File openssl-fips_add_cavs_tests.patch of Package openssl-1_0_0.21013

Index: openssl-1.0.2j/crypto/fips/Makefile
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/Makefile	2017-03-16 17:27:29.296989039 +0100
+++ openssl-1.0.2j/crypto/fips/Makefile	2017-03-16 17:32:20.165572290 +0100
@@ -19,7 +19,20 @@ APPS=
 PROGRAM= fips_standalone_hmac
 EXE= $(PROGRAM)$(EXE_EXT)
 
+CAVS_PROGRAMS= fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \
+fips_ecdhvs fips_ecdsavs fips_rngvs fips_rsagtest fips_rsastest \
+fips_rsavtest fips_shatest fips_gcmtest fips_dssvs fips_tlsvs fips_hmactest
+
+CAVS_SRC= fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c fips_drbgvs.c fips_dssvs.c \
+fips_ecdhvs.c fips_ecdsavs.c fips_gcmtest.c fips_rngvs.c fips_rsagtest.c fips_rsastest.c \
+fips_rsavtest.c fips_shatest.c fips_tlsvs.c fips_hmactest.c
+
+CAVS_OBJ= fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o fips_drbgvs.o \
+fips_ecdhvs.o fips_ecdsavs.o fips_gcmtest.o fips_rngvs.o fips_rsagtest.o fips_rsastest.o \
+fips_rsavtest.o fips_shatest.o fips_dssvs.o fips_tlsvs.o fips_hmactest.o
+
 LIB=$(TOP)/libcrypto.a
+SSLLIB=$(TOP)/libssl.a
 LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@@ -34,19 +47,21 @@ LIBOBJ=fips_aes_selftest.o fips_des_self
     fips_cmac_selftest.o fips_ecdh_selftest.o fips_ecdsa_selftest.o fips_enc.o fips_md.o \
     fips_dh_selftest.o
 
-LIBCRYPTO=-L.. -lcrypto
+SRC= $(LIBSRC) fips_standalone_hmac.c fips_err.c $(CAVS_SRC)
 
-SRC= $(LIBSRC) fips_standalone_hmac.c
 
 EXHEADER= fips.h fips_rand.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
+$(SSLLIB):
+	(cd ../..; $(MAKE) DIRS=ssl all)
+
 top:
 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 
-all:	lib exe
+all:	lib exe $(CAVS_PROGRAMS)
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
@@ -95,7 +110,8 @@ $(EXE): $(PROGRAM).o
 	for i in $(CPUID_OBJ); do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../$$i" ; done; \
 	$(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
 
-# DO NOT DELETE THIS LINE -- make depend depends on it.
+$(CAVS_PROGRAMS): $(CAVS_OBJ) fips_ecdsa_lib.o fips_rsa_lib.o fips_dsa_lib.o fips_dsa_sign.o fips_err.o $(SSLLIB) $(LIB)
+	$(CC) -o $@ $(CFLAGS) $@.o fips_rsa_lib.o fips_ecdsa_lib.o fips_dsa_lib.o fips_dsa_sign.o fips_err.o $(SSLLIB) $(LIB) -ldl -lz
 
 fips.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 fips.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
@@ -280,6 +296,26 @@ fips_ecdsa_selftest.o: ../../include/ope
 fips_ecdsa_selftest.o: ../../include/openssl/safestack.h
 fips_ecdsa_selftest.o: ../../include/openssl/stack.h
 fips_ecdsa_selftest.o: ../../include/openssl/symhacks.h fips_ecdsa_selftest.c
+fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+fips_dsa_lib.o: ../../include/openssl/opensslconf.h
+fips_dsa_lib.o: ../../include/openssl/opensslv.h
+fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
+fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
+fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsa_sign.o: ../../include/openssl/objects.h
+fips_dsa_sign.o: ../../include/openssl/opensslconf.h
+fips_dsa_sign.o: ../../include/openssl/opensslv.h
+fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
+fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_sign.o: fips_dsa_sign.c
 fips_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 fips_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
@@ -405,3 +441,450 @@ fips_sha_selftest.o: ../../include/opens
 fips_sha_selftest.o: ../../include/openssl/safestack.h
 fips_sha_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 fips_sha_selftest.o: ../../include/openssl/symhacks.h fips_sha_selftest.c
+fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
+fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_aesavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_aesavs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_aesavs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_aesavs.o: ../../include/openssl/opensslconf.h
+fips_aesavs.o: ../../include/openssl/opensslv.h
+fips_aesavs.o: ../../include/openssl/ossl_typ.h
+fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_aesavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_aesavs.c
+fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_gcmtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_gcmtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_gcmtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_gcmtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_gcmtest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_gcmtest.o: ../../include/openssl/opensslconf.h
+fips_gcmtest.o: ../../include/openssl/opensslv.h
+fips_gcmtest.o: ../../include/openssl/ossl_typ.h
+fips_gcmtest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_gcmtest.o: ../../include/openssl/symhacks.h fips_utl.h fips_gcmtest.c
+fips_cmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_cmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_cmactest.o: ../../include/openssl/cmac.h ../../include/openssl/crypto.h
+fips_cmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_cmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_cmactest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_cmactest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_cmactest.o: ../../include/openssl/obj_mac.h
+fips_cmactest.o: ../../include/openssl/objects.h
+fips_cmactest.o: ../../include/openssl/opensslconf.h
+fips_cmactest.o: ../../include/openssl/opensslv.h
+fips_cmactest.o: ../../include/openssl/ossl_typ.h
+fips_cmactest.o: ../../include/openssl/safestack.h
+fips_cmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_cmactest.o: fips_utl.h fips_cmactest.c
+fips_hmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_hmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_hmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_hmactest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_hmactest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_hmactest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_hmactest.o: ../../include/openssl/objects.h
+fips_hmactest.o: ../../include/openssl/opensslconf.h
+fips_hmactest.o: ../../include/openssl/opensslv.h
+fips_hmactest.o: ../../include/openssl/ossl_typ.h
+fips_hmactest.o: ../../include/openssl/safestack.h
+fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_hmactest.o: fips_utl.h fips_hmactest.c
+fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
+fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_desmovs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_desmovs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_desmovs.o: ../../include/openssl/opensslconf.h
+fips_desmovs.o: ../../include/openssl/opensslv.h
+fips_desmovs.o: ../../include/openssl/ossl_typ.h
+fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_desmovs.o: ../../include/openssl/ui_compat.h fips_utl.h fips_desmovs.c
+fips_dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+fips_dh_lib.o: ../../include/openssl/opensslconf.h
+fips_dh_lib.o: ../../include/openssl/opensslv.h
+fips_dh_lib.o: ../../include/openssl/ossl_typ.h
+fips_dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dh_lib.o: ../../include/openssl/symhacks.h fips_dh_lib.c
+fips_dhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_dhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dhvs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dhvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_dhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_dhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_dhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dhvs.o: ../../include/openssl/opensslconf.h
+fips_dhvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_dhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dhvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_dhvs.c
+fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+fips_dsa_lib.o: ../../include/openssl/opensslconf.h
+fips_dsa_lib.o: ../../include/openssl/opensslv.h
+fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
+fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
+fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsa_sign.o: ../../include/openssl/objects.h
+fips_dsa_sign.o: ../../include/openssl/opensslconf.h
+fips_dsa_sign.o: ../../include/openssl/opensslv.h
+fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
+fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_sign.o: fips_dsa_sign.c
+fips_dsatest.o: ../../e_os.h ../../include/openssl/aes.h
+fips_dsatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsatest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_dsatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_dsatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsatest.o: ../../include/openssl/objects.h
+fips_dsatest.o: ../../include/openssl/opensslconf.h
+fips_dsatest.o: ../../include/openssl/opensslv.h
+fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsatest.o: ../../include/openssl/symhacks.h fips_utl.h fips_dsatest.c
+fips_dssvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_dssvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dssvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dssvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_dssvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dssvs.o: ../../include/openssl/opensslconf.h
+fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dssvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_dssvs.c
+fips_ecdhvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_ecdhvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_ecdhvs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_ecdhvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+fips_ecdhvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_ecdhvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_ecdhvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_ecdhvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_ecdhvs.o: ../../include/openssl/opensslconf.h
+fips_ecdhvs.o: ../../include/openssl/opensslv.h
+fips_ecdhvs.o: ../../include/openssl/ossl_typ.h
+fips_ecdhvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_ecdhvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_ecdhvs.c
+fips_ecdsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_ecdsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_ecdsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_ecdsa_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/fips.h
+fips_ecdsa_lib.o: ../../include/openssl/opensslconf.h
+fips_ecdsa_lib.o: ../../include/openssl/opensslv.h
+fips_ecdsa_lib.o: ../../include/openssl/ossl_typ.h
+fips_ecdsa_lib.o: ../../include/openssl/safestack.h
+fips_ecdsa_lib.o: ../../include/openssl/stack.h
+fips_ecdsa_lib.o: ../../include/openssl/symhacks.h fips_ecdsa_lib.c
+fips_ecdsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_ecdsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_ecdsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_ecdsa_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+fips_ecdsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+fips_ecdsa_sign.o: ../../include/openssl/obj_mac.h
+fips_ecdsa_sign.o: ../../include/openssl/objects.h
+fips_ecdsa_sign.o: ../../include/openssl/opensslconf.h
+fips_ecdsa_sign.o: ../../include/openssl/opensslv.h
+fips_ecdsa_sign.o: ../../include/openssl/ossl_typ.h
+fips_ecdsa_sign.o: ../../include/openssl/safestack.h
+fips_ecdsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_ecdsa_sign.o: ../../include/openssl/symhacks.h fips_ecdsa_sign.c
+fips_ecdsavs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_ecdsavs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_ecdsavs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_ecdsavs.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+fips_ecdsavs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_ecdsavs.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_ecdsavs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_ecdsavs.o: ../../include/openssl/objects.h
+fips_ecdsavs.o: ../../include/openssl/opensslconf.h
+fips_ecdsavs.o: ../../include/openssl/opensslv.h
+fips_ecdsavs.o: ../../include/openssl/ossl_typ.h
+fips_ecdsavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_ecdsavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_ecdsavs.c
+fips_hmactest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_hmactest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_hmactest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_hmactest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_hmactest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_hmactest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_hmactest.o: ../../include/openssl/objects.h
+fips_hmactest.o: ../../include/openssl/opensslconf.h
+fips_hmactest.o: ../../include/openssl/opensslv.h
+fips_hmactest.o: ../../include/openssl/ossl_typ.h
+fips_hmactest.o: ../../include/openssl/safestack.h
+fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_hmactest.o: fips_utl.h fips_hmactest.c
+fips_drbg_ctr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_drbg_ctr.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+fips_drbg_ctr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_drbg_ctr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_drbg_ctr.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_drbg_ctr.o: ../../include/openssl/obj_mac.h
+fips_drbg_ctr.o: ../../include/openssl/objects.h
+fips_drbg_ctr.o: ../../include/openssl/opensslconf.h
+fips_drbg_ctr.o: ../../include/openssl/opensslv.h
+fips_drbg_ctr.o: ../../include/openssl/ossl_typ.h
+fips_drbg_ctr.o: ../../include/openssl/safestack.h
+fips_drbg_ctr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_drbg_ctr.o: fips_drbg_ctr.c fips_rand_lcl.h
+fips_drbg_ec.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_drbg_ec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_drbg_ec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_drbg_ec.o: ../../include/openssl/ec.h ../../include/openssl/evp.h
+fips_drbg_ec.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_drbg_ec.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
+fips_drbg_ec.o: ../../include/openssl/objects.h
+fips_drbg_ec.o: ../../include/openssl/opensslconf.h
+fips_drbg_ec.o: ../../include/openssl/opensslv.h
+fips_drbg_ec.o: ../../include/openssl/ossl_typ.h
+fips_drbg_ec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_drbg_ec.o: ../../include/openssl/symhacks.h fips_drbg_ec.c fips_rand_lcl.h
+fips_drbg_hash.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_drbg_hash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+fips_drbg_hash.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_drbg_hash.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_drbg_hash.o: ../../include/openssl/fips_rand.h
+fips_drbg_hash.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
+fips_drbg_hash.o: ../../include/openssl/objects.h
+fips_drbg_hash.o: ../../include/openssl/opensslconf.h
+fips_drbg_hash.o: ../../include/openssl/opensslv.h
+fips_drbg_hash.o: ../../include/openssl/ossl_typ.h
+fips_drbg_hash.o: ../../include/openssl/safestack.h
+fips_drbg_hash.o: ../../include/openssl/stack.h
+fips_drbg_hash.o: ../../include/openssl/symhacks.h fips_drbg_hash.c
+fips_drbg_hash.o: fips_rand_lcl.h
+fips_drbg_hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_drbg_hmac.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+fips_drbg_hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_drbg_hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_drbg_hmac.o: ../../include/openssl/fips_rand.h
+fips_drbg_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
+fips_drbg_hmac.o: ../../include/openssl/objects.h
+fips_drbg_hmac.o: ../../include/openssl/opensslconf.h
+fips_drbg_hmac.o: ../../include/openssl/opensslv.h
+fips_drbg_hmac.o: ../../include/openssl/ossl_typ.h
+fips_drbg_hmac.o: ../../include/openssl/safestack.h
+fips_drbg_hmac.o: ../../include/openssl/stack.h
+fips_drbg_hmac.o: ../../include/openssl/symhacks.h fips_drbg_hmac.c
+fips_drbg_hmac.o: fips_rand_lcl.h
+fips_drbg_lib.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_drbg_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+fips_drbg_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_drbg_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_drbg_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_drbg_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_drbg_lib.o: ../../include/openssl/objects.h
+fips_drbg_lib.o: ../../include/openssl/opensslconf.h
+fips_drbg_lib.o: ../../include/openssl/opensslv.h
+fips_drbg_lib.o: ../../include/openssl/ossl_typ.h
+fips_drbg_lib.o: ../../include/openssl/safestack.h
+fips_drbg_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_drbg_lib.o: fips_drbg_lib.c fips_rand_lcl.h
+fips_drbg_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_drbg_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+fips_drbg_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_drbg_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_drbg_rand.o: ../../include/openssl/fips_rand.h
+fips_drbg_rand.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_drbg_rand.o: ../../include/openssl/obj_mac.h
+fips_drbg_rand.o: ../../include/openssl/objects.h
+fips_drbg_rand.o: ../../include/openssl/opensslconf.h
+fips_drbg_rand.o: ../../include/openssl/opensslv.h
+fips_drbg_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_drbg_rand.o: ../../include/openssl/safestack.h
+fips_drbg_rand.o: ../../include/openssl/stack.h
+fips_drbg_rand.o: ../../include/openssl/symhacks.h fips_drbg_rand.c
+fips_drbg_rand.o: fips_rand_lcl.h
+fips_drbgvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_drbgvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_drbgvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_drbgvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_drbgvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_drbgvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_drbgvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_drbgvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_drbgvs.o: ../../include/openssl/opensslconf.h
+fips_drbgvs.o: ../../include/openssl/opensslv.h
+fips_drbgvs.o: ../../include/openssl/ossl_typ.h
+fips_drbgvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_drbgvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_drbgvs.c
+fips_rand_lib.o: ../../e_os.h ../../include/openssl/aes.h
+fips_rand_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_rand_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rand_lib.o: ../../include/openssl/objects.h
+fips_rand_lib.o: ../../include/openssl/opensslconf.h
+fips_rand_lib.o: ../../include/openssl/opensslv.h
+fips_rand_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_rand_lib.o: ../../include/openssl/safestack.h
+fips_rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rand_lib.o: fips_rand_lib.c
+fips_randtest.o: ../../e_os.h ../../include/openssl/aes.h
+fips_randtest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_randtest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_randtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_randtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_randtest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_randtest.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_randtest.o: ../../include/openssl/obj_mac.h
+fips_randtest.o: ../../include/openssl/objects.h
+fips_randtest.o: ../../include/openssl/opensslconf.h
+fips_randtest.o: ../../include/openssl/opensslv.h
+fips_randtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_randtest.o: ../../include/openssl/safestack.h
+fips_randtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_randtest.o: fips_utl.h fips_randtest.c
+fips_rngvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_rngvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_rngvs.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_rngvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_rngvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rngvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_rngvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_rngvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_rngvs.o: ../../include/openssl/opensslconf.h
+fips_rngvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_rngvs.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_rngvs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rngvs.o: fips_utl.h fips_rngvs.c
+fips_rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsa_lib.o: ../../include/openssl/objects.h
+fips_rsa_lib.o: ../../include/openssl/opensslconf.h
+fips_rsa_lib.o: ../../include/openssl/opensslv.h
+fips_rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_rsa_lib.o: ../../include/openssl/symhacks.h fips_rsa_lib.c
+fips_rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_sign.o: ../../include/openssl/obj_mac.h
+fips_rsa_sign.o: ../../include/openssl/objects.h
+fips_rsa_sign.o: ../../include/openssl/opensslconf.h
+fips_rsa_sign.o: ../../include/openssl/opensslv.h
+fips_rsa_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rsa_sign.o: fips_rsa_sign.c
+fips_rsagtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_rsagtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_rsagtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_rsagtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_rsagtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rsagtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_rsagtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsagtest.o: ../../include/openssl/objects.h
+fips_rsagtest.o: ../../include/openssl/opensslconf.h
+fips_rsagtest.o: ../../include/openssl/opensslv.h
+fips_rsagtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsagtest.o: ../../include/openssl/safestack.h
+fips_rsagtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rsagtest.o: fips_utl.h fips_rsagtest.c
+fips_rsastest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_rsastest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_rsastest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_rsastest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_rsastest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rsastest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_rsastest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsastest.o: ../../include/openssl/objects.h
+fips_rsastest.o: ../../include/openssl/opensslconf.h
+fips_rsastest.o: ../../include/openssl/opensslv.h
+fips_rsastest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsastest.o: ../../include/openssl/safestack.h
+fips_rsastest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rsastest.o: fips_utl.h fips_rsastest.c
+fips_rsavtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_rsavtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_rsavtest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_rsavtest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_rsavtest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rsavtest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_rsavtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsavtest.o: ../../include/openssl/objects.h
+fips_rsavtest.o: ../../include/openssl/opensslconf.h
+fips_rsavtest.o: ../../include/openssl/opensslv.h
+fips_rsavtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsavtest.o: ../../include/openssl/safestack.h
+fips_rsavtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rsavtest.o: fips_utl.h fips_rsavtest.c
+fips_shatest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_shatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_shatest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_shatest.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+fips_shatest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_shatest.o: ../../include/openssl/fips_rand.h ../../include/openssl/hmac.h
+fips_shatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_shatest.o: ../../include/openssl/objects.h
+fips_shatest.o: ../../include/openssl/opensslconf.h
+fips_shatest.o: ../../include/openssl/opensslv.h
+fips_shatest.o: ../../include/openssl/ossl_typ.h
+fips_shatest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_shatest.o: ../../include/openssl/symhacks.h fips_utl.h fips_shatest.c
+fips_standalone_sha1.o: ../../include/openssl/asn1.h
+fips_standalone_sha1.o: ../../include/openssl/bio.h
+fips_standalone_sha1.o: ../../include/openssl/crypto.h
+fips_standalone_sha1.o: ../../include/openssl/e_os2.h
+fips_standalone_sha1.o: ../../include/openssl/evp.h
+fips_standalone_sha1.o: ../../include/openssl/fips.h
+fips_standalone_sha1.o: ../../include/openssl/hmac.h
+fips_standalone_sha1.o: ../../include/openssl/obj_mac.h
+fips_standalone_sha1.o: ../../include/openssl/objects.h
+fips_standalone_sha1.o: ../../include/openssl/opensslconf.h
+fips_standalone_sha1.o: ../../include/openssl/opensslv.h
+fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h
+fips_standalone_sha1.o: ../../include/openssl/safestack.h
+fips_standalone_sha1.o: ../../include/openssl/sha.h
+fips_standalone_sha1.o: ../../include/openssl/stack.h
+fips_standalone_sha1.o: ../../include/openssl/symhacks.h fips_standalone_sha1.c
+fips_tlsvs.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+fips_tlsvs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_tlsvs.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_tlsvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+fips_tlsvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_tlsvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_tlsvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_tlsvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_tlsvs.o: ../../include/openssl/opensslconf.h
+fips_tlsvs.o: ../../include/openssl/opensslv.h
+fips_tlsvs.o: ../../ssl/ssl.h
+fips_tlsvs.o: ../../include/openssl/opensslv.h
+fips_tlsvs.o: ../../include/openssl/ossl_typ.h
+fips_tlsvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_tlsvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_tlsvs.c
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
Index: openssl-1.0.2j/crypto/fips/fips_aesavs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_aesavs.c	2017-03-16 17:50:12.010613586 +0100
@@ -0,0 +1,936 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/*---------------------------------------------
+  NIST AES Algorithm Validation Suite
+  Test Program
+
+  Donated to OpenSSL by:
+  V-ONE Corporation
+  20250 Century Blvd, Suite 300
+  Germantown, MD 20874
+  U.S.A.
+  ----------------------------------------------*/
+
+#define OPENSSL_FIPSAPI
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+#include <openssl/aes.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#include <openssl/err.h>
+#include "e_os.h"
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS AES support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+#define AES_BLOCK_SIZE 16
+
+#define VERBOSE 0
+
