13 files changed, 2344 insertions, 78 deletions

diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
index 8073c4ecfe..2cc45cdc62 100644
--- a/src/lib/libcrypto/dsa/Makefile
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -18,14 +18,14 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
-        dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
+        dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c
 LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
-        dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o
+        dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o
 
 SRC= $(LIBSRC)
 
 EXHEADER= dsa.h
-HEADER= dsa_locl.h $(EXHEADER)
+HEADER= $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -35,7 +35,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -76,27 +76,12 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-dsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-dsa_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-dsa_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-dsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-dsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_ameth.o: ../../include/openssl/objects.h
-dsa_ameth.o: ../../include/openssl/opensslconf.h
-dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
-dsa_ameth.o: dsa_ameth.c
 dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 dsa_asn1.o: ../../include/openssl/opensslconf.h
 dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
@@ -106,8 +91,9 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_depr.o: ../../include/openssl/opensslconf.h
 dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -124,12 +110,13 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h
+dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_gen.o: ../cryptlib.h dsa_gen.c
 dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
@@ -145,14 +132,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
 dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dsa_lib.o: ../cryptlib.h dsa_lib.c
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c
 dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -161,48 +148,40 @@ dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_ossl.o: ../../include/openssl/opensslconf.h
 dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c
-dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-dsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-dsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-dsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_pmeth.o: ../../include/openssl/objects.h
-dsa_pmeth.o: ../../include/openssl/opensslconf.h
-dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h
-dsa_pmeth.o: dsa_locl.h dsa_pmeth.c
-dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
-dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
-dsa_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_prn.o: ../cryptlib.h dsa_prn.c
-dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_sign.o: ../cryptlib.h dsa_sign.c
-dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h
-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..e5f8a8cf51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -0,0 +1,171 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
new file mode 100644
index 0000000000..702c50d6dc
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -0,0 +1,324 @@
+/* crypto/dsa/dsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
+ * work and I have just tweaked them a little to fit into my
+ * stylistic vision for SSLeay :-) */
+
+#ifndef HEADER_DSA_H
+#define HEADER_DSA_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_DSA
+#error DSA is disabled.
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
+
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#endif
+
+#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+# define OPENSSL_DSA_MAX_MODULUS_BITS   10000
+#endif
+
+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+#define DSA_FLAG_CACHE_MONT_P   0x01
+#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
+                                              * implementation now uses constant time
+                                              * modular exponentiation for secret exponents
+                                              * by default. This flag causes the
+                                              * faster variable sliding window method to
+                                              * be used for all exponents.
+                                              */
+
+/* If this flag is set the DSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DSA_FLAG_FIPS_METHOD                    0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+
+#ifdef OPENSSL_FIPS
+#define FIPS_DSA_SIZE_T int
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */
+
+typedef struct DSA_SIG_st
+        {
+        BIGNUM *r;
+        BIGNUM *s;
+        } DSA_SIG;
+
+struct dsa_method
+        {
+        const char *name;
+        DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
+        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                                                BIGNUM **rp);
+        int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+                                                        DSA_SIG *sig, DSA *dsa);
