17 files changed, 824 insertions, 88 deletions

diff --git a/src/lib/libcrypto/dh/Makefile b/src/lib/libcrypto/dh/Makefile
new file mode 100644
index 0000000000..f23b4f7fde
--- /dev/null
+++ b/src/lib/libcrypto/dh/Makefile
@@ -0,0 +1,180 @@
+#
+# OpenSSL/crypto/dh/Makefile
+#
+
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \
+        dh_ameth.c dh_pmeth.c dh_prn.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \
+        dh_ameth.o dh_pmeth.o dh_prn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_ameth.o: ../../include/openssl/opensslconf.h
+dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
+dh_ameth.o: dh_ameth.c
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
+dh_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_depr.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_depr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_depr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_depr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_depr.o: ../cryptlib.h dh_depr.c
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dh_err.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_err.o: dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+dh_lib.o: ../cryptlib.h dh_lib.c
+dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
+dh_pmeth.o: dh_pmeth.c
+dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index ea59e610ef..849309a489 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -86,21 +86,6 @@
                                        * be used for all exponents.
                                        */
 
-/* If this flag is set the DH method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define DH_FLAG_FIPS_METHOD                     0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define DH_FLAG_NON_FIPS_ALLOW                  0x0400
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -245,9 +230,6 @@ void ERR_load_DH_strings(void);
 #define DH_F_COMPUTE_KEY                                 102
 #define DH_F_DHPARAMS_PRINT_FP                           101
 #define DH_F_DH_BUILTIN_GENPARAMS                        106
-#define DH_F_DH_COMPUTE_KEY                              114
-#define DH_F_DH_GENERATE_KEY                             115
-#define DH_F_DH_GENERATE_PARAMETERS_EX                   116
 #define DH_F_DH_NEW_METHOD                               105
 #define DH_F_DH_PARAM_DECODE                             107
 #define DH_F_DH_PRIV_DECODE                              110
@@ -267,9 +249,7 @@ void ERR_load_DH_strings(void);
 #define DH_R_DECODE_ERROR                                104
 #define DH_R_INVALID_PUBKEY                              102
 #define DH_R_KEYS_NOT_SET                                108
-#define DH_R_KEY_SIZE_TOO_SMALL                          110
 #define DH_R_MODULUS_TOO_LARGE                           103
-#define DH_R_NON_FIPS_METHOD                             111
 #define DH_R_NO_PARAMETERS_SET                           107
 #define DH_R_NO_PRIVATE_VALUE                            100
 #define DH_R_PARAMETER_ENCODING_ERROR                    105
diff --git a/src/lib/libcrypto/dh/dh1024.pem b/src/lib/libcrypto/dh/dh1024.pem
new file mode 100644
index 0000000000..81d43f6a3e
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh192.pem b/src/lib/libcrypto/dh/dh192.pem
new file mode 100644
index 0000000000..521c07271d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh2048.pem b/src/lib/libcrypto/dh/dh2048.pem
new file mode 100644
index 0000000000..295460f508
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh4096.pem b/src/lib/libcrypto/dh/dh4096.pem
new file mode 100644
index 0000000000..390943a21d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
+
diff --git a/src/lib/libcrypto/dh/dh512.pem b/src/lib/libcrypto/dh/dh512.pem
new file mode 100644
index 0000000000..0a4d863ebe
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index 56d3df7356..d5cf0c22a3 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -73,9 +73,6 @@ static ERR_STRING_DATA DH_str_functs[]=
 {ERR_FUNC(DH_F_COMPUTE_KEY),    "COMPUTE_KEY"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),      "DHparams_print_fp"},
 {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),   "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),        "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX),      "DH_generate_parameters_ex"},
 {ERR_FUNC(DH_F_DH_NEW_METHOD),  "DH_new_method"},
 {ERR_FUNC(DH_F_DH_PARAM_DECODE),        "DH_PARAM_DECODE"},
 {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"},
@@ -98,9 +95,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
 {ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
 {ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
 {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
-{ERR_REASON(DH_R_NON_FIPS_METHOD)        ,"non fips method"},
 {ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 7b1fe9c9cb..cfd5b11868 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,29 +66,12 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         if(ret->meth->generate_params)
                 return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_dh_generate_parameters_ex(ret, prime_len,
-                                                        generator, cb);
-#endif
         return dh_builtin_genparams(ret, prime_len, generator, cb);
         }
 
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 89a74db4e6..e7db440342 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         return dh->meth->generate_key(dh);
         }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         return dh->meth->compute_key(key, pub_key, dh);
         }
 