+/*-----------------------------------------------*/
+
+static int AESTest(EVP_CIPHER_CTX *ctx,
+	    char *amode, int akeysz, unsigned char *aKey, 
+	    unsigned char *iVec, 
+	    int dir,  /* 0 = decrypt, 1 = encrypt */
+	    unsigned char *plaintext, unsigned char *ciphertext, int len)
+    {
+    const EVP_CIPHER *cipher = NULL;
+
+    if (fips_strcasecmp(amode, "CBC") == 0)
+	{
+	switch (akeysz)
+		{
+		case 128:
+		cipher = EVP_aes_128_cbc();
+		break;
+
+		case 192:
+		cipher = EVP_aes_192_cbc();
+		break;
+
+		case 256:
+		cipher = EVP_aes_256_cbc();
+		break;
+		}
+
+	}
+    else if (fips_strcasecmp(amode, "ECB") == 0)
+	{
+	switch (akeysz)
+		{
+		case 128:
+		cipher = EVP_aes_128_ecb();
+		break;
+
+		case 192:
+		cipher = EVP_aes_192_ecb();
+		break;
+
+		case 256:
+		cipher = EVP_aes_256_ecb();
+		break;
+		}
+	}
+    else if (fips_strcasecmp(amode, "CFB128") == 0)
+	{
+	switch (akeysz)
+		{
+		case 128:
+		cipher = EVP_aes_128_cfb128();
+		break;
+
+		case 192:
+		cipher = EVP_aes_192_cfb128();
+		break;
+
+		case 256:
+		cipher = EVP_aes_256_cfb128();
+		break;
+		}
+
+	}
+    else if (fips_strncasecmp(amode, "OFB", 3) == 0)
+	{
+	switch (akeysz)
+		{
+		case 128:
+		cipher = EVP_aes_128_ofb();
+		break;
+
+		case 192:
+		cipher = EVP_aes_192_ofb();
+		break;
+
+		case 256:
+		cipher = EVP_aes_256_ofb();
+		break;
+		}
+	}
+    else if(!fips_strcasecmp(amode,"CFB1"))
+	{
+	switch (akeysz)
+		{
+		case 128:
+		cipher = EVP_aes_128_cfb1();
+		break;
+
+		case 192:
+		cipher = EVP_aes_192_cfb1();
+		break;
+
+		case 256:
+		cipher = EVP_aes_256_cfb1();
+		break;
+		}
+	}
+    else if(!fips_strcasecmp(amode,"CFB8"))
+	{
+	switch (akeysz)
+		{
+		case 128:
+		cipher = EVP_aes_128_cfb8();
+		break;
+
+		case 192:
+		cipher = EVP_aes_192_cfb8();
+		break;
+
+		case 256:
+		cipher = EVP_aes_256_cfb8();
+		break;
+		}
+	}
+    else
+	{
+	printf("Unknown mode: %s\n", amode);
+	return 0;
+	}
+    if (!cipher)
+	{
+	printf("Invalid key size: %d\n", akeysz);
+	return 0; 
+	}
+    if (FIPS_cipherinit(ctx, cipher, aKey, iVec, dir) <= 0)
+	return 0;
+    if(!fips_strcasecmp(amode,"CFB1"))
+	M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
+    if (dir)
+		FIPS_cipher(ctx, ciphertext, plaintext, len);
+	else
+		FIPS_cipher(ctx, plaintext, ciphertext, len);
+    return 1;
+    }
+
+/*-----------------------------------------------*/
+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
+enum XCrypt {XDECRYPT, XENCRYPT};
+
+/*=============================*/
+/*  Monte Carlo Tests          */
+/*-----------------------------*/
+
+/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
+/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
+
+#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
+#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
+
+static int do_mct(char *amode, 
+	   int akeysz, unsigned char *aKey,unsigned char *iVec,
+	   int dir, unsigned char *text, int len,
+	   FILE *rfp)
+    {
+    int ret = 0;
+    unsigned char key[101][32];
+    unsigned char iv[101][AES_BLOCK_SIZE];
+    unsigned char ptext[1001][32];
+    unsigned char ctext[1001][32];
+    unsigned char ciphertext[64+4];
+    int i, j, n, n1, n2;
+    int imode = 0, nkeysz = akeysz/8;
+    EVP_CIPHER_CTX ctx;
+    FIPS_cipher_ctx_init(&ctx);
+
+    if (len > 32)
+	{
+	printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", 
+	       amode, akeysz);
+	return -1;
+	}
+    for (imode = 0; imode < 6; ++imode)
+	if (strcmp(amode, t_mode[imode]) == 0)
+	    break;
+    if (imode == 6)
+	{ 
+	printf("Unrecognized mode: %s\n", amode);
+	return -1;
+	}
+
+    memcpy(key[0], aKey, nkeysz);
+    if (iVec)
+	memcpy(iv[0], iVec, AES_BLOCK_SIZE);
+    if (dir == XENCRYPT)
+	memcpy(ptext[0], text, len);
+    else
+	memcpy(ctext[0], text, len);
+    for (i = 0; i < 100; ++i)
+	{
+	/* printf("Iteration %d\n", i); */
+	if (i > 0)
+	    {
+	    fprintf(rfp,"COUNT = %d" RESP_EOL ,i);
+	    OutputValue("KEY",key[i],nkeysz,rfp,0);
+	    if (imode != ECB)  /* ECB */
+		OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
+	    /* Output Ciphertext | Plaintext */
+	    OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
+			imode == CFB1);
+	    }
+	for (j = 0; j < 1000; ++j)
+	    {
+	    switch (imode)
+		{
+	    case ECB:
+		if (j == 0)
+		    { /* set up encryption */
+		    ret = AESTest(&ctx, amode, akeysz, key[i], NULL, 
+				  dir,  /* 0 = decrypt, 1 = encrypt */
+				  ptext[j], ctext[j], len);
+		    if (dir == XENCRYPT)
+			memcpy(ptext[j+1], ctext[j], len);
+		    else
+			memcpy(ctext[j+1], ptext[j], len);
+		    }
+		else
+		    {
+		    if (dir == XENCRYPT)
+			{
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
+			memcpy(ptext[j+1], ctext[j], len);
+			}
+		    else
+			{
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
+			memcpy(ctext[j+1], ptext[j], len);
+			}
+		    }
+		break;
+
+	    case CBC:
+	    case OFB:  
+	    case CFB128:
+		if (j == 0)
+		    {
+		    ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
+				  dir,  /* 0 = decrypt, 1 = encrypt */
+				  ptext[j], ctext[j], len);
+		    if (dir == XENCRYPT)
+			memcpy(ptext[j+1], iv[i], len);
+		    else
+			memcpy(ctext[j+1], iv[i], len);
+		    }
+		else
+		    {
+		    if (dir == XENCRYPT)
+			{
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
+			memcpy(ptext[j+1], ctext[j-1], len);
+			}
+		    else
+			{
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
+			memcpy(ctext[j+1], ptext[j-1], len);
+			}
+		    }
+		break;
+
+	    case CFB8:
+		if (j == 0)
+		    {
+		    ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], 
+				  dir,  /* 0 = decrypt, 1 = encrypt */
+				  ptext[j], ctext[j], len);
+		    }
+		else
+		    {
+		    if (dir == XENCRYPT)
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
+		    else
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
+		    }
+		if (dir == XENCRYPT)
+		    {
+		    if (j < 16)
+			memcpy(ptext[j+1], &iv[i][j], len);
+		    else
+			memcpy(ptext[j+1], ctext[j-16], len);
+		    }
+		else
+		    {
+		    if (j < 16)
+			memcpy(ctext[j+1], &iv[i][j], len);
+		    else
+			memcpy(ctext[j+1], ptext[j-16], len);
+		    }
+		break;
+
+	    case CFB1:
+		if(j == 0)
+		    {
+#if 0
+		    /* compensate for wrong endianness of input file */
+		    if(i == 0)
+			ptext[0][0]<<=7;
+#endif
+		    ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
+				ptext[j], ctext[j], len);
+		    }
+		else
+		    {
+		    if (dir == XENCRYPT)
+			FIPS_cipher(&ctx, ctext[j], ptext[j], len);
+		    else
+			FIPS_cipher(&ctx, ptext[j], ctext[j], len);
+
+		    }
+		if(dir == XENCRYPT)
+		    {
+		    if(j < 128)
+			sb(ptext[j+1],0,gb(iv[i],j));
+		    else
+			sb(ptext[j+1],0,gb(ctext[j-128],0));
+		    }
+		else
+		    {
+		    if(j < 128)
+			sb(ctext[j+1],0,gb(iv[i],j));
+		    else
+			sb(ctext[j+1],0,gb(ptext[j-128],0));
+		    }
+		break;
+		}
+	    }
+	--j; /* reset to last of range */
+	/* Output Ciphertext | Plaintext */
+	OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
+		    imode == CFB1);
+	fprintf(rfp, RESP_EOL);  /* add separator */
+
+	/* Compute next KEY */
+	if (dir == XENCRYPT)
+	    {
+	    if (imode == CFB8)
+		{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
+		for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
+		    ciphertext[n1] = ctext[j-n2][0];
+		}
+	    else if(imode == CFB1)
+		{
+		for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
+		    sb(ciphertext,n1,gb(ctext[j-n2],0));
+		}
+	    else
+		switch (akeysz)
+		    {
+		case 128:
+		    memcpy(ciphertext, ctext[j], 16);
+		    break;
+		case 192:
+		    memcpy(ciphertext, ctext[j-1]+8, 8);
+		    memcpy(ciphertext+8, ctext[j], 16);
+		    break;
+		case 256:
+		    memcpy(ciphertext, ctext[j-1], 16);
+		    memcpy(ciphertext+16, ctext[j], 16);
+		    break;
+		    }
+	    }
+	else
+	    {
+	    if (imode == CFB8)
+		{ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
+		for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
+		    ciphertext[n1] = ptext[j-n2][0];
+		}
+	    else if(imode == CFB1)
+		{
+		for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
+		    sb(ciphertext,n1,gb(ptext[j-n2],0));
+		}
+	    else
+		switch (akeysz)
+		    {
+		case 128:
+		    memcpy(ciphertext, ptext[j], 16);
+		    break;
+		case 192:
+		    memcpy(ciphertext, ptext[j-1]+8, 8);
+		    memcpy(ciphertext+8, ptext[j], 16);
+		    break;
+		case 256:
+		    memcpy(ciphertext, ptext[j-1], 16);
+		    memcpy(ciphertext+16, ptext[j], 16);
+		    break;
+		    }
+	    }
+	/* Compute next key: Key[i+1] = Key[i] xor ct */
+	for (n = 0; n < nkeysz; ++n)
+	    key[i+1][n] = key[i][n] ^ ciphertext[n];
+	
+	/* Compute next IV and text */
+	if (dir == XENCRYPT)
+	    {
+	    switch (imode)
+		{
+	    case ECB:
+		memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
+		break;
+	    case CBC:
+	    case OFB:
+	    case CFB128:
+		memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
+		memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
+		break;
+	    case CFB8:
+		/* IV[i+1] = ct */
+		for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
+		    iv[i+1][n1] = ctext[j-n2][0];
+		ptext[0][0] = ctext[j-16][0];
+		break;
+	    case CFB1:
+		for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
+		    sb(iv[i+1],n1,gb(ctext[j-n2],0));
+		ptext[0][0]=ctext[j-128][0]&0x80;
+		break;
+		}
+	    }
+	else
+	    {
+	    switch (imode)
+		{
+	    case ECB:
+		memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
+		break;
+	    case CBC:
+	    case OFB:
+	    case CFB128:
+		memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
+		memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
+		break;
+	    case CFB8:
+		for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
+		    iv[i+1][n1] = ptext[j-n2][0];
+		ctext[0][0] = ptext[j-16][0];
+		break;
+	    case CFB1:
+		for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
+		    sb(iv[i+1],n1,gb(ptext[j-n2],0));
+		ctext[0][0]=ptext[j-128][0]&0x80;
+		break;
+		}
+	    }
+	}
+    FIPS_cipher_ctx_cleanup(&ctx);
+    return ret;
+    }
+
+/*================================================*/
+/*----------------------------
+  # Config info for v-one
+  # AESVS MMT test data for ECB
+  # State : Encrypt and Decrypt
+  # Key Length : 256
+  # Fri Aug 30 04:07:22 PM
+  ----------------------------*/
+
+static int proc_file(char *rqfile, char *rspfile)
+    {
+    char afn[256], rfn[256];
+    FILE *afp = NULL, *rfp = NULL;
+    char ibuf[2048];
+    char tbuf[2048];
+    int len;
+    char algo[8] = "";
+    char amode[8] = "";
+    char atest[8] = "";
+    int akeysz = 0;
+    unsigned char iVec[20], aKey[40];
+    int dir = -1, err = 0, step = 0;
+    unsigned char plaintext[2048];
+    unsigned char ciphertext[2048];
+    char *rp;
+    EVP_CIPHER_CTX ctx;
+    FIPS_cipher_ctx_init(&ctx);
+
+    if (!rqfile || !(*rqfile))
+	{
+	printf("No req file\n");
+	return -1;
+	}
+    strcpy(afn, rqfile);
+
+    if ((afp = fopen(afn, "r")) == NULL)
+	{
+	printf("Cannot open file: %s, %s\n", 
+	       afn, strerror(errno));
+	return -1;
+	}
+    if (!rspfile)
+	{
+	strcpy(rfn,afn);
+	rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+	if (!rp)
+	    rp=strstr(rfn,"req\\");
+#endif
+	assert(rp);
+	memcpy(rp,"rsp",3);
+	rp = strstr(rfn, ".req");
+	memcpy(rp, ".rsp", 4);
+	rspfile = rfn;
+	}
+    if ((rfp = fopen(rspfile, "w")) == NULL)
+	{
+	printf("Cannot open file: %s, %s\n", 
+	       rfn, strerror(errno));
+	fclose(afp);
+	afp = NULL;
+	return -1;
+	}
+    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
+	{
+	tidy_line(tbuf, ibuf);
+	/*      printf("step=%d ibuf=%s",step,ibuf); */
+	switch (step)
+	    {
+	case 0:  /* read preamble */
+	    if (ibuf[0] == '\n')
+		{ /* end of preamble */
+		if ((*algo == '\0') ||
+		    (*amode == '\0') ||
+		    (akeysz == 0))
+		    {
+		    printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
+			   algo,amode,akeysz);
+		    err = 1;
+		    }
+		else
+		    {
+		    copy_line(ibuf, rfp);
+		    ++ step;
+		    }
+		}
+	    else if (ibuf[0] != '#')
+		{
+		printf("Invalid preamble item: %s\n", ibuf);
+		err = 1;
+		}
+	    else
+		{ /* process preamble */
+		char *xp, *pp = ibuf+2;
+		int n;
+		if (akeysz)
+		    {
+		    copy_line(ibuf, rfp);
+		    }
+		else
+		    {
+		    copy_line(ibuf, rfp);
+		    if (strncmp(pp, "AESVS ", 6) == 0)
+			{
+			strcpy(algo, "AES");
+			/* get test type */
+			pp += 6;
+			xp = strchr(pp, ' ');
+			n = xp-pp;
+			strncpy(atest, pp, n);
+			atest[n] = '\0';
+			/* get mode */
+			xp = strrchr(pp, ' '); /* get mode" */
+			n = strlen(xp+1)-1;
+			strncpy(amode, xp+1, n);
+			amode[n] = '\0';
+			/* amode[3] = '\0'; */
+			if (VERBOSE)
+				printf("Test = %s, Mode = %s\n", atest, amode);
+			}
+		    else if (fips_strncasecmp(pp, "Key Length : ", 13) == 0)
+			{
+			akeysz = atoi(pp+13);
+			if (VERBOSE)
+				printf("Key size = %d\n", akeysz);
+			}
+		    }
+		}
+	    break;
+
+	case 1:  /* [ENCRYPT] | [DECRYPT] */
+	    if (ibuf[0] == '[')
+		{
+		copy_line(ibuf, rfp);
+		++step;
+		if (fips_strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
+		    dir = 1;
+		else if (fips_strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
+		    dir = 0;
+		else
+		    {
+		    printf("Invalid keyword: %s\n", ibuf);
+		    err = 1;
+		    }
+		break;
+		}
+	    else if (dir == -1)
+		{
+		err = 1;
+		printf("Missing ENCRYPT/DECRYPT keyword\n");
+		break;
+		}
+	    else 
+		step = 2;
+
+	case 2: /* KEY = xxxx */
+	    copy_line(ibuf, rfp);
+	    if(*ibuf == '\n')
+		break;
+	    if(!fips_strncasecmp(ibuf,"COUNT = ",8))
+		break;
+
+	    if (fips_strncasecmp(ibuf, "KEY = ", 6) != 0)
+		{
+		printf("Missing KEY\n");
+		err = 1;
+		}
+	    else
+		{
+		len = hex2bin((char*)ibuf+6, aKey);
+		if (len < 0)
+		    {
+		    printf("Invalid KEY\n");
+		    err =1;
+		    break;
+		    }
+		PrintValue("KEY", aKey, len);
+		if (strcmp(amode, "ECB") == 0)
+		    {
+		    memset(iVec, 0, sizeof(iVec));
+		    step = (dir)? 4: 5;  /* no ivec for ECB */
+		    }
+		else
+		    ++step;
+		}
+	    break;
+
+	case 3: /* IV = xxxx */
+	    copy_line(ibuf, rfp);
+	    if (fips_strncasecmp(ibuf, "IV = ", 5) != 0)
+		{
+		printf("Missing IV\n");
+		err = 1;
+		}
+	    else
+		{
+		len = hex2bin((char*)ibuf+5, iVec);
+		if (len < 0)
+		    {
+		    printf("Invalid IV\n");
+		    err =1;
+		    break;
+		    }
+		PrintValue("IV", iVec, len);
+		step = (dir)? 4: 5;
+		}
+	    break;
+
+	case 4: /* PLAINTEXT = xxxx */
+	    copy_line(ibuf, rfp);
+	    if (fips_strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
+		{
+		printf("Missing PLAINTEXT\n");
+		err = 1;
+		}
+	    else
+		{
+		int nn = strlen(ibuf+12);
+		if(!strcmp(amode,"CFB1"))
+		    len=bint2bin(ibuf+12,nn-1,plaintext);
+		else
+		    len=hex2bin(ibuf+12, plaintext);
+		if (len < 0)
+		    {
+		    printf("Invalid PLAINTEXT: %s", ibuf+12);
+		    err =1;
+		    break;
+		    }
+		if (len >= (int)sizeof(plaintext))
+		    {
+		    printf("Buffer overflow\n");
+		    }
+		PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
+		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
+		    {
+		    if(do_mct(amode, akeysz, aKey, iVec, 
+			      dir, (unsigned char*)plaintext, len, 
+			      rfp) < 0)
+			err = 1;
+		    }
+		else
+		    {
+		    AESTest(&ctx, amode, akeysz, aKey, iVec, 
+				  dir,  /* 0 = decrypt, 1 = encrypt */
+				  plaintext, ciphertext, len);
+		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
+				!strcmp(amode,"CFB1"));
+		    }
+		step = 6;
+		}
+	    break;
+
+	case 5: /* CIPHERTEXT = xxxx */
+	    copy_line(ibuf, rfp);
+	    if (fips_strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
+		{
+		printf("Missing KEY\n");
+		err = 1;
+		}
+	    else
+		{
+		if(!strcmp(amode,"CFB1"))
+		    len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+		else
+		    len = hex2bin(ibuf+13,ciphertext);
+		if (len < 0)
+		    {
+		    printf("Invalid CIPHERTEXT\n");
+		    err =1;
+		    break;
+		    }
+
+		PrintValue("CIPHERTEXT", ciphertext, len);
+		if (strcmp(atest, "MCT") == 0)  /* Monte Carlo Test */
+		    {
+		    do_mct(amode, akeysz, aKey, iVec, 
+			   dir, ciphertext, len, rfp);
+		    }
+		else
+		    {
+		    AESTest(&ctx, amode, akeysz, aKey, iVec, 
+				  dir,  /* 0 = decrypt, 1 = encrypt */
+				  plaintext, ciphertext, len);
+		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
+				!strcmp(amode,"CFB1"));
+		    }
+		step = 6;
+		}
+	    break;
+
+	case 6:
+	    if (ibuf[0] != '\n')
+		{
+		err = 1;
+		printf("Missing terminator\n");
+		}
+	    else if (strcmp(atest, "MCT") != 0)
+		{ /* MCT already added terminating nl */
+		copy_line(ibuf, rfp);
+		}
+	    step = 1;
+	    break;
+	    }
+	}
+    if (rfp)
+	fclose(rfp);
+    if (afp)
+	fclose(afp);
+    FIPS_cipher_ctx_cleanup(&ctx);
+    return err;
+    }
+
+/*--------------------------------------------------
+  Processes either a single file or 
+  a set of files whose names are passed in a file.
+  A single file is specified as:
+    aes_test -f xxx.req
+  A set of files is specified as:
+    aes_test -d xxxxx.xxx
+  The default is: -d req.txt
+--------------------------------------------------*/
+#ifdef FIPS_ALGVS
+int fips_aesavs_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+    {
+    char *rqlist = "req.txt", *rspfile = NULL;
+    FILE *fp = NULL;
+    char fn[250] = "", rfn[256] = "";
+    int d_opt = 1;
+    fips_algtest_init();
+
+    if (argc > 1)
+	{
+	if (fips_strcasecmp(argv[1], "-d") == 0)
+	    {
+	    d_opt = 1;
+	    }
+	else if (fips_strcasecmp(argv[1], "-f") == 0)
+	    {
+	    d_opt = 0;
+	    }
+	else
+	    {
+	    printf("Invalid parameter: %s\n", argv[1]);
+	    return 0;
+	    }
+	if (argc < 3)
+	    {
+	    printf("Missing parameter\n");
+	    return 0;
+	    }
+	if (d_opt)
+	    rqlist = argv[2];
+	else
+	    {
+	    strcpy(fn, argv[2]);
+	    rspfile = argv[3];
+	    }
+	}
+    if (d_opt)
+	{ /* list of files (directory) */
+	if (!(fp = fopen(rqlist, "r")))
+	    {
+	    printf("Cannot open req list file\n");
+	    return -1;
+	    }
+	while (fgets(fn, sizeof(fn), fp))
+	    {
+	    strtok(fn, "\r\n");
+	    strcpy(rfn, fn);
+	    if (VERBOSE)
+		printf("Processing: %s\n", rfn);
+	    if (proc_file(rfn, rspfile))
+		{
+		printf(">>> Processing failed for: %s <<<\n", rfn);
+		return 1;
+		}
+	    }
+	fclose(fp);
+	}
+    else /* single file */
+	{
+	if (VERBOSE)
+	    printf("Processing: %s\n", fn);
+	if (proc_file(fn, rspfile))
+	    {
+	    printf(">>> Processing failed for: %s <<<\n", fn);
+	    }
+	}
+    return 0;
+    }
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_cmactest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_cmactest.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,522 @@
+/* fips_cmactest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS CMAC support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+static int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
+	int mode, int Klen_counts_keys, int known_keylen);
+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Msglen,
+		int Tlen);
+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Msglen,
+		unsigned char *Mac, int Maclen,
+		int Tlen);
+
+#ifdef FIPS_ALGVS
+int fips_cmactest_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+	{
+	FILE *in = NULL, *out = NULL;
+	int mode = 0;		/* 0 => Generate, 1 => Verify */
+	int Klen_counts_keys = 0; /* 0 => Klen is size of one key
+				     1 => Klen is amount of keys
+				  */
+	int known_keylen = 0;	/* Only set when Klen_counts_keys = 1 */
+	const EVP_CIPHER *cipher = 0;
+	int ret = 1;
+	fips_algtest_init_nofips();
+	if(!FIPS_mode_set(1)) {
+		fprintf(stderr, "Can't set FIPS mode\n");
+		exit(1);
+	}
+
+
+	while (argc > 1 && argv[1][0] == '-')
+		{
+		switch (argv[1][1])
+			{
+		case 'a':
+			{
+			char *p = &argv[1][2];
+			if (*p == '\0')
+				{
+				if (argc <= 2)
+					{
+					fprintf(stderr, "Option %s needs a value\n", argv[1]);
+					goto end;
+					}
+				argv++;
+				argc--;
+				p = &argv[1][0];
+				}
+			if (!strcmp(p, "aes128"))
+				cipher = EVP_aes_128_cbc();
+			else if (!strcmp(p, "aes192"))
+				cipher = EVP_aes_192_cbc();
+			else if (!strcmp(p, "aes256"))
+				cipher = EVP_aes_256_cbc();
+			else if (!strcmp(p, "tdea3") || !strcmp(p, "tdes3"))
+				{
+				cipher = EVP_des_ede3_cbc();
+				Klen_counts_keys = 1;
+				known_keylen = 8;
+				}
+			else
+				{
+				fprintf(stderr, "Unknown algorithm %s\n", p);
+				goto end;
+				}
+			}
+			break;
+		case 'g':
+			mode = 0;
+			break;
+		case 'v':
+			mode = 1;
+			break;
+		default:
+			fprintf(stderr, "Unknown option %s\n", argv[1]);
+			goto end;
+			}
+		argv++;
+		argc--;
+		}
+	if (argc == 1)
+		in = stdin;
+	else
+		in = fopen(argv[1], "r");
+
+	if (argc < 2)
+		out = stdout;
+	else
+		out = fopen(argv[2], "w");
+
+	if (!in)
+		{
+		fprintf(stderr, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!cmac_test(cipher, out, in, mode,
+			Klen_counts_keys, known_keylen))
+		{
+		fprintf(stderr, "FATAL cmac file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (in && (in != stdin))
+		fclose(in);
+	if (out && (out != stdout))
+		fclose(out);
+
+	return ret;
+
+	}
+
+#define CMAC_TEST_MAXLINELEN	150000
+
+int cmac_test(const EVP_CIPHER *cipher, FILE *out, FILE *in,
+	int mode, int Klen_counts_keys, int known_keylen)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	unsigned char **Keys = NULL, *Msg = NULL, *Mac = NULL;
+	unsigned char *Key = NULL;
+	int Count, Klen, Mlen, Tlen;
+	long Keylen, Msglen, Maclen;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(CMAC_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	Count = -1;
+	Klen = -1;
+	Mlen = -1;
+	Tlen = -1;
+
+	while (fgets(olinebuf, CMAC_TEST_MAXLINELEN, in))
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Skip comments */
+		if (keyword[0] == '#')
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [L=20] line) just copy */
+		if (!p)
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword, "Count"))
+			{
+			if (Count != -1)
+				goto parse_error;
+			Count = atoi(value);
+			if (Count < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Klen"))
+			{
+			if (Klen != -1)
+				goto parse_error;
+			Klen = atoi(value);
+			if (Klen < 0)
+				goto parse_error;
+			if (Klen_counts_keys)
+				{
+				Keys = OPENSSL_malloc(sizeof(*Keys) * Klen);
+				memset(Keys, '\0', sizeof(*Keys) * Klen);
+				}
+			else
+				{
+				Keys = OPENSSL_malloc(sizeof(*Keys));
+				memset(Keys, '\0', sizeof(*Keys));
+				}
+			}
+		else if (!strcmp(keyword, "Mlen"))
+			{
+			if (Mlen != -1)
+				goto parse_error;
+			Mlen = atoi(value);
+			if (Mlen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Tlen"))
+			{
+			if (Tlen != -1)
+				goto parse_error;
+			Tlen = atoi(value);
+			if (Tlen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Key") && !Klen_counts_keys)
+			{
+			if (Keys[0])
+				goto parse_error;
+			Keys[0] = hex2bin_m(value, &Keylen);
+			if (!Keys[0])
+				goto parse_error;
+			}
+		else if (!strncmp(keyword, "Key", 3) && Klen_counts_keys)
+			{
+			int keynum = atoi(keyword + 3);
+			if (!keynum || keynum > Klen || Keys[keynum-1])
+				goto parse_error;
+			Keys[keynum-1] = hex2bin_m(value, &Keylen);
+			if (!Keys[keynum-1])
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Msg"))
+			{
+			if (Msg)
+				goto parse_error;
+			Msg = hex2bin_m(value, &Msglen);
+			if (!Msg)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Mac"))
+			{
+			if (mode == 0)
+				continue;
+			if (Mac)
+				goto parse_error;
+			Mac = hex2bin_m(value, &Maclen);
+			if (!Mac)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Result"))
+			{
+			if (mode == 1)
+				continue;
+			goto parse_error;
+			}
+		else
+			goto parse_error;
+
+		fputs(olinebuf, out);
+
+		if (Keys && Msg && (!mode || Mac) && (Tlen > 0) && (Klen > 0))
+			{
+			if (Klen_counts_keys)
+				{
+				int x;
+				Key = OPENSSL_malloc(Klen * known_keylen);
+				for (x = 0; x < Klen; x++)
+					{
+					memcpy(Key + x * known_keylen,
+						Keys[x], known_keylen);
+					OPENSSL_free(Keys[x]);
+					}
+				Klen *= known_keylen;
+				}
+			else
+				{
+				Key = OPENSSL_malloc(Klen);
+				memcpy(Key, Keys[0], Klen);
+				OPENSSL_free(Keys[0]);
+				}
+			OPENSSL_free(Keys);
+
+			switch(mode)
+				{
+			case 0:
+				if (!print_cmac_gen(cipher, out,
+						Key, Klen,
+						Msg, Mlen,
+						Tlen))
+					goto error;
+				break;
+			case 1:
+				if (!print_cmac_ver(cipher, out,
+						Key, Klen,
+						Msg, Mlen,
+						Mac, Maclen,
+						Tlen))
+					goto error;
+				break;
+				}
+
+			OPENSSL_free(Key);
+			Key = NULL;
+			OPENSSL_free(Msg);
+			Msg = NULL;
+			OPENSSL_free(Mac);
+			Mac = NULL;
+			Klen = -1;
+			Mlen = -1;
+			Tlen = -1;
+			Count = -1;
+			}
+		}
+
+
+	ret = 1;
+
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (Key)
+		OPENSSL_free(Key);
+	if (Msg)
+		OPENSSL_free(Msg);
+	if (Mac)
+		OPENSSL_free(Mac);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int print_cmac_gen(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Mlen,
+		int Tlen)
+	{
+	int rc, i;
+	size_t reslen;
+	unsigned char res[128];
+	CMAC_CTX *cmac_ctx = CMAC_CTX_new();
+
+	CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
+	CMAC_Update(cmac_ctx, Msg, Mlen);
+	if (!CMAC_Final(cmac_ctx, res, &reslen))
+		{
+		fputs("Error calculating CMAC\n", stderr);
+		rc = 0;
+		}
+	else if (Tlen > (int)reslen)
+		{
+		fputs("Parameter error, Tlen > CMAC length\n", stderr);
+		rc = 0;
+		}
+	else
+		{
+		fputs("Mac = ", out);
+		for (i = 0; i < Tlen; i++)
+			fprintf(out, "%02x", res[i]);
+		fputs(RESP_EOL, out);
+		rc = 1;
+		}
+	CMAC_CTX_free(cmac_ctx);
+	return rc;
+	}
+
+static int print_cmac_ver(const EVP_CIPHER *cipher, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Mlen,
+		unsigned char *Mac, int Maclen,
+		int Tlen)
+	{
+	int rc = 1;
+	size_t reslen;
+	unsigned char res[128];
+	CMAC_CTX *cmac_ctx = CMAC_CTX_new();
+
+	CMAC_Init(cmac_ctx, Key, Klen, cipher, 0);
+	CMAC_Update(cmac_ctx, Msg, Mlen);
+	if (!CMAC_Final(cmac_ctx, res, &reslen))
+		{
+		fputs("Error calculating CMAC\n", stderr);
+		rc = 0;
+		}
+	else if (Tlen > (int)reslen)
+		{
+		fputs("Parameter error, Tlen > CMAC length\n", stderr);
+		rc = 0;
+		}
+	else if (Tlen != Maclen)
+		{
+		fputs("Parameter error, Tlen != resulting Mac length\n", stderr);
+		rc = 0;
+		}
+	else
+		{
+		if (!memcmp(Mac, res, Maclen))
+			fputs("Result = P" RESP_EOL, out);
+		else
+			fputs("Result = F" RESP_EOL, out);
+		}
+	CMAC_CTX_free(cmac_ctx);
+	return rc;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_desmovs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_desmovs.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,704 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/*---------------------------------------------
+  NIST DES Modes of Operation Validation System
+  Test Program
+
+  Based on the AES Validation Suite, which was:
+  Donated to OpenSSL by:
+  V-ONE Corporation
+  20250 Century Blvd, Suite 300
+  Germantown, MD 20874
+  U.S.A.