+        int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                        BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                        BN_MONT_CTX *in_mont);
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx); /* Can be null */
+        int (*init)(DSA *dsa);
+        int (*finish)(DSA *dsa);
+        int flags;
+        char *app_data;
+        /* If this is non-NULL, it is used to generate DSA parameters */
+        int (*dsa_paramgen)(DSA *dsa, int bits,
+                        unsigned char *seed, int seed_len,
+                        int *counter_ret, unsigned long *h_ret,
+                        BN_GENCB *cb);
+        /* If this is non-NULL, it is used to generate DSA keys */
+        int (*dsa_keygen)(DSA *dsa);
+        };
+
+struct dsa_st
+        {
+        /* This first variable is used to pick up errors where
+         * a DSA is passed instead of of a EVP_PKEY */
+        int pad;
+        long version;
+        int write_params;
+        BIGNUM *p;
+        BIGNUM *q;      /* == 20 */
+        BIGNUM *g;
+
+        BIGNUM *pub_key;  /* y public key */
+        BIGNUM *priv_key; /* x private key */
+
+        BIGNUM *kinv;   /* Signing pre-calc */
+        BIGNUM *r;      /* Signing pre-calc */
+
+        int flags;
+        /* Normally used to cache montgomery values */
+        BN_MONT_CTX *method_mont_p;
+        int references;
+        CRYPTO_EX_DATA ex_data;
+        const DSA_METHOD *meth;
+        /* functional reference if 'meth' is ENGINE-provided */
+        ENGINE *engine;
+        };
+
+#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
+#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+
+
+DSA_SIG * DSA_SIG_new(void);
+void    DSA_SIG_free(DSA_SIG *a);
+int     i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
+int     DSA_do_verify(const unsigned char *dgst,int dgst_len,
+                      DSA_SIG *sig,DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void    DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int     DSA_set_method(DSA *dsa, const DSA_METHOD *);
+
+#ifdef OPENSSL_FIPS
+DSA *   FIPS_dsa_new(void);
+void    FIPS_dsa_free (DSA *r);
+#endif
+
+DSA *   DSA_new(void);
+DSA *   DSA_new_method(ENGINE *engine);
+void    DSA_free (DSA *r);
+/* "up" the DSA object's reference count */
+int     DSA_up_ref(DSA *r);
+int     DSA_size(const DSA *);
+        /* next 4 return -1 on error */
+int     DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
+int     DSA_sign(int type,const unsigned char *dgst,int dlen,
+                unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int     DSA_verify(int type,const unsigned char *dgst,int dgst_len,
+                const unsigned char *sigbuf, int siglen, DSA *dsa);
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *   d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *   d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *   d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+#ifndef OPENSSL_NO_DEPRECATED
+DSA *   DSA_generate_parameters(int bits,
+                unsigned char *seed,int seed_len,
+                int *counter_ret, unsigned long *h_ret,void
+                (*callback)(int, int, void *),void *cb_arg);
+#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int     DSA_generate_parameters_ex(DSA *dsa, int bits,
+                unsigned char *seed,int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
+int     DSA_generate_key(DSA *a);
+int     i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int     i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int     i2d_DSAparams(const DSA *a,unsigned char **pp);
+
+#ifndef OPENSSL_NO_BIO
+int     DSAparams_print(BIO *bp, const DSA *x);
+int     DSA_print(BIO *bp, const DSA *x, int off);
+#endif
+#ifndef OPENSSL_NO_FP_API
+int     DSAparams_print_fp(FILE *fp, const DSA *x);
+int     DSA_print_fp(FILE *bp, const DSA *x, int off);
+#endif
+
+#define DSS_prime_checks 50
+/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
+ * 50 rounds of Rabin-Miller */
+#define DSA_is_prime(n, callback, cb_arg) \
+        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+#ifndef OPENSSL_NO_DH
+/* Convert DSA structure (key or just parameters) into DH structure
+ * (be careful to avoid small subgroup attacks when using this!) */
+DH *DSA_dup_DH(const DSA *r);
+#endif
+
+#ifdef OPENSSL_FIPS
+int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
+int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSA_strings(void);
+
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+#define DSA_F_D2I_DSA_SIG                                110
+#define DSA_F_DSAPARAMS_PRINT                            100
+#define DSA_F_DSAPARAMS_PRINT_FP                         101
+#define DSA_F_DSA_BUILTIN_KEYGEN                         119
+#define DSA_F_DSA_BUILTIN_PARAMGEN                       118
+#define DSA_F_DSA_DO_SIGN                                112
+#define DSA_F_DSA_DO_VERIFY                              113
+#define DSA_F_DSA_GENERATE_PARAMETERS                    117
+#define DSA_F_DSA_NEW_METHOD                             103
+#define DSA_F_DSA_PRINT                                  104
+#define DSA_F_DSA_PRINT_FP                               105
+#define DSA_F_DSA_SET_DEFAULT_METHOD                     115
