F_DSA_BUILTIN_KEYGEN                         202
 # define DSA_F_DSA_BUILTIN_PARAMGEN                       125
 # define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
+# define DSA_F_DSA_GENERATE_KEY                           201
+# define DSA_F_DSA_GENERATE_PARAMETERS_EX                 200
 # define DSA_F_DSA_DO_SIGN                                112
 # define DSA_F_DSA_DO_VERIFY                              113
 # define DSA_F_DSA_METH_DUP                               127
@@ -272,9 +276,12 @@ int ERR_load_DSA_strings(void);
 # define DSA_R_DECODE_ERROR                               104
 # define DSA_R_INVALID_DIGEST_TYPE                        106
 # define DSA_R_INVALID_PARAMETERS                         112
+# define DSA_R_KEY_SIZE_INVALID                           201
+# define DSA_R_KEY_SIZE_TOO_SMALL                         202
 # define DSA_R_MISSING_PARAMETERS                         101
 # define DSA_R_MODULUS_TOO_LARGE                          103
 # define DSA_R_NO_PARAMETERS_SET                          107
+# define DSA_R_NON_FIPS_DSA_METHOD                        200
 # define DSA_R_PARAMETER_ENCODING_ERROR                   105
 # define DSA_R_Q_NOT_PRIME                                113
 # define DSA_R_SEED_LEN_SMALL                             110
Index: openssl-1.1.0i/include/openssl/evp.h
===================================================================
--- openssl-1.1.0i.orig/include/openssl/evp.h	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/include/openssl/evp.h	2019-01-18 12:58:06.882013915 +0100
@@ -1461,6 +1461,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_AES_OCB_CIPHER                             169
 # define EVP_F_AES_T4_INIT_KEY                            178
 # define EVP_F_AES_WRAP_CIPHER                            170
+# define EVP_F_AES_XTS_CIPHER                             200
 # define EVP_F_ALG_MODULE_INIT                            177
 # define EVP_F_CAMELLIA_INIT_KEY                          159
 # define EVP_F_CHACHA20_POLY1305_CTRL                     182
@@ -1541,6 +1542,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
 # define EVP_R_DECODE_ERROR                               114
+# define EVP_R_DISABLED_FOR_FIPS                          200
 # define EVP_R_DIFFERENT_KEY_TYPES                        101
 # define EVP_R_DIFFERENT_PARAMETERS                       153
 # define EVP_R_ERROR_LOADING_SECTION                      165
@@ -1578,6 +1580,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
 # define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_TOO_LARGE                                  201
 # define EVP_R_UNKNOWN_CIPHER                             160
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_OPTION                             169
Index: openssl-1.1.0i/include/openssl/fips.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/include/openssl/fips.h	2019-01-18 12:58:06.882013915 +0100
@@ -0,0 +1,186 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_FIPS
+# error FIPS is disabled.
+#endif
+
+#ifdef OPENSSL_FIPS
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+    int FIPS_selftest(void);
+    int FIPS_selftest_failed(void);
+    int FIPS_selftest_drbg_all(void);
+
+    int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                               const EVP_MD *evpmd, const unsigned char *seed_in,
+                               size_t seed_len, int idx, unsigned char *seed_out,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb);
+    int FIPS_dsa_paramgen_check_g(DSA *dsa);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+    int ERR_load_FIPS_strings(void);
+
+/* Error codes for the FIPS functions. */
+
+/* Function codes. */
+# define FIPS_F_DH_BUILTIN_GENPARAMS                      100
+# define FIPS_F_DRBG_RESEED                               121
+# define FIPS_F_DSA_BUILTIN_PARAMGEN2                     107
+# define FIPS_F_DSA_DO_SIGN                               102
+# define FIPS_F_DSA_DO_VERIFY                             103
+# define FIPS_F_EVP_CIPHER_CTX_NEW                        137
+# define FIPS_F_EVP_CIPHER_CTX_RESET                      122
+# define FIPS_F_ECDH_COMPUTE_KEY                          123
+# define FIPS_F_EVP_CIPHERINIT_EX                         124
+# define FIPS_F_EVP_DIGESTINIT_EX                         125
+# define FIPS_F_FIPS_CHECK_DSA                            104
+# define FIPS_F_FIPS_CHECK_EC                             142
+# define FIPS_F_FIPS_CHECK_RSA                            106
+# define FIPS_F_FIPS_DRBG_BYTES                           131
+# define FIPS_F_FIPS_DRBG_CHECK                           146
+# define FIPS_F_FIPS_DRBG_CPRNG_TEST                      132
+# define FIPS_F_FIPS_DRBG_ERROR_CHECK                     136
+# define FIPS_F_FIPS_DRBG_GENERATE                        134
+# define FIPS_F_FIPS_DRBG_INIT                            135
+# define FIPS_F_FIPS_DRBG_INSTANTIATE                     138