+  ----------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+#include <openssl/des.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#include <openssl/err.h>
+#include "e_os.h"
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS DES support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+#define DES_BLOCK_SIZE 8
+
+#define VERBOSE 0
+
+int DESTest(EVP_CIPHER_CTX *ctx,
+	    char *amode, int akeysz, unsigned char *aKey, 
+	    unsigned char *iVec, 
+	    int dir,  /* 0 = decrypt, 1 = encrypt */
+	    unsigned char *out, unsigned char *in, int len)
+    {
+    const EVP_CIPHER *cipher = NULL;
+
+    if (akeysz != 192)
+	{
+	printf("Invalid key size: %d\n", akeysz);
+	EXIT(1);
+	}
+
+    if (strcasecmp(amode, "CBC") == 0)
+	cipher = EVP_des_ede3_cbc();
+    else if (strcasecmp(amode, "ECB") == 0)
+	cipher = EVP_des_ede3_ecb();
+    else if (strcasecmp(amode, "CFB64") == 0)
+	cipher = EVP_des_ede3_cfb64();
+    else if (strncasecmp(amode, "OFB", 3) == 0)
+	cipher = EVP_des_ede3_ofb();
+    else if(!strcasecmp(amode,"CFB8"))
+	cipher = EVP_des_ede3_cfb8();
+    else if(!strcasecmp(amode,"CFB1"))
+	cipher = EVP_des_ede3_cfb1();
+    else
+	{
+	printf("Unknown mode: %s\n", amode);
+	EXIT(1);
+	}
+
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
+	return 0;
+    if(!strcasecmp(amode,"CFB1"))
+	M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
+    EVP_Cipher(ctx, out, in, len);
+
+    return 1;
+    }
+
+/*
+void DebugValue(char *tag, unsigned char *val, int len)
+    {
+    char obuf[2048];
+    int olen;
+    olen = bin2hex(val, len, obuf);
+    printf("%s = %.*s\n", tag, olen, obuf);
+    }
+*/
+
+void shiftin(unsigned char *dst,unsigned char *src,int nbits)
+    {
+    int n;
+
+    /* move the bytes... */
+    memmove(dst,dst+nbits/8,3*8-nbits/8);
+    /* append new data */
+    memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
+    /* left shift the bits */
+    if(nbits%8)
+	for(n=0 ; n < 3*8 ; ++n)
+	    dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
+    }	
+
+/*-----------------------------------------------*/
+char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
+char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
+enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
+int Sizes[6]={64,64,64,1,8,64};
+
+void do_mct(char *amode, 
+	    int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
+	    int dir, unsigned char *text, int len,
+	    FILE *rfp)
+    {
+    int i,imode;
+    unsigned char nk[4*8]; /* longest key+8 */
+    unsigned char text0[8];
+
+    for (imode=0 ; imode < 6 ; ++imode)
+	if(!strcmp(amode,t_mode[imode]))
+	    break;
+    if (imode == 6)
+	{ 
+	printf("Unrecognized mode: %s\n", amode);
+	EXIT(1);
+	}
+
+    for(i=0 ; i < 400 ; ++i)
+	{
+	int j;
+	int n;
+	int kp=akeysz/64;
+	unsigned char old_iv[8];
+	EVP_CIPHER_CTX ctx;
+	EVP_CIPHER_CTX_init(&ctx);
+
+	fprintf(rfp,"\nCOUNT = %d\n",i);
+	if(kp == 1)
+	    OutputValue("KEY",akey,8,rfp,0);
+	else
+	    for(n=0 ; n < kp ; ++n)
+		{
+		fprintf(rfp,"KEY%d",n+1);
+		OutputValue("",akey+n*8,8,rfp,0);
+		}
+
+	if(imode != ECB)
+	    OutputValue("IV",ivec,8,rfp,0);
+	OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
+#if 0
+	/* compensate for endianness */
+	if(imode == CFB1)
+	    text[0]<<=7;
+#endif
+	memcpy(text0,text,8);
+
+	for(j=0 ; j < 10000 ; ++j)
+	    {
+	    unsigned char old_text[8];
+
+	    memcpy(old_text,text,8);
+	    if(j == 0)
+		{
+		memcpy(old_iv,ivec,8);
+		DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
+		}
+	    else
+		{
+		memcpy(old_iv,ctx.iv,8);
+		EVP_Cipher(&ctx,text,text,len);
+		}
+	    if(j == 9999)
+		{
+		OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
+		/*		memcpy(ivec,text,8); */
+		}
+	    /*	    DebugValue("iv",ctx.iv,8); */
+	    /* accumulate material for the next key */
+	    shiftin(nk,text,Sizes[imode]);
+	    /*	    DebugValue("nk",nk,24);*/
+	    if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
+			|| imode == CBC)) || imode == OFB)
+		memcpy(text,old_iv,8);
+
+	    if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
+		{
+		/* the test specifies using the output of the raw DES operation
+		   which we don't have, so reconstruct it... */
+		for(n=0 ; n < 8 ; ++n)
+		    text[n]^=old_text[n];
+		}
+	    }
+	for(n=0 ; n < 8 ; ++n)
+	    akey[n]^=nk[16+n];
+	for(n=0 ; n < 8 ; ++n)
+	    akey[8+n]^=nk[8+n];
+	for(n=0 ; n < 8 ; ++n)
+	    akey[16+n]^=nk[n];
+	if(numkeys < 3)
+	    memcpy(&akey[2*8],akey,8);
+	if(numkeys < 2)
+	    memcpy(&akey[8],akey,8);
+	DES_set_odd_parity((DES_cblock *)akey);
+	DES_set_odd_parity((DES_cblock *)(akey+8));
+	DES_set_odd_parity((DES_cblock *)(akey+16));
+	memcpy(ivec,ctx.iv,8);
+
+	/* pointless exercise - the final text doesn't depend on the
+	   initial text in OFB mode, so who cares what it is? (Who
+	   designed these tests?) */
+	if(imode == OFB)
+	    for(n=0 ; n < 8 ; ++n)
+		text[n]=text0[n]^old_iv[n];
+	}
+    }
+    
+int proc_file(char *rqfile, char *rspfile)
+    {
+    char afn[256], rfn[256];
+    FILE *afp = NULL, *rfp = NULL;
+    char ibuf[2048], tbuf[2048];
+    int ilen, len, ret = 0;
+    char amode[8] = "";
+    char atest[100] = "";
+    int akeysz=0;
+    unsigned char iVec[20], aKey[40];
+    int dir = -1, err = 0, step = 0;
+    unsigned char plaintext[2048];
+    unsigned char ciphertext[2048];
+    char *rp;
+    EVP_CIPHER_CTX ctx;
+    int numkeys=1;
+    EVP_CIPHER_CTX_init(&ctx);
+
+    if (!rqfile || !(*rqfile))
+	{
+	printf("No req file\n");
+	return -1;
+	}
+    strcpy(afn, rqfile);
+
+    if ((afp = fopen(afn, "r")) == NULL)
+	{
+	printf("Cannot open file: %s, %s\n", 
+	       afn, strerror(errno));
+	return -1;
+	}
+    if (!rspfile)
+	{
+	strcpy(rfn,afn);
+	rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+	if (!rp)
+	    rp=strstr(rfn,"req\\");
+#endif
+	assert(rp);
+	memcpy(rp,"rsp",3);
+	rp = strstr(rfn, ".req");
+	memcpy(rp, ".rsp", 4);
+	rspfile = rfn;
+	}
+    if ((rfp = fopen(rspfile, "w")) == NULL)
+	{
+	printf("Cannot open file: %s, %s\n", 
+	       rfn, strerror(errno));
+	fclose(afp);
+	afp = NULL;
+	return -1;
+	}
+    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
+	{
+	tidy_line(tbuf, ibuf);
+	ilen = strlen(ibuf);
+	/*	printf("step=%d ibuf=%s",step,ibuf);*/
+	if(step == 3 && !strcmp(amode,"ECB"))
+	    {
+	    memset(iVec, 0, sizeof(iVec));
+	    step = (dir)? 4: 5;  /* no ivec for ECB */
+	    }
+	switch (step)
+	    {
+	case 0:  /* read preamble */
+	    if (ibuf[0] == '\n')
+		{ /* end of preamble */
+		if (*amode == '\0')
+		    {
+		    printf("Missing Mode\n");
+		    err = 1;
+		    }
+		else
+		    {
+		    fputs(ibuf, rfp);
+		    ++ step;
+		    }
+		}
+	    else if (ibuf[0] != '#')
+		{
+		printf("Invalid preamble item: %s\n", ibuf);
+		err = 1;
+		}
+	    else
+		{ /* process preamble */
+		char *xp, *pp = ibuf+2;
+		int n;
+		if(*amode)
+		    { /* insert current time & date */
+		    time_t rtim = time(0);
+		    fprintf(rfp, "# %s", ctime(&rtim));
+		    }
+		else
+		    {
+		    fputs(ibuf, rfp);
+		    if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
+		       || !strncmp(pp,"TDES ",5)
+		       || !strncmp(pp,"PERMUTATION ",12)
+		       || !strncmp(pp,"SUBSTITUTION ",13)
+		       || !strncmp(pp,"VARIABLE ",9))
+			{
+			/* get test type */
+			if(!strncmp(pp,"DES ",4))
+			    pp+=4;
+			else if(!strncmp(pp,"TDES ",5))
+			    pp+=5;
+			xp = strchr(pp, ' ');
+			n = xp-pp;
+			strncpy(atest, pp, n);
+			atest[n] = '\0';
+			/* get mode */
+			xp = strrchr(pp, ' '); /* get mode" */
+			n = strlen(xp+1)-1;
+			strncpy(amode, xp+1, n);
+			amode[n] = '\0';
+			/* amode[3] = '\0'; */
+			if (VERBOSE)
+				printf("Test=%s, Mode=%s\n",atest,amode);
+			}
+		    }
+		}
+	    break;
+
+	case 1:  /* [ENCRYPT] | [DECRYPT] */
+	    if(ibuf[0] == '\n')
+		break;
+	    if (ibuf[0] == '[')
+		{
+		fputs(ibuf, rfp);
+		++step;
+		if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
+		    dir = 1;
+		else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
+		    dir = 0;
+		else
+		    {
+		    printf("Invalid keyword: %s\n", ibuf);
+		    err = 1;
+		    }
+		break;
+		}
+	    else if (dir == -1)
+		{
+		err = 1;
+		printf("Missing ENCRYPT/DECRYPT keyword\n");
+		break;
+		}
+	    else 
+		step = 2;
+
+	case 2: /* KEY = xxxx */
+	    if(*ibuf == '\n')
+		{
+	        fputs(ibuf, rfp);
+		break;
+                }
+	    if(!strncasecmp(ibuf,"COUNT = ",8))
+		{
+	        fputs(ibuf, rfp);
+		break;
+                }
+	    if(!strncasecmp(ibuf,"COUNT=",6))
+		{
+	        fputs(ibuf, rfp);
+		break;
+                }
+	    if(!strncasecmp(ibuf,"NumKeys = ",10))
+		{
+		numkeys=atoi(ibuf+10);
+		break;
+		}
+	  
+	    fputs(ibuf, rfp);
+	    if(!strncasecmp(ibuf,"KEY = ",6))
+		{
+		akeysz=64;
+		len = hex2bin((char*)ibuf+6, aKey);
+		if (len < 0)
+		    {
+		    printf("Invalid KEY\n");
+		    err=1;
+		    break;
+		    }
+		PrintValue("KEY", aKey, len);
+		++step;
+		}
+	    else if(!strncasecmp(ibuf,"KEYs = ",7))
+		{
+		akeysz=64*3;
+		len=hex2bin(ibuf+7,aKey);
+		if(len != 8)
+		    {
+		    printf("Invalid KEY\n");
+		    err=1;
+		    break;
+		    }
+		memcpy(aKey+8,aKey,8);
+		memcpy(aKey+16,aKey,8);
+		ibuf[4]='\0';
+		PrintValue("KEYs",aKey,len);
+		++step;
+		}
+	    else if(!strncasecmp(ibuf,"KEY",3))
+		{
+		int n=ibuf[3]-'1';
+
+		akeysz=64*3;
+		len=hex2bin(ibuf+7,aKey+n*8);
+		if(len != 8)
+		    {
+		    printf("Invalid KEY\n");
+		    err=1;
+		    break;
+		    }
+		ibuf[4]='\0';
+		PrintValue(ibuf,aKey,len);
+		if(n == 2)
+		    ++step;
+		}
+	    else
+		{
+		printf("Missing KEY\n");
+		err = 1;
+		}
+	    break;
+
+	case 3: /* IV = xxxx */
+	    fputs(ibuf, rfp);
+	    if (strncasecmp(ibuf, "IV = ", 5) != 0)
+		{
+		printf("Missing IV\n");
+		err = 1;
+		}
+	    else
+		{
+		len = hex2bin((char*)ibuf+5, iVec);
+		if (len < 0)
+		    {
+		    printf("Invalid IV\n");
+		    err =1;
+		    break;
+		    }
+		PrintValue("IV", iVec, len);
+		step = (dir)? 4: 5;
+		}
+	    break;
+
+	case 4: /* PLAINTEXT = xxxx */
+	    fputs(ibuf, rfp);
+	    if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
+		{
+		printf("Missing PLAINTEXT\n");
+		err = 1;
+		}
+	    else
+		{
+		int nn = strlen(ibuf+12);
+		if(!strcmp(amode,"CFB1"))
+		    len=bint2bin(ibuf+12,nn-1,plaintext);
+		else
+		    len=hex2bin(ibuf+12, plaintext);
+		if (len < 0)
+		    {
+		    printf("Invalid PLAINTEXT: %s", ibuf+12);
+		    err =1;
+		    break;
+		    }
+		if (len >= sizeof(plaintext))
+		    {
+		    printf("Buffer overflow\n");
+		    }
+		PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
+		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
+		    {
+		    do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
+		    }
+		else
+		    {
+		    assert(dir == 1);
+		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
+				  dir,  /* 0 = decrypt, 1 = encrypt */
+				  ciphertext, plaintext, len);
+		    OutputValue("CIPHERTEXT",ciphertext,len,rfp,
+				!strcmp(amode,"CFB1"));
+		    }
+		step = 6;
+		}
+	    break;
+
+	case 5: /* CIPHERTEXT = xxxx */
+	    fputs(ibuf, rfp);
+	    if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
+		{
+		printf("Missing KEY\n");
+		err = 1;
+		}
+	    else
+		{
+		if(!strcmp(amode,"CFB1"))
+		    len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+		else
+		    len = hex2bin(ibuf+13,ciphertext);
+		if (len < 0)
+		    {
+		    printf("Invalid CIPHERTEXT\n");
+		    err =1;
+		    break;
+		    }
+		
+		PrintValue("CIPHERTEXT", ciphertext, len);
+		if (strcmp(atest, "Monte") == 0)  /* Monte Carlo Test */
+		    {
+		    do_mct(amode, akeysz, numkeys, aKey, iVec, 
+			   dir, ciphertext, len, rfp);
+		    }
+		else
+		    {
+		    assert(dir == 0);
+		    ret = DESTest(&ctx, amode, akeysz, aKey, iVec, 
+				  dir,  /* 0 = decrypt, 1 = encrypt */
+				  plaintext, ciphertext, len);
+		    OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
+				!strcmp(amode,"CFB1"));
+		    }
+		step = 6;
+		}
+	    break;
+
+	case 6:
+	    if (ibuf[0] != '\n')
+		{
+		err = 1;
+		printf("Missing terminator\n");
+		}
+	    else if (strcmp(atest, "MCT") != 0)
+		{ /* MCT already added terminating nl */
+		fputs(ibuf, rfp);
+		}
+	    step = 1;
+	    break;
+	    }
+	}
+    if (rfp)
+	fclose(rfp);
+    if (afp)
+	fclose(afp);
+    return err;
+    }
+
+/*--------------------------------------------------
+  Processes either a single file or 
+  a set of files whose names are passed in a file.
+  A single file is specified as:
+    aes_test -f xxx.req
+  A set of files is specified as:
+    aes_test -d xxxxx.xxx
+  The default is: -d req.txt
+--------------------------------------------------*/
+int main(int argc, char **argv)
+    {
+    char *rqlist = "req.txt", *rspfile = NULL;
+    FILE *fp = NULL;
+    char fn[250] = "", rfn[256] = "";
+    int f_opt = 0, d_opt = 1;
+
+#ifdef OPENSSL_FIPS
+    if(!FIPS_mode_set(1))
+	{
+	do_print_errors();
+	EXIT(1);
+	}
+#endif
+    if (argc > 1)
+	{
+	if (strcasecmp(argv[1], "-d") == 0)
+	    {
+	    d_opt = 1;
+	    }
+	else if (strcasecmp(argv[1], "-f") == 0)
+	    {
+	    f_opt = 1;
+	    d_opt = 0;
+	    }
+	else
+	    {
+	    printf("Invalid parameter: %s\n", argv[1]);
+	    return 0;
+	    }
+	if (argc < 3)
+	    {
+	    printf("Missing parameter\n");
+	    return 0;
+	    }
+	if (d_opt)
+	    rqlist = argv[2];
+	else
+	    {
+	    strcpy(fn, argv[2]);
+	    rspfile = argv[3];
+	    }
+	}
+    if (d_opt)
+	{ /* list of files (directory) */
+	if (!(fp = fopen(rqlist, "r")))
+	    {
+	    printf("Cannot open req list file\n");
+	    return -1;
+	    }
+	while (fgets(fn, sizeof(fn), fp))
+	    {
+	    strtok(fn, "\r\n");
+	    strcpy(rfn, fn);
+	    printf("Processing: %s\n", rfn);
+	    if (proc_file(rfn, rspfile))
+		{
+		printf(">>> Processing failed for: %s <<<\n", rfn);
+		EXIT(1);
+		}
+	    }
+	fclose(fp);
+	}
+    else /* single file */
+	{
+	if (VERBOSE)
+		printf("Processing: %s\n", fn);
+	if (proc_file(fn, rspfile))
+	    {
+	    printf(">>> Processing failed for: %s <<<\n", fn);
+	    }
+	}
+    EXIT(0);
+    return 0;
+    }
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_dhvs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_dhvs.c	2017-03-17 14:15:25.151327074 +0100
@@ -0,0 +1,338 @@
+/* fips/dh/fips_dhvs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS DH support\n");
+    return(0);
+}
+#else
+
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
+ * reduce external dependencies.
+ */
+
+DH *FIPS_dh_new(void)
+	{
+	DH *ret;
+	ret = OPENSSL_malloc(sizeof(DH));
+	if (!ret)
+		return NULL;
+	memset(ret, 0, sizeof(DH));
+	ret->meth = DH_OpenSSL();
+	if (ret->meth->init)
+		ret->meth->init(ret);
+	return ret;
+	}
+
+void FIPS_dh_free(DH *r)
+	{
+	if (!r)
+		return;
+	if (r->meth->finish)
+		r->meth->finish(r);
+	if (r->p != NULL) BN_clear_free(r->p);
+	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->q != NULL) BN_clear_free(r->q);
+	if (r->j != NULL) BN_clear_free(r->j);
+	if (r->seed) OPENSSL_free(r->seed);
+	if (r->counter != NULL) BN_clear_free(r->counter);
+	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+	OPENSSL_free(r);
+	}
+
+static const EVP_MD *parse_md(char *line)
+	{
+	char *p;
+	if (line[0] != '[' || line[1] != 'F')
+		return NULL;
+	p = strchr(line, '-');
+	if (!p)
+		return NULL;
+	line = p + 1;
+	p = strchr(line, ']');
+	if (!p)
+		return NULL;
+	*p = 0;
+	p = line;
+	while(isspace(*p))
+		p++;
+	if (!strcmp(p, "SHA1"))
+		return EVP_sha1();
+	else if (!strcmp(p, "SHA224"))
+		return EVP_sha224();
+	else if (!strcmp(p, "SHA256"))
+		return EVP_sha256();
+	else if (!strcmp(p, "SHA384"))
+		return EVP_sha384();
+	else if (!strcmp(p, "SHA512"))
+		return EVP_sha512();
+	else
+		return NULL;
+	}
+
+static void output_Zhash(FILE *out, int exout,
+				DH *dh, BIGNUM *peerkey, const EVP_MD *md,
+				unsigned char *rhash, size_t rhashlen)
+	{
+	unsigned char *Z;
+	unsigned char chash[EVP_MAX_MD_SIZE];
+	int Zlen, hashlen;
+	if (rhash == NULL)
+		{
+		rhashlen = M_EVP_MD_size(md);
+		if (!DH_generate_key(dh))
+			exit (1);
+		do_bn_print_name(out, "YephemIUT", dh->pub_key);
+		if (exout)
+			do_bn_print_name(out, "XephemIUT", dh->priv_key);
+		}
+	hashlen = BN_num_bytes(dh->p);
+	Z = OPENSSL_malloc(hashlen);
+	if (!Z)
+		exit(1);
+	Zlen = DH_compute_key_padded(Z, peerkey, dh);
+
+	if (exout && Zlen >= 0)
+		OutputValue("Z", Z, Zlen, out, 0);
+
+	if (Zlen > 0) {
+		FIPS_digest(Z, hashlen, chash, NULL, md);
+	} else {
+		/* even in failure, print out IUTHashZZ / HashZZ */
+		if (rhash) memcpy(chash, rhash, rhashlen);
+	}
+	OutputValue(rhash ? "IUTHashZZ" : "HashZZ", chash, rhashlen, out, 0);
+	if (rhash)
+		{
+		fprintf(out, "Result = %s\n",
+				(Zlen < 0) ? "F": (memcmp(chash, rhash, rhashlen) ? "F" : "P"));
+		}
+	else
+		{
+		BN_clear_free(dh->priv_key);
+		BN_clear_free(dh->pub_key);
+		dh->priv_key = NULL;
+		dh->pub_key = NULL;
+		}
+	OPENSSL_cleanse(Z, hashlen);
+	OPENSSL_free(Z);
+	}
+
+#ifdef FIPS_ALGVS
+int fips_dhvs_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+	{
+	char **args = argv + 1;
+	int argn = argc - 1;
+	FILE *in, *out;
+	char buf[2048], lbuf[2048];
+	unsigned char *rhash;
+	long rhashlen;
+	DH *dh = NULL;
+	const EVP_MD *md = NULL;
+	BIGNUM *peerkey = NULL;
+	char *keyword = NULL, *value = NULL;
+	int do_verify = -1, exout = 0;
+
+	fips_algtest_init_nofips();
+	if(!FIPS_mode_set(1)) {
+		fprintf(stderr, "Can't set FIPS mode\n");
+		exit(1);
+	}
+
+	if (argn && !strcmp(*args, "dhver"))
+		{
+		do_verify = 1;
+		args++;
+		argn--;
+		}
+	else if (argn && !strcmp(*args, "dhgen"))
+		{
+		do_verify = 0;
+		args++;
+		argn--;
+		}
+
+	if (argn && !strcmp(*args, "-exout"))
+		{
+		exout = 1;
+		args++;
+		argn--;
+		}
+
+	if (do_verify == -1)
+		{
+		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
+		exit(1);
+		}
+
+	if (argn == 2)
+		{
+		in = fopen(*args, "r");
+		if (!in)
+			{
+			fprintf(stderr, "Error opening input file\n");
+			exit(1);
+			}
+		out = fopen(args[1], "w");
+		if (!out)
+			{
+			fprintf(stderr, "Error opening output file\n");
+			exit(1);
+			}
+		}
+	else if (argn == 0)
+		{
+		in = stdin;
+		out = stdout;
+		}
+	else
+		{
+		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
+		exit(1);
+		}
+
+	dh = FIPS_dh_new();
+
+	while (fgets(buf, sizeof(buf), in) != NULL)
+		{
+		fputs(buf, out);
+		if (strlen(buf) > 6 && !strncmp(buf, "[F", 2))
+			{
+			md = parse_md(buf);
+			if (md == NULL)
+				goto parse_error;
+			if (dh)
+				FIPS_dh_free(dh);
+			dh = FIPS_dh_new();
+			continue;
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if (!strcmp(keyword, "P"))
+			{
+			if (!do_hex2bn(&dh->p, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Q"))
+			{
+			if (!do_hex2bn(&dh->q, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "G"))
+			{
+			if (!do_hex2bn(&dh->g, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "XephemIUT"))
+			{
+			if (!do_hex2bn(&dh->priv_key, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "YephemIUT"))
+			{
+			if (!do_hex2bn(&dh->pub_key, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "YephemCAVS"))
+			{
+			if (!do_hex2bn(&peerkey, value))
+				goto parse_error;
+			if (do_verify == 0)
+				output_Zhash(out, exout, dh, peerkey, md,
+							NULL, 0);
+			}
+		else if (!strcmp(keyword, "CAVSHashZZ"))
+			{
+			if (!md)
+				goto parse_error;
+			rhash = hex2bin_m(value, &rhashlen);
+			if (!rhash || rhashlen != M_EVP_MD_size(md))
+				goto parse_error;
+			output_Zhash(out, exout, dh, peerkey, md,
+							rhash, rhashlen);
+			}
+		}
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
+	return 0;
+	parse_error:
+	fprintf(stderr, "Error Parsing request file\n");
+	exit(1);
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_drbgvs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_drbgvs.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,436 @@
+/* fips/rand/fips_drbgvs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS DRBG support\n");
+    return(0);
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include "fips_utl.h"
+
+static int dparse_md(char *str)
+	{
+	switch(atoi(str + 5))
+		{
+		case 1:
+		return NID_sha1;
+
+		case 224:
+		return NID_sha224;
+
+		case 256:
+		return NID_sha256;
+
+		case 384:
+		return NID_sha384;
+
+		case 512:
+		return NID_sha512;
+
+		}
+
+	return NID_undef;
+	}
+
+static int parse_ec(char *str)
+	{
+	int curve_nid, md_nid;
+	char *md;
+	md = strchr(str, ' ');
+	if (!md)
+		return NID_undef;
+	if (!strncmp(str, "[P-256", 6))
+		curve_nid = NID_X9_62_prime256v1;
+	else if (!strncmp(str, "[P-384", 6))
+		curve_nid = NID_secp384r1;
+	else if (!strncmp(str, "[P-521", 6))
+		curve_nid = NID_secp521r1;
+	else
+		return NID_undef;
+	md_nid = dparse_md(md);
+	if (md_nid == NID_undef)
+		return NID_undef;
+	return (curve_nid << 16) | md_nid;
+	}
+
+static int parse_aes(char *str, int *pdf)
+	{
+
+	if (!strncmp(str + 9, "no", 2))
+		*pdf = 0;
+	else
+		*pdf = DRBG_FLAG_CTR_USE_DF;
+
+	switch(atoi(str + 5))
+		{
+		case 128:
+		return NID_aes_128_ctr;
+
+		case 192:
+		return NID_aes_192_ctr;
+
+		case 256:
+		return NID_aes_256_ctr;
+
+		default:
+		return NID_undef;
+
+		}
+	}
+
+typedef struct 
+	{
+	unsigned char *ent;
+	size_t entlen;
+	unsigned char *nonce;
+	size_t noncelen;
+	} TEST_ENT;
+
+static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout,
+                                int entropy, size_t min_len, size_t max_len)
+	{
+	TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
+	*pout = (unsigned char *)t->ent;
+	return t->entlen;
+	}
+
+static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout,
+                                int entropy, size_t min_len, size_t max_len)
+	{
+	TEST_ENT *t = FIPS_drbg_get_app_data(dctx);
+	*pout = (unsigned char *)t->nonce;
+	return t->noncelen;
+	}
+
+#ifdef FIPS_ALGVS
+int fips_drbgvs_main(int argc,char **argv)
+#else
+int main(int argc,char **argv)
+#endif
+	{
+	FILE *in = NULL, *out = NULL;
+	DRBG_CTX *dctx = NULL;
+	TEST_ENT t;
+	int r, nid = 0;
+	int pr = 0;
+	char buf[2048], lbuf[2048];
+	unsigned char randout[2048];
+	char *keyword = NULL, *value = NULL;
+
+	unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL;
+	long entlen, noncelen, perslen, adinlen;
+	int df = 0;
+
+	enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC }
+		drbg_type = DRBG_NONE;
+
+	int randoutlen = 0;
+
+	int gen = 0;
+
+	fips_algtest_init_nofips();
+	if(!FIPS_mode_set(1)) {
+		fprintf(stderr, "Can't set FIPS mode\n");
+		exit(1);
+	}
+
+	if (argc == 3)
+		{
+		in = fopen(argv[1], "r");
+		if (!in)
+			{
+			fprintf(stderr, "Error opening input file\n");
+			exit(1);
+			}
+		out = fopen(argv[2], "w");
+		if (!out)
+			{
+			fprintf(stderr, "Error opening output file\n");
+			exit(1);
+			}
+		}
+	else if (argc == 1)
+		{
+		in = stdin;
+		out = stdout;
+		}
+	else
+		{
+		fprintf(stderr,"%s (infile outfile)\n",argv[0]);
+		exit(1);
+		}
+
+	while (fgets(buf, sizeof(buf), in) != NULL)
+		{
+		fputs(buf, out);
+		if (drbg_type == DRBG_NONE)
+			{
+			if (strstr(buf, "CTR_DRBG"))
+				drbg_type = DRBG_CTR;
+			else if (strstr(buf, "Hash_DRBG"))
+				drbg_type = DRBG_HASH;
+			else if (strstr(buf, "HMAC_DRBG"))
+				drbg_type = DRBG_HMAC;
+			else if (strstr(buf, "Dual_EC_DRBG"))
+				drbg_type = DRBG_DUAL_EC;
+			else
+				continue;
+			}
+		if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5))
+			{
+			nid = dparse_md(buf);
+			if (nid == NID_undef)
+				exit(1);
+			if (drbg_type == DRBG_HMAC)
+				{
+				switch (nid)
+					{
+					case NID_sha1:
+					nid = NID_hmacWithSHA1;
+					break;
+
+					case NID_sha224:
+					nid = NID_hmacWithSHA224;
+					break;
+
+					case NID_sha256:
+					nid = NID_hmacWithSHA256;
+					break;
+
+					case NID_sha384:
+					nid = NID_hmacWithSHA384;
+					break;
+
+					case NID_sha512:
+					nid = NID_hmacWithSHA512;
+					break;
+
+					default:
+					exit(1);
+					}
+				}
+			}
+		if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5))
+			{
+			nid = parse_aes(buf, &df);
+			if (nid == NID_undef)
+				exit(1);
+			}
+		if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3))
+			{
+			nid = parse_ec(buf);
+			if (nid == NID_undef)
+				exit(1);
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+
+		if (!strcmp(keyword, "[PredictionResistance"))
+			{
+			if (!strcmp(value, "True]"))
+				pr = 1;
+			else if (!strcmp(value, "False]"))
+				pr = 0;
+			else
+				exit(1);
+			}
+
+		if (!strcmp(keyword, "[ReturnedBitsLen"))
+			{
+			errno = 0;
+			randoutlen = strtol(value, NULL, 10);
+			if (errno || randoutlen % 8)
+				{
+				fprintf(stderr, "Invalid ReturnedBitsLen!\n");
+				exit(1);
+				}
+
+			/* ReturnedBitsLen is in bits */
+			randoutlen /= 8;
+			}
+
+		if (!strcmp(keyword, "EntropyInput"))
+			{
+			ent = hex2bin_m(value, &entlen);
+			t.ent = ent;
+			t.entlen = entlen;
+			}
+
+		if (!strcmp(keyword, "Nonce"))
+			{
+			nonce = hex2bin_m(value, &noncelen);
+			t.nonce = nonce;
+			t.noncelen = noncelen;
+			}
+
+		if (!strcmp(keyword, "PersonalizationString"))
+			{
+			pers = hex2bin_m(value, &perslen);
+			if (nid == 0)
+				{
+				fprintf(stderr, "DRBG type not recognised!\n");
+				exit (1);
+				}
+			dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
+			if (!dctx)
+				exit (1);
+			FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0,
+							test_nonce, 0);
+			FIPS_drbg_set_app_data(dctx, &t);
+			if (!randoutlen)
+				randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
+			r = FIPS_drbg_instantiate(dctx, pers, perslen);
+			if (!r)
+				{
+				fprintf(stderr, "Error instantiating DRBG\n");
+				exit(1);
+				}
+			OPENSSL_free(pers);
+			OPENSSL_free(ent);
+			OPENSSL_free(nonce);
+			ent = nonce = pers = NULL;
+			gen = 0;
+			}
+
+		if (!strcmp(keyword, "AdditionalInput"))
+			{
+			adin = hex2bin_m(value, &adinlen);
+			if (pr)
+				continue;
+			r = FIPS_drbg_generate(dctx, randout, randoutlen, 0,
+								adin, adinlen);
+			if (!r)
+				{
+				fprintf(stderr, "Error generating DRBG bits\n");
+				exit(1);
+				}
+			if (!r)
+				exit(1);
+			OPENSSL_free(adin);
+			adin = NULL;
+			gen++;
+			}
+
+		if (pr)
+			{
+			if (!strcmp(keyword, "EntropyInputPR"))
+				{
+				ent = hex2bin_m(value, &entlen);
+				t.ent = ent;
+				t.entlen = entlen;
+				r = FIPS_drbg_generate(dctx,
+							randout, randoutlen,
+							1, adin, adinlen);
+				if (!r)
+					{
+					fprintf(stderr,
+						"Error generating DRBG bits\n");
+					exit(1);
+					}
+				OPENSSL_free(adin);
+				OPENSSL_free(ent);
+				adin = ent = NULL;
+				gen++;
+				}
+			}
+		if (!strcmp(keyword, "EntropyInputReseed"))
+			{
+			ent = hex2bin_m(value, &entlen);
+			t.ent = ent;
+			t.entlen = entlen;
+			}
+		if (!strcmp(keyword, "AdditionalInputReseed"))
+			{
+			adin = hex2bin_m(value, &adinlen);
+			FIPS_drbg_reseed(dctx, adin, adinlen);
+			OPENSSL_free(ent);
+			OPENSSL_free(adin);
+			ent = adin = NULL;
+			}
+		if (gen == 2)
+			{
+			OutputValue("ReturnedBits", randout, randoutlen,
+									out, 0);
+			FIPS_drbg_free(dctx);
+			dctx = NULL;
+			gen = 0;
+			}
+
+		}
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
+	return 0;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_dsa_lib.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_dsa_lib.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,129 @@
+/* fips_dsa_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+#include <openssl/fips.h>
+
+/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
+ * reduce external dependencies.
+ */
+
+DSA *FIPS_dsa_new(void)
+	{
+	return DSA_new_method(NULL);
+#if 0
+	/* this is too minimalistic for the testcase */
+	DSA *ret;
+	ret = OPENSSL_malloc(sizeof(DSA));
+	if (!ret)
+		return NULL;
+	memset(ret, 0, sizeof(DSA));
+	ret->meth = DSA_OpenSSL();
+	if (ret->meth->init)
+		ret->meth->init(ret);
+	return ret;
+#endif
+	}
+
+void FIPS_dsa_free(DSA *r)
+	{
+	if (!r)
+		return;
+	DSA_free(r);
+#if 0
+	/* this is too minimalistic for the testcase */
+	if (r->meth->finish)
+		r->meth->finish(r);
+	if (r->p != NULL) BN_clear_free(r->p);
+	if (r->q != NULL) BN_clear_free(r->q);
+	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+	if (r->kinv != NULL) BN_clear_free(r->kinv);
+	if (r->r != NULL) BN_clear_free(r->r);
+	OPENSSL_free(r);
+#endif
+	}
+
+DSA_SIG *FIPS_dsa_sig_new(void)
+	{
+	DSA_SIG *sig;
+	sig = OPENSSL_malloc(sizeof(DSA_SIG));
+	if (!sig)
+		return NULL;
+	sig->r = NULL;
+	sig->s = NULL;
+	return sig;
+	}
+
+void FIPS_dsa_sig_free(DSA_SIG *sig)
+	{
+	if (sig)
+		{
+		if (sig->r)
+			BN_free(sig->r);
+		if (sig->s)
+			BN_free(sig->s);
+		OPENSSL_free(sig);
+		}
+	}
+
Index: openssl-1.0.2j/crypto/fips/fips_dsa_sign.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_dsa_sign.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,141 @@
+/* fips_dsa_sign.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/* FIPS versions of DSA_sign() and DSA_verify().
+ * Handle DSA_SIG structures to avoid need to handle ASN1.
