12 files changed, 858 insertions, 101 deletions
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
new file mode 100644
index 0000000000..4f10278039
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -0,0 +1,173 @@
+#
+# OpenSSL/crypto/dsa/Makefile
+#
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o
+SRC= $(LIBSRC)
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..e5f8a8cf51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -0,0 +1,171 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o
+SRC= $(LIBSRC)
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README
new file mode 100644
index 0000000000..6a7e9c170a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/README
@@ -0,0 +1,4 @@
+The stuff in here is based on patches supplied to me by
+Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
+I have since modified a them a little but a debt of gratitude
+is due for doing the initial work.
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 851e3f0445..225ff391f9 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -80,20 +80,6 @@
 #endif
 #define DSA_FLAG_CACHE_MONT_P   0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
-                                              * implementation now uses constant time
-                                              * modular exponentiation for secret exponents
-                                              * by default. This flag causes the
-                                              * faster variable sliding window method to
-                                              * be used for all exponents.
-                                              */
-/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
- * it is then the applications responsibility to ensure the external method
- * is compliant.
- */
-#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW     0x04
 #if defined(OPENSSL_FIPS)
 #define FIPS_DSA_SIZE_T int
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index fd42053572..79aa4ff526 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/dsa/dsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,33 +64,29 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
 static ERR_STRING_DATA DSA_str_functs[]=
        {
-{ERR_FUNC(DSA_F_D2I_DSA_SIG),   "d2i_DSA_SIG"},
+{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0),       "d2i_DSA_SIG"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),       "DSAparams_print"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),   "DSAparams_print"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),    "DSAparams_print_fp"},
+{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),        "DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_DO_SIGN),   "DSA_do_sign"},
+{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0),       "DSA_do_sign"},
-{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0),     "DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_NEW_METHOD),        "DSA_new_method"},
+{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0),    "DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PRINT),     "DSA_print"},
+{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
-{ERR_FUNC(DSA_F_DSA_PRINT_FP),  "DSA_print_fp"},
+{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),      "DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_SIGN),      "DSA_sign"},
+{ERR_PACK(0,DSA_F_DSA_SIGN,0),  "DSA_sign"},
-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),        "DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),    "DSA_sign_setup"},
-{ERR_FUNC(DSA_F_DSA_SIG_NEW),   "DSA_SIG_new"},
+{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0),       "DSA_SIG_new"},
-{ERR_FUNC(DSA_F_DSA_VERIFY),    "DSA_verify"},
+{ERR_PACK(0,DSA_F_DSA_VERIFY,0),        "DSA_verify"},
-{ERR_FUNC(DSA_F_I2D_DSA_SIG),   "i2d_DSA_SIG"},
+{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0),       "i2d_DSA_SIG"},
-{ERR_FUNC(DSA_F_SIG_CB),        "SIG_CB"},
+{ERR_PACK(0,DSA_F_SIG_CB,0),    "SIG_CB"},
 {0,NULL}
        };
 static ERR_STRING_DATA DSA_str_reasons[]=
        {
-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
-{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
+{DSA_R_MISSING_PARAMETERS                ,"missing parameters"},
 {0,NULL}
        };
@@ -104,8 +100,8 @@ void ERR_load_DSA_strings(void)
                {
                init=0;
 #ifndef OPENSSL_NO_ERR
-                ERR_load_strings(0,DSA_str_functs);
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
-                ERR_load_strings(0,DSA_str_reasons);
+                ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
 #endif
                }
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 980b6dc2d3..30607ca579 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -90,22 +90,8 @@ int DSA_generate_key(DSA *dsa)
                }
        else
                pub_key=dsa->pub_key;
-        
-        {
-                BIGNUM local_prk;
-                BIGNUM *prk;
-                if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-                        {
-                        BN_init(&local_prk);
-                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
-                        }
-                else
-                        prk = priv_key;
-                if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
+        if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
-        }
        dsa->priv_key=priv_key;
        dsa->pub_key=pub_key;
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 12509a7083..f1a85afcde 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -172,7 +172,7 @@ err:
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
        BN_CTX *ctx;
-        BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
+        BIGNUM k,*kinv=NULL,*r=NULL;
        int ret=0;
        if (!dsa->p || !dsa->q || !dsa->g)
@@ -182,7 +182,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                }
        BN_init(&k);
-        BN_init(&kq);
        if (ctx_in == NULL)
                {
@@ -192,49 +191,22 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                ctx=ctx_in;
        if ((r=BN_new()) == NULL) goto err;
+        kinv=NULL;
        /* Get random k */
        do
                if (!BN_rand_range(&k, dsa->q)) goto err;
        while (BN_is_zero(&k));
-        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-                {
-                BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
-                }
-        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
+        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
                {
-                if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                                                CRYPTO_LOCK_DSA,
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-                                                dsa->p, ctx))
+                                dsa->p,ctx)) goto err;
-                        goto err;
                }
        /* Compute r = (g^k mod p) mod q */
+        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
-        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-                {
-                if (!BN_copy(&kq, &k)) goto err;
-                /* We do not want timing information to leak the length of k,
-                 * so we compute g^k using an equivalent exponent of fixed length.