+# define FIPS_F_FIPS_DRBG_NEW                             139
+# define FIPS_F_FIPS_DRBG_RESEED                          140
+# define FIPS_F_FIPS_DRBG_SINGLE_KAT                      141
+# define FIPS_F_FIPS_GET_ENTROPY                          147
+# define FIPS_F_FIPS_MODULE_MODE_SET                      108
+# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST                  109
+# define FIPS_F_FIPS_RAND_BYTES                           114
+# define FIPS_F_FIPS_RAND_SEED                            128
+# define FIPS_F_FIPS_RAND_SET_METHOD                      126
+# define FIPS_F_FIPS_RAND_STATUS                          127
+# define FIPS_F_FIPS_RSA_BUILTIN_KEYGEN                   101
+# define FIPS_F_FIPS_SELFTEST_AES                         110
+# define FIPS_F_FIPS_SELFTEST_AES_CCM                     145
+# define FIPS_F_FIPS_SELFTEST_AES_GCM                     129
+# define FIPS_F_FIPS_SELFTEST_AES_XTS                     144
+# define FIPS_F_FIPS_SELFTEST_CMAC                        130
+# define FIPS_F_FIPS_SELFTEST_DES                         111
+# define FIPS_F_FIPS_SELFTEST_DSA                         112
+# define FIPS_F_FIPS_SELFTEST_ECDSA                       133
+# define FIPS_F_FIPS_SELFTEST_HMAC                        113
+# define FIPS_F_FIPS_SELFTEST_SHA1                        115
+# define FIPS_F_FIPS_SELFTEST_SHA2                        105
+# define FIPS_F_OSSL_ECDSA_SIGN_SIG                       143
+# define FIPS_F_OSSL_ECDSA_VERIFY_SIG                     148
+# define FIPS_F_RSA_BUILTIN_KEYGEN                        116
+# define FIPS_F_RSA_OSSL_INIT                             149
+# define FIPS_F_RSA_OSSL_PRIVATE_DECRYPT                  117
+# define FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT                  118
+# define FIPS_F_RSA_OSSL_PUBLIC_DECRYPT                   119
+# define FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT                   120
+
+/* Reason codes. */
+# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED         150
+# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG                 125
+# define FIPS_R_ALREADY_INSTANTIATED                      134
+# define FIPS_R_DRBG_NOT_INITIALISED                      152
+# define FIPS_R_DRBG_STUCK                                103
+# define FIPS_R_ENTROPY_ERROR_UNDETECTED                  104
+# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED          105
+# define FIPS_R_ENTROPY_SOURCE_STUCK                      142
+# define FIPS_R_ERROR_INITIALISING_DRBG                   115
+# define FIPS_R_ERROR_INSTANTIATING_DRBG                  127
+# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT         124
+# define FIPS_R_ERROR_RETRIEVING_ENTROPY                  122
+# define FIPS_R_ERROR_RETRIEVING_NONCE                    140
+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH                110
+# define FIPS_R_FIPS_MODE_ALREADY_SET                     102
+# define FIPS_R_FIPS_SELFTEST_FAILED                      106
+# define FIPS_R_FUNCTION_ERROR                            116
+# define FIPS_R_GENERATE_ERROR                            137
+# define FIPS_R_GENERATE_ERROR_UNDETECTED                 118
+# define FIPS_R_INSTANTIATE_ERROR                         119
+# define FIPS_R_INTERNAL_ERROR                            121
+# define FIPS_R_INVALID_KEY_LENGTH                        109
+# define FIPS_R_IN_ERROR_STATE                            123
+# define FIPS_R_KEY_TOO_SHORT                             108
+# define FIPS_R_NONCE_ERROR_UNDETECTED                    149
+# define FIPS_R_NON_FIPS_METHOD                           100
+# define FIPS_R_NOPR_TEST1_FAILURE                        145
+# define FIPS_R_NOPR_TEST2_FAILURE                        146
+# define FIPS_R_NOT_INSTANTIATED                          126
+# define FIPS_R_PAIRWISE_TEST_FAILED                      107
+# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED          128
+# define FIPS_R_PERSONALISATION_STRING_TOO_LONG           129
+# define FIPS_R_PR_TEST1_FAILURE                          147
+# define FIPS_R_PR_TEST2_FAILURE                          148
+# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED           130
+# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG                131
+# define FIPS_R_RESEED_COUNTER_ERROR                      132
+# define FIPS_R_RESEED_ERROR                              133
+# define FIPS_R_SELFTEST_FAILED                           101
+# define FIPS_R_SELFTEST_FAILURE                          135
+# define FIPS_R_TEST_FAILURE                              117
+# define FIPS_R_UNINSTANTIATE_ERROR                       141
+# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR               138
+# define FIPS_R_UNSUPPORTED_DRBG_TYPE                     139
+# define FIPS_R_UNSUPPORTED_PLATFORM                      113
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