+ */
+
+DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx)
+	{
+	DSA_SIG *s;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digestfinal(ctx, dig, &dlen);
+	s = dsa->meth->dsa_do_sign(dig,dlen,dsa);
+	OPENSSL_cleanse(dig, dlen);
+	return s;
+	}
+
+DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen)
+	{
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
+		return NULL;
+		}
+	return dsa->meth->dsa_do_sign(dig, dlen, dsa);
+	}
+
+int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s)
+	{
+	int ret=-1;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digestfinal(ctx, dig, &dlen);
+	ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
+	OPENSSL_cleanse(dig, dlen);
+	return ret;
+	}
+
+int FIPS_dsa_verify_digest(DSA *dsa,
+				const unsigned char *dig, int dlen, DSA_SIG *s)
+	{
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
+		return -1;
+		}
+	return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
+	}
+
+int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash, DSA_SIG *s)
+	{
+	int ret=-1;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digest(msg, msglen, dig, &dlen, mhash);
+	ret=FIPS_dsa_verify_digest(dsa, dig, dlen, s);
+	OPENSSL_cleanse(dig, dlen);
+	return ret;
+	}
+
+DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash)
+	{
+	DSA_SIG *s;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digest(msg, msglen, dig, &dlen, mhash);
+	s = FIPS_dsa_sign_digest(dsa, dig, dlen);
+	OPENSSL_cleanse(dig, dlen);
+	return s;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_dssvs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_dssvs.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,805 @@
+
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS DSA support\n");
+    return(0);
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+static int parse_mod(char *line, int *pdsa2, int *pL, int *pN,
+				const EVP_MD **pmd)
+	{
+	char lbuf[10240];
+	char *keyword, *value;
+
+	char *p;
+	p = strchr(line, ',');
+	if (!p)
+		{
+		*pL = atoi(line);
+		*pdsa2 = 0;
+		*pN = 160;
+		if (pmd)
+			*pmd = EVP_sha1();
+		return 1;
+		}
+	*pdsa2 = 1;
+	*p = 0;
+	if (!parse_line2(&keyword, &value, lbuf, line, 0))
+		return 0;
+	if (strcmp(keyword, "L"))
+		return 0;
+	*pL = atoi(value);
+	memmove(line, p + 1, strlen(p+1)+1);
+	if (pmd)
+		p = strchr(line, ',');
+	else
+		p = strchr(line, ']');
+	if (!p)
+		return 0;
+	*p = 0;
+	if (!parse_line2(&keyword, &value, lbuf, line, 0))
+		return 0;
+	if (strcmp(keyword, "N"))
+		return 0;
+	*pN = atoi(value);
+	if (!pmd)
+		return 1;
+	memmove(line, p + 1, strlen(p+1)+1);
+	p = strchr(line, ']');
+	if (!p)
+		return 0;
+	*p = 0;
+	p = line;
+	while(isspace(*p))
+		p++;
+	if (!strcmp(p, "SHA-1"))
+		*pmd = EVP_sha1();
+	else if (!strcmp(p, "SHA-224"))
+		*pmd = EVP_sha224();
+	else if (!strcmp(p, "SHA-256"))
+		*pmd = EVP_sha256();
+	else if (!strcmp(p, "SHA-384"))
+		*pmd = EVP_sha384();
+	else if (!strcmp(p, "SHA-512"))
+		*pmd = EVP_sha512();
+	else
+		return 0;
+	return 1;
+	}
+
+static void primes(FILE *in, FILE *out)
+    {
+    char buf[10240];
+    char lbuf[10240];
+    char *keyword, *value;
+
+    while(fgets(buf,sizeof buf,in) != NULL)
+	{
+	fputs(buf,out);
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		continue;
+	if(!strcmp(keyword,"Prime"))
+	    {
+	    BIGNUM *pp;
+
+	    pp=BN_new();
+	    do_hex2bn(&pp,value);
+	    fprintf(out, "result= %c" RESP_EOL,
+		   BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
+	    }	    
+	}
+    }
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+	unsigned char *seed_out,
+	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+	int idx, unsigned char *seed_out,
+	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
+int dsa_paramgen_check_g(DSA *dsa);
+
+
+DSA *FIPS_dsa_new(void);
+void FIPS_dsa_free(DSA *r);
+DSA_SIG *FIPS_dsa_sig_new(void);
+void FIPS_dsa_sig_free(DSA_SIG *sig);
+int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash, DSA_SIG *s);
+DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen, const EVP_MD *mhash);
+
+static void pqg(FILE *in, FILE *out)
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    int dsa2, L, N;
+    const EVP_MD *md = NULL;
+    BIGNUM *p = NULL, *q = NULL;
+    enum pqtype { PQG_NONE, PQG_PQ, PQG_G, PQG_GCANON}
+		pqg_type = PQG_NONE;
+    int seedlen=-1, idxlen, idx = -1;
+    unsigned char seed[1024], idtmp[1024];
+
+    while(fgets(buf,sizeof buf,in) != NULL)
+	{
+	if (buf[0] == '[')
+		{
+	    	if (strstr(buf, "Probable"))
+			pqg_type = PQG_PQ;
+	    	else if (strstr(buf, "Unverifiable"))
+			pqg_type = PQG_G;
+	    	else if (strstr(buf, "Canonical"))
+			pqg_type = PQG_GCANON;
+		}
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		{
+		fputs(buf,out);
+		continue;
+		}
+	if (strcmp(keyword, "Num"))
+		fputs(buf,out);
+	if(!strcmp(keyword,"[mod"))
+	    {
+	    if (!parse_mod(value, &dsa2, &L, &N, &md))
+		{
+		fprintf(stderr, "Mod Parse Error\n");
+		exit (1);
+		}
+	    }
+	else if(!strcmp(keyword,"N")
+		|| (!strcmp(keyword, "Num") && pqg_type == PQG_PQ))
+	    {
+	    int n=atoi(value);
+
+	    while(n--)
+		{
+		DSA *dsa;
+		int counter;
+		unsigned long h;
+		dsa = FIPS_dsa_new();
+
+		if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
+						NULL, 0, seed,
+						&counter, &h, NULL))
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+		if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
+						NULL, 0, -1, seed,
+						&counter, &h, NULL) <= 0)
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+
+		do_bn_print_name(out, "P",dsa->p);
+		do_bn_print_name(out, "Q",dsa->q);
+		if (!dsa2)
+			do_bn_print_name(out, "G",dsa->g);
+		OutputValue(dsa2 ? "domain_parameter_seed" : "Seed",
+				seed, M_EVP_MD_size(md), out, 0);
+		if (!dsa2)
+			{
+			fprintf(out, "c = %d" RESP_EOL, counter);
+			fprintf(out, "H = %lx" RESP_EOL RESP_EOL,h);
+			}
+		else
+			{
+			fprintf(out, "counter = %d" RESP_EOL RESP_EOL, counter);
+			}
+		FIPS_dsa_free(dsa);
+		}
+	    }
+	else if(!strcmp(keyword,"P"))
+	    p=hex2bn(value);
+	else if(!strcmp(keyword,"Q"))
+	    q=hex2bn(value);
+	else if(!strcmp(keyword,"domain_parameter_seed"))
+	    seedlen = hex2bin(value, seed);
+	else if(!strcmp(keyword,"firstseed"))
+	    seedlen = hex2bin(value, seed);
+	else if(!strcmp(keyword,"pseed"))
+	    seedlen += hex2bin(value, seed + seedlen);
+	else if(!strcmp(keyword,"qseed"))
+	    seedlen += hex2bin(value, seed + seedlen);
+	else if(!strcmp(keyword,"index"))
+	    {
+	    idxlen = hex2bin(value, idtmp);
+            if (idxlen != 1)
+		{
+		fprintf(stderr, "Index value error\n");
+		exit (1);
+		}
+	    idx = idtmp[0];
+	    }
+	if ((idx >= 0 && pqg_type == PQG_GCANON) || (q && pqg_type == PQG_G))
+		{
+		DSA *dsa;
+		dsa = FIPS_dsa_new();
+		dsa->p = p;
+		dsa->q = q;
+		p = q = NULL;
+		if (dsa_builtin_paramgen2(dsa, L, N, md,
+						seed, seedlen, idx, NULL,
+						NULL, NULL, NULL) <= 0)
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+		do_bn_print_name(out, "G",dsa->g);
+		FIPS_dsa_free(dsa);
+		idx = -1;
+		}
+	}
+    }
+
+static void pqgver(FILE *in, FILE *out)
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    int counter=-1, counter2;
+    unsigned long h=0, h2;
+    DSA *dsa=NULL;
+    int dsa2, L, N, part_test = 0;
+    const EVP_MD *md = NULL;
+    int seedlen=-1, idxlen, idx = -1;
+    unsigned char seed[1024], idtmp[1024];
+
+    while(fgets(buf,sizeof buf,in) != NULL)
+	{
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		{
+		if (p && q)
+			{
+			part_test = 1;
+			goto partial;
+			}
+		fputs(buf,out);
+		continue;
+		}
+	fputs(buf, out);
+	if(!strcmp(keyword,"[mod"))
+	    {
+	    if (!parse_mod(value, &dsa2, &L, &N, &md))
+		{
+		fprintf(stderr, "Mod Parse Error\n");
+		exit (1);
+		}
+	    }
+	else if(!strcmp(keyword,"P"))
+	    p=hex2bn(value);
+	else if(!strcmp(keyword,"Q"))
+	    q=hex2bn(value);
+	else if(!strcmp(keyword,"G"))
+	    g=hex2bn(value);
+	else if(!strcmp(keyword,"firstseed"))
+	    seedlen = hex2bin(value, seed);
+	else if(!strcmp(keyword,"pseed"))
+	    seedlen += hex2bin(value, seed + seedlen);
+	else if(!strcmp(keyword,"qseed"))
+	    seedlen += hex2bin(value, seed + seedlen);
+	else if(!strcmp(keyword,"Seed")
+		|| !strcmp(keyword,"domain_parameter_seed"))
+	    {
+	    seedlen = hex2bin(value, seed);
+	    if (!dsa2 && seedlen != 20)
+		{
+		fprintf(stderr, "Seed parse length error\n");
+		exit (1);
+		}
+	    if (idx > 0)
+		part_test = 1;
+	    }
+	else if(!strcmp(keyword,"index"))
+	    {
+	    idxlen = hex2bin(value, idtmp);
+            if (idxlen != 1)
+		{
+		fprintf(stderr, "Index value error\n");
+		exit (1);
+		}
+	    idx = idtmp[0];
+	    }
+	else if(!strcmp(keyword,"c"))
+	    counter = atoi(buf+4);
+	partial:
+	if (part_test && idx < 0 && h == 0 && g)
+	    {
+	    dsa = FIPS_dsa_new();
+	    dsa->p = BN_dup(p);
+	    dsa->q = BN_dup(q);
+	    dsa->g = BN_dup(g);
+	    if (dsa_paramgen_check_g(dsa))
+		fprintf(out, "Result = P" RESP_EOL);
+	    else
+		fprintf(out, "Result = F" RESP_EOL);
+	    BN_free(p);
+	    BN_free(q);
+	    BN_free(g);
+	    p = NULL;
+	    q = NULL;
+	    g = NULL;
+	    FIPS_dsa_free(dsa);
+	    dsa = NULL;
+	    part_test = 0;
+	    }
+	else if(!strcmp(keyword,"H") || part_test)
+	    {
+	    if (!part_test)
+	    	h = atoi(value);
+	    if (!p || !q || (!g && !part_test))
+		{
+		fprintf(stderr, "Parse Error\n");
+		exit (1);
+		}
+	    dsa = FIPS_dsa_new();
+	    if (idx >= 0)
+		{
+		dsa->p = BN_dup(p);
+		dsa->q = BN_dup(q);
+		}
+	    no_err = 1;
+	    if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md,
+					seed, seedlen, NULL,
+					&counter2, &h2, NULL))
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+	    if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md,
+					seed, seedlen, idx, NULL,
+					&counter2, &h2, NULL) < 0)
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+	    no_err = 0;
+	    if (idx >= 0)
+		{
+		if (BN_cmp(dsa->g, g))
+			fprintf(out, "Result = F" RESP_EOL);
+		else
+			fprintf(out, "Result = P" RESP_EOL);
+		}
+            else if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) ||
+		(!part_test &&
+		((BN_cmp(dsa->g, g) || (counter != counter2) || (h != h2)))))
+	    	fprintf(out, "Result = F" RESP_EOL);
+	    else
+	    	fprintf(out, "Result = P" RESP_EOL);
+	    BN_free(p);
+	    BN_free(q);
+	    BN_free(g);
+	    p = NULL;
+	    q = NULL;
+	    g = NULL;
+	    FIPS_dsa_free(dsa);
+	    dsa = NULL;
+	    if (part_test)
+		{
+		if (idx == -1)
+			fputs(buf,out);
+		part_test = 0;
+		}
+	    idx = -1;
+	    }
+	}
+    }
+
+/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
+ * algorithm tests. It is an additional test to perform sanity checks on the
+ * output of the KeyPair test.
+ */
+
+static int dss_paramcheck(int L, int N, BIGNUM *p, BIGNUM *q, BIGNUM *g,
+							BN_CTX *ctx)
+    {
+    BIGNUM *rem = NULL;
+    if (BN_num_bits(p) != L)
+	return 0;
+    if (BN_num_bits(q) != N)
+	return 0;
+    if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
+	return 0;
+    if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
+	return 0;
+    rem = BN_new();
+    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
+    	|| (BN_cmp(g, BN_value_one()) <= 0)
+	|| !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
+	{
+	BN_free(rem);
+	return 0;
+	}
+    /* Todo: check g */
+    BN_free(rem);
+    return 1;
+    }
+
+static void keyver(FILE *in, FILE *out)
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
+    BIGNUM *Y2;
+    BN_CTX *ctx = NULL;
+    int dsa2, L, N;
+    int paramcheck = 0;
+
+    ctx = BN_CTX_new();
+    Y2 = BN_new();
+
+    while(fgets(buf,sizeof buf,in) != NULL)
+	{
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		{
+		fputs(buf,out);
+		continue;
+		}
+	if(!strcmp(keyword,"[mod"))
+	    {
+	    if (p)
+		BN_free(p);
+	    p = NULL;
+	    if (q)
+		BN_free(q);
+	    q = NULL;
+	    if (g)
+		BN_free(g);
+	    g = NULL;
+	    paramcheck = 0;
+	    if (!parse_mod(value, &dsa2, &L, &N, NULL))
+		{
+		fprintf(stderr, "Mod Parse Error\n");
+		exit (1);
+		}
+	    }
+	else if(!strcmp(keyword,"P"))
+	    p=hex2bn(value);
+	else if(!strcmp(keyword,"Q"))
+	    q=hex2bn(value);
+	else if(!strcmp(keyword,"G"))
+	    g=hex2bn(value);
+	else if(!strcmp(keyword,"X"))
+	    X=hex2bn(value);
+	else if(!strcmp(keyword,"Y"))
+	    {
+	    Y=hex2bn(value);
+	    if (!p || !q || !g || !X || !Y)
+		{
+		fprintf(stderr, "Parse Error\n");
+		exit (1);
+		}
+	    do_bn_print_name(out, "P",p);
+	    do_bn_print_name(out, "Q",q);
+	    do_bn_print_name(out, "G",g);
+	    do_bn_print_name(out, "X",X);
+	    do_bn_print_name(out, "Y",Y);
+	    if (!paramcheck)
+		{
+		if (dss_paramcheck(L, N, p, q, g, ctx))
+			paramcheck = 1;
+		else
+			paramcheck = -1;
+		}
+	    if (paramcheck != 1)
+	   	fprintf(out, "Result = F" RESP_EOL);
+	    else
+		{
+		if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
+	    		fprintf(out, "Result = F" RESP_EOL);
+	        else
+	    		fprintf(out, "Result = P" RESP_EOL);
+		}
+	    BN_free(X);
+	    BN_free(Y);
+	    X = NULL;
+	    Y = NULL;
+	    }
+	}
+	if (p)
+	    BN_free(p);
+	if (q)
+	    BN_free(q);
+	if (g)
+	    BN_free(g);
+	if (Y2)
+	    BN_free(Y2);
+	if (ctx)
+	    BN_CTX_free(ctx);
+    }
+
+static void keypair(FILE *in, FILE *out)
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    int dsa2, L, N;
+
+    while(fgets(buf,sizeof buf,in) != NULL)
+	{
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		{
+		continue;
+		}
+	if(!strcmp(keyword,"[mod"))
+	    {
+	    if (!parse_mod(value, &dsa2, &L, &N, NULL))
+		{
+		fprintf(stderr, "Mod Parse Error\n");
+		exit (1);
+		}
+	    fputs(buf,out);
+	    }
+	else if(!strcmp(keyword,"N"))
+	    {
+	    DSA *dsa;
+	    int n=atoi(value);
+
+	    dsa = FIPS_dsa_new();
+	    if (!dsa)
+		{
+		fprintf(stderr, "DSA allocation error\n");
+		exit(1);
+		}
+	    if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0,
+						NULL, NULL, NULL, NULL))
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+	    if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1,
+						NULL, NULL, NULL, NULL) <= 0)
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+	    do_bn_print_name(out, "P",dsa->p);
+	    do_bn_print_name(out, "Q",dsa->q);
+	    do_bn_print_name(out, "G",dsa->g);
+	    fputs(RESP_EOL, out);
+
+	    while(n--)
+		{
+		if (!DSA_generate_key(dsa))
+			exit(1);
+
+		do_bn_print_name(out, "X",dsa->priv_key);
+		do_bn_print_name(out, "Y",dsa->pub_key);
+	    	fputs(RESP_EOL, out);
+		}
+	    FIPS_dsa_free(dsa);
+	    }
+	}
+    }
+
+static void siggen(FILE *in, FILE *out)
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    int dsa2, L, N;
+    const EVP_MD *md = NULL;
+    DSA *dsa=NULL;
+
+    while(fgets(buf,sizeof buf,in) != NULL)
+	{
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		{
+		fputs(buf,out);
+		continue;
+		}
+	fputs(buf,out);
+	if(!strcmp(keyword,"[mod"))
+	    {
+	    if (!parse_mod(value, &dsa2, &L, &N, &md))
+		{
+		fprintf(stderr, "Mod Parse Error\n");
+		exit (1);
+		}
+	    if (dsa)
+		FIPS_dsa_free(dsa);
+	    dsa = FIPS_dsa_new();
+	    if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, md, NULL, 0,
+						NULL, NULL, NULL, NULL))
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+	    if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, md, NULL, 0, -1,
+						NULL, NULL, NULL, NULL) <= 0)
+			{
+			fprintf(stderr, "Parameter Generation error\n");
+			exit(1);
+			}
+	    do_bn_print_name(out, "P",dsa->p);
+	    do_bn_print_name(out, "Q",dsa->q);
+	    do_bn_print_name(out, "G",dsa->g);
+	    fputs(RESP_EOL, out);
+	    }
+	else if(!strcmp(keyword,"Msg"))
+	    {
+	    unsigned char msg[1024];
+	    int n;
+	    DSA_SIG *sig;
+
+	    n=hex2bin(value,msg);
+
+	    if (!DSA_generate_key(dsa))
+		exit(1);
+	    do_bn_print_name(out, "Y",dsa->pub_key);
+
+	    sig = FIPS_dsa_sign(dsa, msg, n, md);
+
+	    do_bn_print_name(out, "R",sig->r);
+	    do_bn_print_name(out, "S",sig->s);
+	    fputs(RESP_EOL, out);
+	    FIPS_dsa_sig_free(sig);
+	    }
+	}
+    if (dsa)
+	FIPS_dsa_free(dsa);
+    }
+
+static void sigver(FILE *in, FILE *out)
+    {
+    DSA *dsa=NULL;
+    char buf[1024];
+    char lbuf[1024];
+    unsigned char msg[1024];
+    char *keyword, *value;
+    int n=0;
+    int dsa2, L, N;
+    const EVP_MD *md = NULL;
+    DSA_SIG sg, *sig = &sg;
+
+    sig->r = NULL;
+    sig->s = NULL;
+
+    while(fgets(buf,sizeof buf,in) != NULL)
+	{
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		{
+		fputs(buf,out);
+		continue;
+		}
+	fputs(buf,out);
+	if(!strcmp(keyword,"[mod"))
+	    {
+	    if (!parse_mod(value, &dsa2, &L, &N, &md))
+		{
+		fprintf(stderr, "Mod Parse Error\n");
+		exit (1);
+		}
+	    if (dsa)
+		FIPS_dsa_free(dsa);
+	    dsa = FIPS_dsa_new();
+	    }
+	else if(!strcmp(keyword,"P"))
+	    do_hex2bn(&dsa->p, value);
+	else if(!strcmp(keyword,"Q"))
+	    do_hex2bn(&dsa->q, value);
+	else if(!strcmp(keyword,"G"))
+	    do_hex2bn(&dsa->g, value);
+	else if(!strcmp(keyword,"Msg"))
+	    n=hex2bin(value,msg);
+	else if(!strcmp(keyword,"Y"))
+	    do_hex2bn(&dsa->pub_key, value);
+	else if(!strcmp(keyword,"R"))
+	    sig->r=hex2bn(value);
+	else if(!strcmp(keyword,"S"))
+	    {
+	    int r;
+	    sig->s=hex2bn(value);
+
+	    no_err = 1;
+	    r = FIPS_dsa_verify(dsa, msg, n, md, sig);
+	    no_err = 0;
+	    if (sig->s)
+		{
+		BN_free(sig->s);
+		sig->s = NULL;
+		}
+	    if (sig->r)
+		{
+		BN_free(sig->r);
+		sig->r = NULL;
+		}
+	
+	    fprintf(out, "Result = %c" RESP_EOL RESP_EOL, r == 1 ? 'P' : 'F');
+	    }
+	}
+	if (dsa)
+	    FIPS_dsa_free(dsa);
+    }
+
+#ifdef FIPS_ALGVS
+int fips_dssvs_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+    {
+    FILE *in, *out;
+    if (argc == 4)
+	{
+	in = fopen(argv[2], "r");
+	if (!in)
+		{
+		fprintf(stderr, "Error opening input file\n");
+		exit(1);
+		}
+	out = fopen(argv[3], "w");
+	if (!out)
+		{
+		fprintf(stderr, "Error opening output file\n");
+		exit(1);
+		}
+	}
+    else if (argc == 2)
+	{
+	in = stdin;
+	out = stdout;
+	}
+    else
+	{
+	fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]);
+	exit(1);
+	}
+    fips_algtest_init_nofips();
+    if(!FIPS_mode_set(1)) {
+	    fprintf(stderr, "Can't set FIPS mode\n");
+	    exit(1);
+    }
+    if(!strcmp(argv[1],"prime"))
+	primes(in, out);
+    else if(!strcmp(argv[1],"pqg"))
+	pqg(in, out);
+    else if(!strcmp(argv[1],"pqgver"))
+	pqgver(in, out);
+    else if(!strcmp(argv[1],"keypair"))
+	keypair(in, out);
+    else if(!strcmp(argv[1],"keyver"))
+	keyver(in, out);
+    else if(!strcmp(argv[1],"siggen"))
+	siggen(in, out);
+    else if(!strcmp(argv[1],"sigver"))
+	sigver(in, out);
+    else
+	{
+	fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+	exit(1);
+	}
+
+    if (argc == 4)
+	{
+	fclose(in);
+	fclose(out);
+	}
+
+    return 0;
+    }
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_ecdhvs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_ecdhvs.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,500 @@
+/* fips/ecdh/fips_ecdhvs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS ECDH support\n");
+    return(0);
+}
+#else
+
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#include <openssl/ecdh.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+static const EVP_MD *eparse_md(char *line)
+	{
+	char *p;
+	if (line[0] != '[' || line[1] != 'E')
+		return NULL;
+	p = strchr(line, '-');
+	if (!p)
+		return NULL;
+	line = p + 1;
+	p = strchr(line, ']');
+	if (!p)
+		return NULL;
+	*p = 0;
+	p = line;
+	while(isspace(*p))
+		p++;
+	if (!strcmp(p, "SHA1"))
+		return EVP_sha1();
+	else if (!strcmp(p, "SHA224"))
+		return EVP_sha224();
+	else if (!strcmp(p, "SHA256"))
+		return EVP_sha256();
+	else if (!strcmp(p, "SHA384"))
+		return EVP_sha384();
+	else if (!strcmp(p, "SHA512"))
+		return EVP_sha512();
+	else
+		return NULL;
+	}
+
+static int lookup_curve2(char *cname)
+	{
+	char *p;
+	p = strchr(cname, ']');
+	if (!p)
+		{
+		fprintf(stderr, "Parse error: missing ]\n");
+		return NID_undef;
+		}
+	*p = 0;
+
+	if (!strcmp(cname, "B-163"))
+		return NID_sect163r2;
+	if (!strcmp(cname, "B-233"))
+		return NID_sect233r1;
+	if (!strcmp(cname, "B-283"))
+		return NID_sect283r1;
+	if (!strcmp(cname, "B-409"))
+		return NID_sect409r1;
+	if (!strcmp(cname, "B-571"))
+		return NID_sect571r1;
+	if (!strcmp(cname, "K-163"))
+		return NID_sect163k1;
+	if (!strcmp(cname, "K-233"))
+		return NID_sect233k1;
+	if (!strcmp(cname, "K-283"))
+		return NID_sect283k1;
+	if (!strcmp(cname, "K-409"))
+		return NID_sect409k1;
+	if (!strcmp(cname, "K-571"))
+		return NID_sect571k1;
+	if (!strcmp(cname, "P-192"))
+		return NID_X9_62_prime192v1;
+	if (!strcmp(cname, "P-224"))
+		return NID_secp224r1;
+	if (!strcmp(cname, "P-256"))
+		return NID_X9_62_prime256v1;
+	if (!strcmp(cname, "P-384"))
+		return NID_secp384r1;
+	if (!strcmp(cname, "P-521"))
+		return NID_secp521r1;
+
+	fprintf(stderr, "Unknown Curve name %s\n", cname);
+	return NID_undef;
+	}
+
+static int lookup_curve(char *cname)
+	{
+	char *p;
+	p = strchr(cname, ':');
+	if (!p)
+		{
+		fprintf(stderr, "Parse error: missing :\n");
+		return NID_undef;
+		}
+	cname = p + 1;
+	while(isspace(*cname))
+		cname++;
+	return lookup_curve2(cname);
+	}
+
+static EC_POINT *make_peer(EC_GROUP *group, BIGNUM *x, BIGNUM *y)
+	{
+	EC_POINT *peer;
+	int rv;
+	BN_CTX *c;
+	peer = EC_POINT_new(group);
+	if (!peer)
+		return NULL;
+	c = BN_CTX_new();
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group))
+		== NID_X9_62_prime_field)
+		rv = EC_POINT_set_affine_coordinates_GFp(group, peer, x, y, c);
+	else
+#ifdef OPENSSL_NO_EC2M
+		{
+		fprintf(stderr, "ERROR: GF2m not supported\n");
+		exit(1);
+		}
+#else
+		rv = EC_POINT_set_affine_coordinates_GF2m(group, peer, x, y, c);
+#endif
+
+	BN_CTX_free(c);
+	if (rv)
+		return peer;
+	EC_POINT_free(peer);
+	return NULL;
+	}
+
+static int ec_print_key(FILE *out, EC_KEY *key, int add_e, int exout)
+	{
+	const EC_POINT *pt;
+	const EC_GROUP *grp;
+	const EC_METHOD *meth;
+	int rv;
+	BIGNUM *tx, *ty;
+	const BIGNUM *d = NULL;
+	BN_CTX *ctx;
+	ctx = BN_CTX_new();
+	if (!ctx)
+		return 0;
+	tx = BN_CTX_get(ctx);
+	ty = BN_CTX_get(ctx);
+	if (!tx || !ty)
+		return 0;
+	grp = EC_KEY_get0_group(key);
+	pt = EC_KEY_get0_public_key(key);
+	if (exout)
+		d = EC_KEY_get0_private_key(key);
+	meth = EC_GROUP_method_of(grp);
+	if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
+		rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, tx, ty, ctx);
+	else
+#ifdef OPENSSL_NO_EC2M
+		{
+		fprintf(stderr, "ERROR: GF2m not supported\n");
+		exit(1);
+		}
+#else
+		rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, tx, ty, ctx);
+#endif
+
+	if (add_e)
+		{
+		do_bn_print_name(out, "QeIUTx", tx);
+		do_bn_print_name(out, "QeIUTy", ty);
+		if (d)
+			do_bn_print_name(out, "QeIUTd", d);
+		}
+	else
+		{
+		do_bn_print_name(out, "QIUTx", tx);
+		do_bn_print_name(out, "QIUTy", ty);
+		if (d)
+			do_bn_print_name(out, "QIUTd", d);
+		}
+
+	BN_CTX_free(ctx);
+
+	return rv;
+
+	}
+
+static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
+			BIGNUM *ix, BIGNUM *iy, BIGNUM *id, BIGNUM *cx,
+			BIGNUM *cy, const EVP_MD *md,
+				unsigned char *rhash, size_t rhashlen)
+	{
+	EC_KEY *ec = NULL;
+	EC_POINT *peerkey = NULL;
+	unsigned char *Z;
+	unsigned char chash[EVP_MAX_MD_SIZE];
+	int Zlen;
+	ec = EC_KEY_new();
+	EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
+	EC_KEY_set_group(ec, group);
+	peerkey = make_peer(group, cx, cy);
+	if (rhash == NULL)
+		{
+		if (md)
+			rhashlen = M_EVP_MD_size(md);
+		EC_KEY_generate_key(ec);
+		ec_print_key(out, ec, md ? 1 : 0, exout);
+		}
+	else
+		{
+		EC_KEY_set_public_key_affine_coordinates(ec, ix, iy);
+		EC_KEY_set_private_key(ec, id);
+		}
+	Zlen = (EC_GROUP_get_degree(group) + 7)/8;
+	Z = OPENSSL_malloc(Zlen);
+	if (!Z)
+		exit(1);
+	ECDH_compute_key(Z, Zlen, peerkey, ec, 0);
+	if (md)
+		{
+		if (exout)
+			OutputValue("Z", Z, Zlen, out, 0);
+		FIPS_digest(Z, Zlen, chash, NULL, md);
+		OutputValue(rhash ? "IUTHashZZ" : "HashZZ",
+						chash, rhashlen, out, 0);
+		if (rhash)
+			{
+			fprintf(out, "Result = %s\n",
+				memcmp(chash, rhash, rhashlen) ? "F" : "P");
+			}
+		}
+	else