-                 *
-                 * (This is a kludge that we need because the BN_mod_exp_mont()
-                 * does not let us specify the desired timing behaviour.) */
-                if (!BN_add(&kq, &kq, dsa->q)) goto err;
-                if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
-                        {
-                        if (!BN_add(&kq, &kq, dsa->q)) goto err;
-                        }
-                K = &kq;
-                }
-        else
-                {
-                K = &k;
-                }
-        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -257,7 +229,6 @@ err:
        if (ctx_in == NULL) BN_CTX_free(ctx);
        if (kinv != NULL) BN_clear_free(kinv);
        BN_clear_free(&k);
-        BN_clear_free(&kq);
        return(ret);
        }
@@ -304,15 +275,13 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        /* u2 = r * w mod q */
        if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
-        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(
+                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                                        (BN_MONT_CTX **)&dsa->method_mont_p,
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-                                        CRYPTO_LOCK_DSA, dsa->p, ctx);
+                                dsa->p,ctx)) goto err;
-                if (!mont)
-                        goto err;
                }
+        mont=(BN_MONT_CTX *)dsa->method_mont_p;
 #if 0
        {
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 37c65efb20..3c9753bac3 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -72,8 +72,7 @@
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
 #ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+        if(FIPS_mode() && !FIPS_dsa_check(dsa))
-                && !FIPS_dsa_check(dsa))
                return NULL;
 #endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
@@ -97,8 +96,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
 #ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+        if(FIPS_mode() && !FIPS_dsa_check(dsa))
-                && !FIPS_dsa_check(dsa))
                return 0;
 #endif
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c9784bed48..8ef0c45025 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -74,8 +74,7 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
 #ifdef OPENSSL_FIPS
-        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+        if(FIPS_mode() && !FIPS_dsa_check(dsa))
-                && !FIPS_dsa_check(dsa))
                return -1;
 #endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c
new file mode 100644
index 0000000000..1b6a1cca0f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsagen.c
@@ -0,0 +1,111 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/dsa.h>
+#define TEST
+#define GENUINE_DSA
+#ifdef GENUINE_DSA
+#define LAST_VALUE 0xbd
+#else
+#define LAST_VALUE 0xd3
+#endif
+#ifdef TEST
+unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,
+        0x60,0xef,0x2b,0xa8,
+        0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,
+        0xe0,0x42,0x7d,LAST_VALUE};
+#endif
+int cb(int p, int n)
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        printf("%c",c);
+        fflush(stdout);
+        }
+main()
+        {
+        int i;
+        BIGNUM *n;
+        BN_CTX *ctx;
+        unsigned char seed_buf[20];
+        DSA *dsa;
+        int counter,h;
+        BIO *bio_err=NULL;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        memcpy(seed_buf,seed,20);
+        dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
+        if (dsa == NULL)
+                DSA_print(bio_err,dsa,0);
+        }
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
new file mode 100644
index 0000000000..4734ce4af8
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -0,0 +1,242 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "../e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_NO_DSA
+int main(int argc, char *argv[])
+{
+    printf("No DSA support\n");
+    return(0);
+}
+#else
+#include <openssl/dsa.h>
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
+static unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+        };
+static unsigned char out_p[]={
+        0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+        0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+        0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+        0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+        0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+        0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+        0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+        0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+        };
+static unsigned char out_q[]={
+        0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+        0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+        0xda,0xce,0x91,0x5f,
+        };
+static unsigned char out_g[]={
+        0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+        0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+        0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+        0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+        0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+        0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+        0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+        0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+        };
+static const unsigned char str1[]="12345678901234567890";
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static BIO *bio_err=NULL;
+int main(int argc, char **argv)
+        {
+        DSA *dsa=NULL;
+        int counter,ret=0,i,j;
+        unsigned char buf[256];
+        unsigned long h;
+        unsigned char sig[256];
+        unsigned int siglen;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        BIO_printf(bio_err,"test generation of DSA parameters\n");
+        dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
+        BIO_printf(bio_err,"seed\n");
+        for (i=0; i<20; i+=4)
+                {
+                BIO_printf(bio_err,"%02X%02X%02X%02X ",
+                        seed[i],seed[i+1],seed[i+2],seed[i+3]);
+                }
+        BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
+                
+        if (dsa == NULL) goto end;
+        DSA_print(bio_err,dsa,0);
+        if (counter != 105) 
+                {
+                BIO_printf(bio_err,"counter should be 105\n");
+                goto end;
+                }
+        if (h != 2)
+                {
+                BIO_printf(bio_err,"h should be 2\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->q,buf);
+        j=sizeof(out_q);
+        if ((i != j) || (memcmp(buf,out_q,i) != 0))
+                {
+                BIO_printf(bio_err,"q value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->p,buf);
+        j=sizeof(out_p);
+        if ((i != j) || (memcmp(buf,out_p,i) != 0))
+                {
+                BIO_printf(bio_err,"p value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->g,buf);
+        j=sizeof(out_g);
+        if ((i != j) || (memcmp(buf,out_g,i) != 0))
+                {
+                BIO_printf(bio_err,"g value is wrong\n");
+                goto end;
+                }
+        DSA_generate_key(dsa);
+        DSA_sign(0, str1, 20, sig, &siglen, dsa);
+        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+                ret=1;
+end:
+        if (!ret)
+                ERR_print_errors(bio_err);
+        if (dsa != NULL) DSA_free(dsa);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_state(0);
+        ERR_free_strings();
+        CRYPTO_mem_leaks(bio_err);
+        if (bio_err != NULL)
+                {
+                BIO_free(bio_err);
+                bio_err = NULL;
+                }
+        EXIT(!ret);
+        return(0);
+        }
+static int cb_exit(int ec)
+        {
+        EXIT(ec);
+        return(0);              /* To keep some compilers quiet */
+        }
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+        {
+        char c='*';
+        static int ok=0,num=0;
+        if (p == 0) { c='.'; num++; };
+        if (p == 1) c='+';
+        if (p == 2) { c='*'; ok++; }
+        if (p == 3) c='\n';
+        BIO_write(arg,&c,1);
+        (void)BIO_flush(arg);
+        if (!ok && (p == 0) && (num > 1))
+                {
+                BIO_printf((BIO *)arg,"error in dsatest\n");
+                cb_exit(1);
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt
new file mode 100644
index 0000000000..3a2e0a0d51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
+The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
+supplied to me by Wei Dai
+--
+                     APPENDIX 5. EXAMPLE OF THE DSA
+This appendix is for informational purposes only and is not required to meet
+the standard.
+Let L = 512 (size of p).  The values in this example are expressed in
+hexadecimal notation.  The p and q given here were generated by the prime
+generation standard described in appendix 2 using the 160-bit SEED:
+          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+With this SEED, the algorithm found p and q when the counter was at 105.
+x was generated by the algorithm described in appendix 3, section 3.1, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+XSEED =   
+        bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+t =
+        67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+x = G(t,XSEED) mod q
+k was generated by the algorithm described in appendix 3, section 3.2, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+KSEED =
+        687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+t =
+        EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+k = G(t,KSEED) mod q
+Finally:
+h = 2
+p =
+        8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+        cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+        49693dfb f83724c2 ec0736ee 31c80291
+q =
+        c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+g =
+        626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+        3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+        c42e9f6f 464b088c c572af53 e6d78802
+x =
+        2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+k =
+        358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+kinv = 
+        0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+SHA(M) =  
+        a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+y =
+        19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
+        9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+        858fba33 f44c0669 9630a76b 030ee333
+r =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+s =
+        41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+w =
+        9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+u1 =
+        bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+u2 =
+        821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+gu1 mod p =
+        51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+        9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+        6f96662a 1987a21b e4ec1071 010b6069
+yu2 mod p =
+        8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+        5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
+        c19441f4 22bf3c34 08aeba1f 0a4dbec7
+v =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0