Index: openssl-1.1.0i/include/openssl/fips_rand.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.1.0i/include/openssl/fips_rand.h	2019-01-18 12:58:06.886013936 +0100
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef HEADER_FIPS_RAND_H
+# define HEADER_FIPS_RAND_H
+
+# include <openssl/aes.h>
+# include <openssl/evp.h>
+# include <openssl/hmac.h>
+# include <openssl/rand.h>
+
+# ifdef OPENSSL_FIPS
+
+#  ifdef  __cplusplus
+extern "C" {
+#  endif
+    typedef struct drbg_ctx_st DRBG_CTX;
+/* DRBG external flags */
+/* Flag for CTR mode only: use derivation function ctr_df */
+#  define DRBG_FLAG_CTR_USE_DF            0x1
+/* PRNG is in test state */
+#  define DRBG_FLAG_TEST                  0x2
+
+    DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
+    int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
+    int FIPS_drbg_instantiate(DRBG_CTX *dctx,
+                              const unsigned char *pers, size_t perslen);
+    int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin,
+                         size_t adinlen);
+    int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+                           int prediction_resistance,
+                           const unsigned char *adin, size_t adinlen);
+
+    int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
+    void FIPS_drbg_free(DRBG_CTX *dctx);
+
+    int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
+                                size_t (*get_entropy) (DRBG_CTX *ctx,
+                                                       unsigned char **pout,
+                                                       int entropy,
+                                                       size_t min_len,
+                                                       size_t max_len),
+                                void (*cleanup_entropy) (DRBG_CTX *ctx,
+                                                         unsigned char *out,
+                                                         size_t olen),
+                                size_t entropy_blocklen,
+                                size_t (*get_nonce) (DRBG_CTX *ctx,
+                                                     unsigned char **pout,
+                                                     int entropy,
+                                                     size_t min_len,
+                                                     size_t max_len),
+                                void (*cleanup_nonce) (DRBG_CTX *ctx,
+                                                       unsigned char *out,
+                                                       size_t olen));
+
+    int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
+                                     size_t (*get_adin) (DRBG_CTX *ctx,
+                                                         unsigned char
+                                                         **pout),
+                                     void (*cleanup_adin) (DRBG_CTX *ctx,
+                                                           unsigned char *out,
+                                                           size_t olen),
+                                     int (*rand_seed_cb) (DRBG_CTX *ctx,
+                                                          const void *buf,
+                                                          int num),
+                                     int (*rand_add_cb) (DRBG_CTX *ctx,
+                                                         const void *buf,
+                                                         int num,
+                                                         double entropy));
+
+    void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
+    void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
+    size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
+    int FIPS_drbg_get_strength(DRBG_CTX *dctx);
+    void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
+    void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval);
+
+    int FIPS_drbg_health_check(DRBG_CTX *dctx);
+
+    DRBG_CTX *FIPS_get_default_drbg(void);
+    const RAND_METHOD *FIPS_drbg_method(void);
+
+    int FIPS_rand_set_method(const RAND_METHOD *meth);
+    const RAND_METHOD *FIPS_rand_get_method(void);
+
+    void FIPS_rand_set_bits(int nbits);
+
+    int FIPS_rand_strength(void);
+
+/* 1.0.0 compat functions */
+    int FIPS_rand_seed(const void *buf, int num);
+    int FIPS_rand_bytes(unsigned char *out, int outlen);
+    void FIPS_rand_reset(void);
+    int FIPS_rand_status(void);
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
Index: openssl-1.1.0i/include/openssl/opensslconf.h.in
===================================================================
--- openssl-1.1.0i.orig/include/openssl/opensslconf.h.in	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/include/openssl/opensslconf.h.in	2019-01-18 12:58:06.886013936 +0100
@@ -142,6 +142,11 @@ extern "C" {
 
 #define RC4_INT {- $config{rc4_int} -}
 
+/* Always build FIPS module */
+#ifndef OPENSSL_FIPS
+# define OPENSSL_FIPS
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
Index: openssl-1.1.0i/include/openssl/rand.h
===================================================================
--- openssl-1.1.0i.orig/include/openssl/rand.h	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/include/openssl/rand.h	2019-01-18 12:58:06.886013936 +0100
@@ -67,6 +67,11 @@ DEPRECATEDIN_1_1_0(void RAND_screen(void
 DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
 #endif
 
+# ifdef OPENSSL_FIPS
+void RAND_set_fips_drbg_type(int type, int flags);
+int RAND_init_fips(void);
+# endif
+
 /* BEGIN ERROR CODES */
 /*
  * The following lines are auto generated by the script mkerr.pl. Any changes
@@ -79,8 +84,11 @@ int ERR_load_RAND_strings(void);
 
 /* Function codes. */
 # define RAND_F_RAND_BYTES                                100
+# define RAND_F_RAND_INIT_FIPS                            200
 
 /* Reason codes. */
+# define RAND_R_ERROR_INITIALISING_DRBG                   200
+# define RAND_R_ERROR_INSTANTIATING_DRBG                  201
 # define RAND_R_PRNG_NOT_SEEDED                           100
 