+		OutputValue("ZIUT", Z, Zlen, out, 0);
+	OPENSSL_cleanse(Z, Zlen);
+	OPENSSL_free(Z);
+	EC_KEY_free(ec);
+	EC_POINT_free(peerkey);
+	}
+		
+#ifdef FIPS_ALGVS
+int fips_ecdhvs_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+	{
+	char **args = argv + 1;
+	int argn = argc - 1;
+	FILE *in, *out;
+	char buf[2048], lbuf[2048];
+	unsigned char *rhash = NULL;
+	long rhashlen;
+	BIGNUM *cx = NULL, *cy = NULL;
+	BIGNUM *id = NULL, *ix = NULL, *iy = NULL;
+	const EVP_MD *md = NULL;
+	EC_GROUP *group = NULL;
+	char *keyword = NULL, *value = NULL;
+	int do_verify = -1, exout = 0;
+	int rv = 1;
+
+	int curve_nids[5] = {0,0,0,0,0};
+	int param_set = -1;
+
+	fips_algtest_init_nofips();
+	if(!FIPS_mode_set(1)) {
+		fprintf(stderr, "Can't set FIPS mode\n");
+		exit(1);
+	}
+
+	if (argn && !strcmp(*args, "ecdhver"))
+		{
+		do_verify = 1;
+		args++;
+		argn--;
+		}
+	else if (argn && !strcmp(*args, "ecdhgen"))
+		{
+		do_verify = 0;
+		args++;
+		argn--;
+		}
+
+	if (argn && !strcmp(*args, "-exout"))
+		{
+		exout = 1;
+		args++;
+		argn--;
+		}
+
+	if (do_verify == -1)
+		{
+		fprintf(stderr,"%s [ecdhver|ecdhgen|] [-exout] (infile outfile)\n",argv[0]);
+		exit(1);
+		}
+
+	if (argn == 2)
+		{
+		in = fopen(*args, "r");
+		if (!in)
+			{
+			fprintf(stderr, "Error opening input file\n");
+			exit(1);
+			}
+		out = fopen(args[1], "w");
+		if (!out)
+			{
+			fprintf(stderr, "Error opening output file\n");
+			exit(1);
+			}
+		}
+	else if (argn == 0)
+		{
+		in = stdin;
+		out = stdout;
+		}
+	else
+		{
+		fprintf(stderr,"%s [dhver|dhgen|] [-exout] (infile outfile)\n",argv[0]);
+		exit(1);
+		}
+
+	while (fgets(buf, sizeof(buf), in) != NULL)
+		{
+		fputs(buf, out);
+		if (buf[0] == '[' && buf[1] == 'E')
+			{
+			int c = buf[2];
+			if (c < 'A' || c > 'E')
+				goto parse_error;
+			param_set = c - 'A';
+			/* If just [E?] then initial paramset */
+			if (buf[3] == ']')
+				continue;
+			if (group)
+				EC_GROUP_free(group);
+			group = EC_GROUP_new_by_curve_name(curve_nids[c - 'A']);
+			}
+		if (strlen(buf) > 10 && !strncmp(buf, "[Curve", 6))
+			{
+			int nid;
+			if (param_set == -1)
+				goto parse_error;
+			nid = lookup_curve(buf);
+			if (nid == NID_undef)
+				goto parse_error;
+			curve_nids[param_set] = nid;
+			}
+
+		if (strlen(buf) > 4 && buf[0] == '[' && buf[2] == '-')
+			{
+			int nid = lookup_curve2(buf + 1);
+			if (nid == NID_undef)
+				goto parse_error;
+			if (group)
+				EC_GROUP_free(group);
+			group = EC_GROUP_new_by_curve_name(nid);
+			if (!group)
+				{
+				fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
+				return 1;
+				}
+			}
+
+		if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
+			{
+			md = eparse_md(buf);
+			if (md == NULL)
+				goto parse_error;
+			continue;
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if (!strcmp(keyword, "QeCAVSx") || !strcmp(keyword, "QCAVSx"))
+			{
+			if (!do_hex2bn(&cx, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "QeCAVSy") || !strcmp(keyword, "QCAVSy"))
+			{
+			if (!do_hex2bn(&cy, value))
+				goto parse_error;
+			if (do_verify == 0)
+				ec_output_Zhash(out, exout, group,
+						NULL, NULL, NULL,
+						cx, cy, md, rhash, rhashlen);
+			}
+		else if (!strcmp(keyword, "deIUT"))
+			{
+			if (!do_hex2bn(&id, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "QeIUTx"))
+			{
+			if (!do_hex2bn(&ix, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "QeIUTy"))
+			{
+			if (!do_hex2bn(&iy, value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "CAVSHashZZ"))
+			{
+			if (!md)
+				goto parse_error;
+			rhash = hex2bin_m(value, &rhashlen);
+			if (!rhash || rhashlen != M_EVP_MD_size(md))
+				goto parse_error;
+			ec_output_Zhash(out, exout, group, ix, iy, id, cx, cy,
+					md, rhash, rhashlen);
+			}
+		}
+	rv = 0;
+	parse_error:
+	if (id)
+		BN_free(id);
+	if (ix)
+		BN_free(ix);
+	if (iy)
+		BN_free(iy);
+	if (cx)
+		BN_free(cx);
+	if (cy)
+		BN_free(cy);
+	if (group)
+		EC_GROUP_free(group);
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
+	if (rv)
+		fprintf(stderr, "Error Parsing request file\n");
+	return rv;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_ecdsa_lib.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_ecdsa_lib.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,93 @@
+/* fips_dsa_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/ecdsa.h>
+#include <openssl/bn.h>
+#include <openssl/fips.h>
+
+ECDSA_SIG *FIPS_ecdsa_sig_new(void)
+	{
+	ECDSA_SIG *sig;
+	sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
+	if (!sig)
+		return NULL;
+	sig->r = BN_new();
+	sig->s = BN_new();
+	if (!sig->r || !sig->s)
+		{
+		FIPS_ecdsa_sig_free(sig);
+		return NULL;
+		}
+	return sig;
+	}
+
+void FIPS_ecdsa_sig_free(ECDSA_SIG *sig)
+	{
+	if (sig)
+		{
+		if (sig->r)
+			BN_free(sig->r);
+		if (sig->s)
+			BN_free(sig->s);
+		OPENSSL_free(sig);
+		}
+	}
+
Index: openssl-1.0.2j/crypto/fips/fips_ecdsavs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_ecdsavs.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,585 @@
+/* fips/ecdsa/fips_ecdsavs.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS ECDSA support\n");
+    return(0);
+}
+#else
+
+#include <string.h>
+#include <ctype.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include "fips_utl.h"
+#include <openssl/sha.h>
+
+#include <openssl/objects.h>
+
+ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx)
+	{
+	ECDSA_SIG *s;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digestfinal(ctx, dig, &dlen);
+	s = FIPS_ecdsa_sign_digest(key, dig, dlen);
+	OPENSSL_cleanse(dig, dlen);
+	return s;
+	}
+
+int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s)
+	{
+	int ret=-1;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digestfinal(ctx, dig, &dlen);
+	ret = FIPS_ecdsa_verify_digest(key, dig, dlen, s);
+	OPENSSL_cleanse(dig, dlen);
+	return ret;
+	}
+
+int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash, ECDSA_SIG *s)
+	{
+	int ret=-1;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digest(msg, msglen, dig, &dlen, mhash);
+	ret=FIPS_ecdsa_verify_digest(key, dig, dlen, s);
+	OPENSSL_cleanse(dig, dlen);
+	return ret;
+	}
+
+ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
+			const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash)
+	{
+	ECDSA_SIG *s;
+	unsigned char dig[EVP_MAX_MD_SIZE];
+	unsigned int dlen;
+        FIPS_digest(msg, msglen, dig, &dlen, mhash);
+	s = FIPS_ecdsa_sign_digest(key, dig, dlen);
+	OPENSSL_cleanse(dig, dlen);
+	return s;
+	}
+
+static int elookup_curve(char *in, char *curve_name, const EVP_MD **pmd)
+	{
+	char *cname, *p;
+	/* Copy buffer as we will change it */
+	strcpy(curve_name, in);
+	cname = curve_name + 1;
+	p = strchr(cname, ']');
+	if (!p)
+		{
+		fprintf(stderr, "Parse error: missing ]\n");
+		return NID_undef;
+		}
+	*p = 0;
+	p = strchr(cname, ',');
+	if (p)
+		{
+		if (!pmd)
+			{
+			fprintf(stderr, "Parse error: unexpected digest\n");
+			return NID_undef;
+			}
+		*p = 0;
+		p++;
+
+		if (!strcmp(p, "SHA-1"))
+			*pmd = EVP_sha1();
+		else if (!strcmp(p, "SHA-224"))
+			*pmd = EVP_sha224();
+		else if (!strcmp(p, "SHA-256"))
+			*pmd = EVP_sha256();
+		else if (!strcmp(p, "SHA-384"))
+			*pmd = EVP_sha384();
+		else if (!strcmp(p, "SHA-512"))
+			*pmd = EVP_sha512();
+		else
+			{
+			fprintf(stderr, "Unknown digest %s\n", p);
+			return NID_undef;
+			}
+		}
+	else if(pmd)
+		*pmd = EVP_sha1();
+
+	if (!strcmp(cname, "B-163"))
+		return NID_sect163r2;
+	if (!strcmp(cname, "B-233"))
+		return NID_sect233r1;
+	if (!strcmp(cname, "B-283"))
+		return NID_sect283r1;
+	if (!strcmp(cname, "B-409"))
+		return NID_sect409r1;
+	if (!strcmp(cname, "B-571"))
+		return NID_sect571r1;
+	if (!strcmp(cname, "K-163"))
+		return NID_sect163k1;
+	if (!strcmp(cname, "K-233"))
+		return NID_sect233k1;
+	if (!strcmp(cname, "K-283"))
+		return NID_sect283k1;
+	if (!strcmp(cname, "K-409"))
+		return NID_sect409k1;
+	if (!strcmp(cname, "K-571"))
+		return NID_sect571k1;
+	if (!strcmp(cname, "P-192"))
+		return NID_X9_62_prime192v1;
+	if (!strcmp(cname, "P-224"))
+		return NID_secp224r1;
+	if (!strcmp(cname, "P-256"))
+		return NID_X9_62_prime256v1;
+	if (!strcmp(cname, "P-384"))
+		return NID_secp384r1;
+	if (!strcmp(cname, "P-521"))
+		return NID_secp521r1;
+
+	fprintf(stderr, "Unknown Curve name %s\n", cname);
+	return NID_undef;
+	}
+
+static int ec_get_pubkey(EC_KEY *key, BIGNUM *x, BIGNUM *y)
+	{
+	const EC_POINT *pt;
+	const EC_GROUP *grp;
+	const EC_METHOD *meth;
+	int rv;
+	BN_CTX *ctx;
+	ctx = BN_CTX_new();
+	if (!ctx)
+		return 0;
+	grp = EC_KEY_get0_group(key);
+	pt = EC_KEY_get0_public_key(key);
+	meth = EC_GROUP_method_of(grp);
+	if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
+		rv = EC_POINT_get_affine_coordinates_GFp(grp, pt, x, y, ctx);
+	else
+#ifdef OPENSSL_NO_EC2M
+		{
+		fprintf(stderr, "ERROR: GF2m not supported\n");
+		exit(1);
+		}
+#else
+		rv = EC_POINT_get_affine_coordinates_GF2m(grp, pt, x, y, ctx);
+#endif
+
+	BN_CTX_free(ctx);
+
+	return rv;
+
+	}
+
+static int KeyPair(FILE *in, FILE *out)
+	{
+	char buf[2048], lbuf[2048];
+	char *keyword, *value;
+	int curve_nid = NID_undef;
+	int i, count;
+	BIGNUM *Qx = NULL, *Qy = NULL;
+	const BIGNUM *d = NULL;
+	EC_KEY *key = NULL;
+	Qx = BN_new();
+	Qy = BN_new();
+	while(fgets(buf, sizeof buf, in) != NULL)
+		{
+		if (*buf == '[' && buf[2] == '-')
+			{
+			if (buf[2] == '-')
+			curve_nid = elookup_curve(buf, lbuf, NULL);
+			fputs(buf, out);
+			continue;
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			{
+			fputs(buf, out);
+			continue;
+			}
+		if (!strcmp(keyword, "N"))
+			{
+			count = atoi(value);
+
+			for (i = 0; i < count; i++)
+				{
+
+				key = EC_KEY_new_by_curve_name(curve_nid);
+				if (!EC_KEY_generate_key(key))
+					{
+					fprintf(stderr, "Error generating key\n");
+					return 0;
+					}
+
+				if (!ec_get_pubkey(key, Qx, Qy))
+					{
+					fprintf(stderr, "Error getting public key\n");
+					return 0;
+					}
+
+				d = EC_KEY_get0_private_key(key);
+
+				do_bn_print_name(out, "d", d);
+				do_bn_print_name(out, "Qx", Qx);
+				do_bn_print_name(out, "Qy", Qy);
+				fputs(RESP_EOL, out);
+				EC_KEY_free(key);
+
+				}
+
+			}
+
+		}
+	BN_free(Qx);
+	BN_free(Qy);
+	return 1;
+	}
+
+static int PKV(FILE *in, FILE *out)
+	{
+
+	char buf[2048], lbuf[2048];
+	char *keyword, *value;
+	int curve_nid = NID_undef;
+	BIGNUM *Qx = NULL, *Qy = NULL;
+	EC_KEY *key = NULL;
+	while(fgets(buf, sizeof buf, in) != NULL)
+		{
+		fputs(buf, out);
+		if (*buf == '[' && buf[2] == '-')
+			{
+			curve_nid = elookup_curve(buf, lbuf, NULL);
+			if (curve_nid == NID_undef)
+				return 0;
+				
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if (!strcmp(keyword, "Qx"))
+			{
+			if (!do_hex2bn(&Qx, value))
+				{
+				fprintf(stderr, "Invalid Qx value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "Qy"))
+			{
+			int rv;
+			if (!do_hex2bn(&Qy, value))
+				{
+				fprintf(stderr, "Invalid Qy value\n");
+				return 0;
+				}
+			key = EC_KEY_new_by_curve_name(curve_nid);
+			no_err = 1;
+			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
+			no_err = 0;
+			EC_KEY_free(key);
+			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
+			}
+
+		}
+	BN_free(Qx);
+	BN_free(Qy);
+	return 1;
+	}
+
+static int SigGen(FILE *in, FILE *out)
+	{
+	char buf[2048], lbuf[2048];
+	char *keyword, *value;
+	unsigned char *msg;
+	int curve_nid = NID_undef;
+	long mlen;
+	BIGNUM *Qx = NULL, *Qy = NULL;
+	EC_KEY *key = NULL;
+	ECDSA_SIG *sig = NULL;
+	const EVP_MD *digest = NULL;
+	Qx = BN_new();
+	Qy = BN_new();
+	while(fgets(buf, sizeof buf, in) != NULL)
+		{
+		fputs(buf, out);
+		if (*buf == '[')
+			{
+			curve_nid = elookup_curve(buf, lbuf, &digest);
+			if (curve_nid == NID_undef)
+				return 0;
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if (!strcmp(keyword, "Msg"))
+			{
+			msg = hex2bin_m(value, &mlen);
+			if (!msg)
+				{
+				fprintf(stderr, "Invalid Message\n");
+				return 0;
+				}
+
+			key = EC_KEY_new_by_curve_name(curve_nid);
+			if (!EC_KEY_generate_key(key))
+				{
+				fprintf(stderr, "Error generating key\n");
+				return 0;
+				}
+
+			if (!ec_get_pubkey(key, Qx, Qy))
+				{
+				fprintf(stderr, "Error getting public key\n");
+				return 0;
+				}
+
+	    		sig = FIPS_ecdsa_sign(key, msg, mlen, digest);
+
+			if (!sig)
+				{
+				fprintf(stderr, "Error signing message\n");
+				return 0;
+				}
+
+			do_bn_print_name(out, "Qx", Qx);
+			do_bn_print_name(out, "Qy", Qy);
+			do_bn_print_name(out, "R", sig->r);
+			do_bn_print_name(out, "S", sig->s);
+
+			EC_KEY_free(key);
+			OPENSSL_free(msg);
+			FIPS_ecdsa_sig_free(sig);
+
+			}
+
+		}
+	BN_free(Qx);
+	BN_free(Qy);
+	return 1;
+	}
+
+static int SigVer(FILE *in, FILE *out)
+	{
+	char buf[2048], lbuf[2048];
+	char *keyword, *value;
+	unsigned char *msg = NULL;
+	int curve_nid = NID_undef;
+	long mlen;
+	BIGNUM *Qx = NULL, *Qy = NULL;
+	EC_KEY *key = NULL;
+	ECDSA_SIG sg, *sig = &sg;
+	const EVP_MD *digest = NULL;
+	sig->r = NULL;
+	sig->s = NULL;
+	while(fgets(buf, sizeof buf, in) != NULL)
+		{
+		fputs(buf, out);
+		if (*buf == '[')
+			{
+			curve_nid = elookup_curve(buf, lbuf, &digest);
+			if (curve_nid == NID_undef)
+				return 0;
+			}
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if (!strcmp(keyword, "Msg"))
+			{
+			msg = hex2bin_m(value, &mlen);
+			if (!msg)
+				{
+				fprintf(stderr, "Invalid Message\n");
+				return 0;
+				}
+			}
+			
+		if (!strcmp(keyword, "Qx"))
+			{
+			if (!do_hex2bn(&Qx, value))
+				{
+				fprintf(stderr, "Invalid Qx value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "Qy"))
+			{
+			if (!do_hex2bn(&Qy, value))
+				{
+				fprintf(stderr, "Invalid Qy value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "R"))
+			{
+			if (!do_hex2bn(&sig->r, value))
+				{
+				fprintf(stderr, "Invalid R value\n");
+				return 0;
+				}
+			}
+		if (!strcmp(keyword, "S"))
+			{
+			int rv;
+			if (!do_hex2bn(&sig->s, value))
+				{
+				fprintf(stderr, "Invalid S value\n");
+				return 0;
+				}
+			key = EC_KEY_new_by_curve_name(curve_nid);
+			rv = EC_KEY_set_public_key_affine_coordinates(key, Qx, Qy);
+
+			if (rv != 1)
+				{
+				fprintf(stderr, "Error setting public key\n");
+				return 0;
+				}
+
+			no_err = 1;
+	    		rv = FIPS_ecdsa_verify(key, msg, mlen, digest, sig);
+			EC_KEY_free(key);
+			if (msg)
+				OPENSSL_free(msg);
+			no_err = 0;
+
+			fprintf(out, "Result = %s" RESP_EOL, rv ? "P":"F");
+			}
+
+		}
+	if (sig->r)
+		BN_free(sig->r);
+	if (sig->s)
+		BN_free(sig->s);
+	if (Qx)
+		BN_free(Qx);
+	if (Qy)
+		BN_free(Qy);
+	return 1;
+	}
+#ifdef FIPS_ALGVS
+int fips_ecdsavs_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+	{
+	FILE *in = NULL, *out = NULL;
+	const char *cmd = argv[1];
+	int rv = 0;
+
+	fips_algtest_init_nofips();
+	if(!FIPS_mode_set(1)) {
+		fprintf(stderr, "Can't set FIPS mode\n");
+		exit(1);
+	}
+
+	if (argc == 4)
+		{
+		in = fopen(argv[2], "r");
+		if (!in)
+			{
+			fprintf(stderr, "Error opening input file\n");
+			exit(1);
+			}
+		out = fopen(argv[3], "w");
+		if (!out)
+			{
+			fprintf(stderr, "Error opening output file\n");
+			exit(1);
+			}
+		}
+	else if (argc == 2)
+		{
+		in = stdin;
+		out = stdout;
+		}
+
+	if (!cmd)
+		{
+		fprintf(stderr, "fips_ecdsavs [KeyPair|PKV|SigGen|SigVer]\n");
+		return 1;
+		}
+	if (!strcmp(cmd, "KeyPair"))
+		rv = KeyPair(in, out);
+	else if (!strcmp(cmd, "PKV"))
+		rv = PKV(in, out);
+	else if (!strcmp(cmd, "SigVer"))
+		rv = SigVer(in, out);
+	else if (!strcmp(cmd, "SigGen"))
+		rv = SigGen(in, out);
+	else
+		{
+		fprintf(stderr, "Unknown command %s\n", cmd);
+		return 1;
+		}
+
+	if (argc == 4)
+		{
+		fclose(in);
+		fclose(out);
+		}
+
+	if (rv <= 0)
+		{
+		fprintf(stderr, "Error running %s\n", cmd);
+		return 1;
+		}
+
+	return 0;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_err.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_err.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,89 @@
+/* fips/utl/fips_err.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/* FIPS error callbacks */
+
+static void (*fips_put_error_cb)(int lib, int func,int reason,const char *file,int line) = 0;
+static void (*fips_add_error_vdata)(int num, va_list args) = 0;
+
+void FIPS_put_error(int lib, int func,int reason,const char *file,int line)
+	{
+	if (fips_put_error_cb)
+		fips_put_error_cb(lib, func, reason, file, line);
+	}
+
+void FIPS_add_error_data(int num, ...)
+	{
+	if (fips_add_error_vdata)
+		{
+		va_list args;
+		va_start(args, num);
+		fips_add_error_vdata(num, args);
+		va_end(args);
+		}
+	}
+
+void FIPS_set_error_callbacks(
+	void (*put_cb)(int lib, int func,int reason,const char *file,int line),
+	void (*add_cb)(int num, va_list args) )
+	{
+	fips_put_error_cb = put_cb;
+	fips_add_error_vdata = add_cb;
+	}
+
+
Index: openssl-1.0.2j/crypto/fips/fips_gcmtest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_gcmtest.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,575 @@
+/* fips/aes/fips_gcmtest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#define OPENSSL_FIPSAPI
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS GCM support\n");
+    return(0);
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+static void gcmtest(FILE *in, FILE *out, int encrypt)
+	{
+	char buf[2048];
+	char lbuf[2048];
+	char *keyword, *value;
+	int keylen = -1, ivlen = -1, aadlen = -1, taglen = -1, ptlen = -1;
+	int rv;
+	long l;
+	unsigned char *key = NULL, *iv = NULL, *aad = NULL, *tag = NULL;
+	unsigned char *ct = NULL, *pt = NULL;
+	EVP_CIPHER_CTX ctx;
+	const EVP_CIPHER *gcm = NULL;
+	FIPS_cipher_ctx_init(&ctx);
+
+	while(fgets(buf,sizeof buf,in) != NULL)
+		{
+		fputs(buf,out);
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		if(!strcmp(keyword,"[Keylen"))
+			{
+			keylen = atoi(value);
+			if (keylen == 128)
+				gcm = EVP_aes_128_gcm();
+			else if (keylen == 192)
+				gcm = EVP_aes_192_gcm();
+			else if (keylen == 256)
+				gcm = EVP_aes_256_gcm();
+			else 
+				{
+				fprintf(stderr, "Unsupported keylen %d\n",
+							keylen);
+				}
+			keylen >>= 3;
+			}
+		else if (!strcmp(keyword, "[IVlen"))
+			ivlen = atoi(value) >> 3;
+		else if (!strcmp(keyword, "[AADlen"))
+			aadlen = atoi(value) >> 3;
+		else if (!strcmp(keyword, "[Taglen"))
+			taglen = atoi(value) >> 3;
+		else if (!strcmp(keyword, "[PTlen"))
+			ptlen = atoi(value) >> 3;
+		else if(!strcmp(keyword,"Key"))
+			{
+			key = hex2bin_m(value, &l);
+			if (l != keylen)
+				{
+				fprintf(stderr, "Inconsistent Key length\n");
+				exit(1);
+				}
+			}
+		else if(!strcmp(keyword,"IV"))
+			{
+			iv = hex2bin_m(value, &l);
+			if (l != ivlen)
+				{
+				fprintf(stderr, "Inconsistent IV length\n");
+				exit(1);
+				}
+			}
+		else if(!strcmp(keyword,"PT"))
+			{
+			pt = hex2bin_m(value, &l);
+			if (l != ptlen)
+				{
+				fprintf(stderr, "Inconsistent PT length\n");
+				exit(1);
+				}
+			}
+		else if(!strcmp(keyword,"CT"))
+			{
+			ct = hex2bin_m(value, &l);
+			if (l != ptlen)
+				{
+				fprintf(stderr, "Inconsistent CT length\n");
+				exit(1);
+				}
+			}
+		else if(!strcmp(keyword,"AAD"))
+			{
+			aad = hex2bin_m(value, &l);
+			if (l != aadlen)
+				{
+				fprintf(stderr, "Inconsistent AAD length\n");
+				exit(1);
+				}
+			}
+		else if(!strcmp(keyword,"Tag"))
+			{
+			tag = hex2bin_m(value, &l);
+			if (l != taglen)
+				{
+				fprintf(stderr, "Inconsistent Tag length\n");
+				exit(1);
+				}
+			}
+		if (encrypt && pt && aad && (iv || encrypt==1))
+			{
+			tag = OPENSSL_malloc(taglen);
+			FIPS_cipherinit(&ctx, gcm, NULL, NULL, 1);
+			/* Relax FIPS constraints for testing */
+			M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
+			if (encrypt == 1)
+				{
+				static unsigned char iv_fixed[4] = {1,2,3,4};
+				if (!iv)
+					iv = OPENSSL_malloc(ivlen);
+				FIPS_cipherinit(&ctx, NULL, key, NULL, 1);
+				FIPS_cipher_ctx_ctrl(&ctx,
+						EVP_CTRL_GCM_SET_IV_FIXED,
+						4, iv_fixed);
+				if (!FIPS_cipher_ctx_ctrl(&ctx,
+					EVP_CTRL_GCM_IV_GEN, 0, iv))
+					{
+					fprintf(stderr, "IV gen error\n");
+					exit(1);
+					}
+				OutputValue("IV", iv, ivlen, out, 0);
+				}
+			else
+				FIPS_cipherinit(&ctx, NULL, key, iv, 1);
+
+
+			if (aadlen)
+				FIPS_cipher(&ctx, NULL, aad, aadlen);
+			if (ptlen)
+				{
+				ct = OPENSSL_malloc(ptlen);
+				rv = FIPS_cipher(&ctx, ct, pt, ptlen);
+				}
+			FIPS_cipher(&ctx, NULL, NULL, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG,
+								taglen, tag);	
+			OutputValue("CT", ct, ptlen, out, 0);
+			OutputValue("Tag", tag, taglen, out, 0);
+			if (iv)
+				OPENSSL_free(iv);
+			if (aad)
+				OPENSSL_free(aad);
+			if (ct)
+				OPENSSL_free(ct);
+			if (pt)
+				OPENSSL_free(pt);
+			if (key)
+				OPENSSL_free(key);
+			if (tag)
+				OPENSSL_free(tag);
+			iv = aad = ct = pt = key = tag = NULL;
+			}	
+		if (!encrypt && tag)
+			{
+			FIPS_cipherinit(&ctx, gcm, NULL, NULL, 0);
+			/* Relax FIPS constraints for testing */
+			M_EVP_CIPHER_CTX_set_flags(&ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, 0);
+			FIPS_cipherinit(&ctx, NULL, key, iv, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag);
+			if (aadlen)
+				FIPS_cipher(&ctx, NULL, aad, aadlen);
+			if (ptlen)
+				{
+				pt = OPENSSL_malloc(ptlen);
+				rv = FIPS_cipher(&ctx, pt, ct, ptlen);
+				}
+			rv = FIPS_cipher(&ctx, NULL, NULL, 0);
+			if (rv < 0)
+				fprintf(out, "FAIL" RESP_EOL);
+			else
+				OutputValue("PT", pt, ptlen, out, 0);
+			if (iv)
+				OPENSSL_free(iv);
+			if (aad)
+				OPENSSL_free(aad);
+			if (ct)
+				OPENSSL_free(ct);
+			if (pt)
+				OPENSSL_free(pt);
+			if (key)
+				OPENSSL_free(key);
+			if (tag)
+				OPENSSL_free(tag);
+			iv = aad = ct = pt = key = tag = NULL;
+			}
+		}
+	FIPS_cipher_ctx_cleanup(&ctx);	
+	}
+
+static void xtstest(FILE *in, FILE *out)
+	{
+	char buf[204800];
+	char lbuf[204800];
+	char *keyword, *value;
+	int inlen = 0;
+	int encrypt = 0;
+	long l;
+	unsigned char *key = NULL, *iv = NULL;
+	unsigned char *inbuf = NULL, *outbuf = NULL;
+	EVP_CIPHER_CTX ctx;
+	const EVP_CIPHER *xts = NULL;
+	FIPS_cipher_ctx_init(&ctx);
+
+	while(fgets(buf,sizeof buf,in) != NULL)
+		{
+		fputs(buf,out);
+		if (buf[0] == '[' && strlen(buf) >= 9)
+			{
+			if(!strncmp(buf,"[ENCRYPT]", 9))
+				encrypt = 1;
+			else if(!strncmp(buf,"[DECRYPT]", 9))
+				encrypt = 0;
+			}
+		if  (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+		else if(!strcmp(keyword,"Key"))
+			{
+			key = hex2bin_m(value, &l);
+			if (l == 32)
+				xts = EVP_aes_128_xts();
+			else if (l == 64)
+				xts = EVP_aes_256_xts();
+			else
+				{
+				fprintf(stderr, "Inconsistent Key length\n");
+				exit(1);
+				}
+			}
+		else if(!strcmp(keyword,"i"))
+			{
+			iv = hex2bin_m(value, &l);
+			if (l != 16)
+				{
+				fprintf(stderr, "Inconsistent i length\n");
+				exit(1);
+				}
+			}
+		else if(encrypt && !strcmp(keyword,"PT"))
+			{
+			inbuf = hex2bin_m(value, &l);
+			inlen = l;
+			}
+		else if(!encrypt && !strcmp(keyword,"CT"))
+			{
+			inbuf = hex2bin_m(value, &l);
+			inlen = l;
+			}
+		if (inbuf)
+			{
+			FIPS_cipherinit(&ctx, xts, key, iv, encrypt);
+			outbuf = OPENSSL_malloc(inlen);
+			FIPS_cipher(&ctx, outbuf, inbuf, inlen);
+			OutputValue(encrypt ? "CT":"PT", outbuf, inlen, out, 0);
+			OPENSSL_free(inbuf);
+			OPENSSL_free(outbuf);
+			OPENSSL_free(key);
+			OPENSSL_free(iv);
+			iv = key = inbuf = outbuf = NULL;
+			}	
+		}
+	FIPS_cipher_ctx_cleanup(&ctx);	
+	}
+
+static void ccmtest(FILE *in, FILE *out)
+	{
+	char buf[200048];
+	char lbuf[200048];
+	char *keyword, *value;
+	long l;
+	unsigned char *Key = NULL, *Nonce = NULL;
+	unsigned char *Adata = NULL, *Payload = NULL;
+	unsigned char *CT = NULL;
+	int Plen = -1, Nlen = -1, Tlen = -1, Alen = -1;
+	int decr = 0;
+	EVP_CIPHER_CTX ctx;
+	const EVP_CIPHER *ccm = NULL;
+	FIPS_cipher_ctx_init(&ctx);
+
+	while(fgets(buf,sizeof buf,in) != NULL)
+		{
+		char *p;
+		fputs(buf,out);
+		redo:
+		if (!parse_line(&keyword, &value, lbuf, buf))
+			continue;
+
+		/* If surrounded by square brackets zap them */
+		if (keyword[0] == '[')
+			{
+			keyword++;
+			p = strchr(value, ']');
+			if (p)
+				*p = 0;
+			}
+		/* See if we have a comma separated list of parameters
+		 * if so copy rest of line back to buffer and redo later.