+#define DSA_F_DSA_SET_METHOD                             116
+#define DSA_F_DSA_SIGN                                   106
+#define DSA_F_DSA_SIGN_SETUP                             107
+#define DSA_F_DSA_SIG_NEW                                109
+#define DSA_F_DSA_VERIFY                                 108
+#define DSA_F_I2D_DSA_SIG                                111
+#define DSA_F_SIG_CB                                     114
+
+/* Reason codes. */
+#define DSA_R_BAD_Q_VALUE                                102
+#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                100
+#define DSA_R_KEY_SIZE_TOO_SMALL                         106
+#define DSA_R_MISSING_PARAMETERS                         101
+#define DSA_R_MODULUS_TOO_LARGE                          103
+#define DSA_R_NON_FIPS_METHOD                            104
+#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         105
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000000..0645facb4b
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_asn1.c
@@ -0,0 +1,218 @@
+/* dsa_asn1.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+
+/* Override the default new methods */
+static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_PRE) {
+                DSA_SIG *sig;
+                sig = OPENSSL_malloc(sizeof(DSA_SIG));
+                sig->r = NULL;
+                sig->s = NULL;
+                *pval = (ASN1_VALUE *)sig;
+                if(sig) return 2;
+                DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+        if(operation == ASN1_OP_NEW_PRE) {
+                *pval = (ASN1_VALUE *)DSA_new();
+                if(*pval) return 2;
+                return 0;
+        } else if(operation == ASN1_OP_FREE_PRE) {
+                DSA_free((DSA *)*pval);
+                *pval = NULL;
+                return 2;
+        }
+        return 1;
+}
+
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, version, LONG),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, priv_key, BIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
+
+/* DSA public key is a bit trickier... its effectively a CHOICE type
+ * decided by a field called write_params which can either write out
+ * just the public key as an INTEGER or the parameters and public key
+ * in a SEQUENCE
+ */
+
+ASN1_SEQUENCE(dsa_pub_internal) = {
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM)
+} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
+
+ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
+} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+             unsigned int *siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+        s=DSA_do_sign(dgst,dlen,dsa);
+        if (s == NULL)
+                {
+                *siglen=0;
+                return(0);
+                }
+        *siglen=i2d_DSA_SIG(s,&sig);
+        DSA_SIG_free(s);
+        return(1);
+        }
+
+int DSA_size(const DSA *r)
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
+
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+        int ret=-1;
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+        if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+        DSA_SIG_free(s);
+        return(ret);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c
new file mode 100644
index 0000000000..f2da680eb4
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_depr.c
@@ -0,0 +1,106 @@
+/* crypto/dsa/dsa_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* This file contains deprecated function(s) that are now wrappers to the new
+ * version(s). */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/* Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
+#define HASH    EVP_sha()
+#else
+/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
+ * FIPS PUB 180-1) */
+#define HASH    EVP_sha1()
+#endif 
+
+static void *dummy=&dummy;
+
+#ifndef OPENSSL_NO_SHA
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+#ifndef OPENSSL_NO_DEPRECATED
+DSA *DSA_generate_parameters(int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *),
+                void *cb_arg)
+        {
+        BN_GENCB cb;
+        DSA *ret;
+
+        if ((ret=DSA_new()) == NULL) return NULL;
+
+        BN_GENCB_set_old(&cb, callback, cb_arg);
+
+        if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
+                                counter_ret, h_ret, &cb))
+                return ret;
+        DSA_free(ret);
+        return NULL;
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..872839af94
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -0,0 +1,119 @@
+/* crypto/dsa/dsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
+
+static ERR_STRING_DATA DSA_str_functs[]=
+        {
+{ERR_FUNC(DSA_F_D2I_DSA_SIG),   "d2i_DSA_SIG"},
+{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),       "DSAparams_print"},
+{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),    "DSAparams_print_fp"},
+{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),    "DSA_BUILTIN_KEYGEN"},
+{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),  "DSA_BUILTIN_PARAMGEN"},
+{ERR_FUNC(DSA_F_DSA_DO_SIGN),   "DSA_do_sign"},
+{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS),       "DSA_generate_parameters"},
+{ERR_FUNC(DSA_F_DSA_NEW_METHOD),        "DSA_new_method"},