 # ifdef  __cplusplus
Index: openssl-1.1.0i/include/openssl/rsa.h
===================================================================
--- openssl-1.1.0i.orig/include/openssl/rsa.h	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/include/openssl/rsa.h	2019-01-18 12:58:06.886013936 +0100
@@ -463,6 +463,7 @@ int ERR_load_RSA_strings(void);
 /* Function codes. */
 # define RSA_F_CHECK_PADDING_MD                           140
 # define RSA_F_ENCODE_PKCS1                               146
+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN                    206
 # define RSA_F_INT_RSA_VERIFY                             145
 # define RSA_F_OLD_RSA_PRIV_DECODE                        147
 # define RSA_F_PKEY_RSA_CTRL                              143
@@ -475,6 +476,7 @@ int ERR_load_RSA_strings(void);
 # define RSA_F_RSA_CHECK_KEY                              123
 # define RSA_F_RSA_CHECK_KEY_EX                           160
 # define RSA_F_RSA_CMS_DECRYPT                            159
+# define RSA_F_RSA_GENERATE_KEY_EX                        204
 # define RSA_F_RSA_ITEM_VERIFY                            148
 # define RSA_F_RSA_METH_DUP                               161
 # define RSA_F_RSA_METH_NEW                               162
@@ -509,9 +511,15 @@ int ERR_load_RSA_strings(void);
 # define RSA_F_RSA_PRINT                                  115
 # define RSA_F_RSA_PRINT_FP                               116
 # define RSA_F_RSA_PRIV_ENCODE                            138
+# define RSA_F_RSA_PRIVATE_DECRYPT                        200
+# define RSA_F_RSA_PRIVATE_ENCRYPT                        201
 # define RSA_F_RSA_PSS_TO_CTX                             155
 # define RSA_F_RSA_PUB_DECODE                             139
+# define RSA_F_RSA_PUBLIC_DECRYPT                         202
+# define RSA_F_RSA_PUBLIC_ENCRYPT                         203
 # define RSA_F_RSA_SETUP_BLINDING                         136
+# define RSA_F_RSA_SET_DEFAULT_METHOD                     205
+# define RSA_F_RSA_SET_METHOD                             204
 # define RSA_F_RSA_SIGN                                   117
 # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
 # define RSA_F_RSA_VERIFY                                 119
@@ -558,9 +566,11 @@ int ERR_load_RSA_strings(void);
 # define RSA_R_LAST_OCTET_INVALID                         134
 # define RSA_R_MODULUS_TOO_LARGE                          105
 # define RSA_R_NO_PUBLIC_EXPONENT                         140
+# define RSA_R_NON_FIPS_RSA_METHOD                        200
 # define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
 # define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
 # define RSA_R_OAEP_DECODING_ERROR                        121
+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         201
 # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
 # define RSA_R_PADDING_CHECK_FAILED                       114
 # define RSA_R_PKCS_DECODING_ERROR                        159
Index: openssl-1.1.0i/ssl/ssl_ciph.c
===================================================================
--- openssl-1.1.0i.orig/ssl/ssl_ciph.c	2019-01-18 12:57:57.057961168 +0100
+++ openssl-1.1.0i/ssl/ssl_ciph.c	2019-01-18 12:58:06.886013936 +0100
@@ -401,7 +401,8 @@ void ssl_load_ciphers(void)
         }
     }
     /* Make sure we can access MD5 and SHA1 */
-    OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
+    if (!FIPS_mode())
+        OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL);
     OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL);
 
     disabled_mkey_mask = 0;
@@ -684,7 +685,7 @@ static void ssl_cipher_collect_ciphers(c
         /* drop those that use any of that is not available */
         if (c == NULL || !c->valid)
             continue;
-        if (FIPS_mode() && (c->algo_strength & SSL_FIPS))
+        if (FIPS_mode() && !(c->algo_strength & SSL_FIPS))
             continue;
         if ((c->algorithm_mkey & disabled_mkey) ||
             (c->algorithm_auth & disabled_auth) ||
Index: openssl-1.1.0i/ssl/ssl_init.c
===================================================================
--- openssl-1.1.0i.orig/ssl/ssl_init.c	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/ssl/ssl_init.c	2019-01-18 12:58:06.886013936 +0100
@@ -29,6 +29,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
     fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
             "Adding SSL ciphers and digests\n");
 #endif
+#ifdef OPENSSL_FIPS
+    if (!FIPS_mode()) {
+#endif
+
 #ifndef OPENSSL_NO_DES
     EVP_add_cipher(EVP_des_cbc());
     EVP_add_cipher(EVP_des_ede3_cbc());
@@ -85,6 +89,31 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_bas
     EVP_add_digest(EVP_sha256());
     EVP_add_digest(EVP_sha384());
     EVP_add_digest(EVP_sha512());
+#ifdef OPENSSL_FIPS
+    } else {
+# ifndef OPENSSL_NO_DES
+        EVP_add_cipher(EVP_des_ede3_cbc());
+# endif
+        EVP_add_cipher(EVP_aes_128_cbc());
+        EVP_add_cipher(EVP_aes_192_cbc());
+        EVP_add_cipher(EVP_aes_256_cbc());
+        EVP_add_cipher(EVP_aes_128_gcm());
+        EVP_add_cipher(EVP_aes_256_gcm());
+        EVP_add_cipher(EVP_aes_128_ccm());
+        EVP_add_cipher(EVP_aes_256_ccm());
+# ifndef OPENSSL_NO_MD5
+        /* needed even in the FIPS mode for TLS-1.0 */
+        EVP_add_digest(EVP_md5_sha1());
+# endif
+        EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+        EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+        EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+        EVP_add_digest(EVP_sha224());
+        EVP_add_digest(EVP_sha256());
+        EVP_add_digest(EVP_sha384());
+        EVP_add_digest(EVP_sha512());
+    }
+#endif
 #ifndef OPENSSL_NO_COMP
 # ifdef OPENSSL_INIT_DEBUG
     fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
Index: openssl-1.1.0i/ssl/ssl_lib.c
===================================================================
--- openssl-1.1.0i.orig/ssl/ssl_lib.c	2018-08-14 14:45:09.000000000 +0200
+++ openssl-1.1.0i/ssl/ssl_lib.c	2019-01-18 12:58:06.886013936 +0100
@@ -2597,13 +2597,17 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
     if (ret->param == NULL)
         goto err;
 
-    if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
-        goto err2;
-    }
-    if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
-        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
-        goto err2;
+    if (!FIPS_mode()) {
+        if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+            SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+            goto err2;
+        }
+        if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+            SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+            goto err2;
+        }
+    } else {
+        ret->min_proto_version = TLS1_VERSION;
     }
 
     if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
Index: openssl-1.1.0i/test/dsatest.c
===================================================================
--- openssl-1.1.0i.orig/test/dsatest.c	2018-08-14 14:45:10.000000000 +0200
+++ openssl-1.1.0i/test/dsatest.c	2019-01-18 12:58:06.886013936 +0100
@@ -32,41 +32,42 @@ int main(int argc, char *argv[])
 
 static int dsa_cb(int p, int n, BN_GENCB *arg);
 
-/*
- * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
- * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
- */
 static unsigned char seed[20] = {
-    0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40,
-    0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3,
+    0x02, 0x47, 0x11, 0x92, 0x11, 0x88, 0xC8, 0xFB, 0xAF, 0x48, 0x4C, 0x62,
+    0xDF, 0xA5, 0xBE, 0xA0, 0xA4, 0x3C, 0x56, 0xE3,
 };
 
 static unsigned char out_p[] = {
-    0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
-    0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
-    0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
-    0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
-    0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
-    0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
-    0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
-    0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
+    0xAC, 0xCB, 0x1E, 0x63, 0x60, 0x69, 0x0C, 0xFB, 0x06, 0x19, 0x68, 0x3E,
+    0xA5, 0x01, 0x5A, 0xA2, 0x15, 0x5C, 0xE2, 0x99, 0x2D, 0xD5, 0x30, 0x99,
+    0x7E, 0x5F, 0x8D, 0xE2, 0xF7, 0xC6, 0x2E, 0x8D, 0xA3, 0x9F, 0x58, 0xAD,
+    0xD6, 0xA9, 0x7D, 0x0E, 0x0D, 0x95, 0x53, 0xA6, 0x71, 0x3A, 0xDE, 0xAB,
+    0xAC, 0xE9, 0xF4, 0x36, 0x55, 0x9E, 0xB9, 0xD6, 0x93, 0xBF, 0xF3, 0x18,
+    0x1C, 0x14, 0x7B, 0xA5, 0x42, 0x2E, 0xCD, 0x00, 0xEB, 0x35, 0x3B, 0x1B,
+    0xA8, 0x51, 0xBB, 0xE1, 0x58, 0x42, 0x85, 0x84, 0x22, 0xA7, 0x97, 0x5E,
+    0x99, 0x6F, 0x38, 0x20, 0xBD, 0x9D, 0xB6, 0xD9, 0x33, 0x37, 0x2A, 0xFD,
+    0xBB, 0xD4, 0xBC, 0x0C, 0x2A, 0x67, 0xCB, 0x9F, 0xBB, 0xDF, 0xF9, 0x93,
+    0xAA, 0xD6, 0xF0, 0xD6, 0x95, 0x0B, 0x5D, 0x65, 0x14, 0xD0, 0x18, 0x9D,
+    0xC6, 0xAF, 0xF0, 0xC6, 0x37, 0x7C, 0xF3, 0x5F,
 };
 