+		 */
+		p = strchr(value, ',');
+		if (p)
+			{
+			*p = 0;
+			strcpy(buf, p + 1);
+			strcat(buf, "\n");
+			decr = 1;
+			}
+		if (!strcmp(keyword,"Plen"))
+			Plen = atoi(value);
+		else if (!strcmp(keyword,"Nlen"))
+			Nlen = atoi(value);
+		else if (!strcmp(keyword,"Tlen"))
+			Tlen = atoi(value);
+		else if (!strcmp(keyword,"Alen"))
+			Alen = atoi(value);
+		if (p)
+			goto redo;
+		if (!strcmp(keyword,"Key"))
+			{
+			if (Key)
+				OPENSSL_free(Key);
+			Key = hex2bin_m(value, &l);
+			if (l == 16)
+				ccm = EVP_aes_128_ccm();
+			else if (l == 24)
+				ccm = EVP_aes_192_ccm();
+			else if (l == 32)
+				ccm = EVP_aes_256_ccm();
+			else
+				{
+				fprintf(stderr, "Inconsistent Key length\n");
+				exit(1);
+				}
+			}
+		else if (!strcmp(keyword,"Nonce"))
+			{
+			if (Nonce)
+				OPENSSL_free(Nonce);
+			Nonce = hex2bin_m(value, &l);
+			if (l != Nlen)
+				{
+				fprintf(stderr, "Inconsistent nonce length\n");
+				exit(1);
+				}
+			}
+		else if (!strcmp(keyword,"Payload") && !decr)
+			{
+			Payload = hex2bin_m(value, &l);
+			if (Plen && l != Plen)
+				{
+				fprintf(stderr, "Inconsistent Payload length\n");
+				exit(1);
+				}
+			}
+		else if (!strcmp(keyword,"Adata"))
+			{
+			if (Adata)
+				OPENSSL_free(Adata);
+			Adata = hex2bin_m(value, &l);
+			if (Alen && l != Alen)
+				{
+				fprintf(stderr, "Inconsistent Payload length\n");
+				exit(1);
+				}
+			}
+		else if (!strcmp(keyword,"CT") && decr)
+			{
+			CT = hex2bin_m(value, &l);
+			if (l != (Plen + Tlen))
+				{
+				fprintf(stderr, "Inconsistent CT length\n");
+				exit(1);
+				}
+			}
+		if (Payload)
+			{
+			FIPS_cipherinit(&ctx, ccm, NULL, NULL, 1);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG, Tlen, 0);
+			FIPS_cipherinit(&ctx, NULL, Key, Nonce, 1);
+
+			FIPS_cipher(&ctx, NULL, NULL, Plen);
+			FIPS_cipher(&ctx, NULL, Adata, Alen);
+			CT = OPENSSL_malloc(Plen + Tlen);
+			FIPS_cipher(&ctx, CT, Payload, Plen);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_GET_TAG, Tlen,
+						CT + Plen);
+			OutputValue("CT", CT, Plen + Tlen, out, 0);
+			OPENSSL_free(CT);
+			OPENSSL_free(Payload);
+			CT = Payload = NULL;
+			}
+		if (CT)
+			{
+			int rv;
+			int len = Plen == 0 ? 1: Plen;
+			FIPS_cipherinit(&ctx, ccm, NULL, NULL, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_IVLEN, Nlen, 0);
+			FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_CCM_SET_TAG,
+						Tlen, CT + Plen);
+			FIPS_cipherinit(&ctx, NULL, Key, Nonce, 0);
+			FIPS_cipher(&ctx, NULL, NULL, Plen);
+			FIPS_cipher(&ctx, NULL, Adata, Alen);
+			Payload = OPENSSL_malloc(len);
+			rv = FIPS_cipher(&ctx, Payload, CT, Plen);
+			if (rv >= 0)
+				{
+				if (rv == 0)
+					Payload[0] = 0;
+				fputs("Result = Pass" RESP_EOL, out);
+				OutputValue("Payload", Payload, len, out, 0);
+				}
+			else
+				fputs("Result = Fail" RESP_EOL, out);
+			OPENSSL_free(CT);
+			OPENSSL_free(Payload);
+			CT = Payload = NULL;
+			}
+		}
+	if (Key)
+		OPENSSL_free(Key);
+	if (Nonce)
+		OPENSSL_free(Nonce);
+	if (Adata)
+		OPENSSL_free(Adata);
+	FIPS_cipher_ctx_cleanup(&ctx);
+	}
+
+#ifdef FIPS_ALGVS
+int fips_gcmtest_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+	{
+	int encrypt;
+	int xts = 0, ccm = 0;
+	FILE *in, *out;
+	if (argc == 4)
+		{
+		in = fopen(argv[2], "r");
+		if (!in)
+			{
+			fprintf(stderr, "Error opening input file\n");
+			exit(1);
+			}
+		out = fopen(argv[3], "w");
+		if (!out)
+			{
+			fprintf(stderr, "Error opening output file\n");
+			exit(1);
+			}
+		}
+	else if (argc == 2)
+		{
+		in = stdin;
+		out = stdout;
+		}
+	else
+		{
+		fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]);
+		exit(1);
+		}
+	fips_algtest_init_nofips();
+	if(!FIPS_mode_set(1)) {
+		fprintf(stderr, "Can't set FIPS mode\n");
+		exit(1);
+	}
+	if(!strcmp(argv[1],"-encrypt"))
+		encrypt = 1;
+	else if(!strcmp(argv[1],"-encryptIVext"))
+		encrypt = 2;
+	else if(!strcmp(argv[1],"-decrypt"))
+		encrypt = 0;
+	else if(!strcmp(argv[1],"-ccm"))
+		ccm = 1;
+	else if(!strcmp(argv[1],"-xts"))
+		xts = 1;
+	else
+		{
+		fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+		exit(1);
+		}
+
+	if (ccm)
+		ccmtest(in, out);
+	else if (xts)
+		xtstest(in, out);
+	else
+		gcmtest(in, out, encrypt);
+
+	if (argc == 4)
+		{
+		fclose(in);
+		fclose(out);
+		}
+
+	return 0;
+}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_hmactest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_hmactest.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,328 @@
+/* fips_hmactest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS HMAC support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
+static int print_hmac(const EVP_MD *md, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Msglen, int Tlen);
+
+#ifdef FIPS_ALGVS
+int fips_hmactest_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+	{
+	FILE *in = NULL, *out = NULL;
+
+	int ret = 1;
+	fips_algtest_init_nofips();
+	if(!FIPS_mode_set(1)) {
+		fprintf(stderr, "Can't set FIPS mode\n");
+		exit(1);
+	}
+
+	if (argc == 1)
+		in = stdin;
+	else
+		in = fopen(argv[1], "r");
+
+	if (argc < 2)
+		out = stdout;
+	else
+		out = fopen(argv[2], "w");
+
+	if (!in)
+		{
+		fprintf(stderr, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!hmac_test(EVP_sha1(), out, in))
+		{
+		fprintf(stderr, "FATAL hmac file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (in && (in != stdin))
+		fclose(in);
+	if (out && (out != stdout))
+		fclose(out);
+
+	return ret;
+
+	}
+
+#define HMAC_TEST_MAXLINELEN	1024
+
+int hmac_test(const EVP_MD *md, FILE *out, FILE *in)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	unsigned char *Key = NULL, *Msg = NULL;
+	int Count, Klen, Tlen;
+	long Keylen, Msglen;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	Count = -1;
+	Klen = -1;
+	Tlen = -1;
+
+	while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in))
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [L=20] line) just copy */
+		if (!p)
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword,"[L") && *p==']')
+			{
+			switch (atoi(value))
+				{
+				case 20: md=EVP_sha1();   break;
+				case 28: md=EVP_sha224(); break;
+				case 32: md=EVP_sha256(); break;
+				case 48: md=EVP_sha384(); break;
+				case 64: md=EVP_sha512(); break;
+				default: goto parse_error;
+				}
+			}
+		else if (!strcmp(keyword, "Count"))
+			{
+			if (Count != -1)
+				goto parse_error;
+			Count = atoi(value);
+			if (Count < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Klen"))
+			{
+			if (Klen != -1)
+				goto parse_error;
+			Klen = atoi(value);
+			if (Klen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Tlen"))
+			{
+			if (Tlen != -1)
+				goto parse_error;
+			Tlen = atoi(value);
+			if (Tlen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Msg"))
+			{
+			if (Msg)
+				goto parse_error;
+			Msg = hex2bin_m(value, &Msglen);
+			if (!Msg)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Key"))
+			{
+			if (Key)
+				goto parse_error;
+			Key = hex2bin_m(value, &Keylen);
+			if (!Key)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Mac"))
+			continue;
+		else
+			goto parse_error;
+
+		fputs(olinebuf, out);
+
+		if (Key && Msg && (Tlen > 0) && (Klen > 0))
+			{
+			if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen))
+				goto error;
+			OPENSSL_free(Key);
+			Key = NULL;
+			OPENSSL_free(Msg);
+			Msg = NULL;
+			Klen = -1;
+			Tlen = -1;
+			Count = -1;
+			}
+
+		}
+
+
+	ret = 1;
+
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (Key)
+		OPENSSL_free(Key);
+	if (Msg)
+		OPENSSL_free(Msg);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int print_hmac(const EVP_MD *emd, FILE *out,
+		unsigned char *Key, int Klen,
+		unsigned char *Msg, int Msglen, int Tlen)
+	{
+	int i, mdlen;
+	unsigned char md[EVP_MAX_MD_SIZE];
+	if (!HMAC(emd, Key, Klen, Msg, Msglen, md,
+						(unsigned int *)&mdlen))
+		{
+		fputs("Error calculating HMAC\n", stderr);
+		return 0;
+		}
+	if (Tlen > mdlen)
+		{
+		fputs("Parameter error, Tlen > HMAC length\n", stderr);
+		return 0;
+		}
+	fputs("Mac = ", out);
+	for (i = 0; i < Tlen; i++)
+		fprintf(out, "%02x", md[i]);
+	fputs(RESP_EOL, out);
+	return 1;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_rngvs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_rngvs.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS RNG support\n");
+    return 0;
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/x509v3.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+void vst()
+    {
+    unsigned char *key = NULL;
+    unsigned char *v = NULL;
+    unsigned char *dt = NULL;
+    unsigned char ret[16];
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    long i, keylen;
+
+    keylen = 0;
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+	{
+	fputs(buf,stdout);
+	if(!strncmp(buf,"[AES 128-Key]", 13))
+		keylen = 16;
+	else if(!strncmp(buf,"[AES 192-Key]", 13))
+		keylen = 24;
+	else if(!strncmp(buf,"[AES 256-Key]", 13))
+		keylen = 32;
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		continue;
+	if(!strcmp(keyword,"Key"))
+	    {
+	    key=hex2bin_m(value,&i);
+	    if (i != keylen)
+		{
+		fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
+		return;
+		}
+	    }
+	else if(!strcmp(keyword,"DT"))
+	    {
+	    dt=hex2bin_m(value,&i);
+	    if (i != 16)
+		{
+		fprintf(stderr, "Invalid DT length\n");
+		return;
+		}
+	    }
+	else if(!strcmp(keyword,"V"))
+	    {
+	    v=hex2bin_m(value,&i);
+	    if (i != 16)
+		{
+		fprintf(stderr, "Invalid V length\n");
+		return;
+		}
+
+	    if (!key || !dt)
+		{
+		fprintf(stderr, "Missing key or DT\n");
+		return;
+		}
+
+	    FIPS_x931_set_key(key, keylen);
+	    FIPS_x931_seed(v,16);
+	    FIPS_x931_set_dt(dt);
+	    if (FIPS_x931_bytes(ret,16) <= 0)
+		{
+		fprintf(stderr, "Error getting PRNG value\n");
+	        return;
+	        }
+
+	    OutputValue("R", ret, 16, stdout, 0);
+	    OPENSSL_free(key);
+	    key = NULL;
+	    OPENSSL_free(dt);
+	    dt = NULL;
+	    OPENSSL_free(v);
+	    v = NULL;
+	    }
+	}
+    }
+
+void mct()
+    {
+    unsigned char *key = NULL;
+    unsigned char *v = NULL;
+    unsigned char *dt = NULL;
+    unsigned char ret[16];
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    long i, keylen;
+    int j;
+
+    keylen = 0;
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+	{
+	fputs(buf,stdout);
+	if(!strncmp(buf,"[AES 128-Key]", 13))
+		keylen = 16;
+	else if(!strncmp(buf,"[AES 192-Key]", 13))
+		keylen = 24;
+	else if(!strncmp(buf,"[AES 256-Key]", 13))
+		keylen = 32;
+	if (!parse_line(&keyword, &value, lbuf, buf))
+		continue;
+	if(!strcmp(keyword,"Key"))
+	    {
+	    key=hex2bin_m(value,&i);
+	    if (i != keylen)
+		{
+		fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
+		return;
+		}
+	    }
+	else if(!strcmp(keyword,"DT"))
+	    {
+	    dt=hex2bin_m(value,&i);
+	    if (i != 16)
+		{
+		fprintf(stderr, "Invalid DT length\n");
+		return;
+		}
+	    }
+	else if(!strcmp(keyword,"V"))
+	    {
+	    v=hex2bin_m(value,&i);
+	    if (i != 16)
+		{
+		fprintf(stderr, "Invalid V length\n");
+		return;
+		}
+
+	    if (!key || !dt)
+		{
+		fprintf(stderr, "Missing key or DT\n");
+		return;
+		}
+
+	    FIPS_x931_set_key(key, keylen);
+	    FIPS_x931_seed(v,16);
+	    for (i = 0; i < 10000; i++)
+		{
+		    FIPS_x931_set_dt(dt);
+		    if (FIPS_x931_bytes(ret,16) <= 0)
+			{
+			fprintf(stderr, "Error getting PRNG value\n");
+		        return;
+		        }
+		    /* Increment DT */
+		    for (j = 15; j >= 0; j--)
+			{
+			dt[j]++;
+			if (dt[j])
+				break;
+			}
+		}
+
+	    OutputValue("R", ret, 16, stdout, 0);
+	    OPENSSL_free(key);
+	    key = NULL;
+	    OPENSSL_free(dt);
+	    dt = NULL;
+	    OPENSSL_free(v);
+	    v = NULL;
+	    }
+	}
+    }
+
+int main(int argc,char **argv)
+    {
+    if(argc != 2)
+	{
+	fprintf(stderr,"%s [mct|vst]\n",argv[0]);
+	exit(1);
+	}
+    if(!FIPS_mode_set(1))
+	{
+	do_print_errors();
+	exit(1);
+	}
+    FIPS_x931_reset();
+    if (!FIPS_x931_test_mode())
+	{
+	fprintf(stderr, "Error setting PRNG test mode\n");
+	do_print_errors();
+	exit(1);
+	}
+    if(!strcmp(argv[1],"mct"))
+	mct();
+    else if(!strcmp(argv[1],"vst"))
+	vst();
+    else
+	{
+	fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+	exit(1);
+	}
+
+    return 0;
+    }
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_rsa_lib.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_rsa_lib.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,109 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_FIPSAPI
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
+ * reduce external dependencies.
+ */
+
+RSA *FIPS_rsa_new(void)
+	{
+
+	return RSA_new_method(NULL);
+#if 0
+	RSA *ret;
+	ret = OPENSSL_malloc(sizeof(RSA));
+	if (!ret)
+		return NULL;
+	memset(ret, 0, sizeof(RSA));
+	ret->meth = RSA_PKCS1_SSLeay();
+	if (ret->meth->init)
+		ret->meth->init(ret);
+	return ret;
+#endif
+	}
+
+void FIPS_rsa_free(RSA *r)
+	{
+	if (!r)
+		return;
+	RSA_free(r);
+#if 0
+	if (r->meth->finish)
+		r->meth->finish(r);
+	if (r->n != NULL) BN_clear_free(r->n);
+	if (r->e != NULL) BN_clear_free(r->e);
+	if (r->d != NULL) BN_clear_free(r->d);
+	if (r->p != NULL) BN_clear_free(r->p);
+	if (r->q != NULL) BN_clear_free(r->q);
+	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+	OPENSSL_free(r);
+#endif
+	}
+
Index: openssl-1.0.2j/crypto/fips/fips_rsagtest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_rsagtest.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,683 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005,2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+RSA *FIPS_rsa_new(void);
+void FIPS_rsa_free(RSA *r);
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+int rsa_KeyGen(FILE *out, FILE *in);
+int rsa_PrimeKAT(FILE *out, FILE *in);
+int rsa_PrimeGen(FILE *out, FILE *in);
+static int rsa_printkey1(FILE *out, RSA *rsa,
+		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+		BIGNUM *e);
+static int rsa_printkey2(FILE *out, RSA *rsa,
+		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
+
+int main(int argc, char **argv)
+	{
+	FILE *in = NULL, *out = NULL;
+	const char *cmd = argv[1];
+
+	int ret = 1;
+
+	if(!FIPS_mode_set(1))
+		{
+		do_print_errors();
+		goto end;
+		}
+
+	if (!cmd) 
+		{
+		fprintf(stderr, "fips_rsagtest [KeyGen|PrimeKAT|PrimeGen]\n");
+		goto end;
+		}
+
+	if (argc == 2)
+		in = stdin;
+	else
+		in = fopen(argv[2], "r");
+
+	if (argc <= 3)
+		out = stdout;
+	else
+		out = fopen(argv[3], "w");
+
+	if (!in)
+		{
+		fprintf(stderr, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!strcmp(cmd, "KeyGen"))
+		ret = rsa_KeyGen(out, in);
+	else if (!strcmp(cmd, "PrimeKAT"))
+		ret = rsa_PrimeKAT(out, in);
+	else if (!strcmp(cmd, "PrimeGen"))
+		ret = rsa_PrimeGen(out, in);
+	else
+		{
+		fprintf(stderr, "Unknown command %s\n", cmd);
+		goto end;
+		}
+
+	if (!ret)
+		{
+		fprintf(stderr, "FATAL RSAGTEST file processing error in %s\n", cmd);
+		goto end;
+		}
+
+	end:
+
+	if (ret)
+		do_print_errors();
+
+	if (in && (in != stdin))
+		fclose(in);
+	if (out && (out != stdout))
+		fclose(out);
+
+	return ret;
+
+	}
+
+#define RSA_TEST_MAXLINELEN	10240
+
+int rsa_KeyGen(FILE *out, FILE *in)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	RSA *rsa = NULL;
+	BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
+	BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
+	BIGNUM *e = NULL;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
+		{
+		/* Test tool emits a 0xff at the end of the file */
+		if (((unsigned char*)olinebuf)[0] == 0xff)
+			break;
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [foo = bar] line) just copy */
+		if (!p || *keyword=='[')
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword, "xp1"))
+			{
+			if (Xp1 || !do_hex2bn(&Xp1,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xp2"))
+			{
+			if (Xp2 || !do_hex2bn(&Xp2,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Xp"))
+			{
+			if (Xp || !do_hex2bn(&Xp,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xq1"))
+			{
+			if (Xq1 || !do_hex2bn(&Xq1,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "xq2"))
+			{
+			if (Xq2 || !do_hex2bn(&Xq2,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Xq"))
+			{
+			if (Xq || !do_hex2bn(&Xq,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "e"))
+			{
+			if (e || !do_hex2bn(&e,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "p1"))
+			continue;
+		else if (!strcmp(keyword, "p2"))
+			continue;
+		else if (!strcmp(keyword, "p"))
+			continue;
+		else if (!strcmp(keyword, "q1"))
+			continue;
+		else if (!strcmp(keyword, "q2"))
+			continue;
+		else if (!strcmp(keyword, "q"))
+			continue;
+		else if (!strcmp(keyword, "n"))
+			continue;
+		else if (!strcmp(keyword, "d"))
+			continue;
+		else
+			goto parse_error;
+
+		fputs(olinebuf, out);
+
+		if (e && Xp1 && Xp2 && Xp)
+			{
+			rsa = FIPS_rsa_new();
+			if (!rsa)
+				goto error;
+			if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
+				goto error;
+			BN_free(Xp1);
+			Xp1 = NULL;
+			BN_free(Xp2);
+			Xp2 = NULL;
+			BN_free(Xp);
+			Xp = NULL;
+			BN_free(e);
+			e = NULL;
+			}
+
+		if (rsa && Xq1 && Xq2 && Xq)
+			{
+			if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
+				goto error;
+			BN_free(Xq1);
+			Xq1 = NULL;
+			BN_free(Xq2);
+			Xq2 = NULL;
+			BN_free(Xq);
+			Xq = NULL;
+			FIPS_rsa_free(rsa);
+			rsa = NULL;
+			}
+		}
+
+	ret = 1;
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+
+	if (Xp1)
+		BN_free(Xp1);
+	if (Xp2)
+		BN_free(Xp2);
+	if (Xp)
+		BN_free(Xp);
+	if (Xq1)
+		BN_free(Xq1);
+	if (Xq1)
+		BN_free(Xq1);
+	if (Xq2)
+		BN_free(Xq2);
+	if (Xq)
+		BN_free(Xq);
+	if (e)
+		BN_free(e);
+	if (rsa)
+		FIPS_rsa_free(rsa);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+
+int do_prime_test(int mod, BIGNUM *e, BIGNUM *prandom, BIGNUM *qrandom)
+{
+	RSA *rsa = NULL;
+	int result;
+
+	rsa = FIPS_rsa_new();
+	if (!rsa)
+		return -1;
+
+	if (!qrandom)
+		{
+			qrandom = BN_new();
+			BN_one(qrandom);
+		}
+
+	/* prandom and qrandom should be freed in FIPS_rsa_free */
+	rsa->p = prandom;
+	rsa->q = qrandom;
+	
+	result = 1;
+	if (!RSA_generate_key_ex(rsa, mod, e, NULL))
+		result = 0;
+	FIPS_rsa_free(rsa);
+
+	if (!result)
+		do_print_errors();
+
+	return result;
+}
+
+
+int rsa_PrimeKAT(FILE *out, FILE *in)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	RSA *rsa = NULL;
+	BIGNUM *prandom = NULL, *qrandom = NULL;
+	BIGNUM *e = NULL;
+	int mod = 0;
+	int result = 0;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
+		{
+		/* Test tool emits a 0xff at the end of the file */
+		if (((unsigned char*)olinebuf)[0] == 0xff)
+			break;
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no =, just copy */
+		if (!p)
+			{
+			fputs(olinebuf, out);
+			continue;
+			}
+
+		if (*keyword == '[')
+			keyword++;
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+		/* For [things], remove trailing ] and whitespace */
+		if (*linebuf == '[')
+			{
+				while (isspace((unsigned char)*p) || *p == ']')
+					*p-- = 0;
+			}
+
+		/* collected e, prandom and next thing is not qrandom -> trigger test */
+		if (e && prandom && (qrandom || strcmp(keyword, "qrandom")))
+			{
+				result = do_prime_test(mod, e, prandom, qrandom);
+				BN_free(e);
+				prandom = NULL;
+				qrandom = NULL;
+				e = NULL;
+				if (result == -1)
+					goto error;
+				fprintf(out, "Result = %c\n\n", result ? 'P' : 'F');
+			}
+
+		if (!strcmp(keyword, "mod"))
+			{
+			mod = atoi(value);
+			if (!mod)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "prandom"))
+			{
+			if (prandom || !do_hex2bn(&prandom,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "qrandom"))
+			{
+			if (qrandom || !do_hex2bn(&qrandom,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "e"))
+			{
+			if (!do_hex2bn(&e,value))
+				goto parse_error;
+			}
+		else if (*linebuf == '[')
+			{
+			/* just copy */
+			}
+		else
+			goto parse_error;
+
+		fputs(olinebuf, out);
+
+		}
+
+	/* trigger last test -- the test should be abstracted out into a function */
+	if (e && prandom)
+		{
+			result = do_prime_test(mod, e, prandom, qrandom);
+			BN_free(e);
+			prandom = NULL;
+			qrandom = NULL;
+			e = NULL;
+			if (result == -1)
+				goto error;
+			fprintf(out, "Result = %c\n\n", result ? 'P' : 'F');
+		}
+
+	ret = 1;
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	
+	if (prandom)
+		BN_free(prandom);
+	if (qrandom)
+		BN_free(qrandom);
+	if (e)
+		BN_free(e);
+	if (rsa)
+		FIPS_rsa_free(rsa);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+int rsa_PrimeGen(FILE *out, FILE *in)
+	{
+	char *linebuf;
+	RSA *rsa = NULL;
+	BIGNUM *e = NULL;
+	int mod = 0;
+	int N = 0;
+	int ret = 0;
+	int lnum = 0;
+
+	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+	e = BN_new();
+
+	if (!linebuf || !e)
+		goto error;
+
+	BN_set_word(e, 65537);
+
+	while (fgets(linebuf, RSA_TEST_MAXLINELEN, in))
+		{
+		/* Test tool emits a 0xff at the end of the file */
+		if (((unsigned char*)linebuf)[0] == 0xff)
+			break;
+		lnum++;
+		fputs(linebuf, out);
+		if (!strncmp(linebuf, "[mod = ", 7))
+			{
+			mod = atoi(linebuf + 7);
+			if (!mod)
+				goto parse_error;
+			}
+
+		if (!strncmp(linebuf, "N = ", 4))
+			{
+			N = atoi(linebuf + 4);
+			for (int i = 0; i < N; i++)
+				{
+				rsa = FIPS_rsa_new();
+				if (!RSA_generate_key_ex(rsa, mod, e, NULL)) {
+					fflush(out);
+					do_print_errors();
+					goto error;
+				}
+
+				do_bn_print_name(out, "e", rsa->e);
+				do_bn_print_name(out, "p", rsa->p);
+				do_bn_print_name(out, "q", rsa->q);
+				do_bn_print_name(out, "n", rsa->n);
+				do_bn_print_name(out, "d", rsa->d);
+				FIPS_rsa_free(rsa);
+				rsa = NULL;
+				}
+			}
+		}
+
+	ret = 1;
+
+	error:
+
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (rsa)
+		FIPS_rsa_free(rsa);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+		return 0;
+	}
+
+
+static int rsa_printkey1(FILE *out, RSA *rsa,
+		BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+		BIGNUM *e)
+	{
+	int ret = 0;
+	BIGNUM *p1 = NULL, *p2 = NULL;
+	p1 = BN_new();
+	p2 = BN_new();
+	if (!p1 || !p2)
+		goto error;
+
+	if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
+						NULL, NULL, NULL, e, NULL)) {
+		fflush(out);
+		do_print_errors();
+		goto error;
+	}
+
+	do_bn_print_name(out, "p1", p1);
+	do_bn_print_name(out, "p2", p2);
+	do_bn_print_name(out, "p", rsa->p);
+
+	ret = 1;
+
+	error:
+	if (p1)
+		BN_free(p1);
+	if (p2)
+		BN_free(p2);
+
+	return ret;
+	}
+
+static int rsa_printkey2(FILE *out, RSA *rsa,
+		BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
+	{
+	int ret = 0;
+	BIGNUM *q1 = NULL, *q2 = NULL;
+	q1 = BN_new();
+	q2 = BN_new();
+	if (!q1 || !q2)
+		goto error;
+
+	if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
+						Xq1, Xq2, Xq, NULL, NULL)) {
+		fflush(out);
+		do_print_errors();
+		goto error;
+	}
+
+	do_bn_print_name(out, "q1", q1);
+	do_bn_print_name(out, "q2", q2);
+	do_bn_print_name(out, "q", rsa->q);
+	do_bn_print_name(out, "n", rsa->n);
+	do_bn_print_name(out, "d", rsa->d);
+
+	ret = 1;
+
+	error:
+	if (q1)
+		BN_free(q1);
+	if (q2)
+		BN_free(q2);
+
+	return ret;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_rsastest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_rsastest.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,386 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+RSA *FIPS_rsa_new(void);
+void FIPS_rsa_free(RSA *r);
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+static int rsa_stest(FILE *out, FILE *in, int Saltlen);
+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
+		unsigned char *Msg, long Msglen, int Saltlen);
+
+int main(int argc, char **argv)
+	{
+	FILE *in = NULL, *out = NULL;
+
+	int ret = 1, Saltlen = -1;
+
+	if(!FIPS_mode_set(1))
+		{
+		do_print_errors();
+		goto end;
+		}
+
+	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+		{
+		Saltlen = atoi(argv[2]);
+		if (Saltlen < 0)
+			{
+			fprintf(stderr, "FATAL: Invalid salt length\n");
+			goto end;
+			}
+		argc -= 2;
+		argv += 2;
+		}
+	else if ((argc > 1) && !strcmp("-x931", argv[1]))
+		{
+		Saltlen = -2;
+		argc--;
+		argv++;
+		}
+
+	if (argc == 1)
+		in = stdin;
+	else
+		in = fopen(argv[1], "r");
+
+	if (argc < 2)
+		out = stdout;
+	else
+		out = fopen(argv[2], "w");
+
+	if (!in)
+		{
+		fprintf(stderr, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!rsa_stest(out, in, Saltlen))
+		{
+		fprintf(stderr, "FATAL RSASTEST file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (ret)
+		do_print_errors();
+
+	if (in && (in != stdin))
+		fclose(in);
+	if (out && (out != stdout))
+		fclose(out);
+
+	return ret;
+
+	}
+
+#define RSA_TEST_MAXLINELEN	10240
+
+int rsa_stest(FILE *out, FILE *in, int Saltlen)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	RSA *rsa = NULL;
+	const EVP_MD *dgst = NULL;
+	unsigned char *Msg = NULL;
+	long Msglen = -1;
+	int keylen = -1, current_keylen = -1;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = just copy */
+		if (!p)
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		/* Look for [mod = XXX] for key length */
+
+		if (!strcmp(keyword, "[mod"))
+			{
+			p = value + strlen(value) - 1;
+			if (*p != ']')
+				goto parse_error;
+			*p = 0;
+			keylen = atoi(value);
+			if (keylen < 0)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "SHAAlg"))
+			{
+			if (!strcmp(value, "SHA1"))
+				dgst = EVP_sha1();
+			else if (!strcmp(value, "SHA224"))
+				dgst = EVP_sha224();
+			else if (!strcmp(value, "SHA256"))
+				dgst = EVP_sha256();
+			else if (!strcmp(value, "SHA384"))
+				dgst = EVP_sha384();
+			else if (!strcmp(value, "SHA512"))
+				dgst = EVP_sha512();
+			else
+				{
+				fprintf(stderr,
+					"FATAL: unsupported algorithm \"%s\"\n",
+								value);
+				goto parse_error;
+				}
+			}
+		else if (!strcmp(keyword, "Msg"))
+			{
+			if (Msg)
+				goto parse_error;
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			Msg = hex2bin_m(value, &Msglen);
+			if (!Msg)
+				goto parse_error;
+			}
+
+		fputs(olinebuf, out);
+
+		/* If key length has changed, generate and output public
+		 * key components of new RSA private key.