+{ERR_FUNC(DSA_F_DSA_PRINT),     "DSA_print"},
+{ERR_FUNC(DSA_F_DSA_PRINT_FP),  "DSA_print_fp"},
+{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD),        "DSA_set_default_method"},
+{ERR_FUNC(DSA_F_DSA_SET_METHOD),        "DSA_set_method"},
+{ERR_FUNC(DSA_F_DSA_SIGN),      "DSA_sign"},
+{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),        "DSA_sign_setup"},
+{ERR_FUNC(DSA_F_DSA_SIG_NEW),   "DSA_SIG_new"},
+{ERR_FUNC(DSA_F_DSA_VERIFY),    "DSA_verify"},
+{ERR_FUNC(DSA_F_I2D_DSA_SIG),   "i2d_DSA_SIG"},
+{ERR_FUNC(DSA_F_SIG_CB),        "SIG_CB"},
+{0,NULL}
+        };
+
+static ERR_STRING_DATA DSA_str_reasons[]=
+        {
+{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
+{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
+{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
+{ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
+{ERR_REASON(DSA_R_NON_FIPS_METHOD)       ,"non fips method"},
+{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
+{0,NULL}
+        };
+
+#endif
+
+void ERR_load_DSA_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+
+        if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,DSA_str_functs);
+                ERR_load_strings(0,DSA_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000..6f1728e3cf
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -0,0 +1,325 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/* Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
+#define HASH    EVP_sha()
+#else
+/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
+ * FIPS PUB 180-1) */
+#define HASH    EVP_sha1()
+#endif 
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
+
+#ifndef OPENSSL_NO_SHA
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+#ifndef OPENSSL_FIPS
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+        {
+        if(ret->meth->dsa_paramgen)
+                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                                counter_ret, h_ret, cb);
+        return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+                        counter_ret, h_ret, cb);
+        }
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+        {
+        int ok=0;
+        unsigned char seed[SHA_DIGEST_LENGTH];
+        unsigned char md[SHA_DIGEST_LENGTH];
+        unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
+        BIGNUM *r0,*W,*X,*c,*test;
+        BIGNUM *g=NULL,*q=NULL,*p=NULL;
+        BN_MONT_CTX *mont=NULL;
+        int k,n=0,i,b,m=0;
+        int counter=0;
+        int r=0;
+        BN_CTX *ctx=NULL;
+        unsigned int h=2;
+
+        if (bits < 512) bits=512;
+        bits=(bits+63)/64*64;
+
+        /* NB: seed_len == 0 is special case: copy generated seed to
+         * seed_in if it is not NULL.
+         */
+        if (seed_len && (seed_len < 20))
+                seed_in = NULL; /* seed buffer too small -- ignore */
+        if (seed_len > 20) 
+                seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+                                * but our internal buffers are restricted to 160 bits*/
+        if ((seed_in != NULL) && (seed_len == 20))
+                {
+                memcpy(seed,seed_in,seed_len);
+                /* set seed_in to NULL to avoid it being copied back */
+                seed_in = NULL;
+                }
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
+
+        BN_CTX_start(ctx);
+        r0 = BN_CTX_get(ctx);
+        g = BN_CTX_get(ctx);
+        W = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        c = BN_CTX_get(ctx);
+        p = BN_CTX_get(ctx);
+        test = BN_CTX_get(ctx);
+
+        if (!BN_lshift(test,BN_value_one(),bits-1))
+                goto err;
+
+        for (;;)
+                {
+                for (;;) /* find q */
+                        {
+                        int seed_is_random;
+
+                        /* step 1 */
+                        if(!BN_GENCB_call(cb, 0, m++))
+                                goto err;
+
+                        if (!seed_len)
+                                {
+                                RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
+                                seed_is_random = 1;
+                                }
+                        else
+                                {
+                                seed_is_random = 0;
+                                seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
+                                }
+                        memcpy(buf,seed,SHA_DIGEST_LENGTH);
+                        memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+                        /* precompute "SEED + 1" for step 7: */
+                        for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                {
+                                buf[i]++;
+                                if (buf[i] != 0) break;
+                                }
+
+                        /* step 2 */
+                        EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+                        EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
+                        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                                md[i]^=buf2[i];
+
+                        /* step 3 */
+                        md[0]|=0x80;
+                        md[SHA_DIGEST_LENGTH-1]|=0x01;
+                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
+
+                        /* step 4 */
+                        r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        seed_is_random, cb);
+                        if (r > 0)
+                                break;
+                        if (r != 0)
+                                goto err;
+
+                        /* do a callback call */
+                        /* step 5 */
+                        }
+
+                if(!BN_GENCB_call(cb, 2, 0)) goto err;
+                if(!BN_GENCB_call(cb, 3, 0)) goto err;
+
+                /* step 6 */
+                counter=0;
+                /* "offset = 2" */
+
+                n=(bits-1)/160;
+                b=(bits-1)-n*160;
+
+                for (;;)
+                        {
+                        if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                                goto err;
+
+                        /* step 7 */
+                        BN_zero(W);
+                        /* now 'buf' contains "SEED + offset - 1" */
+                        for (k=0; k<=n; k++)
+                                {
+                                /* obtain "SEED + offset + k" by incrementing: */
+                                for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
+                                        {
+                                        buf[i]++;
+                                        if (buf[i] != 0) break;
+                                        }
+
+                                EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+
+                                /* step 8 */
+                                if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+                                        goto err;
+                                if (!BN_lshift(r0,r0,160*k)) goto err;
+                                if (!BN_add(W,W,r0)) goto err;
+                                }
+
+                        /* more of step 8 */
+                        if (!BN_mask_bits(W,bits-1)) goto err;
+                        if (!BN_copy(X,W)) goto err;
+                        if (!BN_add(X,X,test)) goto err;
+
+                        /* step 9 */
+                        if (!BN_lshift1(r0,q)) goto err;
+                        if (!BN_mod(c,X,r0,ctx)) goto err;
+                        if (!BN_sub(r0,c,BN_value_one())) goto err;
+                        if (!BN_sub(p,X,r0)) goto err;
+
+                        /* step 10 */
+                        if (BN_cmp(p,test) >= 0)
+                                {
+                                /* step 11 */
+                                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
+                                                ctx, 1, cb);
+                                if (r > 0)
+                                                goto end; /* found it */
+                                if (r != 0)
+                                        goto err;
+                                }
+
+                        /* step 13 */
+                        counter++;
+                        /* "offset = offset + n + 1" */
+
+                        /* step 14 */
+                        if (counter >= 4096) break;
+                        }
+                }
+end:
+        if(!BN_GENCB_call(cb, 2, 1))
+                goto err;
+
+        /* We now need to generate g */
+        /* Set r0=(p-1)/q */
+        if (!BN_sub(test,p,BN_value_one())) goto err;
+        if (!BN_div(r0,NULL,test,q,ctx)) goto err;
+
+        if (!BN_set_word(test,h)) goto err;
+        if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
+
+        for (;;)
+                {
+                /* g=test^r0%p */
+                if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
+                if (!BN_is_one(g)) break;
+                if (!BN_add(test,test,BN_value_one())) goto err;
+                h++;
+                }
+
+        if(!BN_GENCB_call(cb, 3, 1))
+                goto err;
+
+        ok=1;
+err:
+        if (ok)
+                {
+                if(ret->p) BN_free(ret->p);
+                if(ret->q) BN_free(ret->q);
+                if(ret->g) BN_free(ret->g);
+                ret->p=BN_dup(p);
+                ret->q=BN_dup(q);
+                ret->g=BN_dup(g);
+                if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
+                        {
+                        ok=0;
+                        goto err;
+                        }
+                if (seed_in != NULL) memcpy(seed_in,seed,20);
+                if (counter_ret != NULL) *counter_ret=counter;
+                if (h_ret != NULL) *h_ret=h;
+                }
+        if(ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        if (mont != NULL) BN_MONT_CTX_free(mont);
+        return ok;
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
new file mode 100644
index 0000000000..5e39124230
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -0,0 +1,132 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_SHA
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_FIPS