 static unsigned char out_q[] = {
-    0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
-    0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
-    0xda, 0xce, 0x91, 0x5f,
+    0xE3, 0x8E, 0x5E, 0x6D, 0xBF, 0x2B, 0x79, 0xF8, 0xC5, 0x4B, 0x89, 0x8B,
+    0xBA, 0x2D, 0x91, 0xC3, 0x6C, 0x80, 0xAC, 0x87,
 };
 
 static unsigned char out_g[] = {
-    0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
-    0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
-    0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
-    0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
-    0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
-    0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
-    0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
-    0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
+    0x42, 0x4A, 0x04, 0x4E, 0x79, 0xB4, 0x99, 0x7F, 0xFD, 0x58, 0x36, 0x2C,
+    0x1B, 0x5F, 0x18, 0x7E, 0x0D, 0xCC, 0xAB, 0x81, 0xC9, 0x5D, 0x10, 0xCE,
+    0x4E, 0x80, 0x7E, 0x58, 0xB4, 0x34, 0x3F, 0xA7, 0x45, 0xC7, 0xAA, 0x36,
+    0x24, 0x42, 0xA9, 0x3B, 0xE8, 0x0E, 0x04, 0x02, 0x2D, 0xFB, 0xA6, 0x13,
+    0xB9, 0xB5, 0x15, 0xA5, 0x56, 0x07, 0x35, 0xE4, 0x03, 0xB6, 0x79, 0x7C,
+    0x62, 0xDD, 0xDF, 0x3F, 0x71, 0x3A, 0x9D, 0x8B, 0xC4, 0xF6, 0xE7, 0x1D,
+    0x52, 0xA8, 0xA9, 0x43, 0x1D, 0x33, 0x51, 0x88, 0x39, 0xBD, 0x73, 0xE9,
+    0x5F, 0xBE, 0x82, 0x49, 0x27, 0xE6, 0xB5, 0x53, 0xC1, 0x38, 0xAC, 0x2F,
+    0x6D, 0x97, 0x6C, 0xEB, 0x67, 0xC1, 0x5F, 0x67, 0xF8, 0x35, 0x05, 0x5E,
+    0xD5, 0x68, 0x80, 0xAA, 0x96, 0xCA, 0x0B, 0x8A, 0xE6, 0xF1, 0xB1, 0x41,
+    0xC6, 0x75, 0x94, 0x0A, 0x0A, 0x2A, 0xFA, 0x29,
 };
 
 static const unsigned char str1[] = "12345678901234567890";
@@ -102,7 +103,7 @@ int main(int argc, char **argv)
         goto end;
 
     BN_GENCB_set(cb, dsa_cb, bio_err);
-    if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
+    if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 1024,
                                                                    seed, 20,
                                                                    &counter,
                                                                    &h, cb))
@@ -116,8 +117,8 @@ int main(int argc, char **argv)
     BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
 