+		 */
+
+		if (keylen != current_keylen)
+			{
+			BIGNUM *bn_e;
+			if (rsa)
+				FIPS_rsa_free(rsa);
+			rsa = FIPS_rsa_new();
+			if (!rsa)
+				goto error;
+			bn_e = BN_new();
+			if (!bn_e || !BN_set_word(bn_e, 0x1001))
+				goto error;
+			if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL)) {
+				fprintf(stderr,"X931 key generation failed!\n");
+				goto error;
+			}
+			BN_free(bn_e);
+			fputs("n = ", out);
+			do_bn_print(out, rsa->n);
+			fputs("\ne = ", out);
+			do_bn_print(out, rsa->e);
+			fputs("\n", out);
+			current_keylen = keylen;
+			}
+
+		if (Msg && dgst)
+			{
+			if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
+								Saltlen)) {
+				fprintf (stderr, "printsig failed\n");
+				goto error;
+			}
+			OPENSSL_free(Msg);
+			Msg = NULL;
+			}
+
+		}
+
+	ret = 1;
+
+	error:
+	do_print_errors();
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (rsa)
+		FIPS_rsa_free(rsa);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
+		unsigned char *Msg, long Msglen, int Saltlen)
+	{
+	int ret = 0;
+	unsigned char *sigbuf = NULL;
+	int i, siglen;
+	/* EVP_PKEY structure */
+	EVP_PKEY *pk;
+	EVP_MD_CTX ctx;
+
+        if ((pk=EVP_PKEY_new()) == NULL)
+		goto error;
+	EVP_PKEY_set1_RSA(pk, rsa);
+
+	siglen = RSA_size(rsa);
+	sigbuf = OPENSSL_malloc(siglen);
+	if (!sigbuf) {
+		fprintf(stderr,"OPENSSL_malloc %d failed.\n", siglen);
+		goto error;
+	}
+
+	EVP_MD_CTX_init(&ctx);
+
+	if (Saltlen >= 0)
+		{
+		M_EVP_MD_CTX_set_flags(&ctx,
+			EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
+		}
+	else if (Saltlen == -2)
+		M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
+	if (!EVP_SignInit_ex(&ctx, dgst, NULL)) {
+		fprintf(stderr,"EVP_SignInit_ex failed.\n");
+		goto error;
+	}
+	if (!EVP_SignUpdate(&ctx, Msg, Msglen)) {
+		fprintf(stderr,"EVP_SignUpdate failed.\n");
+		goto error;
+	}
+	if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, pk)) {
+		fprintf(stderr,"EVP_SignFinal failed.\n");
+		goto error;
+	}
+
+	EVP_MD_CTX_cleanup(&ctx);
+
+	fputs("S = ", out);
+	for (i = 0; i < siglen; i++)
+		fprintf(out, "%02x", sigbuf[i]);
+	fputs("\n", out);
+
+	ret = 1;
+
+	error:
+
+	return ret;
+	}
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_rsavtest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_rsavtest.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,382 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+RSA *FIPS_rsa_new(void);
+void FIPS_rsa_free(RSA *r);
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+int rsa_test(FILE *out, FILE *in, int saltlen);
+static int rsa_printver(FILE *out,
+		BIGNUM *n, BIGNUM *e,
+		const EVP_MD *dgst,
+		unsigned char *Msg, long Msglen,
+		unsigned char *S, long Slen, int Saltlen);
+
+int main(int argc, char **argv)
+	{
+	FILE *in = NULL, *out = NULL;
+
+	int ret = 1;
+	int Saltlen = -1;
+
+	if(!FIPS_mode_set(1))
+		{
+		do_print_errors();
+		goto end;
+		}
+
+	if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+		{
+		Saltlen = atoi(argv[2]);
+		if (Saltlen < 0)
+			{
+			fprintf(stderr, "FATAL: Invalid salt length\n");
+			goto end;
+			}
+		argc -= 2;
+		argv += 2;
+		}
+	else if ((argc > 1) && !strcmp("-x931", argv[1]))
+		{
+		Saltlen = -2;
+		argc--;
+		argv++;
+		}
+
+	if (argc == 1)
+		in = stdin;
+	else
+		in = fopen(argv[1], "r");
+
+	if (argc < 2)
+		out = stdout;
+	else
+		out = fopen(argv[2], "w");
+
+	if (!in)
+		{
+		fprintf(stderr, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!rsa_test(out, in, Saltlen))
+		{
+		fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (ret)
+		do_print_errors();
+
+	if (in && (in != stdin))
+		fclose(in);
+	if (out && (out != stdout))
+		fclose(out);
+
+	return ret;
+
+	}
+
+#define RSA_TEST_MAXLINELEN	10240
+
+int rsa_test(FILE *out, FILE *in, int Saltlen)
+	{
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	const EVP_MD *dgst = NULL;
+	BIGNUM *n = NULL, *e = NULL;
+	unsigned char *Msg = NULL, *S = NULL;
+	long Msglen, Slen;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+	while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [foo = bar] line) just copy */
+		if (!p || *keyword=='[')
+			{
+			if (fputs(olinebuf, out) < 0)
+				goto error;
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword, "n"))
+			{
+			if (!do_hex2bn(&n,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "e"))
+			{
+			if (!do_hex2bn(&e,value))
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "SHAAlg"))
+			{
+			if (!strcmp(value, "SHA1"))
+				dgst = EVP_sha1();
+			else if (!strcmp(value, "SHA224"))
+				dgst = EVP_sha224();
+			else if (!strcmp(value, "SHA256"))
+				dgst = EVP_sha256();
+			else if (!strcmp(value, "SHA384"))
+				dgst = EVP_sha384();
+			else if (!strcmp(value, "SHA512"))
+				dgst = EVP_sha512();
+			else
+				{
+				fprintf(stderr,
+					"FATAL: unsupported algorithm \"%s\"\n",
+								value);
+				goto parse_error;
+				}
+			}
+		else if (!strcmp(keyword, "Msg"))
+			{
+			if (Msg)
+				goto parse_error;
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			Msg = hex2bin_m(value, &Msglen);
+			if (!Msg)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "S"))
+			{
+			if (S)
+				goto parse_error;
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			S = hex2bin_m(value, &Slen);
+			if (!S)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Result"))
+			continue;
+		else
+			goto parse_error;
+
+		fputs(olinebuf, out);
+
+		if (n && e && Msg && S && dgst)
+			{
+			if (!rsa_printver(out, n, e, dgst,
+					Msg, Msglen, S, Slen, Saltlen))
+				goto error;
+			OPENSSL_free(Msg);
+			Msg = NULL;
+			OPENSSL_free(S);
+			S = NULL;
+			}
+
+		}
+
+
+	ret = 1;
+
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (n)
+		BN_free(n);
+	if (e)
+		BN_free(e);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int rsa_printver(FILE *out,
+		BIGNUM *n, BIGNUM *e,
+		const EVP_MD *dgst,
+		unsigned char *Msg, long Msglen,
+		unsigned char *S, long Slen, int Saltlen)
+	{
+	int ret = 0, r;
+	/* Setup RSA and EVP_PKEY structures */
+	RSA *rsa_pubkey = NULL;
+	EVP_PKEY *pk;
+	EVP_MD_CTX ctx;
+	unsigned char *buf = NULL;
+	rsa_pubkey = FIPS_rsa_new();
+	if (!rsa_pubkey)
+		goto error;
+	rsa_pubkey->n = BN_dup(n);
+	rsa_pubkey->e = BN_dup(e);
+	if (!rsa_pubkey->n || !rsa_pubkey->e)
+		goto error;
+
+        if ((pk=EVP_PKEY_new()) == NULL)
+                goto error;
+        EVP_PKEY_set1_RSA(pk, rsa_pubkey);
+
+	EVP_MD_CTX_init(&ctx);
+
+	if (Saltlen >= 0)
+		{
+		M_EVP_MD_CTX_set_flags(&ctx,
+			EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
+		}
+	else if (Saltlen == -2)
+		M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
+	if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
+		goto error;
+	if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
+		goto error;
+
+	r = EVP_VerifyFinal(&ctx, S, Slen, pk);
+
+
+	EVP_MD_CTX_cleanup(&ctx);
+
+	if (r < 0)
+		goto error;
+	ERR_clear_error();
+
+	if (r == 0)
+		fputs("Result = F\n", out);
+	else
+		fputs("Result = P\n", out);
+
+	ret = 1;
+
+	error:
+	if (rsa_pubkey)
+		FIPS_rsa_free(rsa_pubkey);
+	if (buf)
+		OPENSSL_free(buf);
+
+	return ret;
+	}
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_shatest.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_shatest.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS SHAXXX support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+static int dgst_test(FILE *out, FILE *in);
+static int print_dgst(const EVP_MD *md, FILE *out,
+		unsigned char *Msg, int Msglen);
+static int print_monte(const EVP_MD *md, FILE *out,
+		unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+	{
+	FILE *in = NULL, *out = NULL;
+
+	int ret = 1;
+
+	if(!FIPS_mode_set(1))
+		{
+		do_print_errors();
+		goto end;
+		}
+
+	if (argc == 1)
+		in = stdin;
+	else
+		in = fopen(argv[1], "r");
+
+	if (argc < 2)
+		out = stdout;
+	else
+		out = fopen(argv[2], "w");
+
+	if (!in)
+		{
+		fprintf(stderr, "FATAL input initialization error\n");
+		goto end;
+		}
+
+	if (!out)
+		{
+		fprintf(stderr, "FATAL output initialization error\n");
+		goto end;
+		}
+
+	if (!dgst_test(out, in))
+		{
+		fprintf(stderr, "FATAL digest file processing error\n");
+		goto end;
+		}
+	else
+		ret = 0;
+
+	end:
+
+	if (ret)
+		do_print_errors();
+
+	if (in && (in != stdin))
+		fclose(in);
+	if (out && (out != stdout))
+		fclose(out);
+
+	return ret;
+
+	}
+
+#define SHA_TEST_MAX_BITS	102400
+#define SHA_TEST_MAXLINELEN	(((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
+
+int dgst_test(FILE *out, FILE *in)
+	{
+	const EVP_MD *md = NULL;
+	char *linebuf, *olinebuf, *p, *q;
+	char *keyword, *value;
+	unsigned char *Msg = NULL, *Seed = NULL;
+	long MsgLen = -1, Len = -1, SeedLen = -1;
+	int ret = 0;
+	int lnum = 0;
+
+	olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+	linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+	if (!linebuf || !olinebuf)
+		goto error;
+
+
+	while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
+		{
+		lnum++;
+		strcpy(linebuf, olinebuf);
+		keyword = linebuf;
+		/* Skip leading space */
+		while (isspace((unsigned char)*keyword))
+			keyword++;
+
+		/* Look for = sign */
+		p = strchr(linebuf, '=');
+
+		/* If no = or starts with [ (for [L=20] line) just copy */
+		if (!p)
+			{
+			fputs(olinebuf, out);
+			continue;
+			}
+
+		q = p - 1;
+
+		/* Remove trailing space */
+		while (isspace((unsigned char)*q))
+			*q-- = 0;
+
+		*p = 0;
+		value = p + 1;
+
+		/* Remove leading space from value */
+		while (isspace((unsigned char)*value))
+			value++;
+
+		/* Remove trailing space from value */
+		p = value + strlen(value) - 1;
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+
+		if (!strcmp(keyword,"[L") && *p==']')
+			{
+			switch (atoi(value))
+				{
+				case 20: md=EVP_sha1();   break;
+				case 28: md=EVP_sha224(); break;
+				case 32: md=EVP_sha256(); break;
+				case 48: md=EVP_sha384(); break;
+				case 64: md=EVP_sha512(); break;
+				default: goto parse_error;
+				}
+			}
+		else if (!strcmp(keyword, "Len"))
+			{
+			if (Len != -1)
+				goto parse_error;
+			Len = atoi(value);
+			if (Len < 0)
+				goto parse_error;
+			/* Only handle multiples of 8 bits */
+			if (Len & 0x7)
+				goto parse_error;
+			if (Len > SHA_TEST_MAX_BITS)
+				goto parse_error;
+			MsgLen = Len >> 3;
+			}
+
+		else if (!strcmp(keyword, "Msg"))
+			{
+			long tmplen;
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			if (Msg)
+				goto parse_error;
+			Msg = hex2bin_m(value, &tmplen);
+			if (!Msg)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "Seed"))
+			{
+			if (strlen(value) & 1)
+				*(--value) = '0';
+			if (Seed)
+				goto parse_error;
+			Seed = hex2bin_m(value, &SeedLen);
+			if (!Seed)
+				goto parse_error;
+			}
+		else if (!strcmp(keyword, "MD"))
+			continue;
+		else
+			goto parse_error;
+
+		fputs(olinebuf, out);
+
+		if (md && Msg && (MsgLen >= 0))
+			{
+			if (!print_dgst(md, out, Msg, MsgLen))
+				goto error;
+			OPENSSL_free(Msg);
+			Msg = NULL;
+			MsgLen = -1;
+			Len = -1;
+			}
+		else if (md && Seed && (SeedLen > 0))
+			{
+			if (!print_monte(md, out, Seed, SeedLen))
+				goto error;
+			OPENSSL_free(Seed);
+			Seed = NULL;
+			SeedLen = -1;
+			}
+	
+
+		}
+
+
+	ret = 1;
+
+
+	error:
+
+	if (olinebuf)
+		OPENSSL_free(olinebuf);
+	if (linebuf)
+		OPENSSL_free(linebuf);
+	if (Msg)
+		OPENSSL_free(Msg);
+	if (Seed)
+		OPENSSL_free(Seed);
+
+	return ret;
+
+	parse_error:
+
+	fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+	goto error;
+
+	}
+
+static int print_dgst(const EVP_MD *emd, FILE *out,
+		unsigned char *Msg, int Msglen)
+	{
+	int i, mdlen;
+	unsigned char md[EVP_MAX_MD_SIZE];
+	if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+		{
+		fputs("Error calculating HASH\n", stderr);
+		return 0;
+		}
+	fputs("MD = ", out);
+	for (i = 0; i < mdlen; i++)
+		fprintf(out, "%02x", md[i]);
+	fputs("\n", out);
+	return 1;
+	}
+
+static int print_monte(const EVP_MD *md, FILE *out,
+		unsigned char *Seed, int SeedLen)
+	{
+	unsigned int i, j, k;
+	int ret = 0;
+	EVP_MD_CTX ctx;
+	unsigned char *m1, *m2, *m3, *p;
+	unsigned int mlen, m1len, m2len, m3len;
+
+	EVP_MD_CTX_init(&ctx);
+
+	if (SeedLen > EVP_MAX_MD_SIZE)
+		mlen = SeedLen;
+	else
+		mlen = EVP_MAX_MD_SIZE;
+
+	m1 = OPENSSL_malloc(mlen);
+	m2 = OPENSSL_malloc(mlen);
+	m3 = OPENSSL_malloc(mlen);
+
+	if (!m1 || !m2 || !m3)
+		goto mc_error;
+
+	m1len = m2len = m3len = SeedLen;
+	memcpy(m1, Seed, SeedLen);
+	memcpy(m2, Seed, SeedLen);
+	memcpy(m3, Seed, SeedLen);
+
+	fputs("\n", out);
+
+	for (j = 0; j < 100; j++)
+		{
+		for (i = 0; i < 1000; i++)
+			{
+			EVP_DigestInit_ex(&ctx, md, NULL);
+			EVP_DigestUpdate(&ctx, m1, m1len);
+			EVP_DigestUpdate(&ctx, m2, m2len);
+			EVP_DigestUpdate(&ctx, m3, m3len);
+			p = m1;
+			m1 = m2;
+			m1len = m2len;
+			m2 = m3;
+			m2len = m3len;
+			m3 = p;
+			EVP_DigestFinal_ex(&ctx, m3, &m3len);
+			}
+		fprintf(out, "COUNT = %d\n", j);
+		fputs("MD = ", out);
+		for (k = 0; k < m3len; k++)
+			fprintf(out, "%02x", m3[k]);
+		fputs("\n\n", out);
+		memcpy(m1, m3, m3len);
+		memcpy(m2, m3, m3len);
+		m1len = m2len = m3len;
+		}
+
+	ret = 1;
+
+	mc_error:
+	if (m1)
+		OPENSSL_free(m1);
+	if (m2)
+		OPENSSL_free(m2);
+	if (m3)
+		OPENSSL_free(m3);
+
+	EVP_MD_CTX_cleanup(&ctx);
+
+	return ret;
+	}
+
+#endif
Index: openssl-1.0.2j/crypto/fips/fips_tlsvs.c
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_tlsvs.c	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,539 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/*---------------------------------------------
+  TLS Algorithm Validation Suite
+  Test Program
+
+  Donated to OpenSSL by:
+  SUSE LLC
+  ----------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+#include <openssl/ssl.h>
+
+#include <openssl/err.h>
+#include "e_os.h"
+
+extern int private_tls1_PRF(long digest_mask,
+	const void *seed1, int seed1_len,
+	const void *seed2, int seed2_len,
+	const void *seed3, int seed3_len,
+	const void *seed4, int seed4_len,
+	const void *seed5, int seed5_len,
+	const unsigned char *sec, int slen,
+	unsigned char *out1,
+	unsigned char *out2, int olen);
+
+#define SSL_HANDSHAKE_MAC_MD5 0x10
+#define SSL_HANDSHAKE_MAC_SHA 0x20
+#define SSL_HANDSHAKE_MAC_SHA256 0x80
+#define SSL_HANDSHAKE_MAC_SHA384 0x100
+#define TLS1_PRF_DGST_MASK   (0xff << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_DGST_SHIFT 10
+#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS TLS support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+#define VERBOSE 0
+
+/*-----------------------------------------------*/
+
+
+/*================================================*/
+/*----------------------------
+  # CAVS 12.0
+  # 'TLS' information for abc
+  # Cases tested: [TLS 1.0/1.1] [TLS 1.2, SHA-256], [TLS 1.2, SHA-384], [TLS 1.2, SHA-512]
+  # Generated on: Fri Aug 30 04:07:22 PM
+  ----------------------------*/
+
+int proc_file(char *rqfile, char *rspfile)
+    {
+    char afn[256], rfn[256];
+    FILE *afp = NULL, *rfp = NULL;
+    char ibuf[2048];
+    char tbuf[2048];
+    int len;
+    char amode[8] = "";
+    char atest[8] = "";
+    int akeysz = 0;
+
+    /* TLS stuff */
+    int shabits = 0, premasterlength = 0, tls = 0, keyblocklength = 0;
+    unsigned char *premastersecret = NULL;
+    unsigned char serverHello_random[2048];
+    unsigned int serverhellorandomlen = 0;
+    unsigned char clientHello_random[2048];
+    unsigned int clienthellorandomlen = 0;
+    unsigned char server_random[2048];
+    unsigned int serverrandomlen = 0;
+    unsigned char client_random[2048];
+    unsigned int clientrandomlen = 0;
+    unsigned char mastersecret[2048];
+    unsigned int digest_mask = 0;
+    unsigned char seed[2048];
+    unsigned char *keyblock = NULL;
+    unsigned char *keyblocktmp = NULL;
+    unsigned char tmpsecret[80];
+    /* end of TLS stuff */
+
+    int err = 0, step = 0;
+    char *rp;
+    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX_init(&ctx);
+
+    if (!rqfile || !(*rqfile))
+	{
+	printf("No req file\n");
+	return -1;
+	}
+    strcpy(afn, rqfile);
+
+    if ((afp = fopen(afn, "r")) == NULL)
+	{
+	printf("Cannot open file: %s, %s\n",
+	       afn, strerror(errno));
+	return -1;
+	}
+    if (!rspfile)
+	{
+	strcpy(rfn,afn);
+	rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+	if (!rp)
+	    rp=strstr(rfn,"req\\");
+#endif
+	assert(rp);
+	memcpy(rp,"rsp",3);
+	rp = strstr(rfn, ".req");
+	memcpy(rp, ".rsp", 4);
+	rspfile = rfn;
+	}
+    if ((rfp = fopen(rspfile, "w")) == NULL)
+	{
+	printf("Cannot open file: %s, %s\n",
+	       rfn, strerror(errno));
+	fclose(afp);
+	afp = NULL;
+	return -1;
+	}
+
+
+    /* hey ho lets go */
+
+    while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
+	{
+	tidy_line(tbuf, ibuf);
+	printf("step=%d ibuf=%s",step,ibuf);
+	switch (step)
+	    {
+	case 0:  /* read preamble */
+	    if (ibuf[0] == '\n')
+		{ /* end of preamble */
+		/* not really anything mandatory, would need to check here */
+		    {
+		    fputs(ibuf, rfp);
+		    ++ step;
+		    }
+		}
+	    else if (ibuf[0] != '#')
+		{
+		printf("Invalid preamble item: %s\n", ibuf);
+		err = 1;
+		}
+	    else
+		{ /* process preamble */
+		char *pp = ibuf+2;
+		if (akeysz)
+		    { /* insert current time & date */
+		    time_t rtim = time(0);
+		    fprintf(rfp, "# %s", ctime(&rtim));
+		    }
+		else
+		    {
+		    fputs(ibuf, rfp);
+		    if (strncmp(pp, "'TLS' ", 5) == 0)
+			{
+			if (VERBOSE)
+				printf("Test = %s, Mode = %s\n", atest, amode);
+			}
+		    else if (strncasecmp(pp, "Cases Tested: ", 14) == 0)
+			{
+			if (VERBOSE)
+				printf("Cases %s\n", pp+14);
+			}
+		    }
+		}
+	    break;
+
+	case 1:  /* [ENCRYPT] | [DECRYPT] */
+	    if (ibuf[0] == '[')
+		{
+		fputs(ibuf, rfp);
+		if (strncasecmp(ibuf, "[TLS 1.0/1.1]", 13 ) == 0) {
+			tls = 10;
+			shabits = 1;
+			printf("TLS 1.0/1.1\n");
+			premasterlength = keyblocklength = 0;
+                } else
+		if (sscanf(ibuf, "[TLS 1.2, SHA-%d]", &shabits) == 1) {
+			tls = 12;
+			printf("TLS 1.2 shabits %d\n", shabits);
+			premasterlength = keyblocklength = 0;
+                } else if (sscanf(ibuf, "[pre-master secret length = %d]", &premasterlength) == 1) {
+			printf("premaster length %d\n", premasterlength);
+			if (premasterlength % 8) {
+				printf("premaster length not byte sized?? %d\n", premasterlength);
+				err = 1;
+				break;
+			}
+			premasterlength /= 8;
+			free(premastersecret);
+			premastersecret = malloc(premasterlength);
+                } else if (sscanf(ibuf, "[key block length = %d]", &keyblocklength) == 1) {
+			printf("key block length %d\n", keyblocklength);
+			if (keyblocklength % 8) {
+				printf("keyblock length not byte sized?? %d\n", keyblocklength);
+				err = 1;
+				break;
+			}
+			free(keyblock);
+			free(keyblocktmp);
+			keyblocklength /= 8;
+			keyblock = malloc(keyblocklength);
+			keyblocktmp = malloc(keyblocklength);
+		} else {
+		    printf("Invalid keyword: %s\n", ibuf);
+		    err = 1;
+		}
+		if (keyblocklength && premasterlength)
+			++step;
+		break;
+		}
+	    else if (strncasecmp(ibuf,"COUNT = ", 8) != 0)
+		{
+		err = 1;
+		printf("Missing new section or COUNT =  keyword\n");
+		break;
+		}
+	    else
+		step = 2;
+
+	case 2: /* COUNT = and pre_master_secret = xxxx */
+	    fputs(ibuf, rfp);
+	    if(*ibuf == '\n')
+		break;
+	    if(!strncasecmp(ibuf,"COUNT = ",8))
+		break;
+
+	    if (strncasecmp(ibuf, "pre_master_secret = ", 20) != 0) {
+		printf("Missing pre_master_secret\n");
+		err = 1;
+	    } else {
+		len = hex2bin((char*)ibuf+20, premastersecret);
+		if (len < 0) {
+		    printf("Invalid premastersecret\n");
+		    err =1;
+		    break;
+		}
+                if (len != premasterlength) {
+		    printf("Invalid len %d vs premasterlenght %d\n", len, premasterlength);
+		    err =1;
+		    break;
+                }
+		PrintValue("pre_master_secret", premastersecret, len);
+		step++;
+	    }
+	    break;
+
+	case 3: /* serverHello_random= xxxx */
+	    fputs(ibuf, rfp);
+	    if (strncasecmp(ibuf, "serverHello_random = ", 21) != 0) {
+		printf("Missing serverHello_random\n");
+		err = 1;
+	    } else {
+		len = hex2bin((char*)ibuf+21, serverHello_random);
+		if (len < 0 || len > sizeof(serverHello_random)) {
+		    printf("Invalid serverHello_random %d vs %d\n", len, (int)sizeof(serverHello_random));
+		    err =1;
+		    break;
+		}
+		PrintValue("serverHello_random", serverHello_random, len);
+		serverhellorandomlen = len;
+		step++;
+	    }
+	    break;
+
+	case 4: /* clientHello_random = xxxx */
+	    fputs(ibuf, rfp);
+	    if (strncasecmp(ibuf, "clientHello_random = ", 21) != 0) {
+		printf("Missing clientHello_random\n");
+		err = 1;
+	    } else {
+		len = hex2bin((char*)ibuf+21, clientHello_random);
+		if (len < 0 || len > sizeof(clientHello_random)) {
+		    printf("Invalid clientHello_random %d vs %d\n", len, (int)sizeof(clientHello_random));
+		    err =1;
+		    break;
+		}
+		clienthellorandomlen = len;
+		PrintValue("serverHello_random", clientHello_random, len);
+		step++;
+            }
+	    break;
+
+	case 5: /* server_random = xxxx */
+	    fputs(ibuf, rfp);
+	    if (strncasecmp(ibuf, "server_random = ", 16) != 0) {
+		printf("Missing server_random\n");
+		err = 1;
+	    } else {
+		len = hex2bin((char*)ibuf+16, server_random);
+		if (len < 0 || len > sizeof(server_random)) {
+		    printf("Invalid server_random %d vs %d\n", len, (int)sizeof(server_random));
+		    err =1;
+		    break;
+		}
+		serverrandomlen = len;
+		PrintValue("server_random", server_random, len);
+		step++;
+            }
+	    break;
+
+	case 6: /* client_random = xxxx */
+	    fputs(ibuf, rfp);
+	    if (strncasecmp(ibuf, "client_random = ", 16) != 0) {
+		printf("Missing client_random\n");
+		err = 1;
+		break;
+	    }
+	    len = hex2bin((char*)ibuf+16, client_random);
+	    if (len < 0 || len > sizeof(client_random)) {
+		printf("Invalid client_random %d vs %d\n", len, (int)sizeof(client_random));
+		err =1;
+		break;
+	    }
+	    PrintValue("client_random", client_random, len);
+	    clientrandomlen = len;
+
+	    /* shit->hit(fan) */
+
+	    if ((tls != 10) && (tls != 12)) {
+		printf("bad tls version %d\n", tls);
+		err = 1;
+		break;
+	    }
+
+	    if (tls == 10)
+		digest_mask = TLS1_PRF;
+
+	    if (tls == 12) {
+		switch (shabits) {
+		case 1:	digest_mask = TLS1_PRF; break;
+		case 256:digest_mask = TLS1_PRF_SHA256; break;
+		case 384:digest_mask = TLS1_PRF_SHA384; break;
+		/*case 512:	digest_mask = TLS1_PRF_SHA512; break; not in openssl */
+		default: printf("bad shabits %d\n", shabits);
+			err=1;
+			break;
+		}
+	    }
+	    memcpy(seed, "master secret",strlen("master secret"));
+	    memcpy(seed+strlen("master secret"), clientHello_random, clienthellorandomlen);
+	    memcpy(seed+strlen("master secret")+clienthellorandomlen, serverHello_random, serverhellorandomlen);
+
+	    private_tls1_PRF(digest_mask,
+		    seed, strlen("master secret")+clienthellorandomlen+serverhellorandomlen,
+		    NULL,	0,
+		    NULL,	0,
+		    NULL, 	0,
+		    NULL,	0,
+		    premastersecret, premasterlength,
+		    mastersecret,tmpsecret,sizeof(tmpsecret));
+	    OutputValue("master_secret", mastersecret, premasterlength, rfp, 0);
+
+	    private_tls1_PRF(digest_mask,
+		    "key expansion", strlen("key expansion"),
+		    server_random, serverrandomlen,
+		    client_random, clientrandomlen,
+		    NULL, 0, NULL, 0,
+		    mastersecret, premasterlength,
+		    keyblock, keyblocktmp, keyblocklength
+	    );
+	    OutputValue("key_block", keyblock, keyblocklength, rfp, 0);
+
+	    step++;
+	    break;
+
+	case 7:
+	    if (ibuf[0] != '\n')
+		{
+		err = 1;
+		printf("Missing terminator\n");
+		}
+	    fputs(ibuf, rfp);
+	    step = 1;
+	    break;
+	    }
+	}
+    if (rfp)
+	fclose(rfp);
+    if (afp)
+	fclose(afp);
+    return err;
+    }
+
+/*--------------------------------------------------
+  Processes either a single file or
+  a set of files whose names are passed in a file.
+  A single file is specified as:
+    aes_test -f xxx.req
+  A set of files is specified as:
+    aes_test -d xxxxx.xxx
+  The default is: -d req.txt
+--------------------------------------------------*/
+int main(int argc, char **argv)
+    {
+    char *rqlist = "req.txt", *rspfile = NULL;
+    FILE *fp = NULL;
+    char fn[250] = "", rfn[256] = "";
+    int d_opt = 1;
+
+#ifdef OPENSSL_FIPS
+    if(!FIPS_mode_set(1))
+	{
+	do_print_errors();
+	EXIT(1);
+	}
+#endif
+    SSL_library_init();
+    if (argc > 1)
+	{
+	if (strcasecmp(argv[1], "-d") == 0)
+	    {
+	    d_opt = 1;
+	    }
+	else if (strcasecmp(argv[1], "-f") == 0)
+	    {
+	    d_opt = 0;
+	    }
+	else
+	    {
+	    printf("Invalid parameter: %s\n", argv[1]);
+	    return 0;
+	    }
+	if (argc < 3)
+	    {
+	    printf("Missing parameter\n");
+	    return 0;
+	    }
+	if (d_opt)
+	    rqlist = argv[2];
+	else
+	    {
+	    strcpy(fn, argv[2]);
+	    rspfile = argv[3];
+	    }
+	}
+    if (d_opt)
+	{ /* list of files (directory) */
+	if (!(fp = fopen(rqlist, "r")))
+	    {
+	    printf("Cannot open req list file\n");
+	    return -1;
+	    }
+	while (fgets(fn, sizeof(fn), fp))
+	    {
+	    strtok(fn, "\r\n");
+	    strcpy(rfn, fn);
+	    if (VERBOSE)
+		printf("Processing: %s\n", rfn);
+	    if (proc_file(rfn, rspfile))
+		{
+		printf(">>> Processing failed for: %s <<<\n", rfn);
+		EXIT(1);
+		}
+	    }
+	fclose(fp);
+	}
+    else /* single file */
+	{
+	if (VERBOSE)
+	    printf("Processing: %s\n", fn);
+	if (proc_file(fn, rspfile))
+	    {
+	    printf(">>> Processing failed for: %s <<<\n", fn);
+	    }
+	}
+    EXIT(0);
+    return 0;
+    }
+
+#endif
+
Index: openssl-1.0.2j/crypto/fips/fips_utl.h
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_utl.h	2017-03-16 17:27:29.544992910 +0100
@@ -0,0 +1,508 @@
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef FIPS_UTL_H
+#define FIPS_UTL_H
+
+#define OPENSSL_FIPSAPI
+
+#include <openssl/fips_rand.h>
+#include <openssl/objects.h>
+
+#ifdef OPENSSL_SYS_WIN32
+#define RESP_EOL	"\n"
+#else
+#define RESP_EOL	"\r\n"
+#endif
+
+#ifndef FIPS_AUTH_OFFICER_PASS
+#define FIPS_AUTH_OFFICER_PASS	"Default FIPS Crypto Officer Password"
+#endif
+
+#ifndef FIPS_AUTH_USER_PASS
+#define FIPS_AUTH_USER_PASS	"Default FIPS Crypto User Password"
+#endif
+
+
+int hex2bin(const char *in, unsigned char *out);
+unsigned char *hex2bin_m(const char *in, long *plen);
+int do_hex2bn(BIGNUM **pr, const char *in);
+int do_bn_print(FILE *out, const BIGNUM *bn);
+int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn);
+int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
+int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol);
+BIGNUM *hex2bn(const char *in);
+int tidy_line(char *linebuf, char *olinebuf);
+int copy_line(const char *in, FILE *ofp);
+int bint2bin(const char *in, int len, unsigned char *out);
+int bin2bint(const unsigned char *in,int len,char *out);
+void PrintValue(char *tag, unsigned char *val, int len);
+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
+void fips_algtest_init(void);
+void do_entropy_stick(void);
+int fips_strncasecmp(const char *str1, const char *str2, size_t n);
+int fips_strcasecmp(const char *str1, const char *str2);
+
+static int no_err;
+
+void do_print_errors(void)
+	{
+	const char *file, *data;
+	int line, flags;
+	unsigned long l;
+	while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)))
+		{
+		fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
+				":file=%s:line=%d:%s\n",
+			l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
+			file, line, flags & ERR_TXT_STRING ? data : "");
+		}
+	}
+
+static void put_err_cb(int lib, int func,int reason,const char *file,int line)
+	{
+	if (no_err)
+		return;
+	fprintf(stderr, "ERROR:%08lX:lib=%d,func=%d,reason=%d"
+				":file=%s:line=%d\n",
+			ERR_PACK(lib, func, reason),
+			lib, func, reason, file, line);
+	}
+
+static void add_err_cb(int num, va_list args)
+	{
+	int i;
+	char *str;
+	if (no_err)
+		return;
+	fputs("\t", stderr);
+	for (i = 0; i < num; i++)
+		{
+		str = va_arg(args, char *);
+		if (str)
+			fputs(str, stderr);
+		}
+	fputs("\n", stderr);
+	}
+
+/* Dummy Entropy to keep DRBG happy. WARNING: THIS IS TOTALLY BOGUS
+ * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
+ */
+
+static unsigned char dummy_entropy[1024];
+
+static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
+                                int entropy, size_t min_len, size_t max_len)
+	{
+	*pout = dummy_entropy;
+	return min_len;
+	}
+
+static int entropy_stick = 0;
+
+static void fips_algtest_init_nofips(void)
+	{
+	DRBG_CTX *ctx;
+	size_t i;
+	FIPS_set_error_callbacks(put_err_cb, add_err_cb);
+	for (i = 0; i < sizeof(dummy_entropy); i++)
+		dummy_entropy[i] = i & 0xff;
+	if (entropy_stick)
+		memcpy(dummy_entropy + 32, dummy_entropy + 16, 16);
+	ctx = FIPS_get_default_drbg();
+	FIPS_drbg_init(ctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
+	FIPS_drbg_set_callbacks(ctx, dummy_cb, 0, 16, dummy_cb, 0);
+	FIPS_drbg_instantiate(ctx, dummy_entropy, 10);
+	FIPS_rand_set_method(FIPS_drbg_method());
+	}
+
+void do_entropy_stick(void)
+	{
+	entropy_stick = 1;
+	}
+
+void fips_algtest_init(void)
+	{
+	fips_algtest_init_nofips();
+	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+		{
+		fprintf(stderr, "Error entering FIPS mode\n");
+		exit(1);
+		}
+	}
+
+int hex2bin(const char *in, unsigned char *out)
+    {
+    int n1, n2, isodd = 0;
+    unsigned char ch;
+
+    n1 = strlen(in);
+    if (in[n1 - 1] == '\n')
+	n1--;
+
+    if (n1 & 1)
+	isodd = 1;
+
+    for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
+	{ /* first byte */
+	if ((in[n1] >= '0') && (in[n1] <= '9'))
+	    ch = in[n1++] - '0';
+	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+	    ch = in[n1++] - 'A' + 10;
+	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+	    ch = in[n1++] - 'a' + 10;
+	else
+	    return -1;
+	if(!in[n1])
+	    {
+	    out[n2++]=ch;
+	    break;
+	    }
+	/* If input is odd length first digit is least significant: assumes
+	 * all digits valid hex and null terminated which is true for the
+	 * strings we pass.
+	 */
+	if (n1 == 1 && isodd)
+		{
+		out[n2++] = ch;
+		continue;
+		}
+	out[n2] = ch << 4;
+	/* second byte */
+	if ((in[n1] >= '0') && (in[n1] <= '9'))
+	    ch = in[n1++] - '0';
+	else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+	    ch = in[n1++] - 'A' + 10;
+	else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+	    ch = in[n1++] - 'a' + 10;
+	else
+	    return -1;
+	out[n2++] |= ch;
+	}
+    return n2;
+    }
+
+unsigned char *hex2bin_m(const char *in, long *plen)
+	{
+	unsigned char *p;
+	if (strlen(in) == 0)
+		{
+		*plen = 0;
+		return OPENSSL_malloc(1);
+		}
+	p = OPENSSL_malloc((strlen(in) + 1)/2);
+	*plen = hex2bin(in, p);
+	return p;
+	}
+
+int do_hex2bn(BIGNUM **pr, const char *in)
+	{
+	unsigned char *p;
+	long plen;
+	int r = 0;
+	p = hex2bin_m(in, &plen);
+	if (!p)
+		return 0;
+	if (!*pr)
+		*pr = BN_new();
+	if (!*pr)
+		return 0;
+	if (BN_bin2bn(p, plen, *pr))
+		r = 1;
+	OPENSSL_free(p);
+	return r;
+	}
+
+int do_bn_print(FILE *out, const BIGNUM *bn)
+	{
+	int len, i;
+	unsigned char *tmp;
+	len = BN_num_bytes(bn);
+	if (len == 0)
+		{
+		fputs("00", out);
+		return 1;
+		}
+
+	tmp = OPENSSL_malloc(len);
+	if (!tmp)
+		{
+		fprintf(stderr, "Memory allocation error\n");
+		return 0;
+		}
+	BN_bn2bin(bn, tmp);
+	for (i = 0; i < len; i++)
+		fprintf(out, "%02x", tmp[i]);
+	OPENSSL_free(tmp);
+	return 1;
+	}
+
+int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn)
+	{
+	int r;
+	fprintf(out, "%s = ", name);
+	r = do_bn_print(out, bn);
+	if (!r)
+		return 0;
+	fputs(RESP_EOL, out);
+	return 1;
+	}
+
+int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
+	{
+	return parse_line2(pkw, pval, linebuf, olinebuf, 1);
+	}
+
+int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int eol)
+	{
+	char *keyword, *value, *p, *q;
+	strcpy(linebuf, olinebuf);
+	keyword = linebuf;
+	/* Skip leading space */
+	while (isspace((unsigned char)*keyword))
+		keyword++;
+
+	/* Look for = sign */
+	p = strchr(linebuf, '=');
+
+	/* If no '=' exit */
+	if (!p)
+		return 0;
+
+	q = p - 1;
+
+	/* Remove trailing space */
+	while (isspace((unsigned char)*q))
+		*q-- = 0;
+
+	*p = 0;
+	value = p + 1;
+
+	/* Remove leading space from value */
+	while (isspace((unsigned char)*value))
+		value++;
+
+	/* Remove trailing space from value */
+	p = value + strlen(value) - 1;
+
+	if (eol && *p != '\n')
+		fprintf(stderr, "Warning: missing EOL\n");
+
+	while (*p == '\n' || isspace((unsigned char)*p))
+		*p-- = 0;
+
+	*pkw = keyword;
+	*pval = value;
+	return 1;
+	}
+
+BIGNUM *hex2bn(const char *in)
+    {
+    BIGNUM *p=NULL;
+
+    if (!do_hex2bn(&p, in))
+	return NULL;
+
+    return p;
+    }
+
+/* To avoid extensive changes to test program at this stage just convert
+ * the input line into an acceptable form. Keyword lines converted to form
+ * "keyword = value\n" no matter what white space present, all other lines
+ * just have leading and trailing space removed.
+ */
+
+int tidy_line(char *linebuf, char *olinebuf)
+	{
+	char *keyword, *value, *p, *q;
+	strcpy(linebuf, olinebuf);
+	keyword = linebuf;
+	/* Skip leading space */
+	while (isspace((unsigned char)*keyword))
+		keyword++;
+	/* Look for = sign */
+	p = strchr(linebuf, '=');
+
+	/* If no '=' just chop leading, trailing ws */
+	if (!p)
+		{
+		p = keyword + strlen(keyword) - 1;
+		while (*p == '\n' || isspace((unsigned char)*p))
+			*p-- = 0;
+		strcpy(olinebuf, keyword);
+		strcat(olinebuf, "\n");
+		return 1;
+		}
+
+	q = p - 1;
+
+	/* Remove trailing space */
+	while (isspace((unsigned char)*q))
+		*q-- = 0;
+
+	*p = 0;
+	value = p + 1;
+
+	/* Remove leading space from value */
+	while (isspace((unsigned char)*value))
+		value++;
+
+	/* Remove trailing space from value */
+	p = value + strlen(value) - 1;
+
+	while (*p == '\n' || isspace((unsigned char)*p))
+		*p-- = 0;
+
+	strcpy(olinebuf, keyword);
+	strcat(olinebuf, " = ");
+	strcat(olinebuf, value);
+	strcat(olinebuf, "\n");
+
+	return 1;
+	}
+/* Copy supplied line to ofp replacing \n with \r\n */
+int copy_line(const char *in, FILE *ofp)
+	{
+	const char *p;
+	p = strchr(in, '\n');
+	if (p)
+		{
+		fwrite(in, 1, (size_t)(p - in), ofp);
+		fputs(RESP_EOL, ofp);
+		}
+	else
+		fputs(in, ofp);
+	return 1;
+	}
+
+/* NB: this return the number of _bits_ read */
+int bint2bin(const char *in, int len, unsigned char *out)
+    {
+    int n;
+
+    memset(out,0,len);
+    for(n=0 ; n < len ; ++n)
+	if(in[n] == '1')
+	    out[n/8]|=(0x80 >> (n%8));
+    return len;
+    }
+
+int bin2bint(const unsigned char *in,int len,char *out)
+    {
+    int n;
+
+    for(n=0 ; n < len ; ++n)
+	out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
+    return n;
+    }
+
+/*-----------------------------------------------*/
+
+void PrintValue(char *tag, unsigned char *val, int len)
+{
+#ifdef VERBOSE
+	OutputValue(tag, val, len, stdout, 0);
+#endif
+}
+
+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
+    {
+    char obuf[2048];
+    int olen;
+
+    if(bitmode)
+	{
+	olen=bin2bint(val,len,obuf);
+    	fprintf(rfp, "%s = %.*s" RESP_EOL, tag, olen, obuf);
+	}
+    else
+	{
+	int i;
+    	fprintf(rfp, "%s = ", tag);
+	for (i = 0; i < len; i++)
+		fprintf(rfp, "%02x", val[i]);
+	fputs(RESP_EOL, rfp);
+	}
+
+#if VERBOSE
+    printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+    }
+
+/* Not all platforms support strcasecmp and strncasecmp: implement versions
+ * in here to avoid need to include them in the validated module. Taken
+ * from crypto/o_str.c written by Richard Levitte (richard@levitte.org)
+ */
+
+int fips_strncasecmp(const char *str1, const char *str2, size_t n)
+	{
+	while (*str1 && *str2 && n)
+		{
+		int res = toupper(*str1) - toupper(*str2);
+		if (res) return res < 0 ? -1 : 1;
+		str1++;
+		str2++;
+		n--;
+		}
+	if (n == 0)
+		return 0;
+	if (*str1)
+		return 1;
+	if (*str2)
+		return -1;
+	return 0;
+	}
+
+int fips_strcasecmp(const char *str1, const char *str2)
+	{
+	return fips_strncasecmp(str1, str2, (size_t)-1);
+	}
+
+
+#endif
Index: openssl-1.0.2j/crypto/evp/evp.h
===================================================================
--- openssl-1.0.2j.orig/crypto/evp/evp.h	2017-03-17 14:04:48.141719095 +0100
+++ openssl-1.0.2j/crypto/evp/evp.h	2017-03-17 14:04:58.921880654 +0100
@@ -516,6 +516,34 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER
 # define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
 # define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
 
+/* Macros to reduce FIPS dependencies: do NOT use in applications */
+#define M_EVP_MD_size(e)		((e)->md_size)
+#define M_EVP_MD_block_size(e)		((e)->block_size)
+#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+#define M_EVP_MD_type(e)			((e)->type)
+#define M_EVP_MD_CTX_type(e)		M_EVP_MD_type(M_EVP_MD_CTX_md(e))
+#define M_EVP_MD_CTX_md(e)			((e)->digest)
+
+#define M_EVP_CIPHER_nid(e)		((e)->nid)
+#define M_EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)
+#define M_EVP_CIPHER_CTX_flags(e)	((e)->cipher->flags)
+#define M_EVP_CIPHER_CTX_block_size(e)	((e)->cipher->block_size)
+#define M_EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
+#define M_EVP_CIPHER_CTX_mode(e)	(M_EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
+
+#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+
+#define M_EVP_EncryptInit(ctx,ciph,key,iv) \
+	(EVP_CipherInit(ctx,ciph,key,iv,1))
+#define M_EVP_EncryptInit_ex(ctx,ciph,impl,key,iv) \
+	(EVP_CipherInit_ex(ctx,ciph,impl,key,iv,1))
+#define M_EVP_DecryptInit(ctx,ciph,key,iv) \
+	(EVP_CipherInit(ctx,ciph,key,iv,0))
+#define M_EVP_DecryptInit_ex(ctx,ciph,impl,key,iv) \
+	(EVP_CipherInit_ex(ctx,ciph,impl,key,iv,0))
+
 int EVP_MD_type(const EVP_MD *md);
 # define EVP_MD_nid(e)                   EVP_MD_type(e)
 # define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
Index: openssl-1.0.2j/crypto/fips/fips_enc.c
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/fips_enc.c	2017-03-17 14:06:50.387553609 +0100
+++ openssl-1.0.2j/crypto/fips/fips_enc.c	2017-03-17 14:07:01.947727357 +0100
@@ -62,6 +62,281 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 
+void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx)
+	{
+	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+	/* ctx->cipher=NULL; */
+	}
+
+EVP_CIPHER_CTX *FIPS_cipher_ctx_new(void)
+	{
+	EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
+	if (ctx)
+		FIPS_cipher_ctx_init(ctx);
+	return ctx;
+	}
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		    const unsigned char *iv, int enc)
+	{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+
+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			 const unsigned char *in, size_t inl)
+	{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+
+/* NB: no cleanup because it is allowed after failed init */
+
+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+	{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+	{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+	{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
+
+static const EVP_CIPHER bad_cipher =
+	{
+	0,
+	1,
+	0,
+	0,
+	0,
+	bad_init,
+	bad_do_cipher,
+	NULL,
+	0,
+	bad_set_asn1,
+	bad_get_asn1,
+	bad_ctrl,
+	NULL
+	};
+
+int FIPS_cipherinit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     const unsigned char *key, const unsigned char *iv, int enc)
+	{
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_CIPHERINIT,FIPS_R_FIPS_SELFTEST_FAILED);
+		ctx->cipher = &bad_cipher;
+		return 0;
+		}
+	if (enc == -1)
+		enc = ctx->encrypt;
+	else
+		{
+		if (enc)
+			enc = 1;
+		ctx->encrypt = enc;
+		}
+	if (cipher)
+		{
+		/* Only FIPS ciphers allowed */
+		if (FIPS_module_mode() && !(cipher->flags & EVP_CIPH_FLAG_FIPS) &&
+			!(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+			{
+			EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
+			ctx->cipher = &bad_cipher;
+			return 0;
+			}
+		/* Ensure a context left lying around from last time is cleared
+		 * (the previous check attempted to avoid this if the same
+		 * ENGINE and EVP_CIPHER could be used). */
+		FIPS_cipher_ctx_cleanup(ctx);
+
+		/* Restore encrypt field: it is zeroed by cleanup */
+		ctx->encrypt = enc;
+
+		ctx->cipher=cipher;
+		if (ctx->cipher->ctx_size)
+			{
+			ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+			if (!ctx->cipher_data)
+				{
+				EVPerr(EVP_F_FIPS_CIPHERINIT, ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
+		else
+			{
+			ctx->cipher_data = NULL;
+			}
+		ctx->key_len = cipher->key_len;
+		ctx->flags = 0;
+		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+			{
+			if(!FIPS_cipher_ctx_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+				{
+				EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			}
+		}
+	else if(!ctx->cipher)
+		{
+		EVPerr(EVP_F_FIPS_CIPHERINIT, EVP_R_NO_CIPHER_SET);
+		return 0;
+		}
+	/* we assume block size is a power of 2 in *cryptUpdate */
+	OPENSSL_assert(ctx->cipher->block_size == 1
+	    || ctx->cipher->block_size == 8
+	    || ctx->cipher->block_size == 16);
+
+	if(!(M_EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+		switch(M_EVP_CIPHER_CTX_mode(ctx)) {
+
+			case EVP_CIPH_STREAM_CIPHER:
+			case EVP_CIPH_ECB_MODE:
+			break;
+
+			case EVP_CIPH_CFB_MODE:
+			case EVP_CIPH_OFB_MODE:
+
+			ctx->num = 0;
+			/* fall-through */
+
+			case EVP_CIPH_CBC_MODE:
+
+			OPENSSL_assert(M_EVP_CIPHER_CTX_iv_length(ctx) <=
+					(int)sizeof(ctx->iv));
+			if(iv) memcpy(ctx->oiv, iv, M_EVP_CIPHER_CTX_iv_length(ctx));
+			memcpy(ctx->iv, ctx->oiv, M_EVP_CIPHER_CTX_iv_length(ctx));
+			break;
+
+			case EVP_CIPH_CTR_MODE:
+			/* Don't reuse IV for CTR mode */
+			if(iv)
+				memcpy(ctx->iv, iv, M_EVP_CIPHER_CTX_iv_length(ctx));
+			break;
+
+			default:
+			return 0;
+			break;
+		}
+	}
+
+	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+	}
+	ctx->buf_len=0;
+	ctx->final_used=0;
+	ctx->block_mask=ctx->cipher->block_size-1;
+	return 1;
+	}
+
+void FIPS_cipher_ctx_free(EVP_CIPHER_CTX *ctx)
+	{
+	if (ctx)
+		{
+		FIPS_cipher_ctx_cleanup(ctx);
+		OPENSSL_free(ctx);
+		}
+	}
+
+int FIPS_cipher_ctx_cleanup(EVP_CIPHER_CTX *c)
+	{
+	if (c->cipher != NULL)
+		{
+		if(c->cipher->cleanup && !c->cipher->cleanup(c))
+			return 0;
+		/* Cleanse cipher context data */
+		if (c->cipher_data)
+			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+		}
+	if (c->cipher_data)
+		OPENSSL_free(c->cipher_data);
+	memset(c,0,sizeof(EVP_CIPHER_CTX));
+	return 1;
+	}
+
+int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+	int ret;
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_CIPHER_CTX_CTRL, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
+	if(!ctx->cipher) {
+		EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+		return 0;
+	}
+
+	if(!ctx->cipher->ctrl) {
+		EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+		return 0;
+	}
+
+	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+	if(ret == -1) {
+		EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return ret;
+}
+
+int FIPS_cipher_ctx_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+	{
+	if ((in == NULL) || (in->cipher == NULL))
+		{
+		EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+		return 0;
+		}
+
+	/* Only FIPS ciphers allowed */
+	if (FIPS_module_mode() && !(in->cipher->flags & EVP_CIPH_FLAG_FIPS) &&
+		!(out->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+		{
+		EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY, EVP_R_DISABLED_FOR_FIPS);
+		out->cipher = &bad_cipher;
+		return 0;
+		}
+
+	FIPS_cipher_ctx_cleanup(out);
+	memcpy(out,in,sizeof *out);
+
+	if (in->cipher_data && in->cipher->ctx_size)
+		{
+		out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
+		if (!out->cipher_data)
+			{
+			EVPerr(EVP_F_FIPS_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
+		}
+
+	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+		return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
+	return 1;
+	}
+
+/* You can't really set the key length with FIPS, so just check that the
+   caller sets the length the context already has. */
+int FIPS_cipher_ctx_set_key_length(EVP_CIPHER_CTX *ctx, int keylen)
+	{
+	if (ctx->key_len == keylen)
+		return 1;
+
+	EVPerr(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
+	return 0;
+	}
+
+
+
+int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			const unsigned char *in, unsigned int inl)
+	{
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_CIPHER, FIPS_R_SELFTEST_FAILED);
+		return -1;
+		}
+	return ctx->cipher->do_cipher(ctx,out,in,inl);
+	}
+
 const EVP_CIPHER *FIPS_get_cipherbynid(int nid)
 {
     switch (nid) {
Index: openssl-1.0.2j/crypto/fips/fips_md.c
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/fips_md.c	2017-03-16 17:27:29.252988353 +0100
+++ openssl-1.0.2j/crypto/fips/fips_md.c	2017-03-17 14:11:22.255650535 +0100
@@ -120,6 +120,208 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 
+void FIPS_md_ctx_init(EVP_MD_CTX *ctx)
+	{
+	memset(ctx,'\0',sizeof *ctx);
+	}
+
+EVP_MD_CTX *FIPS_md_ctx_create(void)
+	{
+	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
+
+	if (ctx)
+		FIPS_md_ctx_init(ctx);
+
+	return ctx;
+	}
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_MD_CTX *ctx)
+	{ FIPS_ERROR_IGNORED("Digest init"); return 0;}
+
+static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
+	{ FIPS_ERROR_IGNORED("Digest update"); return 0;}
+
+static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ FIPS_ERROR_IGNORED("Digest Final"); return 0;}
+
+static const EVP_MD bad_md =
+	{
+	0,
+	0,
+	0,
+	0,
+	bad_init,
+	bad_update,
+	bad_final,
+	NULL,
+	NULL,
+	NULL,
+	0,
+	{0,0,0,0},
+	};
+
+int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type)
+	{
+	M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DIGESTINIT,FIPS_R_FIPS_SELFTEST_FAILED);
+		ctx->digest = &bad_md;
+		ctx->update = bad_update;
+		return 0;
+		}
+	if(FIPS_module_mode() && !(type->flags & EVP_MD_FLAG_FIPS) &&
+		!(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
+		{
+		EVPerr(EVP_F_FIPS_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
+		ctx->digest = &bad_md;
+		ctx->update = bad_update;
+		return 0;
+		}
+	if (ctx->digest != type)
+		{
+		if (ctx->digest && ctx->digest->ctx_size)
+			OPENSSL_free(ctx->md_data);
+		ctx->digest=type;
+		if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
+			{
+			ctx->update = type->update;
+			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+			if (ctx->md_data == NULL)
+				{
+				EVPerr(EVP_F_FIPS_DIGESTINIT,
+							ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
+		}
+	if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+		return 1;
+	return ctx->digest->init(ctx);
+	}
+
+int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+	{
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DIGESTUPDATE, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
+	return ctx->update(ctx,data,count);
+	}
+
+/* The caller can assume that this removes any secret data from the context */
+int FIPS_digestfinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+	{
+	int ret;
+
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DIGESTFINAL, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
+
+	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+	ret=ctx->digest->final(ctx,md);
+	if (size != NULL)
+		*size=ctx->digest->md_size;
+	if (ctx->digest->cleanup)
+		{
+		ctx->digest->cleanup(ctx);
+		M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+		}
+	memset(ctx->md_data,0,ctx->digest->ctx_size);
+	return ret;
+	}
+
+int FIPS_digest(const void *data, size_t count,
+		unsigned char *md, unsigned int *size, const EVP_MD *type)
+	{
+	EVP_MD_CTX ctx;
+	int ret;
+
+	FIPS_md_ctx_init(&ctx);
+	M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+	ret=FIPS_digestinit(&ctx, type)
+	  && FIPS_digestupdate(&ctx, data, count)
+	  && FIPS_digestfinal(&ctx, md, size);
+	FIPS_md_ctx_cleanup(&ctx);
+
+	return ret;
+	}
+
+void FIPS_md_ctx_destroy(EVP_MD_CTX *ctx)
+	{
+	FIPS_md_ctx_cleanup(ctx);
+	OPENSSL_free(ctx);
+	}
+
+/* This call frees resources associated with the context */
+int FIPS_md_ctx_cleanup(EVP_MD_CTX *ctx)
+	{
+	/* Don't assume ctx->md_data was cleaned in FIPS_digest_Final,
+	 * because sometimes only copies of the context are ever finalised.
+	 */
+	if (ctx->digest && ctx->digest->cleanup
+	    && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
+		ctx->digest->cleanup(ctx);
+	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+	    && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
+		{
+		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
+		OPENSSL_free(ctx->md_data);
+		}
+	memset(ctx,'\0',sizeof *ctx);
+
+	return 1;
+	}
+
+int FIPS_md_ctx_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+	{
+	unsigned char *tmp_buf;
+	if ((in == NULL) || (in->digest == NULL))
+		{
+		EVPerr(EVP_F_FIPS_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+		return 0;
+		}
+
+	if (out->digest == in->digest)
+		{
+		tmp_buf = out->md_data;
+	    	M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
+		}
+	else tmp_buf = NULL;
+	FIPS_md_ctx_cleanup(out);
+	memcpy(out,in,sizeof *out);
+
+	if (in->md_data && out->digest->ctx_size)
+		{
+		if (tmp_buf)
+			out->md_data = tmp_buf;
+		else
+			{
+			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+			if (!out->md_data)
+				{
+				EVPerr(EVP_F_FIPS_MD_CTX_COPY,ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			}
+		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
+		}
+
+	out->update = in->update;
+
+	if (out->digest->copy)
+		return out->digest->copy(out,in);
+	
+	return 1;
+	}
+
 const EVP_MD *FIPS_get_digestbynid(int nid)
 {
     switch (nid) {
Index: openssl-1.0.2j/crypto/ecdsa/ecs_ossl.c
===================================================================
--- openssl-1.0.2j.orig/crypto/ecdsa/ecs_ossl.c	2017-03-16 17:27:29.272988665 +0100
+++ openssl-1.0.2j/crypto/ecdsa/ecs_ossl.c	2017-03-17 14:24:11.315328893 +0100
@@ -479,3 +479,31 @@ static int ecdsa_do_verify(const unsigne
         EC_POINT_free(point);
     return ret;
 }
+
+/* FIPS stanadlone version of ecdsa_check: just return FIPS method */
+ECDSA_DATA *fips_ecdsa_check(EC_KEY *key)
+	{
+	static ECDSA_DATA rv = {
+		0,0,0,
+		&openssl_ecdsa_meth
+		};
+	return &rv;
+	}
+
+/* Standalone digest sign and verify */
+int FIPS_ecdsa_verify_digest(EC_KEY *key,
+			const unsigned char *dig, int dlen, ECDSA_SIG *s)
+	{
+	ECDSA_DATA *ecdsa = ecdsa_check(key);
+	if (ecdsa == NULL)
+		return 0;
+	return ecdsa->meth->ecdsa_do_verify(dig, dlen, s, key);
+	}
+ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key,
+					const unsigned char *dig, int dlen)
+	{
+	ECDSA_DATA *ecdsa = ecdsa_check(key);
+	if (ecdsa == NULL)
+		return NULL;
+	return ecdsa->meth->ecdsa_do_sign(dig, dlen, NULL, NULL, key);
+	}
Index: openssl-1.0.2j/crypto/ecdsa/ecdsa.h
===================================================================
--- openssl-1.0.2j.orig/crypto/ecdsa/ecdsa.h	2016-09-26 11:49:07.000000000 +0200
+++ openssl-1.0.2j/crypto/ecdsa/ecdsa.h	2017-03-17 14:35:10.121322408 +0100
@@ -228,6 +228,21 @@ int ECDSA_get_ex_new_index(long argl, vo
 int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
 void *ECDSA_get_ex_data(EC_KEY *d, int idx);
 
+#ifdef OPENSSL_FIPS
+/* Standalone FIPS signature operations */
+ECDSA_SIG * FIPS_ecdsa_sign_digest(EC_KEY *key,
+					const unsigned char *dig, int dlen);
+ECDSA_SIG * FIPS_ecdsa_sign_ctx(EC_KEY *key, EVP_MD_CTX *ctx);
+int FIPS_ecdsa_verify_digest(EC_KEY *key,
+			const unsigned char *dig, int dlen, ECDSA_SIG *s);
+int FIPS_ecdsa_verify_ctx(EC_KEY *key, EVP_MD_CTX *ctx, ECDSA_SIG *s);
+int FIPS_ecdsa_verify(EC_KEY *key, const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash, ECDSA_SIG *s);
+ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
+			const unsigned char *msg, size_t msglen,
+			const EVP_MD *mhash);
+#endif
+
 /** Allocates and initialize a ECDSA_METHOD structure
  *  \param ecdsa_method pointer to ECDSA_METHOD to copy.  (May be NULL)
  *  \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
openSUSE Build Service is sponsored by