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+int DSA_generate_key(DSA *dsa)
+        {
+        if(dsa->meth->dsa_keygen)
+                return dsa->meth->dsa_keygen(dsa);
+        return dsa_builtin_keygen(dsa);
+        }
+
+static int dsa_builtin_keygen(DSA *dsa)
+        {
+        int ok=0;
+        BN_CTX *ctx=NULL;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if (dsa->priv_key == NULL)
+                {
+                if ((priv_key=BN_new()) == NULL) goto err;
+                }
+        else
+                priv_key=dsa->priv_key;
+
+        do
+                if (!BN_rand_range(priv_key,dsa->q)) goto err;
+        while (BN_is_zero(priv_key));
+
+        if (dsa->pub_key == NULL)
+                {
+                if ((pub_key=BN_new()) == NULL) goto err;
+                }
+        else
+                pub_key=dsa->pub_key;
+        
+        {
+                BIGNUM local_prk;
+                BIGNUM *prk;
+
+                if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        BN_init(&local_prk);
+                        prk = &local_prk;
+                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+                        }
+                else
+                        prk = priv_key;
+
+                if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
+        }
+
+        dsa->priv_key=priv_key;
+        dsa->pub_key=pub_key;
+        ok=1;
+
+err:
+        if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+        if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ok);
+        }
+#endif
+
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000..7ac9dc8c89
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -0,0 +1,316 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+
+const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
+
+static const DSA_METHOD *default_DSA_method = NULL;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+        {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
+                {
+                DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
+                return;
+                }
+#endif
+                
+        default_DSA_method = meth;
+        }
+
+const DSA_METHOD *DSA_get_default_method(void)
+        {
+        if(!default_DSA_method)
+                default_DSA_method = DSA_OpenSSL();
+        return default_DSA_method;
+        }
+
+DSA *DSA_new(void)
+        {
+        return DSA_new_method(NULL);
+        }
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
+                {
+                DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
+                return 0;
+                }
+#endif
+        mtmp = dsa->meth;
+        if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+        if (dsa->engine)
+                {
+                ENGINE_finish(dsa->engine);
+                dsa->engine = NULL;
+                }
+#endif
+        dsa->meth = meth;
+        if (meth->init) meth->init(dsa);
+        return 1;
+        }
+
+DSA *DSA_new_method(ENGINE *engine)
+        {
+        DSA *ret;
+
+        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
+        if (ret == NULL)
+                {
+                DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_DSA();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_DSA(ret->engine);
+                if(!ret->meth)
+                        {
+                        DSAerr(DSA_F_DSA_NEW_METHOD,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
+                {
+                DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                OPENSSL_free(ret);
+                return NULL;
+                }
+#endif
+
+        ret->pad=0;
+        ret->version=0;
+        ret->write_params=1;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->g=NULL;
+
+        ret->pub_key=NULL;
+        ret->priv_key=NULL;
+
+        ret->kinv=NULL;
+        ret->r=NULL;
+        ret->method_mont_p=NULL;
+
+        ret->references=1;
+        ret->flags=ret->meth->flags;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        
+        return(ret);
+        }
+
+void DSA_free(DSA *r)
+        {
+        int i;
+
+        if (r == NULL) return;
+
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+        REF_PRINT("DSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"DSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if(r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if(r->engine)
+                ENGINE_finish(r->engine);
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        if (r->kinv != NULL) BN_clear_free(r->kinv);
+        if (r->r != NULL) BN_clear_free(r->r);
+        OPENSSL_free(r);
+        }
+
+int DSA_up_ref(DSA *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+        REF_PRINT("DSA",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "DSA_up_ref, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
+        }
+
+void *DSA_get_ex_data(DSA *d, int idx)
+        {
+        return(CRYPTO_get_ex_data(&d->ex_data,idx));
+        }
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
+        {
+        /* DSA has p, q, g, optional pub_key, optional priv_key.
+         * DH has p, optional length, g, optional pub_key, optional priv_key.
+         */ 
+
+        DH *ret = NULL;
+
+        if (r == NULL)
+                goto err;
+        ret = DH_new();
+        if (ret == NULL)
+                goto err;
+        if (r->p != NULL) 
+                if ((ret->p = BN_dup(r->p)) == NULL)
+                        goto err;
+        if (r->q != NULL)
+                ret->length = BN_num_bits(r->q);
+        if (r->g != NULL)
+                if ((ret->g = BN_dup(r->g)) == NULL)
+                        goto err;
+        if (r->pub_key != NULL)
+                if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+                        goto err;
+        if (r->priv_key != NULL)
+                if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+                        goto err;
+
+        return ret;
+
+ err:
+        if (ret != NULL)
+                DH_free(ret);
+        return NULL;
+        }
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..412cf1d88b
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -0,0 +1,396 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+
+#ifndef OPENSSL_FIPS
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+
+static DSA_METHOD openssl_dsa_meth = {
+"OpenSSL DSA method",
+dsa_do_sign,
+dsa_sign_setup,
+dsa_do_verify,
+NULL, /* dsa_mod_exp, */
+NULL, /* dsa_bn_mod_exp, */
+dsa_init,
+dsa_finish,
+0,
+NULL,
+NULL,
+NULL
+};
+
+/* These macro wrappers replace attempts to use the dsa_mod_exp() and
+ * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
+ * having a the macro work as an expression by bundling an "err_instr". So;
+ * 
+ *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ *                 dsa->method_mont_p)) goto err;
+ *
+ * can be replaced by;
+ *
+ *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
+ *                 dsa->method_mont_p);
+ */
+
+#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
+        do { \
+        int _tmp_res53; \
+        if((dsa)->meth->dsa_mod_exp) \
+                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
+                                (a2), (p2), (m), (ctx), (in_mont)); \
+        else \
+                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
+                                (m), (ctx), (in_mont)); \
+        if(!_tmp_res53) err_instr; \
+        } while(0)
+#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
+        do { \
+        int _tmp_res53; \
+        if((dsa)->meth->bn_mod_exp) \
+                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
+                                (m), (ctx), (m_ctx)); \
+        else \
+                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
+        if(!_tmp_res53) err_instr; \
+        } while(0)
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+        return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+        BIGNUM m;
+        BIGNUM xr;
+        BN_CTX *ctx=NULL;
+        int i,reason=ERR_R_BN_LIB;
+        DSA_SIG *ret=NULL;
+
+        BN_init(&m);
+        BN_init(&xr);
+
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                reason=DSA_R_MISSING_PARAMETERS;
+                goto err;
+                }
+
+        s=BN_new();
+        if (s == NULL) goto err;
+
+        i=BN_num_bytes(dsa->q); /* should be 20 */
+        if ((dlen > i) || (dlen > 50))
+                {
+                reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+                goto err;
+                }
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+
+        if ((dsa->kinv == NULL) || (dsa->r == NULL))
+                {
+                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+                }
+        else
+                {
+                kinv=dsa->kinv;
+                dsa->kinv=NULL;
+                r=dsa->r;
+                dsa->r=NULL;
+                }
+
+        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+        /* Compute  s = inv(k) (m + xr) mod q */
+        if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+        if (!BN_add(s, &xr, &m)) goto err;              /* s = m + xr */
+        if (BN_cmp(s,dsa->q) > 0)
+                BN_sub(s,s,dsa->q);
+        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+        ret=DSA_SIG_new();
+        if (ret == NULL) goto err;
+        ret->r = r;
+        ret->s = s;
+        
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_DO_SIGN,reason);
+                BN_free(r);
+                BN_free(s);
+                }
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_clear_free(&m);
+        BN_clear_free(&xr);
+        if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+            BN_clear_free(kinv);
+        return(ret);
+        }
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+        {
+        BN_CTX *ctx;
+        BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
+        int ret=0;
+
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+                return 0;
+                }
+
+        BN_init(&k);
+        BN_init(&kq);
+
+        if (ctx_in == NULL)
+                {
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
+                }
+        else
+                ctx=ctx_in;
+
+        if ((r=BN_new()) == NULL) goto err;
+
+        /* Get random k */
+        do
+                if (!BN_rand_range(&k, dsa->q)) goto err;
+        while (BN_is_zero(&k));
+        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+                {
+                BN_set_flags(&k, BN_FLG_CONSTTIME);
+                }
+
+        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
+                {
+                if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                                CRYPTO_LOCK_DSA,
+                                                dsa->p, ctx))
+                        goto err;
+                }
+
+        /* Compute r = (g^k mod p) mod q */
+
+        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+                {
+                if (!BN_copy(&kq, &k)) goto err;
+
+                /* We do not want timing information to leak the length of k,
+                 * so we compute g^k using an equivalent exponent of fixed length.
+                 *
+                 * (This is a kludge that we need because the BN_mod_exp_mont()
+                 * does not let us specify the desired timing behaviour.) */
+
+                if (!BN_add(&kq, &kq, dsa->q)) goto err;
+                if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+                        {
+                        if (!BN_add(&kq, &kq, dsa->q)) goto err;
+                        }
+
+                K = &kq;
+                }
+        else
+                {
+                K = &k;
+                }
+        DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+                        dsa->method_mont_p);
+        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+        /* Compute  part of 's = inv(k) (m + xr) mod q' */
+        if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+
+        if (*kinvp != NULL) BN_clear_free(*kinvp);
+        *kinvp=kinv;
+        kinv=NULL;
+        if (*rp != NULL) BN_clear_free(*rp);
+        *rp=r;
+        ret=1;
+err:
+        if (!ret)
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+                if (kinv != NULL) BN_clear_free(kinv);
+                if (r != NULL) BN_clear_free(r);
+                }
+        if (ctx_in == NULL) BN_CTX_free(ctx);
+        if (kinv != NULL) BN_clear_free(kinv);
+        BN_clear_free(&k);
+        BN_clear_free(&kq);
+        return(ret);
+        }
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+        {
+        BN_CTX *ctx;
+        BIGNUM u1,u2,t1;
+        BN_MONT_CTX *mont=NULL;
+        int ret = -1;
+        if (!dsa->p || !dsa->q || !dsa->g)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+                return -1;
+                }
+
+        if (BN_num_bits(dsa->q) != 160)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+                return -1;
+                }
+
+        if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+                return -1;
+                }
+
+        BN_init(&u1);
+        BN_init(&u2);
+        BN_init(&t1);
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+            BN_ucmp(sig->r, dsa->q) >= 0)
+                {
+                ret = 0;
+                goto err;
+                }
+        if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+            BN_ucmp(sig->s, dsa->q) >= 0)
+                {
+                ret = 0;
+                goto err;
+                }
+
+        /* Calculate W = inv(S) mod Q
+         * save W in u2 */
+        if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+
+        /* save M in u1 */
+        if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+
+        /* u1 = M * w mod q */
+        if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+
+        /* u2 = r * w mod q */
+        if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+
+        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
+                {
+                mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                        CRYPTO_LOCK_DSA, dsa->p, ctx);
+                if (!mont)
+                        goto err;
+                }
+
+
+        DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
+        /* BN_copy(&u1,&t1); */
+        /* let u1 = u1 mod q */
+        if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+
+        /* V is now in u1.  If the signature is correct, it will be
+         * equal to R. */
+        ret=(BN_ucmp(&u1, sig->r) == 0);
+
+        err:
+        /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
+           there is no error in BN. Test should be ret == -1 (Ben) */
+        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        BN_free(&u1);
+        BN_free(&u2);
+        BN_free(&t1);
+        return(ret);
+        }
+
+static int dsa_init(DSA *dsa)
+{
+        dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+        return(1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+        if(dsa->method_mont_p)
+                BN_MONT_CTX_free(dsa->method_mont_p);
+        return(1);
+}
+
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..4cfbbe57a8
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -0,0 +1,95 @@
+/* crypto/dsa/dsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return NULL;
+                }
+#endif
+        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+        }
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..c75e423048
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -0,0 +1,84 @@
+/* crypto/dsa/dsa_vrf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+#include <openssl/asn1_mac.h>
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
+        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+        }
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index edffd24e6b..912317bb44 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -169,6 +169,7 @@ int main(int argc, char **argv)
                 }
         BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
                 
+        if (dsa == NULL) goto end;
         DSA_print(bio_err,dsa,0);
         if (counter != 105) 
                 {
@@ -222,7 +223,7 @@ end:
                 ERR_print_errors(bio_err);
         if (dsa != NULL) DSA_free(dsa);
         CRYPTO_cleanup_all_ex_data();
-        ERR_remove_thread_state(NULL);
+        ERR_remove_state(0);
         ERR_free_strings();
         CRYPTO_mem_leaks(bio_err);
         if (bio_err != NULL)