     DSA_print(bio_err, dsa, 0);
-    if (counter != 105) {
-        BIO_printf(bio_err, "counter should be 105\n");
+    if (counter != 239) {
+        BIO_printf(bio_err, "counter should be 239\n");
         goto end;
     }
     if (h != 2) {
Index: openssl-1.1.0i/util/libcrypto.num
===================================================================
--- openssl-1.1.0i.orig/util/libcrypto.num	2018-08-14 14:45:10.000000000 +0200
+++ openssl-1.1.0i/util/libcrypto.num	2019-01-18 12:58:06.886013936 +0100
@@ -4232,7 +4232,42 @@ ZINT64_it
 ZINT64_it                               4215	1_1_0f	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
 CRYPTO_secure_clear_free                4315	1_1_0g	EXIST::FUNCTION:
 EVP_PKEY_set1_engine                    4347	1_1_0g	EXIST::FUNCTION:ENGINE
-OCSP_resp_get0_signer                   4374	1_1_0h	EXIST::FUNCTION:OCSP
+FIPS_drbg_reseed                        4348	1_1_0g	EXIST::FUNCTION:
+FIPS_selftest_check                     4349	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_set_method                    4350	1_1_0g	EXIST::FUNCTION:
+FIPS_get_default_drbg                   4351	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_set_reseed_interval           4352	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_set_app_data                  4353	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_method                        4354	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_status                        4355	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_instantiate                   4356	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_set_callbacks                 4357	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_new                           4358	1_1_0g	EXIST::FUNCTION:
+FIPS_dsa_paramgen_check_g               4359	1_1_0g	EXIST::FUNCTION:
+FIPS_selftest                           4360	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_set_bits                      4361	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_bytes                         4362	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_get_app_data                  4363	1_1_0g	EXIST::FUNCTION:
+FIPS_selftest_failed                    4364	1_1_0g	EXIST::FUNCTION:
+FIPS_dsa_builtin_paramgen2              4365	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_reset                         4366	1_1_0g	EXIST::FUNCTION:
+ERR_load_FIPS_strings                   4367	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_generate                      4368	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_uninstantiate                 4369	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_set_check_interval            4370	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_free                          4371	1_1_0g	EXIST::FUNCTION:
+FIPS_selftest_drbg_all                  4372	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_get_method                    4373	1_1_0g	EXIST::FUNCTION:
+RAND_set_fips_drbg_type                 4374	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_health_check                  4375	1_1_0g	EXIST::FUNCTION:
+RAND_init_fips                          4376	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_set_rand_callbacks            4377	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_seed                          4378	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_get_strength                  4379	1_1_0g	EXIST::FUNCTION:
+FIPS_rand_strength                      4380	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_get_blocklength               4381	1_1_0g	EXIST::FUNCTION:
+FIPS_drbg_init                          4382	1_1_0g	EXIST::FUNCTION:
+OCSP_resp_get0_signer                   4384	1_1_0h	EXIST::FUNCTION:OCSP
 X509_get0_authority_key_id              4448	1_1_0h	EXIST::FUNCTION:
 conf_ssl_name_find                      4469	1_1_0i	EXIST::FUNCTION:
 conf_ssl_get_cmd                        4470	1_1_0i	EXIST::FUNCTION:
Index: openssl-1.1.0i/util/mkdef.pl
===================================================================
--- openssl-1.1.0i.orig/util/mkdef.pl	2018-08-14 14:45:10.000000000 +0200
+++ openssl-1.1.0i/util/mkdef.pl	2019-01-18 12:58:06.886013936 +0100
@@ -312,6 +312,8 @@ $crypto.=" include/openssl/modes.h";
 $crypto.=" include/openssl/async.h";
 $crypto.=" include/openssl/ct.h";
 $crypto.=" include/openssl/kdf.h";
+$crypto.=" include/openssl/fips.h";
+$crypto.=" include/openssl/fips_rand.h";
 
 my $symhacks="include/openssl/symhacks.h";
 
openSUSE Build Service is sponsored by