@@ -154,21 +138,8 @@ static int generate_key(DH *dh)
 
         if (generate_new_key)
                 {
-                if (dh->q)
-                        {
-                        do
-                                {
-                                if (!BN_rand_range(priv_key, dh->q))
-                                        goto err;
-                                }
-                        while (BN_is_zero(priv_key) || BN_is_one(priv_key));
-                        }
-                else
-                        {
-                        /* secret exponent length */
-                        l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
-                        if (!BN_rand(priv_key, l, 0, 0)) goto err;
-                        }
+                l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+                if (!BN_rand(priv_key, l, 0, 0)) goto err;
                 }
 
         {
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 00218f2b92..7aef080e7a 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -64,10 +64,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -80,16 +76,7 @@ void DH_set_default_method(const DH_METHOD *meth)
 const DH_METHOD *DH_get_default_method(void)
         {
         if(!default_DH_method)
-                {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_dh_openssl();
-                else
-                        return DH_OpenSSL();
-#else
                 default_DH_method = DH_OpenSSL();
-#endif
-                }
         return default_DH_method;
         }
 
@@ -169,7 +156,7 @@ DH *DH_new_method(ENGINE *engine)
         ret->counter = NULL;
         ret->method_mont_p=NULL;
         ret->references = 1;
-        ret->flags=ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
+        ret->flags=ret->meth->flags;
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
         if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                 {
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
new file mode 100644
index 0000000000..882f5c310a
--- /dev/null
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -0,0 +1,226 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return(0);
+}
+#else
+#include <openssl/dh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+        {
+        BN_GENCB _cb;
+        DH *a;
+        DH *b=NULL;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=1;
+        BIO *out;
+
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+        CRYPTO_malloc_init();
+#endif
+
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+        BN_GENCB_set(&_cb, &cb, out);
+        if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+                                DH_GENERATOR_5, &_cb))
+                goto err;
+
+        if (!DH_check(a, &i)) goto err;
+        if (i & DH_CHECK_P_NOT_PRIME)
+                BIO_puts(out, "p value is not prime\n");
+        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+                BIO_puts(out, "p value is not a safe prime\n");
+        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+                BIO_puts(out, "unable to check the generator value\n");
+        if (i & DH_NOT_SUITABLE_GENERATOR)
+                BIO_puts(out, "the g value is not a generator\n");
+
+        BIO_puts(out,"\np    =");
+        BN_print(out,a->p);
+        BIO_puts(out,"\ng    =");
+        BN_print(out,a->g);
+        BIO_puts(out,"\n");
+
+        b=DH_new();
+        if (b == NULL) goto err;
+
+        b->p=BN_dup(a->p);
+        b->g=BN_dup(a->g);
+        if ((b->p == NULL) || (b->g == NULL)) goto err;
+
+        /* Set a to run with normal modexp and b to use constant time */
+        a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+        b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
+        if (!DH_generate_key(a)) goto err;
+        BIO_puts(out,"pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\npub 1=");
+        BN_print(out,a->pub_key);
+        BIO_puts(out,"\n");
+
+        if (!DH_generate_key(b)) goto err;
+        BIO_puts(out,"pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\npub 2=");
+        BN_print(out,b->pub_key);
+        BIO_puts(out,"\n");
+
+        alen=DH_size(a);
+        abuf=(unsigned char *)OPENSSL_malloc(alen);
+        aout=DH_compute_key(abuf,b->pub_key,a);
+
+        BIO_puts(out,"key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+
+        blen=DH_size(b);
+        bbuf=(unsigned char *)OPENSSL_malloc(blen);
+        bout=DH_compute_key(bbuf,a->pub_key,b);
+
+        BIO_puts(out,"key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+                fprintf(stderr,"Error in DH routines\n");
+                ret=1;
+                }
+        else
+                ret=0;
+err:
+        ERR_print_errors_fp(stderr);
+
+        if (abuf != NULL) OPENSSL_free(abuf);
+        if (bbuf != NULL) OPENSSL_free(bbuf);
+        if(b != NULL) DH_free(b);
+        if(a != NULL) DH_free(a);
+        BIO_free(out);
+#ifdef OPENSSL_SYS_NETWARE
+    if (ret) printf("ERROR: %d\n", ret);
+#endif
+        EXIT(ret);
+        return(ret);
+        }
+
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
+        {
+        char c='*';
+
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write(arg->arg,&c,1);
+        (void)BIO_flush(arg->arg);
+#ifdef LINT
+        p=n;
+#endif
+        return 1;
+        }
+#endif
diff --git a/src/lib/libcrypto/dh/example b/src/lib/libcrypto/dh/example
new file mode 100644
index 0000000000..16a33d2910
--- /dev/null
+++ b/src/lib/libcrypto/dh/example
@@ -0,0 +1,50 @@
+From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
+Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
+  (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
+Received: by minbne.mincom.oz.au id AA19958
+  (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
+Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
+          Wed, 27 Sep 1995 19:13:05 +1000
+Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
+          Wed, 27 Sep 1995 04:48:46 -0400
+Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
+Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
+Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) 
+          by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 
+          for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
+Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
+          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+Date: Mon, 25 Sep 1995 17:50:51 -0700
+From: Phil Karn <karn@qualcomm.com>
+Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
+To: cypherpunks@toad.com, ipsec-dev@eit.com
+Subject: Primality verification needed
+Sender: owner-cypherpunks@toad.com
+Precedence: bulk
+Status: RO
+X-Status: 
+
+Hi. I've generated a 2047-bit "strong" prime number that I would like to
+use with Diffie-Hellman key exchange. I assert that not only is this number
+'p' prime, but so is (p-1)/2.
+
+I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+However, to increase my confidence that this number really is a strong prime,
+I'd like to ask others to confirm it with other tests. Here's the number in hex:
+
+72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+56a05180c3bec7ddd5ef6fe76b1f717b
+
+The generator, g, for this prime is 2.
+
+Thanks!
+
+Phil Karn
+
+
diff --git a/src/lib/libcrypto/dh/generate b/src/lib/libcrypto/dh/generate
new file mode 100644
index 0000000000..5d407231df
--- /dev/null
+++ b/src/lib/libcrypto/dh/generate
@@ -0,0 +1,65 @@
+From: stewarts@ix.netcom.com (Bill Stewart)
+Newsgroups: sci.crypt
+Subject: Re: Diffie-Hellman key exchange
+Date: Wed, 11 Oct 1995 23:08:28 GMT
+Organization: Freelance Information Architect
+Lines: 32
+Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
+References: <458rhn$76m$1@mhadf.production.compuserve.com>
+NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
+X-Newsreader: Forte Free Agent 1.0.82
+
+Kent Briggs <72124.3234@CompuServe.COM> wrote:
+
+>I have a copy of the 1976 IEEE article describing the
+>Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
+>looking for sources that give examples of secure a,q pairs and
+>possible some source code that I could examine.
+
+q should be prime, and ideally should be a "strong prime",
+which means it's of the form 2n+1 where n is also prime.
+q also needs to be long enough to prevent the attacks LaMacchia and
+Odlyzko described (some variant on a factoring attack which generates
+a large pile of simultaneous equations and then solves them);
+long enough is about the same size as factoring, so 512 bits may not
+be secure enough for most applications.  (The 192 bits used by
+"secure NFS" was certainly not long enough.)
+
+a should be a generator for q, which means it needs to be
+relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
+work.  
+
+....
+
+Date: Tue, 26 Sep 1995 13:52:36 MST
+From: "Richard Schroeppel" <rcs@cs.arizona.edu>
+To: karn
+Cc: ho@cs.arizona.edu
+Subject: random large primes
+
+Since your prime is really random, proving it is hard.
+My personal limit on rigorously proved primes is ~350 digits.
+If you really want a proof, we should talk to Francois Morain,
+or the Australian group.
+
+If you want 2 to be a generator (mod P), then you need it
+to be a non-square.  If (P-1)/2 is also prime, then
+non-square == primitive-root for bases << P.
+
+In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+If you want this, you should restrict your sieve accordingly.
+
+3 is a generator iff P = 5 (mod 12).
+
+5 is a generator iff P = 3 or 7 (mod 10).
+
+2 is perfectly usable as a base even if it's a non-generator, since
+it still covers half the space of possible residues.  And an
+eavesdropper can always determine the low-bit of your exponent for
+a generator anyway.
+
+Rich  rcs@cs.arizona.edu
+
+
+
diff --git a/src/lib/libcrypto/dh/p1024.c b/src/lib/libcrypto/dh/p1024.c
new file mode 100644
index 0000000000..368ceca4eb
--- /dev/null
+++ b/src/lib/libcrypto/dh/p1024.c
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
+        0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
+        0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
+        0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
+        0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
+        0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
+        0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
+        0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
+        0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
+        0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
+        0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
+        0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
+        0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
+        0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
+        0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
+        0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
+        };
+
+main()
+        {
+        DH *dh;
+
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p192.c b/src/lib/libcrypto/dh/p192.c
new file mode 100644
index 0000000000..7bdf40410e
--- /dev/null
+++ b/src/lib/libcrypto/dh/p192.c
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[]={
+0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
+0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
+0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
+        };
+
+main()
+        {
+        DH *dh;
+
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,3);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p512.c b/src/lib/libcrypto/dh/p512.c
new file mode 100644
index 0000000000..a9b6aa83f0
--- /dev/null
+++ b/src/lib/libcrypto/dh/p512.c
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[]={
+0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
+0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
+0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
+0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
+0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
+0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
+        };
+
+main()
+        {
+        DH *dh;
+
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }