180 files changed, 21828 insertions, 4318 deletions

diff --git a/src/lib/libcrypto/aes/Makefile b/src/lib/libcrypto/aes/Makefile
index 22c7203dbb..9d174f4c3e 100644
--- a/src/lib/libcrypto/aes/Makefile
+++ b/src/lib/libcrypto/aes/Makefile
@@ -41,7 +41,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -103,7 +103,8 @@ aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
 aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 aes_cfb.o: aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: aes_core.c aes_locl.h
 aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libcrypto/asn1/Makefile b/src/lib/libcrypto/asn1/Makefile
index 63066899d0..94a6885804 100644
--- a/src/lib/libcrypto/asn1/Makefile
+++ b/src/lib/libcrypto/asn1/Makefile
@@ -63,7 +63,7 @@ pk:	pk.c
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -142,9 +142,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -250,27 +250,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../cryptlib.h a_sign.c
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
 a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: ../cryptlib.h a_strex.c charmap.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
 a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -318,8 +318,9 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -338,8 +339,9 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_gen.o: ../../include/openssl/opensslconf.h
 asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -369,8 +371,9 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_mime.o: ../../include/openssl/opensslconf.h
 asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -383,9 +386,9 @@ asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -404,23 +407,23 @@ d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_pr.o: ../cryptlib.h d2i_pr.c
+d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c
 d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_pu.o: ../cryptlib.h d2i_pu.c
+d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c
 evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -456,71 +459,73 @@ i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_pr.o: ../cryptlib.h i2d_pr.c
+i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c
 i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_pu.o: ../cryptlib.h i2d_pu.c
+i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c
 n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
 nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
+nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
 p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
 p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/opensslconf.h
 p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -533,41 +538,42 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
+p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
 t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
 t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h t_bitst.c
+t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
 t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h t_crl.c
+t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
 t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
@@ -585,57 +591,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h t_req.c
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
 t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_spki.o: ../cryptlib.h t_spki.c
+t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
 t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h t_x509.c
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
 t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../cryptlib.h t_x509a.c
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
 tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -688,21 +694,23 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
+x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
 x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
 x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/opensslconf.h
 x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -723,37 +731,40 @@ x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_crl.o: ../cryptlib.h x_crl.c
 x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
+x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
 x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
+x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
 x_long.o: ../../e_os.h ../../include/openssl/asn1.h
 x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -769,35 +780,37 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_name.o: ../cryptlib.h x_name.c
 x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../cryptlib.h x_pkey.c
 x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -810,76 +823,82 @@ x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_req.o: ../cryptlib.h x_req.c
 x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
 x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_sig.o: ../cryptlib.h x_sig.c
 x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
 x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_spki.o: ../cryptlib.h x_spki.c
 x_val.o: ../../e_os.h ../../include/openssl/asn1.h
 x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_val.o: ../cryptlib.h x_val.c
 x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../cryptlib.h x_x509.c
 x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
+x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/bf/Makefile b/src/lib/libcrypto/bf/Makefile
index 8441954a8d..7f4f03eb82 100644
--- a/src/lib/libcrypto/bf/Makefile
+++ b/src/lib/libcrypto/bf/Makefile
@@ -40,7 +40,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -103,5 +103,9 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
 bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
-bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libcrypto/bio/Makefile b/src/lib/libcrypto/bio/Makefile
index 1ef6c2fb9f..1cd76ce7a2 100644
--- a/src/lib/libcrypto/bio/Makefile
+++ b/src/lib/libcrypto/bio/Makefile
@@ -45,7 +45,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/bn/bn_opt.c b/src/lib/libcrypto/bn/bn_opt.c
new file mode 100644
index 0000000000..21cbb38f62
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn_opt.c
@@ -0,0 +1,87 @@
+/* crypto/bn/bn_opt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+char *BN_options(void)
+        {
+        static int init=0;
+        static char data[16];
+
+        if (!init)
+                {
+                init++;
+#ifdef BN_LLONG
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+#else
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+#endif
+                }
+        return(data);
+        }
diff --git a/src/lib/libcrypto/buffer/Makefile b/src/lib/libcrypto/buffer/Makefile
index 9f3a88d2d6..9e0f46e19a 100644
--- a/src/lib/libcrypto/buffer/Makefile
+++ b/src/lib/libcrypto/buffer/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= buffer.c buf_err.c
-LIBOBJ= buffer.o buf_err.o
+LIBSRC= buffer.c buf_str.c buf_err.c
+LIBOBJ= buffer.o buf_str.o buf_err.o
 
 SRC= $(LIBSRC)
 
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -81,6 +81,13 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 buf_err.o: buf_err.c
+buf_str.o: ../../e_os.h ../../include/openssl/bio.h
+buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c
 buffer.o: ../../e_os.h ../../include/openssl/bio.h
 buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libcrypto/cast/Makefile b/src/lib/libcrypto/cast/Makefile
index 149956ee90..2e026dbe0d 100644
--- a/src/lib/libcrypto/cast/Makefile
+++ b/src/lib/libcrypto/cast/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -102,5 +102,8 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 c_ofb64.o: c_ofb64.c cast_lcl.h
 c_skey.o: ../../e_os.h ../../include/openssl/cast.h
-c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_skey.o: c_skey.c cast_lcl.h cast_s.h
+c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libcrypto/comp/Makefile b/src/lib/libcrypto/comp/Makefile
index efda832dce..5d364b8513 100644
--- a/src/lib/libcrypto/comp/Makefile
+++ b/src/lib/libcrypto/comp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/conf/Makefile b/src/lib/libcrypto/conf/Makefile
index 78bb324106..ccd0721332 100644
--- a/src/lib/libcrypto/conf/Makefile
+++ b/src/lib/libcrypto/conf/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 conf_mall.o: ../../include/openssl/opensslconf.h
 conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -143,8 +143,9 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_sap.o: ../../include/openssl/opensslconf.h
 conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/des/Makefile b/src/lib/libcrypto/des/Makefile
index 523dfe38f2..786e68802e 100644
--- a/src/lib/libcrypto/des/Makefile
+++ b/src/lib/libcrypto/des/Makefile
@@ -24,7 +24,7 @@ TEST=destest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
         ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
         fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
         qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
@@ -33,7 +33,7 @@ LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
         str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
         read2pwd.c
 
-LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+LIBOBJ= des_lib.o set_key.o  ecb_enc.o  cbc_enc.o \
         ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
         enc_read.o enc_writ.o ofb64enc.o \
         ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
@@ -54,7 +54,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -157,6 +157,13 @@ des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 des_enc.o: des_enc.c des_locl.h ncbc_enc.c
+des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h
 des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
@@ -175,14 +182,12 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 ecb3_enc.o: des_locl.h ecb3_enc.c
-ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
-ecb_enc.o: spr.h
+ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: des_locl.h ecb_enc.c spr.h
 ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ede_cbcm_enc.o: ../../include/openssl/e_os2.h
 ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
@@ -272,11 +277,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
 set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-set_key.o: des_locl.h set_key.c
+set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
 str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libcrypto/des/des_lib.c b/src/lib/libcrypto/des/des_lib.c
new file mode 100644
index 0000000000..d4b3047932
--- /dev/null
+++ b/src/lib/libcrypto/des/des_lib.c
@@ -0,0 +1,106 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "des_ver.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+
+OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
+
+const char *DES_options(void)
+        {
+        static int init=1;
+        static char buf[32];
+
+        if (init)
+                {
+                const char *ptr,*unroll,*risc,*size;
+
+#ifdef DES_PTR
+                ptr="ptr";
+#else
+                ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+                risc="risc1";
+#endif
+#ifdef DES_RISC2
+                risc="risc2";
+#endif
+#else
+                risc="cisc";
+#endif
+#ifdef DES_UNROLL
+                unroll="16";
+#else
+                unroll="4";
+#endif
+                if (sizeof(DES_LONG) != sizeof(long))
+                        size="int";
+                else
+                        size="long";
+                BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+                             size);
+                init=0;
+                }
+        return(buf);
+        }
+
diff --git a/src/lib/libcrypto/dsa/dsa_utl.c b/src/lib/libcrypto/dsa/dsa_utl.c
new file mode 100644
index 0000000000..24c021d120
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_utl.c
@@ -0,0 +1,95 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+
+DSA_SIG *DSA_SIG_new(void)
+        {
+        DSA_SIG *sig;
+        sig = OPENSSL_malloc(sizeof(DSA_SIG));
+        if (!sig)
+                return NULL;
+        sig->r = NULL;
+        sig->s = NULL;
+        return sig;
+        }
+
+void DSA_SIG_free(DSA_SIG *sig)
+        {
+        if (sig)
+                {
+                if (sig->r)
+                        BN_free(sig->r);
+                if (sig->s)
+                        BN_free(sig->s);
+                OPENSSL_free(sig);
+                }
+        }
+
diff --git a/src/lib/libcrypto/dso/Makefile b/src/lib/libcrypto/dso/Makefile
index 07f5d8d159..52f152888c 100644
--- a/src/lib/libcrypto/dso/Makefile
+++ b/src/lib/libcrypto/dso/Makefile
@@ -35,7 +35,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/dyn_lck.c b/src/lib/libcrypto/dyn_lck.c
new file mode 100644
index 0000000000..7f82c41264
--- /dev/null
+++ b/src/lib/libcrypto/dyn_lck.c
@@ -0,0 +1,428 @@
+/* crypto/cryptlib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "cryptlib.h"
+#include <openssl/safestack.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+#endif
+
+DECLARE_STACK_OF(CRYPTO_dynlock)
+IMPLEMENT_STACK_OF(CRYPTO_dynlock)
+
+/* real #defines in crypto.h, keep these upto date */
+static const char* const lock_names[CRYPTO_NUM_LOCKS] =
+        {
+        "<<ERROR>>",
+        "err",
+        "ex_data",
+        "x509",
+        "x509_info",
+        "x509_pkey",
+        "x509_crl",
+        "x509_req",
+        "dsa",
+        "rsa",
+        "evp_pkey",
+        "x509_store",
+        "ssl_ctx",
+        "ssl_cert",
+        "ssl_session",
+        "ssl_sess_cert",
+        "ssl",
+        "ssl_method",
+        "rand",
+        "rand2",
+        "debug_malloc",
+        "BIO",
+        "gethostbyname",
+        "getservbyname",
+        "readdir",
+        "RSA_blinding",
+        "dh",
+        "debug_malloc2",
+        "dso",
+        "dynlock",
+        "engine",
+        "ui",
+        "ecdsa",
+        "ec",
+        "ecdh",
+        "bn",
+        "ec_pre_comp",
+        "store",
+        "comp",
+#ifndef OPENSSL_FIPS
+# if CRYPTO_NUM_LOCKS != 39
+#  error "Inconsistency between crypto.h and cryptlib.c"
+# endif
+#else
+        "fips",
+        "fips2",
+# if CRYPTO_NUM_LOCKS != 41
+#  error "Inconsistency between crypto.h and cryptlib.c"
+# endif
+#endif
+        };
+
+/* This is for applications to allocate new type names in the non-dynamic
+   array of lock names.  These are numbered with positive numbers.  */
+static STACK *app_locks=NULL;
+
+/* For applications that want a more dynamic way of handling threads, the
+   following stack is used.  These are externally numbered with negative
+   numbers.  */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+
+
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+        (const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_lock_callback)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
+        const char *file,int line)=NULL;
+
+int CRYPTO_get_new_lockid(char *name)
+        {
+        char *str;
+        int i;
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+        /* A hack to make Visual C++ 5.0 work correctly when linking as
+         * a DLL using /MT. Without this, the application cannot use
+         * and floating point printf's.
+         * It also seems to be needed for Visual C 1.5 (win16) */
+        SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+
+        if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        if ((str=BUF_strdup(name)) == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        i=sk_push(app_locks,str);
+        if (!i)
+                OPENSSL_free(str);
+        else
+                i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+        return(i);
+        }
+
+int CRYPTO_get_new_dynlockid(void)
+        {
+        int i = 0;
+        CRYPTO_dynlock *pointer = NULL;
+
+        if (dynlock_create_callback == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if ((dyn_locks == NULL)
+                && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+        if (pointer == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        pointer->references = 1;
+        pointer->data = dynlock_create_callback(__FILE__,__LINE__);
+        if (pointer->data == NULL)
+                {
+                OPENSSL_free(pointer);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        /* First, try to find an existing empty slot */
+        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+        /* If there was none, push, thereby creating a new one */
+        if (i == -1)
+                /* Since sk_push() returns the number of items on the
+                   stack, not the location of the pushed item, we need
+                   to transform the returned number into a position,
+                   by decreasing it.  */
+                i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+        else
+                /* If we found a place with a NULL pointer, put our pointer
+                   in it.  */
+                (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (i == -1)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        else
+                i += 1; /* to avoid 0 */
+        return -i;
+        }
+
+void CRYPTO_destroy_dynlockid(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        if (dynlock_destroy_callback == NULL)
+                return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                return;
+                }
+        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer != NULL)
+                {
+                --pointer->references;
+#ifdef REF_CHECK
+                if (pointer->references < 0)
+                        {
+                        fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
+                        abort();
+                        }
+                else
+#endif
+                        if (pointer->references <= 0)
+                                {
+                                (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+                                }
+                        else
+                                pointer = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        }
+
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+                pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer)
+                pointer->references++;
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                return pointer->data;
+        return NULL;
+        }
+
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+        (const char *file,int line)
+        {
+        return(dynlock_create_callback);
+        }
+
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_lock_callback);
+        }
+
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+        (struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_destroy_callback);
+        }
+
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+        (const char *file, int line))
+        {
+        dynlock_create_callback=func;
+        }
+
+static void do_dynlock(int mode, int type, const char *file, int line)
+        {
+        if (dynlock_lock_callback != NULL)
+                {
+                struct CRYPTO_dynlock_value *pointer
+                                = CRYPTO_get_dynlock_value(type);
+
+                OPENSSL_assert(pointer != NULL);
+
+                dynlock_lock_callback(mode, pointer, file, line);
+
+                CRYPTO_destroy_dynlockid(type);
+                }
+        }
+
+void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        /* Set callback so CRYPTO_lock() can now handle dynamic locks.
+         * This is OK because at this point and application shouldn't be using
+         * OpenSSL from multiple threads because it is setting up the locking
+         * callbacks.
+         */
+        static int done = 0;
+        if (!done)
+                {
+                int_CRYPTO_set_do_dynlock_callback(do_dynlock);
+                done = 1;
+                }
+                
+        dynlock_lock_callback=func;
+        }
+
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+        (struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_destroy_callback=func;
+        }
+
+const char *CRYPTO_get_lock_name(int type)
+        {
+        if (type < 0)
+                return("dynamic");
+        else if (type < CRYPTO_NUM_LOCKS)
+                return(lock_names[type]);
+        else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+                return("ERROR");
+        else
+                return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+        }
+
diff --git a/src/lib/libcrypto/ec/Makefile b/src/lib/libcrypto/ec/Makefile
index 42f7bb7fc8..b5bbc9faa1 100644
--- a/src/lib/libcrypto/ec/Makefile
+++ b/src/lib/libcrypto/ec/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/err/Makefile b/src/lib/libcrypto/err/Makefile
index 23e38409c8..91d1379d41 100644
--- a/src/lib/libcrypto/err/Makefile
+++ b/src/lib/libcrypto/err/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=err.c err_all.c err_prn.c
-LIBOBJ=err.o err_all.o err_prn.o
+LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c
+LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o
 
 SRC= $(LIBSRC)
 
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,17 +89,31 @@ err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
-err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-err_all.o: err_all.c
+err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_bio.o: ../../e_os.h ../../include/openssl/bio.h
+err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c
+err_def.o: ../../e_os.h ../../include/openssl/bio.h
+err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c
 err_prn.o: ../../e_os.h ../../include/openssl/bio.h
 err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -107,3 +121,10 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c
+err_str.o: ../../e_os.h ../../include/openssl/bio.h
+err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c
diff --git a/src/lib/libcrypto/err/err_bio.c b/src/lib/libcrypto/err/err_bio.c
new file mode 100644
index 0000000000..a42f804840
--- /dev/null
+++ b/src/lib/libcrypto/err/err_bio.c
@@ -0,0 +1,75 @@
+/* crypto/err/err_prn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int print_bio(const char *str, size_t len, void *bp)
+        {
+        return BIO_write((BIO *)bp, str, len);
+        }
+void ERR_print_errors(BIO *bp)
+        {
+        ERR_print_errors_cb(print_bio, bp);
+        }
+
+        
diff --git a/src/lib/libcrypto/err/err_def.c b/src/lib/libcrypto/err/err_def.c
new file mode 100644
index 0000000000..7ed3d84955
--- /dev/null
+++ b/src/lib/libcrypto/err/err_def.c
@@ -0,0 +1,665 @@
+/* crypto/err/err_def.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#define err_clear_data(p,i) \
+        do { \
+        if (((p)->err_data[i] != NULL) && \
+                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+                {  \
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i]=NULL; \
+                } \
+        (p)->err_data_flags[i]=0; \
+        } while(0)
+
+#define err_clear(p,i) \
+        do { \
+        (p)->err_flags[i]=0; \
+        (p)->err_buffer[i]=0; \
+        err_clear_data(p,i); \
+        (p)->err_file[i]=NULL; \
+        (p)->err_line[i]= -1; \
+        } while(0)
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
+
+static void ERR_STATE_free(ERR_STATE *s);
+
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS
+        {
+        /* Works on the "error_hash" string table */
+        LHASH *(*cb_err_get)(int create);
+        void (*cb_err_del)(void);
+        ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
+        /* Works on the "thread_hash" error-state table */
+        LHASH *(*cb_thread_get)(int create);
+        void (*cb_thread_release)(LHASH **hash);
+        ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
+        ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
+        void (*cb_thread_del_item)(const ERR_STATE *);
+        /* Returns the next available error "library" numbers */
+        int (*cb_get_next_lib)(void);
+        };
+
+/* Predeclarations of the "err_defaults" functions */
+static LHASH *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH *int_thread_get(int create);
+static void int_thread_release(LHASH **hash);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults =
+        {
+        int_err_get,
+        int_err_del,
+        int_err_get_item,
+        int_err_set_item,
+        int_err_del_item,
+        int_thread_get,
+        int_thread_release,
+        int_thread_get_item,
+        int_thread_set_item,
+        int_thread_del_item,
+        int_err_get_next_lib
+        };
+
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+
+/* The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer all
+ * ERR state operation (together with requisite locking) to the implementations
+ * and state in the loading application. */
+static LHASH *int_error_hash = NULL;
+static LHASH *int_thread_hash = NULL;
+static int int_thread_hash_references = 0;
+static int int_err_library_number= ERR_LIB_USER;
+
+/* Internal function that checks whether "err_fns" is set and if not, sets it to
+ * the defaults. */
+static void err_fns_check(void)
+        {
+        if (err_fns) return;
+        
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!err_fns)
+                err_fns = &err_defaults;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+
+/* API functions to get or set the underlying ERR functions. */
+
+const ERR_FNS *ERR_get_implementation(void)
+        {
+        err_fns_check();
+        return err_fns;
+        }
+
+int ERR_set_implementation(const ERR_FNS *fns)
+        {
+        int ret = 0;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
+         * an error is there?! */
+        if (!err_fns)
+                {
+                err_fns = fns;
+                ret = 1;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+
+/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
+ * internal to the "err_defaults" implementation. */
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a); */
+static unsigned long err_hash(const void *a_void);
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
+static int err_cmp(const void *a_void, const void *b_void);
+/* static unsigned long pid_hash(ERR_STATE *pid); */
+static unsigned long pid_hash(const void *pid_void);
+/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
+static int pid_cmp(const void *a_void,const void *pid_void);
+
+/* The internal functions used in the "err_defaults" implementation */
+
+static LHASH *int_err_get(int create)
+        {
+        LHASH *ret = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_error_hash && create)
+                {
+                CRYPTO_push_info("int_err_get (err.c)");
+                int_error_hash = lh_new(err_hash, err_cmp);
+                CRYPTO_pop_info();
+                }
+        if (int_error_hash)
+                ret = int_error_hash;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return ret;
+        }
+
+static void int_err_del(void)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (int_error_hash)
+                {
+                lh_free(int_error_hash);
+                int_error_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(1);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_delete(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static LHASH *int_thread_get(int create)
+        {
+        LHASH *ret = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_thread_hash && create)
+                {
+                CRYPTO_push_info("int_thread_get (err.c)");
+                int_thread_hash = lh_new(pid_hash, pid_cmp);
+                CRYPTO_pop_info();
+                }
+        if (int_thread_hash)
+                {
+                int_thread_hash_references++;
+                ret = int_thread_hash;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+
+static void int_thread_release(LHASH **hash)
+        {
+        int i;
+
+        if (hash == NULL || *hash == NULL)
+                return;
+
+        i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+
+#ifdef REF_PRINT
+        fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"int_thread_release, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        *hash = NULL;
+        }
+
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(1);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+
+static void int_thread_del_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_delete(hash, d);
+        /* make sure we don't leak memory */
+        if (int_thread_hash_references == 1
+                && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
+                {
+                lh_free(int_thread_hash);
+                int_thread_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        if (p)
+                ERR_STATE_free(p);
+        }
+
+static int int_err_get_next_lib(void)
+        {
+        int ret;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        ret = int_err_library_number++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return ret;
+        }
+
+static void ERR_STATE_free(ERR_STATE *s)
+        {
+        int i;
+
+        if (s == NULL)
+            return;
+
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                err_clear_data(s,i);
+                }
+        OPENSSL_free(s);
+        }
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_set_item)(str);
+                str++;
+                }
+        }
+
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        err_fns_check();
+        err_load_strings(lib, str);
+        }
+
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_del_item)(str);
+                str++;
+                }
+        }
+
+void ERR_free_strings(void)
+        {
+        err_fns_check();
+        ERRFN(err_del)();
+        }
+
+LHASH *ERR_get_string_table(void)
+        {
+        err_fns_check();
+        return ERRFN(err_get)(0);
+        }
+
+LHASH *ERR_get_err_state_table(void)
+        {
+        err_fns_check();
+        return ERRFN(thread_get)(0);
+        }
+
+void ERR_release_err_state_table(LHASH **hash)
+        {
+        err_fns_check();
+        ERRFN(thread_release)(hash);
+        }
+
+const char *ERR_lib_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        d.error=ERR_PACK(l,0,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+
+const char *ERR_func_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l,f;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        d.error=ERR_PACK(l,f,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+
+const char *ERR_reason_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l,r;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        r=ERR_GET_REASON(e);
+        d.error=ERR_PACK(l,0,r);
+        p=ERRFN(err_get_item)(&d);
+        if (!p)
+                {
+                d.error=ERR_PACK(0,0,r);
+                p=ERRFN(err_get_item)(&d);
+                }
+        return((p == NULL)?NULL:p->string);
+        }
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a) */
+static unsigned long err_hash(const void *a_void)
+        {
+        unsigned long ret,l;
+
+        l=((const ERR_STRING_DATA *)a_void)->error;
+        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+        return(ret^ret%19*13);
+        }
+
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
+static int err_cmp(const void *a_void, const void *b_void)
+        {
+        return((int)(((const ERR_STRING_DATA *)a_void)->error -
+                        ((const ERR_STRING_DATA *)b_void)->error));
+        }
+
+/* static unsigned long pid_hash(ERR_STATE *a) */
+static unsigned long pid_hash(const void *a_void)
+        {
+        return(((const ERR_STATE *)a_void)->pid*13);
+        }
+
+/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
+static int pid_cmp(const void *a_void, const void *b_void)
+        {
+        return((int)((long)((const ERR_STATE *)a_void)->pid -
+                        (long)((const ERR_STATE *)b_void)->pid));
+        }
+#ifdef OPENSSL_FIPS
+static void int_err_remove_state(unsigned long pid)
+#else
+void ERR_remove_state(unsigned long pid)
+#endif
+        {
+        ERR_STATE tmp;
+
+        err_fns_check();
+        if (pid == 0)
+                pid=(unsigned long)CRYPTO_thread_id();
+        tmp.pid=pid;
+        /* thread_del_item automatically destroys the LHASH if the number of
+         * items reaches zero. */
+        ERRFN(thread_del_item)(&tmp);
+        }
+
+#ifdef OPENSSL_FIPS
+        static ERR_STATE *int_err_get_state(void)
+#else
+ERR_STATE *ERR_get_state(void)
+#endif
+        {
+        static ERR_STATE fallback;
+        ERR_STATE *ret,tmp,*tmpp=NULL;
+        int i;
+        unsigned long pid;
+
+        err_fns_check();
+        pid=(unsigned long)CRYPTO_thread_id();
+        tmp.pid=pid;
+        ret=ERRFN(thread_get_item)(&tmp);
+
+        /* ret == the error state, if NULL, make a new one */
+        if (ret == NULL)
+                {
+                ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
+                if (ret == NULL) return(&fallback);
+                ret->pid=pid;
+                ret->top=0;
+                ret->bottom=0;
+                for (i=0; i<ERR_NUM_ERRORS; i++)
+                        {
+                        ret->err_data[i]=NULL;
+                        ret->err_data_flags[i]=0;
+                        }
+                tmpp = ERRFN(thread_set_item)(ret);
+                /* To check if insertion failed, do a get. */
+                if (ERRFN(thread_get_item)(ret) != ret)
+                        {
+                        ERR_STATE_free(ret); /* could not insert it */
+                        return(&fallback);
+                        }
+                /* If a race occured in this function and we came second, tmpp
+                 * is the first one that we just replaced. */
+                if (tmpp)
+                        ERR_STATE_free(tmpp);
+                }
+        return ret;
+        }
+
+#ifdef OPENSSL_FIPS
+void int_ERR_lib_init(void)
+        {
+        int_ERR_set_state_func(int_err_get_state, int_err_remove_state);
+        }
+#endif
+
+int ERR_get_next_error_library(void)
+        {
+        err_fns_check();
+        return ERRFN(get_next_lib)();
+        }
diff --git a/src/lib/libcrypto/err/err_str.c b/src/lib/libcrypto/err/err_str.c
new file mode 100644
index 0000000000..d39040888d
--- /dev/null
+++ b/src/lib/libcrypto/err/err_str.c
@@ -0,0 +1,295 @@
+/* crypto/err/err_str.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+        {
+{ERR_PACK(ERR_LIB_NONE,0,0)             ,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)              ,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)              ,"PEM routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)              ,"dsa routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)             ,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)             ,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)             ,"configuration file routines"},
+{ERR_PACK(ERR_LIB_CRYPTO,0,0)           ,"common libcrypto routines"},
+{ERR_PACK(ERR_LIB_EC,0,0)               ,"elliptic curve routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)              ,"SSL routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)            ,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)           ,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)           ,"PKCS12 routines"},
+{ERR_PACK(ERR_LIB_RAND,0,0)             ,"random number generator"},
+{ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)             ,"OCSP routines"},
+{ERR_PACK(ERR_LIB_FIPS,0,0)             ,"FIPS routines"},
+{ERR_PACK(ERR_LIB_CMS,0,0)              ,"CMS routines"},
+{ERR_PACK(ERR_LIB_JPAKE,0,0)            ,"JPAKE routines"},
+{0,NULL},
+        };
+
+static ERR_STRING_DATA ERR_str_functs[]=
+        {
+        {ERR_PACK(0,SYS_F_FOPEN,0),             "fopen"},
+        {ERR_PACK(0,SYS_F_CONNECT,0),           "connect"},
+        {ERR_PACK(0,SYS_F_GETSERVBYNAME,0),     "getservbyname"},
+        {ERR_PACK(0,SYS_F_SOCKET,0),            "socket"}, 
+        {ERR_PACK(0,SYS_F_IOCTLSOCKET,0),       "ioctlsocket"},
+        {ERR_PACK(0,SYS_F_BIND,0),              "bind"},
+        {ERR_PACK(0,SYS_F_LISTEN,0),            "listen"},
+        {ERR_PACK(0,SYS_F_ACCEPT,0),            "accept"},
+#ifdef OPENSSL_SYS_WINDOWS
+        {ERR_PACK(0,SYS_F_WSASTARTUP,0),        "WSAstartup"},
+#endif
+        {ERR_PACK(0,SYS_F_OPENDIR,0),           "opendir"},
+        {ERR_PACK(0,SYS_F_FREAD,0),             "fread"},
+        {0,NULL},
+        };
+
+static ERR_STRING_DATA ERR_str_reasons[]=
+        {
+{ERR_R_SYS_LIB                          ,"system lib"},
+{ERR_R_BN_LIB                           ,"BN lib"},
+{ERR_R_RSA_LIB                          ,"RSA lib"},
+{ERR_R_DH_LIB                           ,"DH lib"},
+{ERR_R_EVP_LIB                          ,"EVP lib"},
+{ERR_R_BUF_LIB                          ,"BUF lib"},
+{ERR_R_OBJ_LIB                          ,"OBJ lib"},
+{ERR_R_PEM_LIB                          ,"PEM lib"},
+{ERR_R_DSA_LIB                          ,"DSA lib"},
+{ERR_R_X509_LIB                         ,"X509 lib"},
+{ERR_R_ASN1_LIB                         ,"ASN1 lib"},
+{ERR_R_CONF_LIB                         ,"CONF lib"},
+{ERR_R_CRYPTO_LIB                       ,"CRYPTO lib"},
+{ERR_R_EC_LIB                           ,"EC lib"},
+{ERR_R_SSL_LIB                          ,"SSL lib"},
+{ERR_R_BIO_LIB                          ,"BIO lib"},
+{ERR_R_PKCS7_LIB                        ,"PKCS7 lib"},
+{ERR_R_X509V3_LIB                       ,"X509V3 lib"},
+{ERR_R_PKCS12_LIB                       ,"PKCS12 lib"},
+{ERR_R_RAND_LIB                         ,"RAND lib"},
+{ERR_R_DSO_LIB                          ,"DSO lib"},
+{ERR_R_ENGINE_LIB                       ,"ENGINE lib"},
+{ERR_R_OCSP_LIB                         ,"OCSP lib"},
+
+{ERR_R_NESTED_ASN1_ERROR                ,"nested asn1 error"},
+{ERR_R_BAD_ASN1_OBJECT_HEADER           ,"bad asn1 object header"},
+{ERR_R_BAD_GET_ASN1_OBJECT_CALL         ,"bad get asn1 object call"},
+{ERR_R_EXPECTING_AN_ASN1_SEQUENCE       ,"expecting an asn1 sequence"},
+{ERR_R_ASN1_LENGTH_MISMATCH             ,"asn1 length mismatch"},
+{ERR_R_MISSING_ASN1_EOS                 ,"missing asn1 eos"},
+
+{ERR_R_FATAL                            ,"fatal"},
+{ERR_R_MALLOC_FAILURE                   ,"malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER            ,"passed a null parameter"},
+{ERR_R_INTERNAL_ERROR                   ,"internal error"},
+{ERR_R_DISABLED                         ,"called a function that was disabled at compile-time"},
+
+{0,NULL},
+        };
+#endif
+
+#ifndef OPENSSL_NO_ERR
+#define NUM_SYS_STR_REASONS 127
+#define LEN_SYS_STR_REASON 32
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/* SYS_str_reasons is filled with copies of strerror() results at
+ * initialization.
+ * 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string.
+ * It is crucial that we have something for each reason code
+ * that occurs in ERR_str_reasons, or bogus reason strings
+ * will be returned for SYSerr, which always gets an errno
+ * value and never one of those 'standard' reason codes. */
+
+static void build_SYS_str_reasons(void)
+        {
+        /* OPENSSL_malloc cannot be used here, use static storage instead */
+        static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+        int i;
+        static int init = 1;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+        
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+
+        for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
+                {
+                ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+                str->error = (unsigned long)i;
+                if (str->string == NULL)
+                        {
+                        char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+                        char *src = strerror(i);
+                        if (src != NULL)
+                                {
+                                strncpy(*dest, src, sizeof *dest);
+                                (*dest)[sizeof *dest - 1] = '\0';
+                                str->string = *dest;
+                                }
+                        }
+                if (str->string == NULL)
+                        str->string = "unknown";
+                }
+
+        /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
+         * as required by ERR_load_strings. */
+
+        init = 0;
+        
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+#endif
+
+void ERR_load_ERR_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+        if (ERR_func_error_string(ERR_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,ERR_str_libraries);
+                ERR_load_strings(0,ERR_str_reasons);
+                ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
+                build_SYS_str_reasons();
+                ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons);
+                }
+#endif
+        }
+
diff --git a/src/lib/libcrypto/evp/dig_eng.c b/src/lib/libcrypto/evp/dig_eng.c
new file mode 100644
index 0000000000..64cdf9366c
--- /dev/null
+++ b/src/lib/libcrypto/evp/dig_eng.c
@@ -0,0 +1,180 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+#ifndef OPENSSL_NO_ENGINE
+
+#ifdef OPENSSL_FIPS
+
+static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
+        {
+        if (*ptype)
+                {
+                /* Ensure an ENGINE left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_MD could be used). */
+                if(ctx->engine)
+                        ENGINE_finish(ctx->engine);
+                if(impl)
+                        {
+                        if (!ENGINE_init(impl))
+                                {
+                                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        /* Ask if an ENGINE is reserved for this job */
+                        impl = ENGINE_get_digest_engine((*ptype)->type);
+                if(impl)
+                        {
+                        /* There's an ENGINE for this job ... (apparently) */
+                        const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+                        if(!d)
+                                {
+                                /* Same comment from evp_enc.c */
+                                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        /* We'll use the ENGINE's private digest definition */
+                        *ptype = d;
+                        /* Store the ENGINE functional reference so we know
+                         * 'type' came from an ENGINE and we need to release
+                         * it when done. */
+                        ctx->engine = impl;
+                        }
+                else
+                        ctx->engine = NULL;
+                }
+        else
+        if(!ctx->digest)
+                {
+                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET);
+                return 0;
+                }
+        return 1;
+        }
+
+void int_EVP_MD_init_engine_callbacks(void)
+        {
+        int_EVP_MD_set_engine_callbacks(
+                ENGINE_init, ENGINE_finish, do_evp_md_engine_full);
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/evp/enc_min.c b/src/lib/libcrypto/evp/enc_min.c
new file mode 100644
index 0000000000..3cb4626bef
--- /dev/null
+++ b/src/lib/libcrypto/evp/enc_min.c
@@ -0,0 +1,390 @@
+/* crypto/evp/enc_min.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+        {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
+        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+        /* ctx->cipher=NULL; */
+        }
+
+#ifdef OPENSSL_FIPS
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                    const unsigned char *iv, int enc)
+        { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+
+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, unsigned int inl)
+        { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+
+/* NB: no cleanup because it is allowed after failed init */
+
+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+        { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
+
+static const EVP_CIPHER bad_cipher =
+        {
+        0,
+        0,
+        0,
+        0,
+        0,
+        bad_init,
+        bad_do_cipher,
+        NULL,
+        0,
+        bad_set_asn1,
+        bad_get_asn1,
+        bad_ctrl,
+        NULL
+        };
+
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+
+#ifdef OPENSSL_FIPS
+
+static int do_engine_null(ENGINE *impl) { return 0;}
+static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx,
+                                const EVP_CIPHER **pciph, ENGINE *impl)
+        { return 1; }
+
+static int (*do_engine_finish)(ENGINE *impl)
+                = do_engine_null;
+
+static int (*do_evp_enc_engine)
+        (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)
+                = do_evp_enc_engine_null;
+
+void int_EVP_CIPHER_set_engine_callbacks(
+        int (*eng_ciph_fin)(ENGINE *impl),
+        int (*eng_ciph_evp)
+                (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl))
+        {
+        do_engine_finish = eng_ciph_fin;
+        do_evp_enc_engine = eng_ciph_evp;
+        }
+
+#else
+
+#define do_engine_finish ENGINE_finish
+
+static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
+        {
+        if(impl)
+                {
+                if (!ENGINE_init(impl))
+                        {
+                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+                        return 0;
+                        }
+                }
+        else
+                /* Ask if an ENGINE is reserved for this job */
+                impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+        if(impl)
+                {
+                /* There's an ENGINE for this job ... (apparently) */
+                const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+                if(!c)
+                        {
+                        /* One positive side-effect of US's export
+                         * control history, is that we should at least
+                         * be able to avoid using US mispellings of
+                         * "initialisation"? */
+                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+                        return 0;
+                        }
+                /* We'll use the ENGINE's private cipher definition */
+                *pcipher = c;
+                /* Store the ENGINE functional reference so we know
+                 * 'cipher' came from an ENGINE and we need to release
+                 * it when done. */
+                ctx->engine = impl;
+                }
+        else
+                ctx->engine = NULL;
+        return 1;
+        }
+
+#endif
+
+#endif
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+             const unsigned char *key, const unsigned char *iv, int enc)
+        {
+        if (enc == -1)
+                enc = ctx->encrypt;
+        else
+                {
+                if (enc)
+                        enc = 1;
+                ctx->encrypt = enc;
+                }
+#ifdef OPENSSL_NO_FIPS
+        if(FIPS_selftest_failed())
+                {
+                FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
+                ctx->cipher = &bad_cipher;
+                return 0;
+                }
+#endif
+#ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
+         * reinitialisation, when it may all be unecessary. */
+        if (ctx->engine && ctx->cipher && (!cipher ||
+                        (cipher && (cipher->nid == ctx->cipher->nid))))
+                goto skip_to_init;
+#endif
+        if (cipher)
+                {
+                /* Ensure a context left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_CIPHER could be used). */
+                EVP_CIPHER_CTX_cleanup(ctx);
+
+                /* Restore encrypt field: it is zeroed by cleanup */
+                ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+                if (!do_evp_enc_engine(ctx, &cipher, impl))
+                        return 0;
+#endif
+
+                ctx->cipher=cipher;
+                if (ctx->cipher->ctx_size)
+                        {
+                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+                        if (!ctx->cipher_data)
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
+                else
+                        {
+                        ctx->cipher_data = NULL;
+                        }
+                ctx->key_len = cipher->key_len;
+                ctx->flags = 0;
+                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+                        {
+                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                }
+        else if(!ctx->cipher)
+                {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+                return 0;
+                }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+        /* we assume block size is a power of 2 in *cryptUpdate */
+        OPENSSL_assert(ctx->cipher->block_size == 1
+            || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 16);
+
+        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+                switch(EVP_CIPHER_CTX_mode(ctx)) {
+
+                        case EVP_CIPH_STREAM_CIPHER:
+                        case EVP_CIPH_ECB_MODE:
+                        break;
+
+                        case EVP_CIPH_CFB_MODE:
+                        case EVP_CIPH_OFB_MODE:
+
+                        ctx->num = 0;
+
+                        case EVP_CIPH_CBC_MODE:
+
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                                        (int)sizeof(ctx->iv));
+                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
+
+                        default:
+                        return 0;
+                        break;
+                }
+        }
+
+#ifdef OPENSSL_FIPS
+        /* After 'key' is set no further parameters changes are permissible.
+         * So only check for non FIPS enabling at this point.
+         */
+        if (key && FIPS_mode())
+                {
+                if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+                        & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+                        {
+                        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+#if 0
+                        ERR_add_error_data(2, "cipher=",
+                                                EVP_CIPHER_name(ctx->cipher));
+#endif
+                        ctx->cipher = &bad_cipher;
+                        return 0;
+                        }
+                }
+#endif
+
+        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+        }
+        ctx->buf_len=0;
+        ctx->final_used=0;
+        ctx->block_mask=ctx->cipher->block_size-1;
+        return 1;
+        }
+
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+        {
+        if (c->cipher != NULL)
+                {
+                if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                        return 0;
+                /* Cleanse cipher context data */
+                if (c->cipher_data)
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+                }
+        if (c->cipher_data)
+                OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+        if (c->engine)
+                /* The EVP_CIPHER we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                do_engine_finish(c->engine);
+#endif
+        memset(c,0,sizeof(EVP_CIPHER_CTX));
+        return 1;
+        }
+
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
+        {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
+        return ctx->cipher->do_cipher(ctx,out,in,inl);
+        }
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        int ret;
+        if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+
+        if(!ctx->cipher->ctrl) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                return 0;
+        }
+
+        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+        if(ret == -1) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                return 0;
+        }
+        return ret;
+}
+
+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->flags;
+        }
+
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->iv_len;
+        }
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+        {
+        return cipher->nid;
+        }
diff --git a/src/lib/libcrypto/evp/evp_cnf.c b/src/lib/libcrypto/evp/evp_cnf.c
new file mode 100644
index 0000000000..2e4db30235
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_cnf.c
@@ -0,0 +1,125 @@
+/* evp_cnf.c */
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+
+/* Algorithm configuration module. */
+
+static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+        {
+        int i;
+        const char *oid_section;
+        STACK_OF(CONF_VALUE) *sktmp;
+        CONF_VALUE *oval;
+        oid_section = CONF_imodule_get_value(md);
+        if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+                {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
+                return 0;
+                }
+        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+                {
+                oval = sk_CONF_VALUE_value(sktmp, i);
+                if (!strcmp(oval->name, "fips_mode"))
+                        {
+                        int m;
+                        if (!X509V3_get_value_bool(oval, &m))
+                                {
+                                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
+                                return 0;
+                                }
+                        if (m > 0)
+                                {
+#ifdef OPENSSL_FIPS
+                                if (!FIPS_mode() && !FIPS_mode_set(1))
+                                        {
+                                        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE);
+                                        return 0;
+                                        }
+#else
+                                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
+                                return 0;
+#endif
+                                }
+                        }
+                else
+                        {
+                        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
+                        ERR_add_error_data(4, "name=", oval->name,
+                                                ", value=", oval->value);
+                        }
+                                
+                }
+        return 1;
+        }
+
+void EVP_add_alg_module(void)
+        {
+        CONF_module_add("alg_section", alg_module_init, 0);
+        }
diff --git a/src/lib/libcrypto/fips_err.c b/src/lib/libcrypto/fips_err.c
new file mode 100644
index 0000000000..09f11748f6
--- /dev/null
+++ b/src/lib/libcrypto/fips_err.c
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+# include "fips_err.h"
+#else
+static void *dummy=&dummy;
+#endif
diff --git a/src/lib/libcrypto/hmac/Makefile b/src/lib/libcrypto/hmac/Makefile
index 01f10c396f..5cfa37d99c 100644
--- a/src/lib/libcrypto/hmac/Makefile
+++ b/src/lib/libcrypto/hmac/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -77,9 +77,10 @@ clean:
 hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../cryptlib.h hmac.c
diff --git a/src/lib/libcrypto/idea/Makefile b/src/lib/libcrypto/idea/Makefile
index b2e7add666..55c0d4dbff 100644
--- a/src/lib/libcrypto/idea/Makefile
+++ b/src/lib/libcrypto/idea/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -82,5 +82,9 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ofb64.o: i_ofb64.c idea_lcl.h
-i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
+i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libcrypto/krb5/Makefile b/src/lib/libcrypto/krb5/Makefile
index 14077390d6..8efb9e8910 100644
--- a/src/lib/libcrypto/krb5/Makefile
+++ b/src/lib/libcrypto/krb5/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/lhash/Makefile b/src/lib/libcrypto/lhash/Makefile
index 82bddac474..35f0932971 100644
--- a/src/lib/libcrypto/lhash/Makefile
+++ b/src/lib/libcrypto/lhash/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/md2/Makefile b/src/lib/libcrypto/md2/Makefile
index 17f878aeb7..7f43321ab2 100644
--- a/src/lib/libcrypto/md2/Makefile
+++ b/src/lib/libcrypto/md2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -74,7 +74,9 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
 md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/md4/Makefile b/src/lib/libcrypto/md4/Makefile
index ef97bb0cbe..0bc4896585 100644
--- a/src/lib/libcrypto/md4/Makefile
+++ b/src/lib/libcrypto/md4/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -75,9 +75,13 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
-md4_dgst.o: ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c
 md4_dgst.o: md4_locl.h
 md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libcrypto/md5/Makefile b/src/lib/libcrypto/md5/Makefile
index ceb00e8956..3c450fcfc0 100644
--- a/src/lib/libcrypto/md5/Makefile
+++ b/src/lib/libcrypto/md5/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -91,9 +91,13 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
-md5_dgst.o: ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c
 md5_dgst.o: md5_locl.h
 md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libcrypto/objects/Makefile b/src/lib/libcrypto/objects/Makefile
index 9c5615099c..25e8b23b5d 100644
--- a/src/lib/libcrypto/objects/Makefile
+++ b/src/lib/libcrypto/objects/Makefile
@@ -34,7 +34,7 @@ top:
 all:    obj_dat.h lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/ocsp/Makefile b/src/lib/libcrypto/ocsp/Makefile
index 0fe028960e..30a00b3372 100644
--- a/src/lib/libcrypto/ocsp/Makefile
+++ b/src/lib/libcrypto/ocsp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -82,9 +82,10 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_asn.o: ../../include/openssl/opensslconf.h
 ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -97,24 +98,25 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_cl.o: ../cryptlib.h ocsp_cl.c
+ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
 ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/opensslconf.h
 ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -127,21 +129,22 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c
-ocsp_ht.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ocsp_ht.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ocsp_ht.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ocsp_ht.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_ht.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -156,9 +159,9 @@ ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -171,9 +174,10 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_prn.o: ../../include/openssl/opensslconf.h
 ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -187,9 +191,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -202,9 +206,10 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_vfy.o: ../../include/openssl/opensslconf.h
 ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libcrypto/pem/Makefile b/src/lib/libcrypto/pem/Makefile
index 742194fd24..669f36612c 100644
--- a/src/lib/libcrypto/pem/Makefile
+++ b/src/lib/libcrypto/pem/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -83,36 +83,39 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../cryptlib.h pem_all.c
 pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c
+pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: pem_err.c
 pem_info.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/opensslconf.h
 pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
@@ -126,54 +129,55 @@ pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_lib.o: ../cryptlib.h pem_lib.c
+pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
 pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c
+pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../cryptlib.h pem_oth.c
 pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_pk8.o: ../cryptlib.h pem_pk8.c
+pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
 pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_pkey.o: ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
@@ -186,9 +190,9 @@ pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_seal.o: ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -201,9 +205,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_sign.o: ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -216,9 +220,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -230,9 +234,9 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
diff --git a/src/lib/libcrypto/pkcs12/Makefile b/src/lib/libcrypto/pkcs12/Makefile
index 3a7498fe7a..eed226b30d 100644
--- a/src/lib/libcrypto/pkcs12/Makefile
+++ b/src/lib/libcrypto/pkcs12/Makefile
@@ -39,7 +39,7 @@ test:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -85,36 +85,37 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c
+p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../cryptlib.h p12_add.c
 p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_asn.o: ../cryptlib.h p12_asn.c
+p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
 p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_attr.o: ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -126,9 +127,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crpt.o: ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -140,22 +141,23 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c
+p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../cryptlib.h p12_crt.c
 p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_decr.o: ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -167,9 +169,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_init.o: ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -182,22 +184,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_key.o: ../cryptlib.h p12_key.c
+p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c
 p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_kiss.o: ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -209,9 +211,10 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_mutl.o: ../../include/openssl/opensslconf.h
 p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -223,8 +226,9 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_npas.o: ../../include/openssl/opensslconf.h
 p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
@@ -237,50 +241,53 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c
+p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../cryptlib.h p12_p8d.c
 p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c
+p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../cryptlib.h p12_p8e.c
 p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c
+p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../cryptlib.h p12_utl.c
 pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk12err.o: pk12err.c
+pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
diff --git a/src/lib/libcrypto/pkcs7/Makefile b/src/lib/libcrypto/pkcs7/Makefile
index 3f7e88b40f..790d8edf36 100644
--- a/src/lib/libcrypto/pkcs7/Makefile
+++ b/src/lib/libcrypto/pkcs7/Makefile
@@ -54,7 +54,7 @@ verify: verify.o example.o lib
         $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -101,8 +101,9 @@ pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_asn1.o: ../../include/openssl/opensslconf.h
 pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -113,8 +114,9 @@ pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_attr.o: ../../include/openssl/opensslconf.h
 pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -127,8 +129,9 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_doit.o: ../../include/openssl/opensslconf.h
 pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -140,22 +143,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_lib.o: ../cryptlib.h pk7_lib.c
+pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
 pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h
 pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_mime.o: ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -168,8 +171,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pk7_smime.o: ../../include/openssl/opensslconf.h
 pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
diff --git a/src/lib/libcrypto/pqueue/pq_compat.h b/src/lib/libcrypto/pqueue/pq_compat.h
index fd36578882..7b2c32725c 100644
--- a/src/lib/libcrypto/pqueue/pq_compat.h
+++ b/src/lib/libcrypto/pqueue/pq_compat.h
@@ -57,6 +57,9 @@
  *
  */
 
+#ifndef HEADER_PQ_COMPAT_H
+#define HEADER_PQ_COMPAT_H
+
 #include <openssl/opensslconf.h>
 #include <openssl/bn.h>
 
@@ -145,3 +148,5 @@
                                               *(x) |= mask; \
                                           } while(0)
 #endif /* OPENSSL_SYS_VMS */
+
+#endif
diff --git a/src/lib/libcrypto/rand/rand_eng.c b/src/lib/libcrypto/rand/rand_eng.c
new file mode 100644
index 0000000000..1669cef43c
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_eng.c
@@ -0,0 +1,152 @@
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "rand_lcl.h"
+#include <openssl/rand.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+#if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE)
+
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+
+int eng_RAND_set_rand_method(const RAND_METHOD *meth, const RAND_METHOD **pmeth)
+        {
+        if(funct_ref)
+                {
+                ENGINE_finish(funct_ref);
+                funct_ref = NULL;
+                }
+        *pmeth = meth;
+        return 1;
+        }
+
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
+        {
+        if (!*pmeth)
+                {
+                ENGINE *e = ENGINE_get_default_RAND();
+                if(e)
+                        {
+                        *pmeth = ENGINE_get_RAND(e);
+                        if(!*pmeth)
+                                {
+                                ENGINE_finish(e);
+                                e = NULL;
+                                }
+                        }
+                if(e)
+                        funct_ref = e;
+                else
+                        if(FIPS_mode())
+                                *pmeth=FIPS_rand_method();
+                        else
+                        *pmeth = RAND_SSLeay();
+                }
+
+        if(FIPS_mode()
+                && *pmeth != FIPS_rand_check())
+            {
+            RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+            return 0;
+            }
+
+        return *pmeth;
+        }
+
+int RAND_set_rand_engine(ENGINE *engine)
+        {
+        const RAND_METHOD *tmp_meth = NULL;
+        if(engine)
+                {
+                if(!ENGINE_init(engine))
+                        return 0;
+                tmp_meth = ENGINE_get_RAND(engine);
+                if(!tmp_meth)
+                        {
+                        ENGINE_finish(engine);
+                        return 0;
+                        }
+                }
+        /* This function releases any prior ENGINE so call it first */
+        RAND_set_rand_method(tmp_meth);
+        funct_ref = engine;
+        return 1;
+        }
+
+void int_RAND_init_engine_callbacks(void)
+        {
+        static int done = 0;
+        if (done)
+                return;
+        int_RAND_set_callbacks(eng_RAND_set_rand_method,
+                                 eng_RAND_get_rand_method);
+        done = 1;
+        }
+
+#endif
diff --git a/src/lib/libcrypto/rc2/Makefile b/src/lib/libcrypto/rc2/Makefile
index 73eac347e7..4b6292b65f 100644
--- a/src/lib/libcrypto/rc2/Makefile
+++ b/src/lib/libcrypto/rc2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -78,7 +78,11 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2_cbc.o: rc2_cbc.c rc2_locl.h
 rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
-rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc2_skey.o: rc2_locl.h rc2_skey.c
 rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2cfb64.o: rc2_locl.h rc2cfb64.c
diff --git a/src/lib/libcrypto/rc4/Makefile b/src/lib/libcrypto/rc4/Makefile
index 187ed5c668..f0bd7678fc 100644
--- a/src/lib/libcrypto/rc4/Makefile
+++ b/src/lib/libcrypto/rc4/Makefile
@@ -21,8 +21,8 @@ TEST=rc4test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=rc4_skey.c rc4_enc.c
-LIBOBJ=$(RC4_ENC)
+LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c
+LIBOBJ=$(RC4_ENC) rc4_fblk.o
 
 SRC= $(LIBSRC)
 
@@ -37,7 +37,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -105,10 +105,20 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h
+rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h
+rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_fblk.o: ../../include/openssl/opensslconf.h
+rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h
 rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
 rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
 rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libcrypto/rc4/rc4_fblk.c b/src/lib/libcrypto/rc4/rc4_fblk.c
new file mode 100644
index 0000000000..1b2a42979b
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4_fblk.c
@@ -0,0 +1,75 @@
+/* crypto/rc4/rc4_fblk.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+/* FIPS mode blocking for RC4 has to be done separately since RC4_set_key
+ * may be implemented in an assembly language file.
+ */
+
+#ifdef OPENSSL_FIPS
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+        {
+        if (FIPS_mode())
+                FIPS_BAD_ABORT(RC4)
+        private_RC4_set_key(key, len, data);
+        }
+#endif
+
diff --git a/src/lib/libcrypto/rc5/Makefile b/src/lib/libcrypto/rc5/Makefile
index efb0f36b59..b4e21c9bb2 100644
--- a/src/lib/libcrypto/rc5/Makefile
+++ b/src/lib/libcrypto/rc5/Makefile
@@ -40,7 +40,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/ripemd/Makefile b/src/lib/libcrypto/ripemd/Makefile
index d55875c20c..6145f13699 100644
--- a/src/lib/libcrypto/ripemd/Makefile
+++ b/src/lib/libcrypto/ripemd/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,8 +89,13 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rmd_dgst.o: ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
 rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libcrypto/rsa/rsa_eng.c b/src/lib/libcrypto/rsa/rsa_eng.c
new file mode 100644
index 0000000000..383a7045b2
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_eng.c
@@ -0,0 +1,348 @@
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+
+static const RSA_METHOD *default_RSA_meth=NULL;
+
+RSA *RSA_new(void)
+        {
+        RSA *r=RSA_new_method(NULL);
+
+        return r;
+        }
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+        {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
+                {
+                RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
+                return;
+                }
+#endif
+        default_RSA_meth = meth;
+        }
+
+const RSA_METHOD *RSA_get_default_method(void)
+        {
+        if (default_RSA_meth == NULL)
+                {
+#ifdef RSA_NULL
+                default_RSA_meth=RSA_null_method();
+#else
+#if 0 /* was: #ifdef RSAref */
+                default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+                default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                }
+
+        return default_RSA_meth;
+        }
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+        {
+        return rsa->meth;
+        }
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const RSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
+                {
+                RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
+                return 0;
+                }
+#endif
+        mtmp = rsa->meth;
+        if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+        if (rsa->engine)
+                {
+                ENGINE_finish(rsa->engine);
+                rsa->engine = NULL;
+                }
+#endif
+        rsa->meth = meth;
+        if (meth->init) meth->init(rsa);
+        return 1;
+        }
+
+RSA *RSA_new_method(ENGINE *engine)
+        {
+        RSA *ret;
+
+        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
+        if (ret == NULL)
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_RSA();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_RSA(ret->engine);
+                if(!ret->meth)
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                OPENSSL_free(ret);
+                return NULL;
+                }
+#endif
+
+        ret->pad=0;
+        ret->version=0;
+        ret->n=NULL;
+        ret->e=NULL;
+        ret->d=NULL;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->dmp1=NULL;
+        ret->dmq1=NULL;
+        ret->iqmp=NULL;
+        ret->references=1;
+        ret->_method_mod_n=NULL;
+        ret->_method_mod_p=NULL;
+        ret->_method_mod_q=NULL;
+        ret->blinding=NULL;
+        ret->mt_blinding=NULL;
+        ret->bignum_data=NULL;
+        ret->flags=ret->meth->flags;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+void RSA_free(RSA *r)
+        {
+        int i;
+
+        if (r == NULL) return;
+
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"RSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if (r->engine)
+                ENGINE_finish(r->engine);
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+        if (r->n != NULL) BN_clear_free(r->n);
+        if (r->e != NULL) BN_clear_free(r->e);
+        if (r->d != NULL) BN_clear_free(r->d);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+        OPENSSL_free(r);
+        }
+
+int RSA_up_ref(RSA *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "RSA_up_ref, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+int RSA_flags(const RSA *r)
+        {
+        return((r == NULL)?0:r->meth->flags);
+        }
+
+int RSA_memory_lock(RSA *r)
+        {
+        int i,j,k,off;
+        char *p;
+        BIGNUM *bn,**t[6],*b;
+        BN_ULONG *ul;
+
+        if (r->d == NULL) return(1);
+        t[0]= &r->d;
+        t[1]= &r->p;
+        t[2]= &r->q;
+        t[3]= &r->dmp1;
+        t[4]= &r->dmq1;
+        t[5]= &r->iqmp;
+        k=sizeof(BIGNUM)*6;
+        off=k/sizeof(BN_ULONG)+1;
+        j=1;
+        for (i=0; i<6; i++)
+                j+= (*t[i])->top;
+        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+                {
+                RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        bn=(BIGNUM *)p;
+        ul=(BN_ULONG *)&(p[off]);
+        for (i=0; i<6; i++)
+                {
+                b= *(t[i]);
+                *(t[i])= &(bn[i]);
+                memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+                bn[i].flags=BN_FLG_STATIC_DATA;
+                bn[i].d=ul;
+                memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+                ul+=b->top;
+                BN_clear_free(b);
+                }
+        
+        /* I should fix this so it can still be done */
+        r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+
+        r->bignum_data=p;
+        return(1);
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_x931g.c b/src/lib/libcrypto/rsa/rsa_x931g.c
new file mode 100644
index 0000000000..c640cc2ec9
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_x931g.c
@@ -0,0 +1,255 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifndef OPENSSL_FIPS
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+                        const BIGNUM *e, BN_GENCB *cb)
+        {
+        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+
+        if (!rsa) 
+                goto err;
+
+        ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        if (!ctx) 
+                goto err;
+
+        r0 = BN_CTX_get(ctx);
+        r1 = BN_CTX_get(ctx);
+        r2 = BN_CTX_get(ctx);
+        r3 = BN_CTX_get(ctx);
+
+        if (r3 == NULL)
+                goto err;
+        if (!rsa->e)
+                {
+                rsa->e = BN_dup(e);
+                if (!rsa->e)
+                        goto err;
+                }
+        else
+                e = rsa->e;
+
+        /* If not all parameters present only calculate what we can.
+         * This allows test programs to output selective parameters.
+         */
+
+        if (Xp && !rsa->p)
+                {
+                rsa->p = BN_new();
+                if (!rsa->p)
+                        goto err;
+
+                if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                        Xp, Xp1, Xp2, e, ctx, cb))
+                        goto err;
+                }
+
+        if (Xq && !rsa->q)
+                {
+                rsa->q = BN_new();
+                if (!rsa->q)
+                        goto err;
+                if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                        Xq, Xq1, Xq2, e, ctx, cb))
+                        goto err;
+                }
+
+        if (!rsa->p || !rsa->q)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                return 2;
+                }
+
+        /* Since both primes are set we can now calculate all remaining 
+         * components.
+         */
+
+        /* calculate n */
+        rsa->n=BN_new();
+        if (rsa->n == NULL)
+                goto err;
+        if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
+                goto err;
+
+        /* calculate d */
+        if (!BN_sub(r1,rsa->p,BN_value_one()))
+                goto err;       /* p-1 */
+        if (!BN_sub(r2,rsa->q,BN_value_one()))
+                goto err;       /* q-1 */
+        if (!BN_mul(r0,r1,r2,ctx))
+                goto err;       /* (p-1)(q-1) */
+
+        if (!BN_gcd(r3, r1, r2, ctx))
+                goto err;
+
+        if (!BN_div(r0, NULL, r0, r3, ctx))
+                goto err;       /* LCM((p-1)(q-1)) */
+
+        ctx2 = BN_CTX_new();
+        if (!ctx2)
+                goto err;
+
+        rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);     /* d */
+        if (rsa->d == NULL)
+                goto err;
+
+        /* calculate d mod (p-1) */
+        rsa->dmp1=BN_new();
+        if (rsa->dmp1 == NULL)
+                goto err;
+        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
+                goto err;
+
+        /* calculate d mod (q-1) */
+        rsa->dmq1=BN_new();
+        if (rsa->dmq1 == NULL)
+                goto err;
+        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
+                goto err;
+
+        /* calculate inverse of q mod p */
+        rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+
+        err:
+        if (ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        if (ctx2)
+                BN_CTX_free(ctx2);
+        /* If this is set all calls successful */
+        if (rsa->iqmp != NULL)
+                return 1;
+
+        return 0;
+
+        }
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
+        {
+        int ok = 0;
+        BIGNUM *Xp = NULL, *Xq = NULL;
+        BN_CTX *ctx = NULL;
+        
+        ctx = BN_CTX_new();
+        if (!ctx)
+                goto error;
+
+        BN_CTX_start(ctx);
+        Xp = BN_CTX_get(ctx);
+        Xq = BN_CTX_get(ctx);
+        if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+                goto error;
+
+        rsa->p = BN_new();
+        rsa->q = BN_new();
+        if (!rsa->p || !rsa->q)
+                goto error;
+
+        /* Generate two primes from Xp, Xq */
+
+        if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                        e, ctx, cb))
+                goto error;
+
+        if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                        e, ctx, cb))
+                goto error;
+
+        /* Since rsa->p and rsa->q are valid this call will just derive
+         * remaining RSA components.
+         */
+
+        if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                                NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+                goto error;
+
+        ok = 1;
+
+        error:
+        if (ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+
+        if (ok)
+                return 1;
+
+        return 0;
+
+        }
+
+#endif
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
index ac64fb61d3..f4741b9ee6 100644
--- a/src/lib/libcrypto/sha/Makefile
+++ b/src/lib/libcrypto/sha/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -59,7 +59,7 @@ s512sse2-out.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
         (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 
 sha1-ia64.s:   asm/sha1-ia64.pl
-        (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@
+        (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS))
 sha256-ia64.s: asm/sha512-ia64.pl
         (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
 sha512-ia64.s: asm/sha512-ia64.pl
@@ -113,24 +113,31 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha1_one.o: sha1_one.c
-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+sha1dgst.o: ../../include/openssl/opensslconf.h
 sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
 sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
 sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c
+sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha256.o: ../md32_common.h sha256.c
 sha512.o: ../../e_os.h ../../include/openssl/bio.h
 sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-sha512.o: ../cryptlib.h sha512.c
-sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c
+sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+sha_dgst.o: ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
 sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libcrypto/stack/Makefile b/src/lib/libcrypto/stack/Makefile
index 5327692ac8..489a77b93c 100644
--- a/src/lib/libcrypto/stack/Makefile
+++ b/src/lib/libcrypto/stack/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/txt_db/Makefile b/src/lib/libcrypto/txt_db/Makefile
index e6f30331d8..87e57b49f6 100644
--- a/src/lib/libcrypto/txt_db/Makefile
+++ b/src/lib/libcrypto/txt_db/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/ui/Makefile b/src/lib/libcrypto/ui/Makefile
index a685659fb4..4755e206f6 100644
--- a/src/lib/libcrypto/ui/Makefile
+++ b/src/lib/libcrypto/ui/Makefile
@@ -37,7 +37,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libcrypto/util/arx.pl b/src/lib/libcrypto/util/arx.pl
new file mode 100644
index 0000000000..ce62625c33
--- /dev/null
+++ b/src/lib/libcrypto/util/arx.pl
@@ -0,0 +1,15 @@
+#!/bin/perl
+
+# Simple perl script to wrap round "ar" program and exclude any
+# object files in the environment variable EXCL_OBJ
+
+map { s/^.*\/([^\/]*)$/$1/ ; $EXCL{$_} = 1} split(' ', $ENV{EXCL_OBJ});
+
+#my @ks = keys %EXCL;
+#print STDERR "Excluding: @ks \n";
+
+my @ARGS = grep { !exists $EXCL{$_} } @ARGV;    
+
+system @ARGS;
+
+exit $? >> 8;
diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl
index a893833c5c..3597bc1740 100644
--- a/src/lib/libcrypto/util/fipslink.pl
+++ b/src/lib/libcrypto/util/fipslink.pl
@@ -28,7 +28,7 @@ if (exists $ENV{"PREMAIN_DSO_EXE"})
         }
 
 check_hash($sha1_exe, "fips_premain.c");
-check_hash($sha1_exe, "fipscanister.o");
+check_hash($sha1_exe, "fipscanister.lib");
 
 
 print "Integrity check OK\n";
diff --git a/src/lib/libcrypto/util/mksdef.pl b/src/lib/libcrypto/util/mksdef.pl
new file mode 100644
index 0000000000..065dc675f1
--- /dev/null
+++ b/src/lib/libcrypto/util/mksdef.pl
@@ -0,0 +1,87 @@
+
+# Perl script to split libeay32.def into two distinct DEF files for use in
+# fipdso mode. It works out symbols in each case by running "link" command and
+# parsing the output to find the list of missing symbols then splitting
+# libeay32.def based on the result.
+
+
+# Get list of unknown symbols
+
+my @deferr = `link @ARGV`;
+
+my $preamble = "";
+my @fipsdll;
+my @fipsrest;
+my %nosym;
+
+# Add symbols to a hash for easy lookup
+
+foreach (@deferr)
+        {
+        if (/^.*symbol (\S+)$/)
+                {
+                $nosym{$1} = 1;
+                }
+        }
+
+open (IN, "ms/libeay32.def") || die "Can't Open DEF file for spliting";
+
+my $started = 0;
+
+# Parse libeay32.def into two arrays depending on whether the symbol matches
+# the missing list.
+
+
+foreach (<IN>)
+        {
+        if (/^\s*(\S+)\s*(\@\S+)\s*$/)
+                {
+                $started = 1;
+                if (exists $nosym{$1})
+                        {
+                        push @fipsrest, $_;
+                        }
+                else
+                        {
+                        my $imptmp = sprintf "     %-39s %s\n",
+                                        "$1=libosslfips.$1", $2;
+                        push @fipsrest, $imptmp;
+                        push @fipsdll, "\t$1\n";
+                        }
+                }
+        $preamble .= $_ unless $started;
+        }
+
+close IN;
+
+# Hack! Add some additional exports needed for libcryptofips.dll
+#
+
+push @fipsdll, "\tOPENSSL_showfatal\n";
+push @fipsdll, "\tOPENSSL_cpuid_setup\n";
+
+# Write out DEF files for each array
+
+write_def("ms/libosslfips.def", "LIBOSSLFIPS", $preamble, \@fipsdll);
+write_def("ms/libeayfips.def", "", $preamble, \@fipsrest);
+
+
+sub write_def
+        {
+        my ($fnam, $defname, $preamble, $rdefs) = @_;
+        open (OUT, ">$fnam") || die "Can't Open DEF file $fnam for Writing\n";
+
+        if ($defname ne "")
+                {
+                $preamble =~ s/LIBEAY32/$defname/g;
+                $preamble =~ s/LIBEAY/$defname/g;
+                }
+        print OUT $preamble;
+        foreach (@$rdefs)
+                {
+                print OUT $_;
+                }
+        close OUT;
+        }
+
+
diff --git a/src/lib/libcrypto/x509/Makefile b/src/lib/libcrypto/x509/Makefile
index ddcc3124a7..464752b159 100644
--- a/src/lib/libcrypto/x509/Makefile
+++ b/src/lib/libcrypto/x509/Makefile
@@ -43,7 +43,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,35 +89,37 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c
+by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../cryptlib.h by_dir.c
 by_file.o: ../../e_os.h ../../include/openssl/asn1.h
 by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-by_file.o: ../cryptlib.h by_file.c
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
 x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/opensslconf.h
 x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -130,8 +132,9 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/opensslconf.h
 x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -143,22 +146,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_d2.o: ../cryptlib.h x509_d2.c
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
 x509_def.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_def.o: ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -169,8 +172,9 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_err.o: ../../include/openssl/opensslconf.h
 x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -182,8 +186,9 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/opensslconf.h
 x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -196,22 +201,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_lu.o: ../cryptlib.h x509_lu.c
+x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
 x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -223,8 +228,9 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/opensslconf.h
 x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -236,8 +242,9 @@ x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
 x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -249,9 +256,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_set.o: ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -263,8 +270,9 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/opensslconf.h
 x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -276,9 +284,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -290,22 +298,23 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_v3.o: ../cryptlib.h x509_v3.c
+x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
 x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/opensslconf.h
 x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -318,8 +327,9 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vpm.o: ../../include/openssl/opensslconf.h
 x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -331,9 +341,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -344,9 +354,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509name.o: ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -357,9 +367,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509rset.o: ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -370,9 +380,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -383,9 +393,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509type.o: ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -396,11 +406,12 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libcrypto/x509v3/Makefile b/src/lib/libcrypto/x509v3/Makefile
index 556ef351bf..e71dc42f9f 100644
--- a/src/lib/libcrypto/x509v3/Makefile
+++ b/src/lib/libcrypto/x509v3/Makefile
@@ -43,7 +43,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_cache.o: ../../include/openssl/objects.h
+pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pcy_cache.o: ../../include/openssl/opensslconf.h
 pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -105,8 +105,9 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_data.o: ../../include/openssl/opensslconf.h
 pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -119,35 +120,36 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c
+pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c
 pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h
 pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c
+pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c
 pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_node.o: ../../include/openssl/opensslconf.h
 pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -160,8 +162,9 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_tree.o: ../../include/openssl/opensslconf.h
 pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -174,37 +177,39 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c
+v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_addr.o: ../cryptlib.h v3_addr.c
 v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h v3_akey.c
 v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -216,14 +221,15 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_alt.o: ../cryptlib.h v3_alt.c
 v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -231,23 +237,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_asid.o: ../cryptlib.h v3_asid.c
+v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c
 v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -260,8 +266,9 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bitst.o: ../../include/openssl/opensslconf.h
 v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -274,23 +281,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_conf.o: ../cryptlib.h v3_conf.c
+v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
 v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -303,37 +310,38 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h v3_crld.c
 v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_enum.o: ../cryptlib.h v3_enum.c
+v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
 v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -346,76 +354,81 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h v3_genn.c
 v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ia5.o: ../cryptlib.h v3_ia5.c
 v3_info.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h v3_info.c
 v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_int.o: ../cryptlib.h v3_int.c
 v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
 v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ncons.o: ../../include/openssl/opensslconf.h
+v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -428,49 +441,52 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c
+v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../cryptlib.h v3_ocsp.c
 v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c
+v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pci.o: ../cryptlib.h v3_pci.c
 v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c
+v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pcia.o: v3_pcia.c
 v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcons.o: ../../include/openssl/opensslconf.h
+v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -483,23 +499,24 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pku.o: ../cryptlib.h v3_pku.c
 v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pmaps.o: ../../include/openssl/opensslconf.h
+v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -511,51 +528,52 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_prn.o: ../cryptlib.h v3_prn.c
 v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_purp.o: ../cryptlib.h v3_purp.c
+v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
 v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_skey.o: ../cryptlib.h v3_skey.c
+v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
 v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -568,24 +586,25 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_utl.o: ../cryptlib.h v3_utl.c
+v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c
 v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3err.o: ../../include/openssl/x509v3.h v3err.c
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: v3err.c
diff --git a/src/lib/libssl/src/crypto/aes/Makefile b/src/lib/libssl/src/crypto/aes/Makefile
index 22c7203dbb..9d174f4c3e 100644
--- a/src/lib/libssl/src/crypto/aes/Makefile
+++ b/src/lib/libssl/src/crypto/aes/Makefile
@@ -41,7 +41,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -103,7 +103,8 @@ aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
 aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 aes_cfb.o: aes_cfb.c aes_locl.h
 aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+aes_core.o: aes_core.c aes_locl.h
 aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
 aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
 aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
diff --git a/src/lib/libssl/src/crypto/asn1/Makefile b/src/lib/libssl/src/crypto/asn1/Makefile
index 63066899d0..94a6885804 100644
--- a/src/lib/libssl/src/crypto/asn1/Makefile
+++ b/src/lib/libssl/src/crypto/asn1/Makefile
@@ -63,7 +63,7 @@ pk:	pk.c
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -142,9 +142,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -250,27 +250,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_sign.o: ../cryptlib.h a_sign.c
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
 a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-a_strex.o: ../cryptlib.h a_strex.c charmap.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
 a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
 a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -318,8 +318,9 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
 a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -338,8 +339,9 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_gen.o: ../../include/openssl/opensslconf.h
 asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -369,8 +371,9 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_mime.o: ../../include/openssl/opensslconf.h
 asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -383,9 +386,9 @@ asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -404,23 +407,23 @@ d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_pr.o: ../cryptlib.h d2i_pr.c
+d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c
 d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_pu.o: ../cryptlib.h d2i_pu.c
+d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c
 evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -456,71 +459,73 @@ i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_pr.o: ../cryptlib.h i2d_pr.c
+i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c
 i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_pu.o: ../cryptlib.h i2d_pu.c
+i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c
 n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
 n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
 nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
+nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
 p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
 p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
 p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/opensslconf.h
 p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -533,41 +538,42 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
+p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
 t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
 t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_bitst.o: ../cryptlib.h t_bitst.c
+t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
 t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_crl.o: ../cryptlib.h t_crl.c
+t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
 t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
@@ -585,57 +591,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_req.o: ../cryptlib.h t_req.c
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
 t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_spki.o: ../cryptlib.h t_spki.c
+t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
 t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h t_x509.c
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
 t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-t_x509a.o: ../cryptlib.h t_x509a.c
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
 tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -688,21 +694,23 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
+x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
 x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
 x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/opensslconf.h
 x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -723,37 +731,40 @@ x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_crl.o: ../cryptlib.h x_crl.c
 x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
+x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
 x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
+x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
 x_long.o: ../../e_os.h ../../include/openssl/asn1.h
 x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -769,35 +780,37 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_name.o: ../cryptlib.h x_name.c
 x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
 x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../cryptlib.h x_pkey.c
 x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
 x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -810,76 +823,82 @@ x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_req.o: ../cryptlib.h x_req.c
 x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
 x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_sig.o: ../cryptlib.h x_sig.c
 x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
 x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_spki.o: ../cryptlib.h x_spki.c
 x_val.o: ../../e_os.h ../../include/openssl/asn1.h
 x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_val.o: ../cryptlib.h x_val.c
 x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../cryptlib.h x_x509.c
 x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
+x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libssl/src/crypto/bf/Makefile b/src/lib/libssl/src/crypto/bf/Makefile
index 8441954a8d..7f4f03eb82 100644
--- a/src/lib/libssl/src/crypto/bf/Makefile
+++ b/src/lib/libssl/src/crypto/bf/Makefile
@@ -40,7 +40,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -103,5 +103,9 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
 bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
-bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_skey.o: bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libssl/src/crypto/bio/Makefile b/src/lib/libssl/src/crypto/bio/Makefile
index 1ef6c2fb9f..1cd76ce7a2 100644
--- a/src/lib/libssl/src/crypto/bio/Makefile
+++ b/src/lib/libssl/src/crypto/bio/Makefile
@@ -45,7 +45,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/bn/bn_opt.c b/src/lib/libssl/src/crypto/bn/bn_opt.c
new file mode 100644
index 0000000000..21cbb38f62
--- /dev/null
+++ b/src/lib/libssl/src/crypto/bn/bn_opt.c
@@ -0,0 +1,87 @@
+/* crypto/bn/bn_opt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+char *BN_options(void)
+        {
+        static int init=0;
+        static char data[16];
+
+        if (!init)
+                {
+                init++;
+#ifdef BN_LLONG
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+#else
+                BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                             (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+#endif
+                }
+        return(data);
+        }
diff --git a/src/lib/libssl/src/crypto/buffer/Makefile b/src/lib/libssl/src/crypto/buffer/Makefile
index 9f3a88d2d6..9e0f46e19a 100644
--- a/src/lib/libssl/src/crypto/buffer/Makefile
+++ b/src/lib/libssl/src/crypto/buffer/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= buffer.c buf_err.c
-LIBOBJ= buffer.o buf_err.o
+LIBSRC= buffer.c buf_str.c buf_err.c
+LIBOBJ= buffer.o buf_str.o buf_err.o
 
 SRC= $(LIBSRC)
 
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -81,6 +81,13 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 buf_err.o: buf_err.c
+buf_str.o: ../../e_os.h ../../include/openssl/bio.h
+buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c
 buffer.o: ../../e_os.h ../../include/openssl/bio.h
 buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/src/lib/libssl/src/crypto/cast/Makefile b/src/lib/libssl/src/crypto/cast/Makefile
index 149956ee90..2e026dbe0d 100644
--- a/src/lib/libssl/src/crypto/cast/Makefile
+++ b/src/lib/libssl/src/crypto/cast/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -102,5 +102,8 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 c_ofb64.o: c_ofb64.c cast_lcl.h
 c_skey.o: ../../e_os.h ../../include/openssl/cast.h
-c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_skey.o: c_skey.c cast_lcl.h cast_s.h
+c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libssl/src/crypto/comp/Makefile b/src/lib/libssl/src/crypto/comp/Makefile
index efda832dce..5d364b8513 100644
--- a/src/lib/libssl/src/crypto/comp/Makefile
+++ b/src/lib/libssl/src/crypto/comp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/conf/Makefile b/src/lib/libssl/src/crypto/conf/Makefile
index 78bb324106..ccd0721332 100644
--- a/src/lib/libssl/src/crypto/conf/Makefile
+++ b/src/lib/libssl/src/crypto/conf/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 conf_mall.o: ../../include/openssl/opensslconf.h
 conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -143,8 +143,9 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_sap.o: ../../include/openssl/opensslconf.h
 conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/des/Makefile b/src/lib/libssl/src/crypto/des/Makefile
index 523dfe38f2..786e68802e 100644
--- a/src/lib/libssl/src/crypto/des/Makefile
+++ b/src/lib/libssl/src/crypto/des/Makefile
@@ -24,7 +24,7 @@ TEST=destest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
         ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
         fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
         qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
@@ -33,7 +33,7 @@ LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
         str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
         read2pwd.c
 
-LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+LIBOBJ= des_lib.o set_key.o  ecb_enc.o  cbc_enc.o \
         ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
         enc_read.o enc_writ.o ofb64enc.o \
         ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
@@ -54,7 +54,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -157,6 +157,13 @@ des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 des_enc.o: des_enc.c des_locl.h ncbc_enc.c
+des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h
 des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
@@ -175,14 +182,12 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 ecb3_enc.o: des_locl.h ecb3_enc.c
-ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
-ecb_enc.o: spr.h
+ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: des_locl.h ecb_enc.c spr.h
 ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 ede_cbcm_enc.o: ../../include/openssl/e_os2.h
 ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
@@ -272,11 +277,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
 set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-set_key.o: des_locl.h set_key.c
+set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
 str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libssl/src/crypto/des/des_lib.c b/src/lib/libssl/src/crypto/des/des_lib.c
new file mode 100644
index 0000000000..d4b3047932
--- /dev/null
+++ b/src/lib/libssl/src/crypto/des/des_lib.c
@@ -0,0 +1,106 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "des_ver.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+
+OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
+
+const char *DES_options(void)
+        {
+        static int init=1;
+        static char buf[32];
+
+        if (init)
+                {
+                const char *ptr,*unroll,*risc,*size;
+
+#ifdef DES_PTR
+                ptr="ptr";
+#else
+                ptr="idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+#ifdef DES_RISC1
+                risc="risc1";
+#endif
+#ifdef DES_RISC2
+                risc="risc2";
+#endif
+#else
+                risc="cisc";
+#endif
+#ifdef DES_UNROLL
+                unroll="16";
+#else
+                unroll="4";
+#endif
+                if (sizeof(DES_LONG) != sizeof(long))
+                        size="int";
+                else
+                        size="long";
+                BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
+                             size);
+                init=0;
+                }
+        return(buf);
+        }
+
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_utl.c b/src/lib/libssl/src/crypto/dsa/dsa_utl.c
new file mode 100644
index 0000000000..24c021d120
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dsa/dsa_utl.c
@@ -0,0 +1,95 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+
+DSA_SIG *DSA_SIG_new(void)
+        {
+        DSA_SIG *sig;
+        sig = OPENSSL_malloc(sizeof(DSA_SIG));
+        if (!sig)
+                return NULL;
+        sig->r = NULL;
+        sig->s = NULL;
+        return sig;
+        }
+
+void DSA_SIG_free(DSA_SIG *sig)
+        {
+        if (sig)
+                {
+                if (sig->r)
+                        BN_free(sig->r);
+                if (sig->s)
+                        BN_free(sig->s);
+                OPENSSL_free(sig);
+                }
+        }
+
diff --git a/src/lib/libssl/src/crypto/dso/Makefile b/src/lib/libssl/src/crypto/dso/Makefile
index 07f5d8d159..52f152888c 100644
--- a/src/lib/libssl/src/crypto/dso/Makefile
+++ b/src/lib/libssl/src/crypto/dso/Makefile
@@ -35,7 +35,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/dyn_lck.c b/src/lib/libssl/src/crypto/dyn_lck.c
new file mode 100644
index 0000000000..7f82c41264
--- /dev/null
+++ b/src/lib/libssl/src/crypto/dyn_lck.c
@@ -0,0 +1,428 @@
+/* crypto/cryptlib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "cryptlib.h"
+#include <openssl/safestack.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+#endif
+
+DECLARE_STACK_OF(CRYPTO_dynlock)
+IMPLEMENT_STACK_OF(CRYPTO_dynlock)
+
+/* real #defines in crypto.h, keep these upto date */
+static const char* const lock_names[CRYPTO_NUM_LOCKS] =
+        {
+        "<<ERROR>>",
+        "err",
+        "ex_data",
+        "x509",
+        "x509_info",
+        "x509_pkey",
+        "x509_crl",
+        "x509_req",
+        "dsa",
+        "rsa",
+        "evp_pkey",
+        "x509_store",
+        "ssl_ctx",
+        "ssl_cert",
+        "ssl_session",
+        "ssl_sess_cert",
+        "ssl",
+        "ssl_method",
+        "rand",
+        "rand2",
+        "debug_malloc",
+        "BIO",
+        "gethostbyname",
+        "getservbyname",
+        "readdir",
+        "RSA_blinding",
+        "dh",
+        "debug_malloc2",
+        "dso",
+        "dynlock",
+        "engine",
+        "ui",
+        "ecdsa",
+        "ec",
+        "ecdh",
+        "bn",
+        "ec_pre_comp",
+        "store",
+        "comp",
+#ifndef OPENSSL_FIPS
+# if CRYPTO_NUM_LOCKS != 39
+#  error "Inconsistency between crypto.h and cryptlib.c"
+# endif
+#else
+        "fips",
+        "fips2",
+# if CRYPTO_NUM_LOCKS != 41
+#  error "Inconsistency between crypto.h and cryptlib.c"
+# endif
+#endif
+        };
+
+/* This is for applications to allocate new type names in the non-dynamic
+   array of lock names.  These are numbered with positive numbers.  */
+static STACK *app_locks=NULL;
+
+/* For applications that want a more dynamic way of handling threads, the
+   following stack is used.  These are externally numbered with negative
+   numbers.  */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+
+
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+        (const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_lock_callback)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
+        const char *file,int line)=NULL;
+
+int CRYPTO_get_new_lockid(char *name)
+        {
+        char *str;
+        int i;
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+        /* A hack to make Visual C++ 5.0 work correctly when linking as
+         * a DLL using /MT. Without this, the application cannot use
+         * and floating point printf's.
+         * It also seems to be needed for Visual C 1.5 (win16) */
+        SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+#endif
+
+        if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        if ((str=BUF_strdup(name)) == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        i=sk_push(app_locks,str);
+        if (!i)
+                OPENSSL_free(str);
+        else
+                i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
+        return(i);
+        }
+
+int CRYPTO_get_new_dynlockid(void)
+        {
+        int i = 0;
+        CRYPTO_dynlock *pointer = NULL;
+
+        if (dynlock_create_callback == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+                return(0);
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        if ((dyn_locks == NULL)
+                && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+        if (pointer == NULL)
+                {
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        pointer->references = 1;
+        pointer->data = dynlock_create_callback(__FILE__,__LINE__);
+        if (pointer->data == NULL)
+                {
+                OPENSSL_free(pointer);
+                CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+        /* First, try to find an existing empty slot */
+        i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+        /* If there was none, push, thereby creating a new one */
+        if (i == -1)
+                /* Since sk_push() returns the number of items on the
+                   stack, not the location of the pushed item, we need
+                   to transform the returned number into a position,
+                   by decreasing it.  */
+                i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+        else
+                /* If we found a place with a NULL pointer, put our pointer
+                   in it.  */
+                (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (i == -1)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        else
+                i += 1; /* to avoid 0 */
+        return -i;
+        }
+
+void CRYPTO_destroy_dynlockid(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+        if (dynlock_destroy_callback == NULL)
+                return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+                return;
+                }
+        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer != NULL)
+                {
+                --pointer->references;
+#ifdef REF_CHECK
+                if (pointer->references < 0)
+                        {
+                        fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
+                        abort();
+                        }
+                else
+#endif
+                        if (pointer->references <= 0)
+                                {
+                                (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+                                }
+                        else
+                                pointer = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                {
+                dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+                OPENSSL_free(pointer);
+                }
+        }
+
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+        {
+        CRYPTO_dynlock *pointer = NULL;
+        if (i)
+                i = -i-1;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+        if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+                pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+        if (pointer)
+                pointer->references++;
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+        if (pointer)
+                return pointer->data;
+        return NULL;
+        }
+
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+        (const char *file,int line)
+        {
+        return(dynlock_create_callback);
+        }
+
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_lock_callback);
+        }
+
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+        (struct CRYPTO_dynlock_value *l, const char *file,int line)
+        {
+        return(dynlock_destroy_callback);
+        }
+
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+        (const char *file, int line))
+        {
+        dynlock_create_callback=func;
+        }
+
+static void do_dynlock(int mode, int type, const char *file, int line)
+        {
+        if (dynlock_lock_callback != NULL)
+                {
+                struct CRYPTO_dynlock_value *pointer
+                                = CRYPTO_get_dynlock_value(type);
+
+                OPENSSL_assert(pointer != NULL);
+
+                dynlock_lock_callback(mode, pointer, file, line);
+
+                CRYPTO_destroy_dynlockid(type);
+                }
+        }
+
+void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
+        struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        /* Set callback so CRYPTO_lock() can now handle dynamic locks.
+         * This is OK because at this point and application shouldn't be using
+         * OpenSSL from multiple threads because it is setting up the locking
+         * callbacks.
+         */
+        static int done = 0;
+        if (!done)
+                {
+                int_CRYPTO_set_do_dynlock_callback(do_dynlock);
+                done = 1;
+                }
+                
+        dynlock_lock_callback=func;
+        }
+
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+        (struct CRYPTO_dynlock_value *l, const char *file, int line))
+        {
+        dynlock_destroy_callback=func;
+        }
+
+const char *CRYPTO_get_lock_name(int type)
+        {
+        if (type < 0)
+                return("dynamic");
+        else if (type < CRYPTO_NUM_LOCKS)
+                return(lock_names[type]);
+        else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+                return("ERROR");
+        else
+                return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+        }
+
diff --git a/src/lib/libssl/src/crypto/ec/Makefile b/src/lib/libssl/src/crypto/ec/Makefile
index 42f7bb7fc8..b5bbc9faa1 100644
--- a/src/lib/libssl/src/crypto/ec/Makefile
+++ b/src/lib/libssl/src/crypto/ec/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/engine/eng_padlock.c b/src/lib/libssl/src/crypto/engine/eng_padlock.c
index 1ba9d85db4..743558ab33 100644
--- a/src/lib/libssl/src/crypto/engine/eng_padlock.c
+++ b/src/lib/libssl/src/crypto/engine/eng_padlock.c
@@ -234,8 +234,8 @@ padlock_bind_fn(ENGINE *e, const char *id)
         return 1;
 }
 
-IMPLEMENT_DYNAMIC_CHECK_FN ();
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn);
+IMPLEMENT_DYNAMIC_CHECK_FN ()
+IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
 #endif /* DYNAMIC_ENGINE */
 
 /* ===== Here comes the "real" engine ===== */
diff --git a/src/lib/libssl/src/crypto/err/Makefile b/src/lib/libssl/src/crypto/err/Makefile
index 23e38409c8..91d1379d41 100644
--- a/src/lib/libssl/src/crypto/err/Makefile
+++ b/src/lib/libssl/src/crypto/err/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=err.c err_all.c err_prn.c
-LIBOBJ=err.o err_all.o err_prn.o
+LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c
+LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o
 
 SRC= $(LIBSRC)
 
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,17 +89,31 @@ err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
 err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
 err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
-err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-err_all.o: err_all.c
+err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_bio.o: ../../e_os.h ../../include/openssl/bio.h
+err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c
+err_def.o: ../../e_os.h ../../include/openssl/bio.h
+err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c
 err_prn.o: ../../e_os.h ../../include/openssl/bio.h
 err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -107,3 +121,10 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c
+err_str.o: ../../e_os.h ../../include/openssl/bio.h
+err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c
diff --git a/src/lib/libssl/src/crypto/err/err_bio.c b/src/lib/libssl/src/crypto/err/err_bio.c
new file mode 100644
index 0000000000..a42f804840
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/err_bio.c
@@ -0,0 +1,75 @@
+/* crypto/err/err_prn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int print_bio(const char *str, size_t len, void *bp)
+        {
+        return BIO_write((BIO *)bp, str, len);
+        }
+void ERR_print_errors(BIO *bp)
+        {
+        ERR_print_errors_cb(print_bio, bp);
+        }
+
+        
diff --git a/src/lib/libssl/src/crypto/err/err_def.c b/src/lib/libssl/src/crypto/err/err_def.c
new file mode 100644
index 0000000000..7ed3d84955
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/err_def.c
@@ -0,0 +1,665 @@
+/* crypto/err/err_def.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#define err_clear_data(p,i) \
+        do { \
+        if (((p)->err_data[i] != NULL) && \
+                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+                {  \
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i]=NULL; \
+                } \
+        (p)->err_data_flags[i]=0; \
+        } while(0)
+
+#define err_clear(p,i) \
+        do { \
+        (p)->err_flags[i]=0; \
+        (p)->err_buffer[i]=0; \
+        err_clear_data(p,i); \
+        (p)->err_file[i]=NULL; \
+        (p)->err_line[i]= -1; \
+        } while(0)
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
+
+static void ERR_STATE_free(ERR_STATE *s);
+
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS
+        {
+        /* Works on the "error_hash" string table */
+        LHASH *(*cb_err_get)(int create);
+        void (*cb_err_del)(void);
+        ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
+        ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
+        /* Works on the "thread_hash" error-state table */
+        LHASH *(*cb_thread_get)(int create);
+        void (*cb_thread_release)(LHASH **hash);
+        ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
+        ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
+        void (*cb_thread_del_item)(const ERR_STATE *);
+        /* Returns the next available error "library" numbers */
+        int (*cb_get_next_lib)(void);
+        };
+
+/* Predeclarations of the "err_defaults" functions */
+static LHASH *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH *int_thread_get(int create);
+static void int_thread_release(LHASH **hash);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults =
+        {
+        int_err_get,
+        int_err_del,
+        int_err_get_item,
+        int_err_set_item,
+        int_err_del_item,
+        int_thread_get,
+        int_thread_release,
+        int_thread_get_item,
+        int_thread_set_item,
+        int_thread_del_item,
+        int_err_get_next_lib
+        };
+
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+
+/* The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer all
+ * ERR state operation (together with requisite locking) to the implementations
+ * and state in the loading application. */
+static LHASH *int_error_hash = NULL;
+static LHASH *int_thread_hash = NULL;
+static int int_thread_hash_references = 0;
+static int int_err_library_number= ERR_LIB_USER;
+
+/* Internal function that checks whether "err_fns" is set and if not, sets it to
+ * the defaults. */
+static void err_fns_check(void)
+        {
+        if (err_fns) return;
+        
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!err_fns)
+                err_fns = &err_defaults;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+
+/* API functions to get or set the underlying ERR functions. */
+
+const ERR_FNS *ERR_get_implementation(void)
+        {
+        err_fns_check();
+        return err_fns;
+        }
+
+int ERR_set_implementation(const ERR_FNS *fns)
+        {
+        int ret = 0;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
+         * an error is there?! */
+        if (!err_fns)
+                {
+                err_fns = fns;
+                ret = 1;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+
+/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
+ * internal to the "err_defaults" implementation. */
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a); */
+static unsigned long err_hash(const void *a_void);
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
+static int err_cmp(const void *a_void, const void *b_void);
+/* static unsigned long pid_hash(ERR_STATE *pid); */
+static unsigned long pid_hash(const void *pid_void);
+/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
+static int pid_cmp(const void *a_void,const void *pid_void);
+
+/* The internal functions used in the "err_defaults" implementation */
+
+static LHASH *int_err_get(int create)
+        {
+        LHASH *ret = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_error_hash && create)
+                {
+                CRYPTO_push_info("int_err_get (err.c)");
+                int_error_hash = lh_new(err_hash, err_cmp);
+                CRYPTO_pop_info();
+                }
+        if (int_error_hash)
+                ret = int_error_hash;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return ret;
+        }
+
+static void int_err_del(void)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (int_error_hash)
+                {
+                lh_free(int_error_hash);
+                int_error_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(1);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+        {
+        ERR_STRING_DATA *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(err_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STRING_DATA *)lh_delete(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return p;
+        }
+
+static LHASH *int_thread_get(int create)
+        {
+        LHASH *ret = NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!int_thread_hash && create)
+                {
+                CRYPTO_push_info("int_thread_get (err.c)");
+                int_thread_hash = lh_new(pid_hash, pid_cmp);
+                CRYPTO_pop_info();
+                }
+        if (int_thread_hash)
+                {
+                int_thread_hash_references++;
+                ret = int_thread_hash;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return ret;
+        }
+
+static void int_thread_release(LHASH **hash)
+        {
+        int i;
+
+        if (hash == NULL || *hash == NULL)
+                return;
+
+        i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+
+#ifdef REF_PRINT
+        fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"int_thread_release, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+        *hash = NULL;
+        }
+
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_retrieve(hash, d);
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(1);
+        if (!hash)
+                return NULL;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_insert(hash, d);
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        return p;
+        }
+
+static void int_thread_del_item(const ERR_STATE *d)
+        {
+        ERR_STATE *p;
+        LHASH *hash;
+
+        err_fns_check();
+        hash = ERRFN(thread_get)(0);
+        if (!hash)
+                return;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        p = (ERR_STATE *)lh_delete(hash, d);
+        /* make sure we don't leak memory */
+        if (int_thread_hash_references == 1
+                && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
+                {
+                lh_free(int_thread_hash);
+                int_thread_hash = NULL;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        ERRFN(thread_release)(&hash);
+        if (p)
+                ERR_STATE_free(p);
+        }
+
+static int int_err_get_next_lib(void)
+        {
+        int ret;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        ret = int_err_library_number++;
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+        return ret;
+        }
+
+static void ERR_STATE_free(ERR_STATE *s)
+        {
+        int i;
+
+        if (s == NULL)
+            return;
+
+        for (i=0; i<ERR_NUM_ERRORS; i++)
+                {
+                err_clear_data(s,i);
+                }
+        OPENSSL_free(s);
+        }
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_set_item)(str);
+                str++;
+                }
+        }
+
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
+        {
+        err_fns_check();
+        err_load_strings(lib, str);
+        }
+
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+        {
+        while (str->error)
+                {
+                if (lib)
+                        str->error|=ERR_PACK(lib,0,0);
+                ERRFN(err_del_item)(str);
+                str++;
+                }
+        }
+
+void ERR_free_strings(void)
+        {
+        err_fns_check();
+        ERRFN(err_del)();
+        }
+
+LHASH *ERR_get_string_table(void)
+        {
+        err_fns_check();
+        return ERRFN(err_get)(0);
+        }
+
+LHASH *ERR_get_err_state_table(void)
+        {
+        err_fns_check();
+        return ERRFN(thread_get)(0);
+        }
+
+void ERR_release_err_state_table(LHASH **hash)
+        {
+        err_fns_check();
+        ERRFN(thread_release)(hash);
+        }
+
+const char *ERR_lib_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        d.error=ERR_PACK(l,0,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+
+const char *ERR_func_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p;
+        unsigned long l,f;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        f=ERR_GET_FUNC(e);
+        d.error=ERR_PACK(l,f,0);
+        p=ERRFN(err_get_item)(&d);
+        return((p == NULL)?NULL:p->string);
+        }
+
+const char *ERR_reason_error_string(unsigned long e)
+        {
+        ERR_STRING_DATA d,*p=NULL;
+        unsigned long l,r;
+
+        err_fns_check();
+        l=ERR_GET_LIB(e);
+        r=ERR_GET_REASON(e);
+        d.error=ERR_PACK(l,0,r);
+        p=ERRFN(err_get_item)(&d);
+        if (!p)
+                {
+                d.error=ERR_PACK(0,0,r);
+                p=ERRFN(err_get_item)(&d);
+                }
+        return((p == NULL)?NULL:p->string);
+        }
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a) */
+static unsigned long err_hash(const void *a_void)
+        {
+        unsigned long ret,l;
+
+        l=((const ERR_STRING_DATA *)a_void)->error;
+        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
+        return(ret^ret%19*13);
+        }
+
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
+static int err_cmp(const void *a_void, const void *b_void)
+        {
+        return((int)(((const ERR_STRING_DATA *)a_void)->error -
+                        ((const ERR_STRING_DATA *)b_void)->error));
+        }
+
+/* static unsigned long pid_hash(ERR_STATE *a) */
+static unsigned long pid_hash(const void *a_void)
+        {
+        return(((const ERR_STATE *)a_void)->pid*13);
+        }
+
+/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
+static int pid_cmp(const void *a_void, const void *b_void)
+        {
+        return((int)((long)((const ERR_STATE *)a_void)->pid -
+                        (long)((const ERR_STATE *)b_void)->pid));
+        }
+#ifdef OPENSSL_FIPS
+static void int_err_remove_state(unsigned long pid)
+#else
+void ERR_remove_state(unsigned long pid)
+#endif
+        {
+        ERR_STATE tmp;
+
+        err_fns_check();
+        if (pid == 0)
+                pid=(unsigned long)CRYPTO_thread_id();
+        tmp.pid=pid;
+        /* thread_del_item automatically destroys the LHASH if the number of
+         * items reaches zero. */
+        ERRFN(thread_del_item)(&tmp);
+        }
+
+#ifdef OPENSSL_FIPS
+        static ERR_STATE *int_err_get_state(void)
+#else
+ERR_STATE *ERR_get_state(void)
+#endif
+        {
+        static ERR_STATE fallback;
+        ERR_STATE *ret,tmp,*tmpp=NULL;
+        int i;
+        unsigned long pid;
+
+        err_fns_check();
+        pid=(unsigned long)CRYPTO_thread_id();
+        tmp.pid=pid;
+        ret=ERRFN(thread_get_item)(&tmp);
+
+        /* ret == the error state, if NULL, make a new one */
+        if (ret == NULL)
+                {
+                ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
+                if (ret == NULL) return(&fallback);
+                ret->pid=pid;
+                ret->top=0;
+                ret->bottom=0;
+                for (i=0; i<ERR_NUM_ERRORS; i++)
+                        {
+                        ret->err_data[i]=NULL;
+                        ret->err_data_flags[i]=0;
+                        }
+                tmpp = ERRFN(thread_set_item)(ret);
+                /* To check if insertion failed, do a get. */
+                if (ERRFN(thread_get_item)(ret) != ret)
+                        {
+                        ERR_STATE_free(ret); /* could not insert it */
+                        return(&fallback);
+                        }
+                /* If a race occured in this function and we came second, tmpp
+                 * is the first one that we just replaced. */
+                if (tmpp)
+                        ERR_STATE_free(tmpp);
+                }
+        return ret;
+        }
+
+#ifdef OPENSSL_FIPS
+void int_ERR_lib_init(void)
+        {
+        int_ERR_set_state_func(int_err_get_state, int_err_remove_state);
+        }
+#endif
+
+int ERR_get_next_error_library(void)
+        {
+        err_fns_check();
+        return ERRFN(get_next_lib)();
+        }
diff --git a/src/lib/libssl/src/crypto/err/err_str.c b/src/lib/libssl/src/crypto/err/err_str.c
new file mode 100644
index 0000000000..d39040888d
--- /dev/null
+++ b/src/lib/libssl/src/crypto/err/err_str.c
@@ -0,0 +1,295 @@
+/* crypto/err/err_str.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[]=
+        {
+{ERR_PACK(ERR_LIB_NONE,0,0)             ,"unknown library"},
+{ERR_PACK(ERR_LIB_SYS,0,0)              ,"system library"},
+{ERR_PACK(ERR_LIB_BN,0,0)               ,"bignum routines"},
+{ERR_PACK(ERR_LIB_RSA,0,0)              ,"rsa routines"},
+{ERR_PACK(ERR_LIB_DH,0,0)               ,"Diffie-Hellman routines"},
+{ERR_PACK(ERR_LIB_EVP,0,0)              ,"digital envelope routines"},
+{ERR_PACK(ERR_LIB_BUF,0,0)              ,"memory buffer routines"},
+{ERR_PACK(ERR_LIB_OBJ,0,0)              ,"object identifier routines"},
+{ERR_PACK(ERR_LIB_PEM,0,0)              ,"PEM routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)              ,"dsa routines"},
+{ERR_PACK(ERR_LIB_X509,0,0)             ,"x509 certificate routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)             ,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)             ,"configuration file routines"},
+{ERR_PACK(ERR_LIB_CRYPTO,0,0)           ,"common libcrypto routines"},
+{ERR_PACK(ERR_LIB_EC,0,0)               ,"elliptic curve routines"},
+{ERR_PACK(ERR_LIB_SSL,0,0)              ,"SSL routines"},
+{ERR_PACK(ERR_LIB_BIO,0,0)              ,"BIO routines"},
+{ERR_PACK(ERR_LIB_PKCS7,0,0)            ,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)           ,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)           ,"PKCS12 routines"},
+{ERR_PACK(ERR_LIB_RAND,0,0)             ,"random number generator"},
+{ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)             ,"OCSP routines"},
+{ERR_PACK(ERR_LIB_FIPS,0,0)             ,"FIPS routines"},
+{ERR_PACK(ERR_LIB_CMS,0,0)              ,"CMS routines"},
+{ERR_PACK(ERR_LIB_JPAKE,0,0)            ,"JPAKE routines"},
+{0,NULL},
+        };
+
+static ERR_STRING_DATA ERR_str_functs[]=
+        {
+        {ERR_PACK(0,SYS_F_FOPEN,0),             "fopen"},
+        {ERR_PACK(0,SYS_F_CONNECT,0),           "connect"},
+        {ERR_PACK(0,SYS_F_GETSERVBYNAME,0),     "getservbyname"},
+        {ERR_PACK(0,SYS_F_SOCKET,0),            "socket"}, 
+        {ERR_PACK(0,SYS_F_IOCTLSOCKET,0),       "ioctlsocket"},
+        {ERR_PACK(0,SYS_F_BIND,0),              "bind"},
+        {ERR_PACK(0,SYS_F_LISTEN,0),            "listen"},
+        {ERR_PACK(0,SYS_F_ACCEPT,0),            "accept"},
+#ifdef OPENSSL_SYS_WINDOWS
+        {ERR_PACK(0,SYS_F_WSASTARTUP,0),        "WSAstartup"},
+#endif
+        {ERR_PACK(0,SYS_F_OPENDIR,0),           "opendir"},
+        {ERR_PACK(0,SYS_F_FREAD,0),             "fread"},
+        {0,NULL},
+        };
+
+static ERR_STRING_DATA ERR_str_reasons[]=
+        {
+{ERR_R_SYS_LIB                          ,"system lib"},
+{ERR_R_BN_LIB                           ,"BN lib"},
+{ERR_R_RSA_LIB                          ,"RSA lib"},
+{ERR_R_DH_LIB                           ,"DH lib"},
+{ERR_R_EVP_LIB                          ,"EVP lib"},
+{ERR_R_BUF_LIB                          ,"BUF lib"},
+{ERR_R_OBJ_LIB                          ,"OBJ lib"},
+{ERR_R_PEM_LIB                          ,"PEM lib"},
+{ERR_R_DSA_LIB                          ,"DSA lib"},
+{ERR_R_X509_LIB                         ,"X509 lib"},
+{ERR_R_ASN1_LIB                         ,"ASN1 lib"},
+{ERR_R_CONF_LIB                         ,"CONF lib"},
+{ERR_R_CRYPTO_LIB                       ,"CRYPTO lib"},
+{ERR_R_EC_LIB                           ,"EC lib"},
+{ERR_R_SSL_LIB                          ,"SSL lib"},
+{ERR_R_BIO_LIB                          ,"BIO lib"},
+{ERR_R_PKCS7_LIB                        ,"PKCS7 lib"},
+{ERR_R_X509V3_LIB                       ,"X509V3 lib"},
+{ERR_R_PKCS12_LIB                       ,"PKCS12 lib"},
+{ERR_R_RAND_LIB                         ,"RAND lib"},
+{ERR_R_DSO_LIB                          ,"DSO lib"},
+{ERR_R_ENGINE_LIB                       ,"ENGINE lib"},
+{ERR_R_OCSP_LIB                         ,"OCSP lib"},
+
+{ERR_R_NESTED_ASN1_ERROR                ,"nested asn1 error"},
+{ERR_R_BAD_ASN1_OBJECT_HEADER           ,"bad asn1 object header"},
+{ERR_R_BAD_GET_ASN1_OBJECT_CALL         ,"bad get asn1 object call"},
+{ERR_R_EXPECTING_AN_ASN1_SEQUENCE       ,"expecting an asn1 sequence"},
+{ERR_R_ASN1_LENGTH_MISMATCH             ,"asn1 length mismatch"},
+{ERR_R_MISSING_ASN1_EOS                 ,"missing asn1 eos"},
+
+{ERR_R_FATAL                            ,"fatal"},
+{ERR_R_MALLOC_FAILURE                   ,"malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER            ,"passed a null parameter"},
+{ERR_R_INTERNAL_ERROR                   ,"internal error"},
+{ERR_R_DISABLED                         ,"called a function that was disabled at compile-time"},
+
+{0,NULL},
+        };
+#endif
+
+#ifndef OPENSSL_NO_ERR
+#define NUM_SYS_STR_REASONS 127
+#define LEN_SYS_STR_REASON 32
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/* SYS_str_reasons is filled with copies of strerror() results at
+ * initialization.
+ * 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string.
+ * It is crucial that we have something for each reason code
+ * that occurs in ERR_str_reasons, or bogus reason strings
+ * will be returned for SYSerr, which always gets an errno
+ * value and never one of those 'standard' reason codes. */
+
+static void build_SYS_str_reasons(void)
+        {
+        /* OPENSSL_malloc cannot be used here, use static storage instead */
+        static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+        int i;
+        static int init = 1;
+
+        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+        
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+        if (!init)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+                return;
+                }
+
+        for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
+                {
+                ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+                str->error = (unsigned long)i;
+                if (str->string == NULL)
+                        {
+                        char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+                        char *src = strerror(i);
+                        if (src != NULL)
+                                {
+                                strncpy(*dest, src, sizeof *dest);
+                                (*dest)[sizeof *dest - 1] = '\0';
+                                str->string = *dest;
+                                }
+                        }
+                if (str->string == NULL)
+                        str->string = "unknown";
+                }
+
+        /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
+         * as required by ERR_load_strings. */
+
+        init = 0;
+        
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        }
+#endif
+
+void ERR_load_ERR_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+        if (ERR_func_error_string(ERR_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,ERR_str_libraries);
+                ERR_load_strings(0,ERR_str_reasons);
+                ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
+                build_SYS_str_reasons();
+                ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons);
+                }
+#endif
+        }
+
diff --git a/src/lib/libssl/src/crypto/evp/dig_eng.c b/src/lib/libssl/src/crypto/evp/dig_eng.c
new file mode 100644
index 0000000000..64cdf9366c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/dig_eng.c
@@ -0,0 +1,180 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+#ifndef OPENSSL_NO_ENGINE
+
+#ifdef OPENSSL_FIPS
+
+static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
+        {
+        if (*ptype)
+                {
+                /* Ensure an ENGINE left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_MD could be used). */
+                if(ctx->engine)
+                        ENGINE_finish(ctx->engine);
+                if(impl)
+                        {
+                        if (!ENGINE_init(impl))
+                                {
+                                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                else
+                        /* Ask if an ENGINE is reserved for this job */
+                        impl = ENGINE_get_digest_engine((*ptype)->type);
+                if(impl)
+                        {
+                        /* There's an ENGINE for this job ... (apparently) */
+                        const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+                        if(!d)
+                                {
+                                /* Same comment from evp_enc.c */
+                                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        /* We'll use the ENGINE's private digest definition */
+                        *ptype = d;
+                        /* Store the ENGINE functional reference so we know
+                         * 'type' came from an ENGINE and we need to release
+                         * it when done. */
+                        ctx->engine = impl;
+                        }
+                else
+                        ctx->engine = NULL;
+                }
+        else
+        if(!ctx->digest)
+                {
+                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET);
+                return 0;
+                }
+        return 1;
+        }
+
+void int_EVP_MD_init_engine_callbacks(void)
+        {
+        int_EVP_MD_set_engine_callbacks(
+                ENGINE_init, ENGINE_finish, do_evp_md_engine_full);
+        }
+#endif
+#endif
diff --git a/src/lib/libssl/src/crypto/evp/enc_min.c b/src/lib/libssl/src/crypto/evp/enc_min.c
new file mode 100644
index 0000000000..3cb4626bef
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/enc_min.c
@@ -0,0 +1,390 @@
+/* crypto/evp/enc_min.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+        {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
+        memset(ctx,0,sizeof(EVP_CIPHER_CTX));
+        /* ctx->cipher=NULL; */
+        }
+
+#ifdef OPENSSL_FIPS
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                    const unsigned char *iv, int enc)
+        { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+
+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, unsigned int inl)
+        { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+
+/* NB: no cleanup because it is allowed after failed init */
+
+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+        { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
+
+static const EVP_CIPHER bad_cipher =
+        {
+        0,
+        0,
+        0,
+        0,
+        0,
+        bad_init,
+        bad_do_cipher,
+        NULL,
+        0,
+        bad_set_asn1,
+        bad_get_asn1,
+        bad_ctrl,
+        NULL
+        };
+
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+
+#ifdef OPENSSL_FIPS
+
+static int do_engine_null(ENGINE *impl) { return 0;}
+static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx,
+                                const EVP_CIPHER **pciph, ENGINE *impl)
+        { return 1; }
+
+static int (*do_engine_finish)(ENGINE *impl)
+                = do_engine_null;
+
+static int (*do_evp_enc_engine)
+        (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)
+                = do_evp_enc_engine_null;
+
+void int_EVP_CIPHER_set_engine_callbacks(
+        int (*eng_ciph_fin)(ENGINE *impl),
+        int (*eng_ciph_evp)
+                (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl))
+        {
+        do_engine_finish = eng_ciph_fin;
+        do_evp_enc_engine = eng_ciph_evp;
+        }
+
+#else
+
+#define do_engine_finish ENGINE_finish
+
+static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
+        {
+        if(impl)
+                {
+                if (!ENGINE_init(impl))
+                        {
+                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+                        return 0;
+                        }
+                }
+        else
+                /* Ask if an ENGINE is reserved for this job */
+                impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+        if(impl)
+                {
+                /* There's an ENGINE for this job ... (apparently) */
+                const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+                if(!c)
+                        {
+                        /* One positive side-effect of US's export
+                         * control history, is that we should at least
+                         * be able to avoid using US mispellings of
+                         * "initialisation"? */
+                        EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+                        return 0;
+                        }
+                /* We'll use the ENGINE's private cipher definition */
+                *pcipher = c;
+                /* Store the ENGINE functional reference so we know
+                 * 'cipher' came from an ENGINE and we need to release
+                 * it when done. */
+                ctx->engine = impl;
+                }
+        else
+                ctx->engine = NULL;
+        return 1;
+        }
+
+#endif
+
+#endif
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+             const unsigned char *key, const unsigned char *iv, int enc)
+        {
+        if (enc == -1)
+                enc = ctx->encrypt;
+        else
+                {
+                if (enc)
+                        enc = 1;
+                ctx->encrypt = enc;
+                }
+#ifdef OPENSSL_NO_FIPS
+        if(FIPS_selftest_failed())
+                {
+                FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
+                ctx->cipher = &bad_cipher;
+                return 0;
+                }
+#endif
+#ifndef OPENSSL_NO_ENGINE
+        /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+         * so this context may already have an ENGINE! Try to avoid releasing
+         * the previous handle, re-querying for an ENGINE, and having a
+         * reinitialisation, when it may all be unecessary. */
+        if (ctx->engine && ctx->cipher && (!cipher ||
+                        (cipher && (cipher->nid == ctx->cipher->nid))))
+                goto skip_to_init;
+#endif
+        if (cipher)
+                {
+                /* Ensure a context left lying around from last time is cleared
+                 * (the previous check attempted to avoid this if the same
+                 * ENGINE and EVP_CIPHER could be used). */
+                EVP_CIPHER_CTX_cleanup(ctx);
+
+                /* Restore encrypt field: it is zeroed by cleanup */
+                ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+                if (!do_evp_enc_engine(ctx, &cipher, impl))
+                        return 0;
+#endif
+
+                ctx->cipher=cipher;
+                if (ctx->cipher->ctx_size)
+                        {
+                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+                        if (!ctx->cipher_data)
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        }
+                else
+                        {
+                        ctx->cipher_data = NULL;
+                        }
+                ctx->key_len = cipher->key_len;
+                ctx->flags = 0;
+                if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+                        {
+                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+                                {
+                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                return 0;
+                                }
+                        }
+                }
+        else if(!ctx->cipher)
+                {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+                return 0;
+                }
+#ifndef OPENSSL_NO_ENGINE
+skip_to_init:
+#endif
+        /* we assume block size is a power of 2 in *cryptUpdate */
+        OPENSSL_assert(ctx->cipher->block_size == 1
+            || ctx->cipher->block_size == 8
+            || ctx->cipher->block_size == 16);
+
+        if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+                switch(EVP_CIPHER_CTX_mode(ctx)) {
+
+                        case EVP_CIPH_STREAM_CIPHER:
+                        case EVP_CIPH_ECB_MODE:
+                        break;
+
+                        case EVP_CIPH_CFB_MODE:
+                        case EVP_CIPH_OFB_MODE:
+
+                        ctx->num = 0;
+
+                        case EVP_CIPH_CBC_MODE:
+
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                                        (int)sizeof(ctx->iv));
+                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                        break;
+
+                        default:
+                        return 0;
+                        break;
+                }
+        }
+
+#ifdef OPENSSL_FIPS
+        /* After 'key' is set no further parameters changes are permissible.
+         * So only check for non FIPS enabling at this point.
+         */
+        if (key && FIPS_mode())
+                {
+                if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+                        & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+                        {
+                        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+#if 0
+                        ERR_add_error_data(2, "cipher=",
+                                                EVP_CIPHER_name(ctx->cipher));
+#endif
+                        ctx->cipher = &bad_cipher;
+                        return 0;
+                        }
+                }
+#endif
+
+        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+        }
+        ctx->buf_len=0;
+        ctx->final_used=0;
+        ctx->block_mask=ctx->cipher->block_size-1;
+        return 1;
+        }
+
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+        {
+        if (c->cipher != NULL)
+                {
+                if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                        return 0;
+                /* Cleanse cipher context data */
+                if (c->cipher_data)
+                        OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+                }
+        if (c->cipher_data)
+                OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+        if (c->engine)
+                /* The EVP_CIPHER we used belongs to an ENGINE, release the
+                 * functional reference we held for this reason. */
+                do_engine_finish(c->engine);
+#endif
+        memset(c,0,sizeof(EVP_CIPHER_CTX));
+        return 1;
+        }
+
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
+        {
+#ifdef OPENSSL_FIPS
+        FIPS_selftest_check();
+#endif
+        return ctx->cipher->do_cipher(ctx,out,in,inl);
+        }
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        int ret;
+        if(!ctx->cipher) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+                return 0;
+        }
+
+        if(!ctx->cipher->ctrl) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+                return 0;
+        }
+
+        ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+        if(ret == -1) {
+                EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+                return 0;
+        }
+        return ret;
+}
+
+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->flags;
+        }
+
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+        {
+        return ctx->cipher->iv_len;
+        }
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+        {
+        return cipher->nid;
+        }
diff --git a/src/lib/libssl/src/crypto/evp/evp_cnf.c b/src/lib/libssl/src/crypto/evp/evp_cnf.c
new file mode 100644
index 0000000000..2e4db30235
--- /dev/null
+++ b/src/lib/libssl/src/crypto/evp/evp_cnf.c
@@ -0,0 +1,125 @@
+/* evp_cnf.c */
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+
+/* Algorithm configuration module. */
+
+static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+        {
+        int i;
+        const char *oid_section;
+        STACK_OF(CONF_VALUE) *sktmp;
+        CONF_VALUE *oval;
+        oid_section = CONF_imodule_get_value(md);
+        if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+                {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
+                return 0;
+                }
+        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+                {
+                oval = sk_CONF_VALUE_value(sktmp, i);
+                if (!strcmp(oval->name, "fips_mode"))
+                        {
+                        int m;
+                        if (!X509V3_get_value_bool(oval, &m))
+                                {
+                                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
+                                return 0;
+                                }
+                        if (m > 0)
+                                {
+#ifdef OPENSSL_FIPS
+                                if (!FIPS_mode() && !FIPS_mode_set(1))
+                                        {
+                                        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE);
+                                        return 0;
+                                        }
+#else
+                                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
+                                return 0;
+#endif
+                                }
+                        }
+                else
+                        {
+                        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
+                        ERR_add_error_data(4, "name=", oval->name,
+                                                ", value=", oval->value);
+                        }
+                                
+                }
+        return 1;
+        }
+
+void EVP_add_alg_module(void)
+        {
+        CONF_module_add("alg_section", alg_module_init, 0);
+        }
diff --git a/src/lib/libssl/src/crypto/fips_err.c b/src/lib/libssl/src/crypto/fips_err.c
new file mode 100644
index 0000000000..09f11748f6
--- /dev/null
+++ b/src/lib/libssl/src/crypto/fips_err.c
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+# include "fips_err.h"
+#else
+static void *dummy=&dummy;
+#endif
diff --git a/src/lib/libssl/src/crypto/hmac/Makefile b/src/lib/libssl/src/crypto/hmac/Makefile
index 01f10c396f..5cfa37d99c 100644
--- a/src/lib/libssl/src/crypto/hmac/Makefile
+++ b/src/lib/libssl/src/crypto/hmac/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -77,9 +77,10 @@ clean:
 hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../cryptlib.h hmac.c
diff --git a/src/lib/libssl/src/crypto/idea/Makefile b/src/lib/libssl/src/crypto/idea/Makefile
index b2e7add666..55c0d4dbff 100644
--- a/src/lib/libssl/src/crypto/idea/Makefile
+++ b/src/lib/libssl/src/crypto/idea/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -82,5 +82,9 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ofb64.o: i_ofb64.c idea_lcl.h
-i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
+i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libssl/src/crypto/krb5/Makefile b/src/lib/libssl/src/crypto/krb5/Makefile
index 14077390d6..8efb9e8910 100644
--- a/src/lib/libssl/src/crypto/krb5/Makefile
+++ b/src/lib/libssl/src/crypto/krb5/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/lhash/Makefile b/src/lib/libssl/src/crypto/lhash/Makefile
index 82bddac474..35f0932971 100644
--- a/src/lib/libssl/src/crypto/lhash/Makefile
+++ b/src/lib/libssl/src/crypto/lhash/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/md2/Makefile b/src/lib/libssl/src/crypto/md2/Makefile
index 17f878aeb7..7f43321ab2 100644
--- a/src/lib/libssl/src/crypto/md2/Makefile
+++ b/src/lib/libssl/src/crypto/md2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -74,7 +74,9 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
 md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/md4/Makefile b/src/lib/libssl/src/crypto/md4/Makefile
index ef97bb0cbe..0bc4896585 100644
--- a/src/lib/libssl/src/crypto/md4/Makefile
+++ b/src/lib/libssl/src/crypto/md4/Makefile
@@ -34,7 +34,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -75,9 +75,13 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
-md4_dgst.o: ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c
 md4_dgst.o: md4_locl.h
 md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/md5/Makefile b/src/lib/libssl/src/crypto/md5/Makefile
index ceb00e8956..3c450fcfc0 100644
--- a/src/lib/libssl/src/crypto/md5/Makefile
+++ b/src/lib/libssl/src/crypto/md5/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -91,9 +91,13 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
-md5_dgst.o: ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c
 md5_dgst.o: md5_locl.h
 md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
diff --git a/src/lib/libssl/src/crypto/objects/Makefile b/src/lib/libssl/src/crypto/objects/Makefile
index 9c5615099c..25e8b23b5d 100644
--- a/src/lib/libssl/src/crypto/objects/Makefile
+++ b/src/lib/libssl/src/crypto/objects/Makefile
@@ -34,7 +34,7 @@ top:
 all:    obj_dat.h lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/ocsp/Makefile b/src/lib/libssl/src/crypto/ocsp/Makefile
index 0fe028960e..30a00b3372 100644
--- a/src/lib/libssl/src/crypto/ocsp/Makefile
+++ b/src/lib/libssl/src/crypto/ocsp/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -82,9 +82,10 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_asn.o: ../../include/openssl/opensslconf.h
 ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -97,24 +98,25 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-ocsp_cl.o: ../cryptlib.h ocsp_cl.c
+ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
 ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/opensslconf.h
 ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -127,21 +129,22 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c
-ocsp_ht.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ocsp_ht.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
-ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ocsp_ht.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ocsp_ht.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_ht.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -156,9 +159,9 @@ ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -171,9 +174,10 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_prn.o: ../../include/openssl/opensslconf.h
 ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -187,9 +191,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
 ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -202,9 +206,10 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_vfy.o: ../../include/openssl/opensslconf.h
 ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/src/lib/libssl/src/crypto/pem/Makefile b/src/lib/libssl/src/crypto/pem/Makefile
index 742194fd24..669f36612c 100644
--- a/src/lib/libssl/src/crypto/pem/Makefile
+++ b/src/lib/libssl/src/crypto/pem/Makefile
@@ -36,7 +36,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -83,36 +83,39 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../cryptlib.h pem_all.c
 pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c
+pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: pem_err.c
 pem_info.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
 pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/opensslconf.h
 pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
@@ -126,54 +129,55 @@ pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
 pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_lib.o: ../cryptlib.h pem_lib.c
+pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
 pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c
+pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../cryptlib.h pem_oth.c
 pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
-pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pem_pk8.o: ../cryptlib.h pem_pk8.c
+pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
 pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_pkey.o: ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
@@ -186,9 +190,9 @@ pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_seal.o: ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -201,9 +205,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_sign.o: ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
@@ -216,9 +220,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -230,9 +234,9 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
diff --git a/src/lib/libssl/src/crypto/pkcs12/Makefile b/src/lib/libssl/src/crypto/pkcs12/Makefile
index 3a7498fe7a..eed226b30d 100644
--- a/src/lib/libssl/src/crypto/pkcs12/Makefile
+++ b/src/lib/libssl/src/crypto/pkcs12/Makefile
@@ -39,7 +39,7 @@ test:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -85,36 +85,37 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c
+p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../cryptlib.h p12_add.c
 p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_asn.o: ../cryptlib.h p12_asn.c
+p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
 p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_attr.o: ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -126,9 +127,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crpt.o: ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -140,22 +141,23 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c
+p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../cryptlib.h p12_crt.c
 p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_decr.o: ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -167,9 +169,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_init.o: ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -182,22 +184,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p12_key.o: ../cryptlib.h p12_key.c
+p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c
 p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_kiss.o: ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -209,9 +211,10 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_mutl.o: ../../include/openssl/opensslconf.h
 p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
 p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -223,8 +226,9 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_npas.o: ../../include/openssl/opensslconf.h
 p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
@@ -237,50 +241,53 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c
+p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../cryptlib.h p12_p8d.c
 p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c
+p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../cryptlib.h p12_p8e.c
 p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h
 p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c
+p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../cryptlib.h p12_utl.c
 pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk12err.o: pk12err.c
+pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile b/src/lib/libssl/src/crypto/pkcs7/Makefile
index 3f7e88b40f..790d8edf36 100644
--- a/src/lib/libssl/src/crypto/pkcs7/Makefile
+++ b/src/lib/libssl/src/crypto/pkcs7/Makefile
@@ -54,7 +54,7 @@ verify: verify.o example.o lib
         $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -101,8 +101,9 @@ pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_asn1.o: ../../include/openssl/opensslconf.h
 pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -113,8 +114,9 @@ pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_attr.o: ../../include/openssl/opensslconf.h
 pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -127,8 +129,9 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_doit.o: ../../include/openssl/opensslconf.h
 pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -140,22 +143,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-pk7_lib.o: ../cryptlib.h pk7_lib.c
+pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
 pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h
 pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-pk7_mime.o: ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
 pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -168,8 +171,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pk7_smime.o: ../../include/openssl/opensslconf.h
 pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
diff --git a/src/lib/libssl/src/crypto/pqueue/pq_compat.h b/src/lib/libssl/src/crypto/pqueue/pq_compat.h
index fd36578882..7b2c32725c 100644
--- a/src/lib/libssl/src/crypto/pqueue/pq_compat.h
+++ b/src/lib/libssl/src/crypto/pqueue/pq_compat.h
@@ -57,6 +57,9 @@
  *
  */
 
+#ifndef HEADER_PQ_COMPAT_H
+#define HEADER_PQ_COMPAT_H
+
 #include <openssl/opensslconf.h>
 #include <openssl/bn.h>
 
@@ -145,3 +148,5 @@
                                               *(x) |= mask; \
                                           } while(0)
 #endif /* OPENSSL_SYS_VMS */
+
+#endif
diff --git a/src/lib/libssl/src/crypto/rand/rand_eng.c b/src/lib/libssl/src/crypto/rand/rand_eng.c
new file mode 100644
index 0000000000..1669cef43c
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rand/rand_eng.c
@@ -0,0 +1,152 @@
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "rand_lcl.h"
+#include <openssl/rand.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+#if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE)
+
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+
+int eng_RAND_set_rand_method(const RAND_METHOD *meth, const RAND_METHOD **pmeth)
+        {
+        if(funct_ref)
+                {
+                ENGINE_finish(funct_ref);
+                funct_ref = NULL;
+                }
+        *pmeth = meth;
+        return 1;
+        }
+
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
+        {
+        if (!*pmeth)
+                {
+                ENGINE *e = ENGINE_get_default_RAND();
+                if(e)
+                        {
+                        *pmeth = ENGINE_get_RAND(e);
+                        if(!*pmeth)
+                                {
+                                ENGINE_finish(e);
+                                e = NULL;
+                                }
+                        }
+                if(e)
+                        funct_ref = e;
+                else
+                        if(FIPS_mode())
+                                *pmeth=FIPS_rand_method();
+                        else
+                        *pmeth = RAND_SSLeay();
+                }
+
+        if(FIPS_mode()
+                && *pmeth != FIPS_rand_check())
+            {
+            RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+            return 0;
+            }
+
+        return *pmeth;
+        }
+
+int RAND_set_rand_engine(ENGINE *engine)
+        {
+        const RAND_METHOD *tmp_meth = NULL;
+        if(engine)
+                {
+                if(!ENGINE_init(engine))
+                        return 0;
+                tmp_meth = ENGINE_get_RAND(engine);
+                if(!tmp_meth)
+                        {
+                        ENGINE_finish(engine);
+                        return 0;
+                        }
+                }
+        /* This function releases any prior ENGINE so call it first */
+        RAND_set_rand_method(tmp_meth);
+        funct_ref = engine;
+        return 1;
+        }
+
+void int_RAND_init_engine_callbacks(void)
+        {
+        static int done = 0;
+        if (done)
+                return;
+        int_RAND_set_callbacks(eng_RAND_set_rand_method,
+                                 eng_RAND_get_rand_method);
+        done = 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/rc2/Makefile b/src/lib/libssl/src/crypto/rc2/Makefile
index 73eac347e7..4b6292b65f 100644
--- a/src/lib/libssl/src/crypto/rc2/Makefile
+++ b/src/lib/libssl/src/crypto/rc2/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -78,7 +78,11 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2_cbc.o: rc2_cbc.c rc2_locl.h
 rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
-rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc2_skey.o: rc2_locl.h rc2_skey.c
 rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2cfb64.o: rc2_locl.h rc2cfb64.c
diff --git a/src/lib/libssl/src/crypto/rc4/Makefile b/src/lib/libssl/src/crypto/rc4/Makefile
index 187ed5c668..f0bd7678fc 100644
--- a/src/lib/libssl/src/crypto/rc4/Makefile
+++ b/src/lib/libssl/src/crypto/rc4/Makefile
@@ -21,8 +21,8 @@ TEST=rc4test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=rc4_skey.c rc4_enc.c
-LIBOBJ=$(RC4_ENC)
+LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c
+LIBOBJ=$(RC4_ENC) rc4_fblk.o
 
 SRC= $(LIBSRC)
 
@@ -37,7 +37,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -105,10 +105,20 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h
+rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h
+rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_fblk.o: ../../include/openssl/opensslconf.h
+rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h
 rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
 rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
 rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_fblk.c b/src/lib/libssl/src/crypto/rc4/rc4_fblk.c
new file mode 100644
index 0000000000..1b2a42979b
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rc4/rc4_fblk.c
@@ -0,0 +1,75 @@
+/* crypto/rc4/rc4_fblk.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+/* FIPS mode blocking for RC4 has to be done separately since RC4_set_key
+ * may be implemented in an assembly language file.
+ */
+
+#ifdef OPENSSL_FIPS
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+        {
+        if (FIPS_mode())
+                FIPS_BAD_ABORT(RC4)
+        private_RC4_set_key(key, len, data);
+        }
+#endif
+
diff --git a/src/lib/libssl/src/crypto/rc5/Makefile b/src/lib/libssl/src/crypto/rc5/Makefile
index efb0f36b59..b4e21c9bb2 100644
--- a/src/lib/libssl/src/crypto/rc5/Makefile
+++ b/src/lib/libssl/src/crypto/rc5/Makefile
@@ -40,7 +40,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile b/src/lib/libssl/src/crypto/ripemd/Makefile
index d55875c20c..6145f13699 100644
--- a/src/lib/libssl/src/crypto/ripemd/Makefile
+++ b/src/lib/libssl/src/crypto/ripemd/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,8 +89,13 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rmd_dgst.o: ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
 rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eng.c b/src/lib/libssl/src/crypto/rsa/rsa_eng.c
new file mode 100644
index 0000000000..383a7045b2
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eng.c
@@ -0,0 +1,348 @@
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
+const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+
+static const RSA_METHOD *default_RSA_meth=NULL;
+
+RSA *RSA_new(void)
+        {
+        RSA *r=RSA_new_method(NULL);
+
+        return r;
+        }
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+        {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
+                {
+                RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
+                return;
+                }
+#endif
+        default_RSA_meth = meth;
+        }
+
+const RSA_METHOD *RSA_get_default_method(void)
+        {
+        if (default_RSA_meth == NULL)
+                {
+#ifdef RSA_NULL
+                default_RSA_meth=RSA_null_method();
+#else
+#if 0 /* was: #ifdef RSAref */
+                default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+                default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                }
+
+        return default_RSA_meth;
+        }
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+        {
+        return rsa->meth;
+        }
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+        {
+        /* NB: The caller is specifically setting a method, so it's not up to us
+         * to deal with which ENGINE it comes from. */
+        const RSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
+                {
+                RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
+                return 0;
+                }
+#endif
+        mtmp = rsa->meth;
+        if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+        if (rsa->engine)
+                {
+                ENGINE_finish(rsa->engine);
+                rsa->engine = NULL;
+                }
+#endif
+        rsa->meth = meth;
+        if (meth->init) meth->init(rsa);
+        return 1;
+        }
+
+RSA *RSA_new_method(ENGINE *engine)
+        {
+        RSA *ret;
+
+        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
+        if (ret == NULL)
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+
+        ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                ret->engine = engine;
+                }
+        else
+                ret->engine = ENGINE_get_default_RSA();
+        if(ret->engine)
+                {
+                ret->meth = ENGINE_get_RSA(ret->engine);
+                if(!ret->meth)
+                        {
+                        RSAerr(RSA_F_RSA_NEW_METHOD,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(ret->engine);
+                        OPENSSL_free(ret);
+                        return NULL;
+                        }
+                }
+#endif
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
+                {
+                RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                OPENSSL_free(ret);
+                return NULL;
+                }
+#endif
+
+        ret->pad=0;
+        ret->version=0;
+        ret->n=NULL;
+        ret->e=NULL;
+        ret->d=NULL;
+        ret->p=NULL;
+        ret->q=NULL;
+        ret->dmp1=NULL;
+        ret->dmq1=NULL;
+        ret->iqmp=NULL;
+        ret->references=1;
+        ret->_method_mod_n=NULL;
+        ret->_method_mod_p=NULL;
+        ret->_method_mod_q=NULL;
+        ret->blinding=NULL;
+        ret->mt_blinding=NULL;
+        ret->bignum_data=NULL;
+        ret->flags=ret->meth->flags;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+                {
+#ifndef OPENSSL_NO_ENGINE
+                if (ret->engine)
+                        ENGINE_finish(ret->engine);
+#endif
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+                OPENSSL_free(ret);
+                ret=NULL;
+                }
+        return(ret);
+        }
+
+void RSA_free(RSA *r)
+        {
+        int i;
+
+        if (r == NULL) return;
+
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"RSA_free, bad reference count\n");
+                abort();
+                }
+#endif
+
+        if (r->meth->finish)
+                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+        if (r->engine)
+                ENGINE_finish(r->engine);
+#endif
+
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+        if (r->n != NULL) BN_clear_free(r->n);
+        if (r->e != NULL) BN_clear_free(r->e);
+        if (r->d != NULL) BN_clear_free(r->d);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+        OPENSSL_free(r);
+        }
+
+int RSA_up_ref(RSA *r)
+        {
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+        REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+        if (i < 2)
+                {
+                fprintf(stderr, "RSA_up_ref, bad reference count\n");
+                abort();
+                }
+#endif
+        return ((i > 1) ? 1 : 0);
+        }
+
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+
+int RSA_flags(const RSA *r)
+        {
+        return((r == NULL)?0:r->meth->flags);
+        }
+
+int RSA_memory_lock(RSA *r)
+        {
+        int i,j,k,off;
+        char *p;
+        BIGNUM *bn,**t[6],*b;
+        BN_ULONG *ul;
+
+        if (r->d == NULL) return(1);
+        t[0]= &r->d;
+        t[1]= &r->p;
+        t[2]= &r->q;
+        t[3]= &r->dmp1;
+        t[4]= &r->dmq1;
+        t[5]= &r->iqmp;
+        k=sizeof(BIGNUM)*6;
+        off=k/sizeof(BN_ULONG)+1;
+        j=1;
+        for (i=0; i<6; i++)
+                j+= (*t[i])->top;
+        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+                {
+                RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+                return(0);
+                }
+        bn=(BIGNUM *)p;
+        ul=(BN_ULONG *)&(p[off]);
+        for (i=0; i<6; i++)
+                {
+                b= *(t[i]);
+                *(t[i])= &(bn[i]);
+                memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+                bn[i].flags=BN_FLG_STATIC_DATA;
+                bn[i].d=ul;
+                memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+                ul+=b->top;
+                BN_clear_free(b);
+                }
+        
+        /* I should fix this so it can still be done */
+        r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+
+        r->bignum_data=p;
+        return(1);
+        }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_x931g.c b/src/lib/libssl/src/crypto/rsa/rsa_x931g.c
new file mode 100644
index 0000000000..c640cc2ec9
--- /dev/null
+++ b/src/lib/libssl/src/crypto/rsa/rsa_x931g.c
@@ -0,0 +1,255 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifndef OPENSSL_FIPS
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+                        const BIGNUM *e, BN_GENCB *cb)
+        {
+        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+
+        if (!rsa) 
+                goto err;
+
+        ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        if (!ctx) 
+                goto err;
+
+        r0 = BN_CTX_get(ctx);
+        r1 = BN_CTX_get(ctx);
+        r2 = BN_CTX_get(ctx);
+        r3 = BN_CTX_get(ctx);
+
+        if (r3 == NULL)
+                goto err;
+        if (!rsa->e)
+                {
+                rsa->e = BN_dup(e);
+                if (!rsa->e)
+                        goto err;
+                }
+        else
+                e = rsa->e;
+
+        /* If not all parameters present only calculate what we can.
+         * This allows test programs to output selective parameters.
+         */
+
+        if (Xp && !rsa->p)
+                {
+                rsa->p = BN_new();
+                if (!rsa->p)
+                        goto err;
+
+                if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                        Xp, Xp1, Xp2, e, ctx, cb))
+                        goto err;
+                }
+
+        if (Xq && !rsa->q)
+                {
+                rsa->q = BN_new();
+                if (!rsa->q)
+                        goto err;
+                if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                        Xq, Xq1, Xq2, e, ctx, cb))
+                        goto err;
+                }
+
+        if (!rsa->p || !rsa->q)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                return 2;
+                }
+
+        /* Since both primes are set we can now calculate all remaining 
+         * components.
+         */
+
+        /* calculate n */
+        rsa->n=BN_new();
+        if (rsa->n == NULL)
+                goto err;
+        if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
+                goto err;
+
+        /* calculate d */
+        if (!BN_sub(r1,rsa->p,BN_value_one()))
+                goto err;       /* p-1 */
+        if (!BN_sub(r2,rsa->q,BN_value_one()))
+                goto err;       /* q-1 */
+        if (!BN_mul(r0,r1,r2,ctx))
+                goto err;       /* (p-1)(q-1) */
+
+        if (!BN_gcd(r3, r1, r2, ctx))
+                goto err;
+
+        if (!BN_div(r0, NULL, r0, r3, ctx))
+                goto err;       /* LCM((p-1)(q-1)) */
+
+        ctx2 = BN_CTX_new();
+        if (!ctx2)
+                goto err;
+
+        rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);     /* d */
+        if (rsa->d == NULL)
+                goto err;
+
+        /* calculate d mod (p-1) */
+        rsa->dmp1=BN_new();
+        if (rsa->dmp1 == NULL)
+                goto err;
+        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
+                goto err;
+
+        /* calculate d mod (q-1) */
+        rsa->dmq1=BN_new();
+        if (rsa->dmq1 == NULL)
+                goto err;
+        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
+                goto err;
+
+        /* calculate inverse of q mod p */
+        rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+
+        err:
+        if (ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        if (ctx2)
+                BN_CTX_free(ctx2);
+        /* If this is set all calls successful */
+        if (rsa->iqmp != NULL)
+                return 1;
+
+        return 0;
+
+        }
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
+        {
+        int ok = 0;
+        BIGNUM *Xp = NULL, *Xq = NULL;
+        BN_CTX *ctx = NULL;
+        
+        ctx = BN_CTX_new();
+        if (!ctx)
+                goto error;
+
+        BN_CTX_start(ctx);
+        Xp = BN_CTX_get(ctx);
+        Xq = BN_CTX_get(ctx);
+        if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+                goto error;
+
+        rsa->p = BN_new();
+        rsa->q = BN_new();
+        if (!rsa->p || !rsa->q)
+                goto error;
+
+        /* Generate two primes from Xp, Xq */
+
+        if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                        e, ctx, cb))
+                goto error;
+
+        if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                        e, ctx, cb))
+                goto error;
+
+        /* Since rsa->p and rsa->q are valid this call will just derive
+         * remaining RSA components.
+         */
+
+        if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                                NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+                goto error;
+
+        ok = 1;
+
+        error:
+        if (ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+
+        if (ok)
+                return 1;
+
+        return 0;
+
+        }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/sha/Makefile b/src/lib/libssl/src/crypto/sha/Makefile
index ac64fb61d3..f4741b9ee6 100644
--- a/src/lib/libssl/src/crypto/sha/Makefile
+++ b/src/lib/libssl/src/crypto/sha/Makefile
@@ -38,7 +38,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -59,7 +59,7 @@ s512sse2-out.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
         (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
 
 sha1-ia64.s:   asm/sha1-ia64.pl
-        (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@
+        (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS))
 sha256-ia64.s: asm/sha512-ia64.pl
         (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
 sha512-ia64.s: asm/sha512-ia64.pl
@@ -113,24 +113,31 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha1_one.o: sha1_one.c
-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
+sha1dgst.o: ../../include/openssl/opensslconf.h
 sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
 sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
 sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c
+sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h
+sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha256.o: ../md32_common.h sha256.c
 sha512.o: ../../e_os.h ../../include/openssl/bio.h
 sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-sha512.o: ../cryptlib.h sha512.c
-sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c
+sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+sha_dgst.o: ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
 sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
diff --git a/src/lib/libssl/src/crypto/stack/Makefile b/src/lib/libssl/src/crypto/stack/Makefile
index 5327692ac8..489a77b93c 100644
--- a/src/lib/libssl/src/crypto/stack/Makefile
+++ b/src/lib/libssl/src/crypto/stack/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile b/src/lib/libssl/src/crypto/txt_db/Makefile
index e6f30331d8..87e57b49f6 100644
--- a/src/lib/libssl/src/crypto/txt_db/Makefile
+++ b/src/lib/libssl/src/crypto/txt_db/Makefile
@@ -33,7 +33,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/ui/Makefile b/src/lib/libssl/src/crypto/ui/Makefile
index a685659fb4..4755e206f6 100644
--- a/src/lib/libssl/src/crypto/ui/Makefile
+++ b/src/lib/libssl/src/crypto/ui/Makefile
@@ -37,7 +37,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
diff --git a/src/lib/libssl/src/crypto/x509/Makefile b/src/lib/libssl/src/crypto/x509/Makefile
index ddcc3124a7..464752b159 100644
--- a/src/lib/libssl/src/crypto/x509/Makefile
+++ b/src/lib/libssl/src/crypto/x509/Makefile
@@ -43,7 +43,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -89,35 +89,37 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c
+by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../cryptlib.h by_dir.c
 by_file.o: ../../e_os.h ../../include/openssl/asn1.h
 by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-by_file.o: ../cryptlib.h by_file.c
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
 x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/opensslconf.h
 x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -130,8 +132,9 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/opensslconf.h
 x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -143,22 +146,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-x509_d2.o: ../cryptlib.h x509_d2.c
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
 x509_def.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_def.o: ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -169,8 +172,9 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_err.o: ../../include/openssl/opensslconf.h
 x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -182,8 +186,9 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/opensslconf.h
 x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -196,22 +201,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_lu.o: ../cryptlib.h x509_lu.c
+x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
 x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -223,8 +228,9 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/opensslconf.h
 x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -236,8 +242,9 @@ x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
 x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
 x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -249,9 +256,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_set.o: ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -263,8 +270,9 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/opensslconf.h
 x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -276,9 +284,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -290,22 +298,23 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-x509_v3.o: ../cryptlib.h x509_v3.c
+x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
 x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
 x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/opensslconf.h
 x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -318,8 +327,9 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vpm.o: ../../include/openssl/opensslconf.h
 x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -331,9 +341,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -344,9 +354,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509name.o: ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -357,9 +367,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509rset.o: ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -370,9 +380,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -383,9 +393,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x509type.o: ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -396,11 +406,12 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libssl/src/crypto/x509v3/Makefile b/src/lib/libssl/src/crypto/x509v3/Makefile
index 556ef351bf..e71dc42f9f 100644
--- a/src/lib/libssl/src/crypto/x509v3/Makefile
+++ b/src/lib/libssl/src/crypto/x509v3/Makefile
@@ -43,7 +43,7 @@ top:
 all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
+        $(ARX) $(LIB) $(LIBOBJ)
         $(RANLIB) $(LIB) || echo Never mind.
         @touch lib
 
@@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_cache.o: ../../include/openssl/objects.h
+pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 pcy_cache.o: ../../include/openssl/opensslconf.h
 pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -105,8 +105,9 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_data.o: ../../include/openssl/opensslconf.h
 pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -119,35 +120,36 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c
+pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c
 pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h
 pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c
+pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c
 pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
-pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_node.o: ../../include/openssl/opensslconf.h
 pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -160,8 +162,9 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pcy_tree.o: ../../include/openssl/opensslconf.h
 pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -174,37 +177,39 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c
+v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_addr.o: ../cryptlib.h v3_addr.c
 v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h v3_akey.c
 v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -216,14 +221,15 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_alt.o: ../cryptlib.h v3_alt.c
 v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -231,23 +237,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_asid.o: ../cryptlib.h v3_asid.c
+v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c
 v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -260,8 +266,9 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bitst.o: ../../include/openssl/opensslconf.h
 v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -274,23 +281,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_conf.o: ../cryptlib.h v3_conf.c
+v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
 v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -303,37 +310,38 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h v3_crld.c
 v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_enum.o: ../cryptlib.h v3_enum.c
+v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
 v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -346,76 +354,81 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h v3_genn.c
 v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ia5.o: ../cryptlib.h v3_ia5.c
 v3_info.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h v3_info.c
 v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_int.o: ../cryptlib.h v3_int.c
 v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
 v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_ncons.o: ../../include/openssl/opensslconf.h
+v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -428,49 +441,52 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
-v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c
+v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../cryptlib.h v3_ocsp.c
 v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c
+v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pci.o: ../cryptlib.h v3_pci.c
 v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c
+v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pcia.o: v3_pcia.c
 v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pcons.o: ../../include/openssl/opensslconf.h
+v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -483,23 +499,24 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pku.o: ../cryptlib.h v3_pku.c
 v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_pmaps.o: ../../include/openssl/opensslconf.h
+v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -511,51 +528,52 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_prn.o: ../cryptlib.h v3_prn.c
 v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_purp.o: ../cryptlib.h v3_purp.c
+v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
 v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_skey.o: ../cryptlib.h v3_skey.c
+v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
 v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h
 v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -568,24 +586,25 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
 v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
 v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-v3_utl.o: ../cryptlib.h v3_utl.c
+v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c
 v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
 v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
 v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-v3err.o: ../../include/openssl/x509v3.h v3err.c
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: v3err.c
diff --git a/src/lib/libssl/src/demos/jpake/Makefile b/src/lib/libssl/src/demos/jpake/Makefile
new file mode 100644
index 0000000000..09b8f03d0c
--- /dev/null
+++ b/src/lib/libssl/src/demos/jpake/Makefile
@@ -0,0 +1,7 @@
+LDFLAGS=-L../.. -lcrypto
+CFLAGS=-I../../include -Wall -Werror -g
+
+all: jpakedemo
+
+jpakedemo: jpakedemo.o
+        $(CC) -g -o jpakedemo jpakedemo.o $(LDFLAGS)
diff --git a/src/lib/libssl/src/demos/jpake/jpakedemo.c b/src/lib/libssl/src/demos/jpake/jpakedemo.c
new file mode 100644
index 0000000000..338a8810d9
--- /dev/null
+++ b/src/lib/libssl/src/demos/jpake/jpakedemo.c
@@ -0,0 +1,469 @@
+#include "openssl/bn.h"
+#include "openssl/sha.h"
+#include <assert.h>
+#include <string.h>
+#include <stdlib.h>
+
+/* Copyright (C) 2008 Ben Laurie (ben@links.org) */
+
+/*
+ * Implement J-PAKE, as described in
+ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
+ * 
+ * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
+ */
+
+static void showbn(const char *name, const BIGNUM *bn)
+    {
+    fputs(name, stdout);
+    fputs(" = ", stdout);
+    BN_print_fp(stdout, bn);
+    putc('\n', stdout);
+    }
+
+typedef struct
+    {
+    BN_CTX *ctx;  // Perhaps not the best place for this?
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *g;
+    } JPakeParameters;
+
+static void JPakeParametersInit(JPakeParameters *params)
+    {
+    params->ctx = BN_CTX_new();
+
+    // For now use p, q, g from Java sample code. Later, generate them.
+    params->p = NULL;
+    BN_hex2bn(&params->p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
+    params->q = NULL;
+    BN_hex2bn(&params->q, "9760508f15230bccb292b982a2eb840bf0581cf5");
+    params->g = NULL;
+    BN_hex2bn(&params->g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
+
+    showbn("p", params->p);
+    showbn("q", params->q);
+    showbn("g", params->g);
+    }
+
+typedef struct
+    {
+    BIGNUM *gr;  // g^r (r random)
+    BIGNUM *b;   // b = r - x*h, h=hash(g, g^r, g^x, name)
+    } JPakeZKP;
+
+typedef struct
+    {
+    BIGNUM *gx;       // g^x
+    JPakeZKP zkpx;    // ZKP(x)
+    } JPakeStep1;
+
+typedef struct
+    {
+    BIGNUM *X;        // g^(xa + xc + xd) * xb * s
+    JPakeZKP zkpxbs;  // ZKP(xb * s)
+    } JPakeStep2;
+
+typedef struct
+    {
+    const char *name;  // Must be unique
+    int base;          // 1 for Alice, 3 for Bob. Only used for printing stuff.
+    JPakeStep1 s1c;    // Alice's g^x3, ZKP(x3) or Bob's g^x1, ZKP(x1)
+    JPakeStep1 s1d;    // Alice's g^x4, ZKP(x4) or Bob's g^x2, ZKP(x2)
+    JPakeStep2 s2;     // Alice's A, ZKP(x2 * s) or Bob's B, ZKP(x4 * s)
+    } JPakeUserPublic;
+
+/*
+ * The user structure. In the definition, (xa, xb, xc, xd) are Alice's
+ * (x1, x2, x3, x4) or Bob's (x3, x4, x1, x2). If you see what I mean.
+ */
+typedef struct
+    {
+    JPakeUserPublic p;
+    BIGNUM *secret;    // The shared secret
+    BIGNUM *key;       // The calculated (shared) key
+    BIGNUM *xa;        // Alice's x1 or Bob's x3
+    BIGNUM *xb;        // Alice's x2 or Bob's x4
+    } JPakeUser;
+
+// Generate each party's random numbers. xa is in [0, q), xb is in [1, q).
+static void genrand(JPakeUser *user, const JPakeParameters *params)
+    {
+    BIGNUM *qm1;
+
+    // xa in [0, q)
+    user->xa = BN_new();
+    BN_rand_range(user->xa, params->q);
+
+    // q-1
+    qm1 = BN_new();
+    BN_copy(qm1, params->q);
+    BN_sub_word(qm1, 1);
+
+    // ... and xb in [0, q-1)
+    user->xb = BN_new();
+    BN_rand_range(user->xb, qm1);
+    // [1, q)
+    BN_add_word(user->xb, 1);
+
+    // cleanup
+    BN_free(qm1);
+
+    // Show
+    printf("x%d", user->p.base);
+    showbn("", user->xa);
+    printf("x%d", user->p.base+1);
+    showbn("", user->xb);
+    }
+
+static void hashlength(SHA_CTX *sha, size_t l)
+    {
+    unsigned char b[2];
+
+    assert(l <= 0xffff);
+    b[0] = l >> 8;
+    b[1] = l&0xff;
+    SHA1_Update(sha, b, 2);
+    }
+
+static void hashstring(SHA_CTX *sha, const char *string)
+    {
+    size_t l = strlen(string);
+
+    hashlength(sha, l);
+    SHA1_Update(sha, string, l);
+    }
+
+static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
+    {
+    size_t l = BN_num_bytes(bn);
+    unsigned char *bin = alloca(l);
+
+    hashlength(sha, l);
+    BN_bn2bin(bn, bin);
+    SHA1_Update(sha, bin, l);
+    }
+
+// h=hash(g, g^r, g^x, name)
+static void zkpHash(BIGNUM *h, const JPakeZKP *zkp, const BIGNUM *gx,
+                    const JPakeUserPublic *from, const JPakeParameters *params)
+    {
+    unsigned char md[SHA_DIGEST_LENGTH];
+    SHA_CTX sha;
+
+    // XXX: hash should not allow moving of the boundaries - Java code
+    // is flawed in this respect. Length encoding seems simplest.
+    SHA1_Init(&sha);
+    hashbn(&sha, params->g);
+    hashbn(&sha, zkp->gr);
+    hashbn(&sha, gx);
+    hashstring(&sha, from->name);
+    SHA1_Final(md, &sha);
+    BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
+    }
+
+// Prove knowledge of x
+// Note that we don't send g^x because, as it happens, we've always
+// sent it elsewhere. Also note that because of that, we could avoid
+// calculating it here, but we don't, for clarity...
+static void CreateZKP(JPakeZKP *zkp, const BIGNUM *x, const JPakeUser *us,
+                      const BIGNUM *zkpg, const JPakeParameters *params,
+                      int n, const char *suffix)
+    {
+    BIGNUM *r = BN_new();
+    BIGNUM *gx = BN_new();
+    BIGNUM *h = BN_new();
+    BIGNUM *t = BN_new();
+
+    // r in [0,q)
+    // XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+    BN_rand_range(r, params->q);
+    // g^r
+    zkp->gr = BN_new();
+    BN_mod_exp(zkp->gr, zkpg, r, params->p, params->ctx);
+    // g^x
+    BN_mod_exp(gx, zkpg, x, params->p, params->ctx);
+
+    // h=hash...
+    zkpHash(h, zkp, gx, &us->p, params);
+    
+    // b = r - x*h
+    BN_mod_mul(t, x, h, params->q, params->ctx);
+    zkp->b = BN_new();
+    BN_mod_sub(zkp->b, r, t, params->q, params->ctx);
+
+    // show
+    printf("  ZKP(x%d%s)\n", n, suffix);
+    showbn("   zkpg", zkpg);
+    showbn("    g^x", gx);
+    showbn("    g^r", zkp->gr);
+    showbn("      b", zkp->b);
+
+    // cleanup
+    BN_free(t);
+    BN_free(h);
+    BN_free(gx);
+    BN_free(r);
+    }
+
+static int VerifyZKP(const JPakeZKP *zkp, BIGNUM *gx,
+                     const JPakeUserPublic *them, const BIGNUM *zkpg,
+                     const JPakeParameters *params, int n, const char *suffix)
+    {
+    BIGNUM *h = BN_new();
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+    int ret = 0;
+
+    zkpHash(h, zkp, gx, them, params);
+
+    // t1 = g^b
+    BN_mod_exp(t1, zkpg, zkp->b, params->p, params->ctx);
+    // t2 = (g^x)^h = g^{hx}
+    BN_mod_exp(t2, gx, h, params->p, params->ctx);
+    // t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly)
+    BN_mod_mul(t3, t1, t2, params->p, params->ctx);
+
+    printf("  ZKP(x%d%s)\n", n, suffix);
+    showbn("    zkpg", zkpg);
+    showbn("    g^r'", t3);
+
+    // verify t3 == g^r
+    if(BN_cmp(t3, zkp->gr) == 0)
+        ret = 1;
+
+    // cleanup
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+    BN_free(h);
+
+    if(ret)
+        puts("    OK");
+    else
+        puts("    FAIL");
+
+    return ret;
+    }    
+
+static void sendstep1_substep(JPakeStep1 *s1, const BIGNUM *x,
+                              const JPakeUser *us,
+                              const JPakeParameters *params, int n)
+    {
+    s1->gx = BN_new();
+    BN_mod_exp(s1->gx, params->g, x, params->p, params->ctx);
+    printf("  g^{x%d}", n);
+    showbn("", s1->gx);
+
+    CreateZKP(&s1->zkpx, x, us, params->g, params, n, "");
+    }
+
+static void sendstep1(const JPakeUser *us, JPakeUserPublic *them,
+                      const JPakeParameters *params)
+    {
+    printf("\n%s sends %s:\n\n", us->p.name, them->name);
+
+    // from's g^xa (which becomes to's g^xc) and ZKP(xa)
+    sendstep1_substep(&them->s1c, us->xa, us, params, us->p.base);
+    // from's g^xb (which becomes to's g^xd) and ZKP(xb)
+    sendstep1_substep(&them->s1d, us->xb, us, params, us->p.base+1);
+    }
+
+static int verifystep1(const JPakeUser *us, const JPakeUserPublic *them,
+                       const JPakeParameters *params)
+    {
+    printf("\n%s verifies %s:\n\n", us->p.name, them->name);
+
+    // verify their ZKP(xc)
+    if(!VerifyZKP(&us->p.s1c.zkpx, us->p.s1c.gx, them, params->g, params,
+                  them->base, ""))
+        return 0;
+
+    // verify their ZKP(xd)
+    if(!VerifyZKP(&us->p.s1d.zkpx, us->p.s1d.gx, them, params->g, params,
+                  them->base+1, ""))
+        return 0;
+
+    // g^xd != 1
+    printf("  g^{x%d} != 1: ", them->base+1);
+    if(BN_is_one(us->p.s1d.gx))
+        {
+        puts("FAIL");
+        return 0;
+        }
+    puts("OK");
+
+    return 1;
+    }
+
+static void sendstep2(const JPakeUser *us, JPakeUserPublic *them,
+                      const JPakeParameters *params)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+
+    printf("\n%s sends %s:\n\n", us->p.name, them->name);
+
+    // X = g^{(xa + xc + xd) * xb * s}
+    // t1 = g^xa
+    BN_mod_exp(t1, params->g, us->xa, params->p, params->ctx);
+    // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc}
+    BN_mod_mul(t2, t1, us->p.s1c.gx, params->p, params->ctx);
+    // t1 = t2 * g^{xd} = g^{xa + xc + xd}
+    BN_mod_mul(t1, t2, us->p.s1d.gx, params->p, params->ctx);
+    // t2 = xb * s
+    BN_mod_mul(t2, us->xb, us->secret, params->q, params->ctx);
+    // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+    them->s2.X = BN_new();
+    BN_mod_exp(them->s2.X, t1, t2, params->p, params->ctx);
+
+    // Show
+    printf("  g^{(x%d + x%d + x%d) * x%d * s)", us->p.base, them->base,
+           them->base+1, us->p.base+1);
+    showbn("", them->s2.X);
+
+    // ZKP(xb * s)
+    // XXX: this is kinda funky, because we're using
+    //
+    // g' = g^{xa + xc + xd}
+    //
+    // as the generator, which means X is g'^{xb * s}
+    CreateZKP(&them->s2.zkpxbs, t2, us, t1, params, us->p.base+1, " * s");
+
+    // cleanup
+    BN_free(t1);
+    BN_free(t2);
+    }
+
+static int verifystep2(const JPakeUser *us, const JPakeUserPublic *them,
+                       const JPakeParameters *params)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    int ret = 0;
+
+    printf("\n%s verifies %s:\n\n", us->p.name, them->name);
+
+    // g' = g^{xc + xa + xb} [from our POV]
+    // t1 = xa + xb
+    BN_mod_add(t1, us->xa, us->xb, params->q, params->ctx);
+    // t2 = g^{t1} = g^{xa+xb}
+    BN_mod_exp(t2, params->g, t1, params->p, params->ctx);
+    // t1 = g^{xc} * t2 = g^{xc + xa + xb}
+    BN_mod_mul(t1, us->p.s1c.gx, t2, params->p, params->ctx);
+
+    if(VerifyZKP(&us->p.s2.zkpxbs, us->p.s2.X, them, t1, params, them->base+1,
+                  " * s"))
+        ret = 1;
+
+    // cleanup
+    BN_free(t2);
+    BN_free(t1);
+
+    return ret;
+    }
+
+static void computekey(JPakeUser *us, const JPakeParameters *params)
+    {
+    BIGNUM *t1 = BN_new();
+    BIGNUM *t2 = BN_new();
+    BIGNUM *t3 = BN_new();
+
+    printf("\n%s calculates the shared key:\n\n", us->p.name);
+
+    // K = (X/g^{xb * xd * s})^{xb}
+    //   = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
+    //   = (g^{(xa + xc) * xd * s})^{xb}
+    //   = g^{(xa + xc) * xb * xd * s}
+    // [which is the same regardless of who calculates it]
+
+    // t1 = (g^{xd})^{xb} = g^{xb * xd}
+    BN_mod_exp(t1, us->p.s1d.gx, us->xb, params->p, params->ctx);
+    // t2 = -s = q-s
+    BN_sub(t2, params->q, us->secret);
+    // t3 = t1^t2 = g^{-xb * xd * s}
+    BN_mod_exp(t3, t1, t2, params->p, params->ctx);
+    // t1 = X * t3 = X/g^{xb * xd * s}
+    BN_mod_mul(t1, us->p.s2.X, t3, params->p, params->ctx);
+    // K = t1^{xb}
+    us->key = BN_new();
+    BN_mod_exp(us->key, t1, us->xb, params->p, params->ctx);
+
+    // show
+    showbn("  K", us->key);
+
+    // cleanup
+    BN_free(t3);
+    BN_free(t2);
+    BN_free(t1);
+    }
+
+int main(int argc, char **argv)
+    {
+    JPakeParameters params;
+    JPakeUser alice, bob;
+
+    alice.p.name = "Alice";
+    alice.p.base = 1;
+    bob.p.name = "Bob";
+    bob.p.base = 3;
+
+    JPakeParametersInit(&params);
+
+    // Shared secret
+    alice.secret = BN_new();
+    BN_rand(alice.secret, 32, -1, 0);
+    bob.secret = alice.secret;
+    showbn("secret", alice.secret);
+
+    assert(BN_cmp(alice.secret, params.q) < 0);
+
+    // Alice's x1, x2
+    genrand(&alice, &params);
+
+    // Bob's x3, x4
+    genrand(&bob, &params);
+
+    // Now send stuff to each other...
+    sendstep1(&alice, &bob.p, &params);
+    sendstep1(&bob, &alice.p, &params);
+
+    // And verify what each other sent
+    if(!verifystep1(&alice, &bob.p, &params))
+        return 1;
+    if(!verifystep1(&bob, &alice.p, &params))
+        return 2;
+
+    // Second send
+    sendstep2(&alice, &bob.p, &params);
+    sendstep2(&bob, &alice.p, &params);
+
+    // And second verify
+    if(!verifystep2(&alice, &bob.p, &params))
+        return 3;
+    if(!verifystep2(&bob, &alice.p, &params))
+        return 4;
+
+    // Compute common key
+    computekey(&alice, &params);
+    computekey(&bob, &params);
+
+    // Confirm the common key is identical
+    // XXX: if the two secrets are not the same, everything works up
+    // to this point, so the only way to detect a failure is by the
+    // difference in the calculated keys.
+    // Since we're all the same code, just compare them directly. In a
+    // real system, Alice sends Bob H(H(K)), Bob checks it, then sends
+    // back H(K), which Alice checks, or something equivalent.
+    puts("\nAlice and Bob check keys are the same:");
+    if(BN_cmp(alice.key, bob.key) == 0)
+        puts("  OK");
+    else
+        {
+        puts("  FAIL");
+        return 5;
+        }
+
+    return 0;
+    }
diff --git a/src/lib/libssl/src/fips/Makefile b/src/lib/libssl/src/fips/Makefile
index 63e4cf82be..d6dcb79a28 100644
--- a/src/lib/libssl/src/fips/Makefile
+++ b/src/lib/libssl/src/fips/Makefile
@@ -1,199 +1,219 @@
 #
-# SSLeay/fips/Makefile
+# OpenSSL/crypto/Makefile
 #
 
 DIR=            fips
 TOP=            ..
 CC=             cc
 INCLUDE=        -I. -I$(TOP) -I../include
+# INCLUDES targets sudbirs!
 INCLUDES=       -I.. -I../.. -I../../include
 CFLAG=          -g
-INSTALL_PREFIX=
-OPENSSLDIR=     /usr/local/ssl
-INSTALLTOP=     /usr/local/ssl
 MAKEDEPPROG=    makedepend
 MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile
 RM=             rm -f
 AR=             ar r
+ARD=            ar d
+TEST=           fips_test_suite.c
+FIPS_TVDIR=     testvectors
+FIPS_TVOK=      $$HOME/fips/tv.ok
 
-PEX_LIBS=
-EX_LIBS=
+FIPSCANLOC=     $(FIPSLIBDIR)fipscanister.o
 
-CFLAGS= $(INCLUDE) $(CFLAG)
+RECURSIVE_MAKE= [ -n "$(FDIRS)" ] && for i in $(FDIRS) ; do \
+                    (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
+                    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
+                done;
 
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
+ASFLAGS= $(INCLUDE) $(ASFLAG)
+AFLAGS=$(ASFLAGS)
 
 LIBS=
 
-FDIRS=sha1 rand des aes dsa rsa dh
+FDIRS=sha rand des aes dsa rsa dh hmac
 
 GENERAL=Makefile README fips-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=fips.c fips_err_wrapper.c
-LIBOBJ=fips.o fips_err_wrapper.o
+SHARED_LIB= $(FIPSCANLIB)$(SHLIB_EXT)
+LIBSRC=fips.c 
+LIBOBJ=fips.o
+
+FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib dh/lib
 
 SRC= $(LIBSRC)
 
 EXHEADER=fips.h
-HEADER=$(EXHEADER) fips_err.h
-EXE=openssl_fips_fingerprint
+HEADER=$(EXHEADER) fips_utl.h fips_locl.h
+EXE=fipsld
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
         @(cd ..; $(MAKE) DIRS=$(DIR) all)
 
+testapps:
+        @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
 all:
-        @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-                $(MAKE) -e subdirs check lib shared; \
+        @if [ -z "$(FIPSLIBDIR)" ]; then \
+                $(MAKE) -e subdirs lib fips_premain_dso$(EXE_EXT); \
+        else \
+                $(MAKE) -e lib fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT); \
         fi
 
-check:
-        TOP=`pwd`/$(TOP) ./fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
+# Idea behind fipscanister.o is to "seize" the sequestered code between
+# known symbols for fingerprinting purposes, which would be commonly
+# done with ld -r start.o ... end.o. The latter however presents a minor
+# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
+# but the trouble is that we don't generally know how ABI-selection
+# compiler flag is translated to corresponding linker flag. All compiler
+# drivers seem to recognize -r flag and pass it down to linker, but some
+# of them, including gcc, erroneously add -lc, as well as run-time
+# components, such as crt1.o and alike. Fortunately among those vendor
+# compilers which were observed to misinterpret -r flag multi-ABI ones
+# are equipped with smart linkers, which don't require any ABI-selection
+# flag and simply assume that all objects are of the same type as first
+# one in command line. So the idea is to identify gcc and deficient
+# vendor compiler drivers...
+
+fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
+        FIPS_ASM=""; \
+        list="$(BN_ASM)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/bn/$$i" ; done; \
+        list="$(AES_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/aes/$$i" ; done; \
+        list="$(DES_ENC)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/des/$$i" ; done; \
+        list="$(SHA1_ASM_OBJ)"; for i in $$list; do FIPS_ASM="$$FIPS_ASM ../crypto/sha/$$i" ; done; \
+        if [ -n "$(CPUID_OBJ)" ]; then \
+                CPUID=../crypto/$(CPUID_OBJ) ; \
+        else \
+                CPUID="" ; \
+        fi ; \
+        objs="fips_start.o $(LIBOBJ) $(FIPS_EX_OBJ) $$CPUID $$FIPS_ASM"; \
+        for i in $(FIPS_OBJ_LISTS); do \
+                dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
+                objs="$$objs `sed "$$script" $$i`"; \
+        done; \
+        objs="$$objs fips_end.o" ; \
+        os="`(uname -s) 2>/dev/null`"; cflags="$(CFLAGS)"; \
+        [ "$$os" = "AIX" ] && cflags="$$cflags -Wl,-bnoobjreorder"; \
+        if [ -n "${FIPS_SITE_LD}" ]; then \
+                set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
+        elif $(CC) -dumpversion >/dev/null 2>&1; then \
+                set -x; $(CC) $$cflags -r -nostdlib -o $@ $$objs ; \
+        else case "$$os" in \
+                HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
+                *) set -x; $(CC) $$cflags -r -o $@ $$objs ;; \
+        esac fi
+        ./fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
+
+# If another exception is immediately required, assign approprite
+# site-specific ld command to FIPS_SITE_LD environment variable.
+
+fips_start.o: fips_canister.c
+        $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
+fips_end.o: fips_canister.c
+        $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
+fips_premain_dso$(EXE_EXT): fips_premain.c
+        $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
+                $(FIPSLIBDIR)fipscanister.o ../libcrypto.a $(EX_LIBS)
+# this is executed only when linking with external fipscanister.o
+fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
+        $(CC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c $(FIPSLIBDIR)fipscanister.o
 
 subdirs:
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making all in fips/$$i..." && \
-        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
-        done;
-
-sub_target:
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making $(TARGET) in fips/$$i..." && \
-        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' $(TARGET) ) || exit 1; \
-        done;
+        @target=all; $(RECURSIVE_MAKE)
 
 files:
         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making 'files' in fips/$$i..." && \
-        $(MAKE) PERL='${PERL}' files ); \
-        done;
+        @target=files; $(RECURSIVE_MAKE)
 
 links:
         @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-        @for i in $(FDIRS); do \
-        (cd $$i && echo "making links in fips/$$i..." && \
-        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
-        done;
+        @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+        @target=links; $(RECURSIVE_MAKE)
 
-lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
+# lib: and $(LIB): are splitted to avoid end-less loop
+lib:    $(LIB)
+        if [ "$(FIPSCANISTERINTERNAL)" = "n" -a -n "$(FIPSCANLOC)" ]; then $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC); fi
         @touch lib
 
-shared:
-        if [ -n "$(SHARED_LIBS)" ]; then \
-                (cd ..; $(MAKE) $(SHARED_LIB)); \
+$(LIB): $(FIPSLIBDIR)fipscanister.o
+        $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+        $(RANLIB) $(LIB) || echo Never mind.
+
+$(FIPSCANLIB):  $(FIPSCANLOC)
+        $(AR) ../$(FIPSCANLIB).a $(FIPSCANLOC)
+        if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+                $(AR) $(LIB) $(FIPSCANLOC) ; \
+                $(RANLIB) $(LIB) || echo Never Mind. ; \
         fi
+        $(RANLIB) ../$(FIPSCANLIB).a || echo Never mind.
+        @touch lib
 
-libs:
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making libs in fips/$$i..." && \
-        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
-        done;
+shared: lib subdirs fips_premain_dso$(EXE_EXT)
 
-tests:
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making tests in fips/$$i..." && \
-        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
-        done;
+libs:
+        @target=lib; $(RECURSIVE_MAKE)
 
-top_fips_test_suite:
-        (cd $(TOP); $(MAKE) DIRS=fips FDIRS=. TARGET=fips_test_suite sub_target)
+fips_test: top
+        @target=fips_test; $(RECURSIVE_MAKE)
 
-fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a
-        $(CC) $(CFLAGS) -o fips_test_suite fips_test_suite.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-        TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_test_suite || { rm fips_test_suite; false; }
+fips_test_diff:
+        @if diff -b -B -I '^\#' -cr -X fips-nodiff.txt $(FIPS_TVDIR) $(FIPS_TVOK) ; then \
+                echo "FIPS diff OK" ; \
+        else \
+                echo "***FIPS DIFF ERROR***" ; exit 1 ; \
+        fi
 
-fips_test: top top_fips_test_suite
-        cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
-        @for i in dsa sha1 aes des ; \
-        do \
-                (cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
-        done;
 
 install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
         @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
         do \
-                (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-                chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
-        done;
-        @for i in $(FDIRS) ;\
-        do \
-                (cd $$i && echo "making install in fips/$$i..." && \
-                $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
         done;
-        @for i in $(EXE) ; \
-        do \
-                echo "installing $$i"; \
-                cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-                chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-                mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
-        done
+        @target=install; $(RECURSIVE_MAKE)
+        @cp -p -f fipscanister.o fipscanister.o.sha1 fips_premain.c \
+                fips_premain.c.sha1 \
+                $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
+        chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
 
 lint:
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making lint in fips/$$i..." && \
-        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
-        done;
+        @target=lint; $(RECURSIVE_MAKE)
 
 depend:
-        if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
-        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(SRC)
-        if [ ! -s buildinf.h ]; then rm buildinf.h; fi
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making depend in fips/$$i..." && \
-        $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
-        done;
+        @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+        @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+        @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
 
 clean:
-        rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making clean in fips/$$i..." && \
-        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
-        done;
+        rm -f fipscanister.o.sha1 fips_premain_dso$(EXE_EXT) fips_standalone_sha1$(EXE_EXT) \
+                *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        @target=clean; $(RECURSIVE_MAKE)
 
 dclean:
         $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
         mv -f Makefile.new $(MAKEFILE)
-        @for i in $(FDIRS) ;\
-        do \
-        (cd $$i && echo "making dclean in fips/$$i..." && \
-        $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
-        done;
+        @target=dclean; $(RECURSIVE_MAKE)
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-fips.o: ../include/openssl/aes.h ../include/openssl/asn1.h
-fips.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-fips.o: ../include/openssl/bn.h ../include/openssl/cast.h
+fips.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 fips.o: ../include/openssl/crypto.h ../include/openssl/des.h
-fips.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-fips.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
 fips.o: ../include/openssl/err.h ../include/openssl/evp.h
 fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
-fips.o: ../include/openssl/hmac.h ../include/openssl/idea.h
-fips.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-fips.o: ../include/openssl/md4.h ../include/openssl/md5.h
-fips.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-fips.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-fips.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-fips.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-fips.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-fips.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-fips.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+fips.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+fips.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 fips.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips.c
 fips.o: fips_locl.h
-fips_err_wrapper.o: ../include/openssl/opensslconf.h fips_err_wrapper.c
diff --git a/src/lib/libssl/src/fips/aes/Makefile b/src/lib/libssl/src/fips/aes/Makefile
index fce5eeb5f7..403525d4c0 100644
--- a/src/lib/libssl/src/fips/aes/Makefile
+++ b/src/lib/libssl/src/fips/aes/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/fips/aes/Makefile
+# OpenSSL/fips/aes/Makefile
 #
 
 DIR=    aes
@@ -15,6 +15,9 @@ MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile
 AR=             ar r
 
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
@@ -23,28 +26,23 @@ TESTDATA=fips_aes_data
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_aes_core.c fips_aes_selftest.c
-LIBOBJ=fips_aes_core.o fips_aes_selftest.o
+LIBSRC=fips_aes_selftest.c
+LIBOBJ=fips_aes_selftest.o
 
 SRC= $(LIBSRC)
 
 EXHEADER=
-HEADER= $(EXHEADER) fips_aes_locl.h
+HEADER=
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
         (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
 
-all:    check lib
-
-check:
-        TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
+all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @sleep 2; touch lib
+        @echo $(LIBOBJ) > lib
 
 files:
         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -67,18 +65,11 @@ tags:
 
 tests:
 
-top_fips_aesavs:
-        (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_aesavs sub_target)
-
-fips_aesavs: fips_aesavs.o $(TOP)/libcrypto.a
-        $(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-        TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_aesavs
-
-fips_test: top top_fips_aesavs
-        find ../testvectors/aes/req -name '*.req' > testlist
+fips_test:
+        -find ../testvectors/aes/req -name '*.req' > testlist
         -rm -rf ../testvectors/aes/rsp
         mkdir ../testvectors/aes/rsp
-        ./fips_aesavs -d testlist
+        if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
 
 lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -92,40 +83,31 @@ dclean:
         mv -f Makefile.new $(MAKEFILE)
 
 clean:
-        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-fips_aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-fips_aes_core.o: ../../include/openssl/fips.h
-fips_aes_core.o: ../../include/openssl/opensslconf.h fips_aes_core.c
-fips_aes_core.o: fips_aes_locl.h
-fips_aes_selftest.o: ../../include/openssl/aes.h ../../include/openssl/bio.h
+fips_aes_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_aes_selftest.o: ../../include/openssl/crypto.h
 fips_aes_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_aes_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_aes_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_aes_selftest.o: ../../include/openssl/lhash.h
+fips_aes_selftest.o: ../../include/openssl/obj_mac.h
+fips_aes_selftest.o: ../../include/openssl/objects.h
 fips_aes_selftest.o: ../../include/openssl/opensslconf.h
 fips_aes_selftest.o: ../../include/openssl/opensslv.h
+fips_aes_selftest.o: ../../include/openssl/ossl_typ.h
 fips_aes_selftest.o: ../../include/openssl/safestack.h
 fips_aes_selftest.o: ../../include/openssl/stack.h
 fips_aes_selftest.o: ../../include/openssl/symhacks.h fips_aes_selftest.c
 fips_aesavs.o: ../../e_os.h ../../include/openssl/aes.h
 fips_aesavs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_aesavs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-fips_aesavs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-fips_aesavs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_aesavs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+fips_aesavs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 fips_aesavs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 fips_aesavs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_aesavs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-fips_aesavs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-fips_aesavs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
-fips_aesavs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_aesavs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_aesavs.o: ../../include/openssl/objects.h
 fips_aesavs.o: ../../include/openssl/opensslconf.h
 fips_aesavs.o: ../../include/openssl/opensslv.h
-fips_aesavs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-fips_aesavs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-fips_aesavs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-fips_aesavs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_aesavs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_aesavs.o: fips_aesavs.c
+fips_aesavs.o: ../../include/openssl/ossl_typ.h
+fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_aesavs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_aesavs.c
diff --git a/src/lib/libssl/src/fips/aes/fips_aes_selftest.c b/src/lib/libssl/src/fips/aes/fips_aes_selftest.c
index 0e53d21bd0..441bbc18e7 100644
--- a/src/lib/libssl/src/fips/aes/fips_aes_selftest.c
+++ b/src/lib/libssl/src/fips/aes/fips_aes_selftest.c
@@ -50,7 +50,7 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
-#include <openssl/aes.h>
+#include <openssl/evp.h>
 
 #ifdef OPENSSL_FIPS
 static struct
@@ -78,35 +78,24 @@ void FIPS_corrupt_aes()
 int FIPS_selftest_aes()
     {
     int n;
+    int ret = 0;
+    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX_init(&ctx);
 
-    /* Encrypt and check against known ciphertext */
     for(n=0 ; n < 1 ; ++n)
         {
-        AES_KEY key;
-        unsigned char buf[16];
-
-        AES_set_encrypt_key(tests[n].key,128,&key);
-        AES_encrypt(tests[n].plaintext,buf,&key);
-        if(memcmp(buf,tests[n].ciphertext,sizeof buf))
-            {
-            FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
+        if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
+                                tests[n].key, NULL,
+                                tests[n].plaintext,
+                                tests[n].ciphertext,
+                                16) <= 0)
+                goto err;
         }
-    /* Decrypt and check against known plaintext */
-    for(n=0 ; n < 1 ; ++n)
-        {
-        AES_KEY key;
-        unsigned char buf[16];
-
-        AES_set_decrypt_key(tests[n].key,128,&key);
-        AES_decrypt(tests[n].ciphertext,buf,&key);
-        if(memcmp(buf,tests[n].plaintext,sizeof buf))
-            {
+    ret = 1;
+    err:
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    if (ret == 0)
             FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
-        }
-    return 1;
+    return ret;
     }
 #endif
diff --git a/src/lib/libssl/src/fips/aes/fips_aesavs.c b/src/lib/libssl/src/fips/aes/fips_aesavs.c
index 5fc2879067..9ce613b96d 100644
--- a/src/lib/libssl/src/fips/aes/fips_aesavs.c
+++ b/src/lib/libssl/src/fips/aes/fips_aesavs.c
@@ -62,16 +62,30 @@
 #include <string.h>
 #include <errno.h>
 #include <assert.h>
-
+#include <ctype.h>
 #include <openssl/aes.h>
 #include <openssl/evp.h>
-#include <openssl/fips.h>
+#include <openssl/bn.h>
+
 #include <openssl/err.h>
 #include "e_os.h"
 
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS AES support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
 #define AES_BLOCK_SIZE 16
 
-#define VERBOSE 1
+#define VERBOSE 0
 
 /*-----------------------------------------------*/
 
@@ -82,232 +96,130 @@ int AESTest(EVP_CIPHER_CTX *ctx,
             unsigned char *plaintext, unsigned char *ciphertext, int len)
     {
     const EVP_CIPHER *cipher = NULL;
-    int ret = 1;
-    int kt = 0;
-
-    if (ctx)
-        memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
 
     if (strcasecmp(amode, "CBC") == 0)
-        kt = 1000;
-    else if (strcasecmp(amode, "ECB") == 0)
-        kt = 2000;
-    else if (strcasecmp(amode, "CFB128") == 0)
-        kt = 3000;
-    else if (strncasecmp(amode, "OFB", 3) == 0)
-        kt = 4000;
-    else if(!strcasecmp(amode,"CFB1"))
-        kt=5000;
-    else if(!strcasecmp(amode,"CFB8"))
-        kt=6000;
-    else
-        {
-        printf("Unknown mode: %s\n", amode);
-        EXIT(1);
-        }
-    if (ret)
         {
-        if ((akeysz != 128) && (akeysz != 192) && (akeysz != 256))
-            {
-            printf("Invalid key size: %d\n", akeysz);
-            ret = 0;
-            }
-        else
-            {
-            kt += akeysz;
-            switch (kt)
+        switch (akeysz)
                 {
-            case 1128:  /* CBC 128 */
+                case 128:
                 cipher = EVP_aes_128_cbc();
                 break;
-            case 1192:  /* CBC 192 */
+
+                case 192:
                 cipher = EVP_aes_192_cbc();
                 break;
-            case 1256:  /* CBC 256 */
+
+                case 256:
                 cipher = EVP_aes_256_cbc();
                 break;
-            case 2128:  /* ECB 128 */
+                }
+
+        }
+    else if (strcasecmp(amode, "ECB") == 0)
+        {
+        switch (akeysz)
+                {
+                case 128:
                 cipher = EVP_aes_128_ecb();
                 break;
-            case 2192:  /* ECB 192 */
+
+                case 192:
                 cipher = EVP_aes_192_ecb();
                 break;
-            case 2256:  /* ECB 256 */
+
+                case 256:
                 cipher = EVP_aes_256_ecb();
                 break;
-            case 3128:  /* CFB 128 */
-                cipher = EVP_aes_128_cfb();
+                }
+        }
+    else if (strcasecmp(amode, "CFB128") == 0)
+        {
+        switch (akeysz)
+                {
+                case 128:
+                cipher = EVP_aes_128_cfb128();
                 break;
-            case 3192:  /* CFB 192 */
-                cipher = EVP_aes_192_cfb();
+
+                case 192:
+                cipher = EVP_aes_192_cfb128();
                 break;
-            case 3256:  /* CFB 256 */
-                cipher = EVP_aes_256_cfb();
+
+                case 256:
+                cipher = EVP_aes_256_cfb128();
                 break;
-            case 4128:  /* OFB 128 */
+                }
+
+        }
+    else if (strncasecmp(amode, "OFB", 3) == 0)
+        {
+        switch (akeysz)
+                {
+                case 128:
                 cipher = EVP_aes_128_ofb();
                 break;
-            case 4192:  /* OFB 192 */
+
+                case 192:
                 cipher = EVP_aes_192_ofb();
                 break;
-            case 4256:  /* OFB 256 */
+
+                case 256:
                 cipher = EVP_aes_256_ofb();
                 break;
-            case 5128:
-                cipher=EVP_aes_128_cfb1();
+                }
+        }
+    else if(!strcasecmp(amode,"CFB1"))
+        {
+        switch (akeysz)
+                {
+                case 128:
+                cipher = EVP_aes_128_cfb1();
                 break;
-            case 5192:
-                cipher=EVP_aes_192_cfb1();
+
+                case 192:
+                cipher = EVP_aes_192_cfb1();
                 break;
-            case 5256:
-                cipher=EVP_aes_256_cfb1();
+
+                case 256:
+                cipher = EVP_aes_256_cfb1();
                 break;
-            case 6128:
-                cipher=EVP_aes_128_cfb8();
+                }
+        }
+    else if(!strcasecmp(amode,"CFB8"))
+        {
+        switch (akeysz)
+                {
+                case 128:
+                cipher = EVP_aes_128_cfb8();
                 break;
-            case 6192:
-                cipher=EVP_aes_192_cfb8();
+
+                case 192:
+                cipher = EVP_aes_192_cfb8();
                 break;
-            case 6256:
-                cipher=EVP_aes_256_cfb8();
+
+                case 256:
+                cipher = EVP_aes_256_cfb8();
                 break;
-            default:
-                printf("Didn't handle mode %d\n",kt);
-                EXIT(1);
-                }
-            if (dir)
-                { /* encrypt */
-                if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT))
-                    {
-                    ERR_print_errors_fp(stderr);
-                    EXIT(1);
-                    }
-                  
-                EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len);
-                }
-            else
-                { /* decrypt */
-                if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT))
-                    {
-                    ERR_print_errors_fp(stderr);
-                    EXIT(1);
-                    }
-                EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len);
                 }
-            }
         }
-    return ret;
-    }
-
-/*-----------------------------------------------*/
-
-int hex2bin(char *in, int len, unsigned char *out)
-{
-  int n1, n2;
-  unsigned char ch;
-
-  for (n1 = 0, n2 = 0; n1 < len; )
-    { /* first byte */
-      if ((in[n1] >= '0') && (in[n1] <= '9'))
-        ch = in[n1++] - '0';
-      else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-        ch = in[n1++] - 'A' + 10;
-      else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-        ch = in[n1++] - 'a' + 10;
-      else
-        return -1;
-      if(len == 1)
-          {
-          out[n2++]=ch;
-          break;
-          }
-      out[n2] = ch << 4;
-      /* second byte */
-      if ((in[n1] >= '0') && (in[n1] <= '9'))
-        ch = in[n1++] - '0';
-      else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-        ch = in[n1++] - 'A' + 10;
-      else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-        ch = in[n1++] - 'a' + 10;
-      else
-        return -1;
-      out[n2++] |= ch;
-    }
-  return n2;
-}
-
-/*-----------------------------------------------*/
-
-int bin2hex(unsigned char *in, int len, char *out)
-{
-  int n1, n2;
-  unsigned char ch;
-
-  for (n1 = 0, n2 = 0; n1 < len; ++n1)
-    {
-      /* first nibble */
-      ch = in[n1] >> 4;
-      if (ch <= 0x09)
-        out[n2++] = ch + '0';
-      else
-        out[n2++] = ch - 10 + 'a';
-      /* second nibble */
-      ch = in[n1] & 0x0f;
-      if (ch <= 0x09)
-        out[n2++] = ch + '0';
-      else
-        out[n2++] = ch - 10 + 'a';
-    }
-  return n2;
-}
-
-/* NB: this return the number of _bits_ read */
-int bint2bin(const char *in, int len, unsigned char *out)
-    {
-    int n;
-
-    memset(out,0,len);
-    for(n=0 ; n < len ; ++n)
-        if(in[n] == '1')
-            out[n/8]|=(0x80 >> (n%8));
-    return len;
-    }
-
-int bin2bint(const unsigned char *in,int len,char *out)
-    {
-    int n;
-
-    for(n=0 ; n < len ; ++n)
-        out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
-    return n;
-    }
-
-/*-----------------------------------------------*/
-
-void PrintValue(char *tag, unsigned char *val, int len)
-{
-#if VERBOSE
-  char obuf[2048];
-  int olen;
-  olen = bin2hex(val, len, obuf);
-  printf("%s = %.*s\n", tag, olen, obuf);
-#endif
-}
-
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
-    {
-    char obuf[2048];
-    int olen;
-
-    if(bitmode)
-        olen=bin2bint(val,len,obuf);
     else
-        olen=bin2hex(val,len,obuf);
-
-    fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
-#if VERBOSE
-    printf("%s = %.*s\n", tag, olen, obuf);
-#endif
+        {
+        printf("Unknown mode: %s\n", amode);
+        return 0;
+        }
+    if (!cipher)
+        {
+        printf("Invalid key size: %d\n", akeysz);
+        return 0; 
+        }
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
+        return 0;
+    if(!strcasecmp(amode,"CFB1"))
+        M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
+    if (dir)
+                EVP_Cipher(ctx, ciphertext, plaintext, len);
+        else
+                EVP_Cipher(ctx, plaintext, ciphertext, len);
+    return 1;
     }
 
 /*-----------------------------------------------*/
@@ -340,6 +252,7 @@ int do_mct(char *amode,
     int i, j, n, n1, n2;
     int imode = 0, nkeysz = akeysz/8;
     EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX_init(&ctx);
 
     if (len > 32)
         {
@@ -467,10 +380,12 @@ int do_mct(char *amode,
             case CFB1:
                 if(j == 0)
                     {
+#if 0
                     /* compensate for wrong endianness of input file */
                     if(i == 0)
                         ptext[0][0]<<=7;
-                    ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
+#endif
+                    ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
                                 ptext[j], ctext[j], len);
                     }
                 else
@@ -631,11 +546,12 @@ int do_mct(char *amode,
   # Fri Aug 30 04:07:22 PM
   ----------------------------*/
 
-int proc_file(char *rqfile)
+int proc_file(char *rqfile, char *rspfile)
     {
     char afn[256], rfn[256];
     FILE *afp = NULL, *rfp = NULL;
     char ibuf[2048];
+    char tbuf[2048];
     int ilen, len, ret = 0;
     char algo[8] = "";
     char amode[8] = "";
@@ -647,6 +563,7 @@ int proc_file(char *rqfile)
     unsigned char ciphertext[2048];
     char *rp;
     EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX_init(&ctx);
 
     if (!rqfile || !(*rqfile))
         {
@@ -661,13 +578,21 @@ int proc_file(char *rqfile)
                afn, strerror(errno));
         return -1;
         }
-    strcpy(rfn,afn);
-    rp=strstr(rfn,"req/");
-    assert(rp);
-    memcpy(rp,"rsp",3);
-    rp = strstr(rfn, ".req");
-    memcpy(rp, ".rsp", 4);
-    if ((rfp = fopen(rfn, "w")) == NULL)
+    if (!rspfile)
+        {
+        strcpy(rfn,afn);
+        rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+        if (!rp)
+            rp=strstr(rfn,"req\\");
+#endif
+        assert(rp);
+        memcpy(rp,"rsp",3);
+        rp = strstr(rfn, ".req");
+        memcpy(rp, ".rsp", 4);
+        rspfile = rfn;
+        }
+    if ((rfp = fopen(rspfile, "w")) == NULL)
         {
         printf("Cannot open file: %s, %s\n", 
                rfn, strerror(errno));
@@ -677,6 +602,7 @@ int proc_file(char *rqfile)
         }
     while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
         {
+        tidy_line(tbuf, ibuf);
         ilen = strlen(ibuf);
         /*      printf("step=%d ibuf=%s",step,ibuf); */
         switch (step)
@@ -730,12 +656,14 @@ int proc_file(char *rqfile)
                         strncpy(amode, xp+1, n);
                         amode[n] = '\0';
                         /* amode[3] = '\0'; */
-                        printf("Test = %s, Mode = %s\n", atest, amode);
+                        if (VERBOSE)
+                                printf("Test = %s, Mode = %s\n", atest, amode);
                         }
                     else if (strncasecmp(pp, "Key Length : ", 13) == 0)
                         {
                         akeysz = atoi(pp+13);
-                        printf("Key size = %d\n", akeysz);
+                        if (VERBOSE)
+                                printf("Key size = %d\n", akeysz);
                         }
                     }
                 }
@@ -780,7 +708,7 @@ int proc_file(char *rqfile)
                 }
             else
                 {
-                len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
+                len = hex2bin((char*)ibuf+6, aKey);
                 if (len < 0)
                     {
                     printf("Invalid KEY\n");
@@ -807,7 +735,7 @@ int proc_file(char *rqfile)
                 }
             else
                 {
-                len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
+                len = hex2bin((char*)ibuf+5, iVec);
                 if (len < 0)
                     {
                     printf("Invalid IV\n");
@@ -832,7 +760,7 @@ int proc_file(char *rqfile)
                 if(!strcmp(amode,"CFB1"))
                     len=bint2bin(ibuf+12,nn-1,plaintext);
                 else
-                    len=hex2bin(ibuf+12, nn-1,plaintext);
+                    len=hex2bin(ibuf+12, plaintext);
                 if (len < 0)
                     {
                     printf("Invalid PLAINTEXT: %s", ibuf+12);
@@ -875,7 +803,7 @@ int proc_file(char *rqfile)
                 if(!strcmp(amode,"CFB1"))
                     len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
                 else
-                    len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+                    len = hex2bin(ibuf+13,ciphertext);
                 if (len < 0)
                     {
                     printf("Invalid CIPHERTEXT\n");
@@ -933,19 +861,18 @@ int proc_file(char *rqfile)
 --------------------------------------------------*/
 int main(int argc, char **argv)
     {
-    char *rqlist = "req.txt";
+    char *rqlist = "req.txt", *rspfile = NULL;
     FILE *fp = NULL;
     char fn[250] = "", rfn[256] = "";
     int f_opt = 0, d_opt = 1;
 
 #ifdef OPENSSL_FIPS
-    if(!FIPS_mode_set(1,argv[0]))
+    if(!FIPS_mode_set(1))
         {
-        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+        do_print_errors();
         EXIT(1);
         }
 #endif
-    ERR_load_crypto_strings();
     if (argc > 1)
         {
         if (strcasecmp(argv[1], "-d") == 0)
@@ -970,7 +897,10 @@ int main(int argc, char **argv)
         if (d_opt)
             rqlist = argv[2];
         else
+            {
             strcpy(fn, argv[2]);
+            rspfile = argv[3];
+            }
         }
     if (d_opt)
         { /* list of files (directory) */
@@ -983,8 +913,9 @@ int main(int argc, char **argv)
             {
             strtok(fn, "\r\n");
             strcpy(rfn, fn);
-            printf("Processing: %s\n", rfn);
-            if (proc_file(rfn))
+            if (VERBOSE)
+                printf("Processing: %s\n", rfn);
+            if (proc_file(rfn, rspfile))
                 {
                 printf(">>> Processing failed for: %s <<<\n", rfn);
                 EXIT(1);
@@ -994,8 +925,9 @@ int main(int argc, char **argv)
         }
     else /* single file */
         {
-        printf("Processing: %s\n", fn);
-        if (proc_file(fn))
+        if (VERBOSE)
+            printf("Processing: %s\n", fn);
+        if (proc_file(fn, rspfile))
             {
             printf(">>> Processing failed for: %s <<<\n", fn);
             }
@@ -1003,3 +935,5 @@ int main(int argc, char **argv)
     EXIT(0);
     return 0;
     }
+
+#endif
diff --git a/src/lib/libssl/src/fips/des/Makefile b/src/lib/libssl/src/fips/des/Makefile
index 87a5329d53..ba1d0952b9 100644
--- a/src/lib/libssl/src/fips/des/Makefile
+++ b/src/lib/libssl/src/fips/des/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/fips/des/Makefile
+# OpenSSL/fips/des/Makefile
 #
 
 DIR=    des
@@ -15,7 +15,8 @@ MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile
 AR=             ar r
 
-FIPS_DES_ENC=fips_des_enc.o
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
@@ -24,28 +25,23 @@ TEST= fips_desmovs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_des_enc.c asm/fips-dx86-elf.s fips_des_selftest.c fips_set_key.c
-LIBOBJ=$(FIPS_DES_ENC) fips_des_selftest.o fips_set_key.o
+LIBSRC=fips_des_selftest.c
+LIBOBJ=fips_des_selftest.o
 
 SRC= $(LIBSRC)
 
 EXHEADER=
-HEADER= $(EXHEADER) fips_des_locl.h
+HEADER=
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
         (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
 
-all:    check lib
-
-check:
-        TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
+all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @sleep 2; touch lib
+        @echo $(LIBOBJ) > lib
 
 files:
         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -67,26 +63,11 @@ tags:
 
 tests:
 
-top_fips_desmovs:
-        (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_desmovs sub_target)
-
-fips_desmovs: fips_desmovs.o $(TOP)/libcrypto.a
-        $(CC) $(CFLAGS) -o fips_desmovs fips_desmovs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-        TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_desmovs
-
-fips_test: top_fips_desmovs
-        find ../testvectors/des/req -name '*.req' > testlist
-        -rm -rf ../testvectors/des/rsp
-        mkdir ../testvectors/des/rsp
-        ./fips_desmovs -d testlist
-        find ../testvectors/des2/req -name '*.req' > testlist
-        -rm -rf ../testvectors/des2/rsp
-        mkdir ../testvectors/des2/rsp
-        ./fips_desmovs -d testlist
-        find ../testvectors/des3/req -name '*.req' > testlist
-        -rm -rf ../testvectors/des3/rsp
-        mkdir ../testvectors/des3/rsp
-        ./fips_desmovs -d testlist
+fips_test:
+        -find ../testvectors/tdes/req -name '*.req' > testlist
+        -rm -rf ../testvectors/tdes/rsp
+        mkdir ../testvectors/tdes/rsp
+        if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
 
 lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -99,57 +80,32 @@ dclean:
         mv -f Makefile.new $(MAKEFILE)
 
 clean:
-        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff testlist
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-fips_des_enc.o: ../../e_os.h ../../include/openssl/crypto.h
-fips_des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
-fips_des_enc.o: ../../include/openssl/opensslconf.h
-fips_des_enc.o: ../../include/openssl/opensslv.h
-fips_des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-fips_des_enc.o: ../../include/openssl/ui_compat.h fips_des_enc.c
-fips_des_enc.o: fips_des_locl.h
-fips_des_selftest.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-fips_des_selftest.o: ../../include/openssl/des.h
-fips_des_selftest.o: ../../include/openssl/des_old.h
+fips_des_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_des_selftest.o: ../../include/openssl/crypto.h
 fips_des_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_des_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_des_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_des_selftest.o: ../../include/openssl/lhash.h
+fips_des_selftest.o: ../../include/openssl/obj_mac.h
+fips_des_selftest.o: ../../include/openssl/objects.h
 fips_des_selftest.o: ../../include/openssl/opensslconf.h
 fips_des_selftest.o: ../../include/openssl/opensslv.h
+fips_des_selftest.o: ../../include/openssl/ossl_typ.h
 fips_des_selftest.o: ../../include/openssl/safestack.h
 fips_des_selftest.o: ../../include/openssl/stack.h
-fips_des_selftest.o: ../../include/openssl/symhacks.h
-fips_des_selftest.o: ../../include/openssl/ui.h
-fips_des_selftest.o: ../../include/openssl/ui_compat.h fips_des_selftest.c
-fips_desmovs.o: ../../e_os.h ../../include/openssl/aes.h
-fips_desmovs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_desmovs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
-fips_desmovs.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-fips_desmovs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_desmovs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-fips_desmovs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_desmovs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-fips_desmovs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-fips_desmovs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
-fips_desmovs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+fips_des_selftest.o: ../../include/openssl/symhacks.h fips_des_selftest.c
+fips_desmovs.o: ../../e_os.h ../../include/openssl/asn1.h
+fips_desmovs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_desmovs.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fips_desmovs.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fips_desmovs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_desmovs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 fips_desmovs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 fips_desmovs.o: ../../include/openssl/opensslconf.h
 fips_desmovs.o: ../../include/openssl/opensslv.h
-fips_desmovs.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-fips_desmovs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
-fips_desmovs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
-fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-fips_desmovs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_desmovs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_desmovs.o: fips_desmovs.c
-fips_set_key.o: ../../e_os.h ../../include/openssl/crypto.h
-fips_set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-fips_set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h
-fips_set_key.o: ../../include/openssl/opensslconf.h
-fips_set_key.o: ../../include/openssl/opensslv.h
-fips_set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-fips_set_key.o: ../../include/openssl/ui_compat.h fips_des_locl.h
-fips_set_key.o: fips_set_key.c
+fips_desmovs.o: ../../include/openssl/ossl_typ.h
+fips_desmovs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_desmovs.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_desmovs.o: ../../include/openssl/ui_compat.h ../fips_utl.h fips_desmovs.c
diff --git a/src/lib/libssl/src/fips/des/fips_des_selftest.c b/src/lib/libssl/src/fips/des/fips_des_selftest.c
index 3e0778eb5e..61c39ce80b 100644
--- a/src/lib/libssl/src/fips/des/fips_des_selftest.c
+++ b/src/lib/libssl/src/fips/des/fips_des_selftest.c
@@ -50,46 +50,27 @@
 #include <string.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
-#include <openssl/des.h>
+#include <openssl/evp.h>
 #include <openssl/opensslconf.h>
 
 #ifdef OPENSSL_FIPS
-static struct
-    {
-    DES_cblock key;
-    unsigned char plaintext[8];
-    unsigned char ciphertext[8];
-    } tests[]=
-        {
-        {
-        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
-        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
-        { 0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7 }
-        },
-        {
-        { 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
-        { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
-        { 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
-        },
-        };
 
 static struct
     {
-    DES_cblock key1;
-    DES_cblock key2;
+    unsigned char key[16];
     unsigned char plaintext[8];
     unsigned char ciphertext[8];
     } tests2[]=
         {
         {
-        { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec },
-        { 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
+        { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec,
+          0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
         { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
         { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
         },
         {
-        { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34 },
-        { 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
+        { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34,
+          0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
         { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
         { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
         }
@@ -97,24 +78,22 @@ static struct
 
 static struct
     {
-    DES_cblock key1;
-    DES_cblock key2;
-    DES_cblock key3;
+    unsigned char key[24];
     unsigned char plaintext[8];
     unsigned char ciphertext[8];
     } tests3[]=
         {
         {
-        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
-        { 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
-        { 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
-        { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c},
-        { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b},
+        { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+          0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+          0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
+        { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
+        { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
         },
         {
-        { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE },
-        { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
-        { 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
+        { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
+          0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+          0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
         { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
         { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
         },
@@ -122,79 +101,37 @@ static struct
 
 void FIPS_corrupt_des()
     {
-    tests[0].plaintext[0]++;
+    tests2[0].plaintext[0]++;
     }
 
 int FIPS_selftest_des()
     {
-    int n;
-
-    /* Encrypt/decrypt with DES and compare to known answers */
-    for(n=0 ; n < 2 ; ++n)
-        {
-        DES_key_schedule key;
-        DES_cblock buf;
-
-        DES_set_key(&tests[n].key,&key);
-        DES_ecb_encrypt(&tests[n].plaintext,&buf,&key,1);
-        if(memcmp(buf,tests[n].ciphertext,sizeof buf))
-            {
-            FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
-        DES_ecb_encrypt(&tests[n].ciphertext,&buf,&key,0);
-        if(memcmp(buf,tests[n].plaintext,sizeof buf))
-            {
-            FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
-        }
-
+    int n, ret = 0;
+    EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX_init(&ctx);
     /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
     for(n=0 ; n < 2 ; ++n)
         {
-        DES_key_schedule key1, key2;
-        unsigned char buf[8];
-
-        DES_set_key(&tests2[n].key1,&key1);
-        DES_set_key(&tests2[n].key2,&key2);
-        DES_ecb2_encrypt(tests2[n].plaintext,buf,&key1,&key2,1);
-        if(memcmp(buf,tests2[n].ciphertext,sizeof buf))
-            {
-            FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
-        DES_ecb2_encrypt(tests2[n].ciphertext,buf,&key1,&key2,0);
-        if(memcmp(buf,tests2[n].plaintext,sizeof buf))
-            {
-            FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
+        if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
+                                tests2[n].key, NULL,
+                                tests2[n].plaintext, tests2[n].ciphertext, 8))
+                goto err;
         }
 
     /* Encrypt/decrypt with 3DES and compare to known answers */
     for(n=0 ; n < 2 ; ++n)
         {
-        DES_key_schedule key1, key2, key3;
-        unsigned char buf[8];
-
-        DES_set_key(&tests3[n].key1,&key1);
-        DES_set_key(&tests3[n].key2,&key2);
-        DES_set_key(&tests3[n].key3,&key3);
-        DES_ecb3_encrypt(tests3[n].plaintext,buf,&key1,&key2,&key3,1);
-        if(memcmp(buf,tests3[n].ciphertext,sizeof buf))
-            {
-            FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
-        DES_ecb3_encrypt(tests3[n].ciphertext,buf,&key1,&key2,&key3,0);
-        if(memcmp(buf,tests3[n].plaintext,sizeof buf))
-            {
-            FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-            return 0;
-            }
+        if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
+                                tests3[n].key, NULL,
+                                tests3[n].plaintext, tests3[n].ciphertext, 8))
+                goto err;
         }
+    ret = 1;
+    err:
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    if (ret == 0)
+            FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
 
-    return 1;
+    return ret;
     }
 #endif
diff --git a/src/lib/libssl/src/fips/des/fips_desmovs.c b/src/lib/libssl/src/fips/des/fips_desmovs.c
index d1b60c1a40..2d3424cf9f 100644
--- a/src/lib/libssl/src/fips/des/fips_desmovs.c
+++ b/src/lib/libssl/src/fips/des/fips_desmovs.c
@@ -63,18 +63,30 @@
 #include <string.h>
 #include <errno.h>
 #include <assert.h>
-
+#include <ctype.h>
 #include <openssl/des.h>
 #include <openssl/evp.h>
-#include <openssl/fips.h>
+#include <openssl/bn.h>
+
 #include <openssl/err.h>
 #include "e_os.h"
 
-/*#define AES_BLOCK_SIZE 16*/
+#ifndef OPENSSL_FIPS
 
-#define VERBOSE 0
+int main(int argc, char *argv[])
+{
+    printf("No FIPS DES support\n");
+    return(0);
+}
 
-/*-----------------------------------------------*/
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+#define DES_BLOCK_SIZE 8
+
+#define VERBOSE 0
 
 int DESTest(EVP_CIPHER_CTX *ctx,
             char *amode, int akeysz, unsigned char *aKey, 
@@ -83,181 +95,41 @@ int DESTest(EVP_CIPHER_CTX *ctx,
             unsigned char *out, unsigned char *in, int len)
     {
     const EVP_CIPHER *cipher = NULL;
-    int kt = 0;
 
-    if (ctx)
-        memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+    if (akeysz != 192)
+        {
+        printf("Invalid key size: %d\n", akeysz);
+        EXIT(1);
+        }
 
     if (strcasecmp(amode, "CBC") == 0)
-        kt = 1000;
+        cipher = EVP_des_ede3_cbc();
     else if (strcasecmp(amode, "ECB") == 0)
-        kt = 2000;
+        cipher = EVP_des_ede3_ecb();
     else if (strcasecmp(amode, "CFB64") == 0)
-        kt = 3000;
+        cipher = EVP_des_ede3_cfb64();
     else if (strncasecmp(amode, "OFB", 3) == 0)
-        kt = 4000;
+        cipher = EVP_des_ede3_ofb();
+#if 0
     else if(!strcasecmp(amode,"CFB1"))
-        kt=5000;
+        {
+        ctx->cbits = 1;
+        ctx->cmode = EVP_CIPH_CFB_MODE;
+        }
+#endif
     else if(!strcasecmp(amode,"CFB8"))
-        kt=6000;
+        cipher = EVP_des_ede3_cfb8();
     else
         {
         printf("Unknown mode: %s\n", amode);
         EXIT(1);
         }
-    if (akeysz != 64 && akeysz != 192)
-        {
-        printf("Invalid key size: %d\n", akeysz);
-        EXIT(1);
-        }
-    else
-        {
-        kt += akeysz;
-        switch (kt)
-            {
-        case 1064:
-            cipher=EVP_des_cbc();
-            break;
-        case 1192:
-            cipher=EVP_des_ede3_cbc();
-            break;
-        case 2064:
-            cipher=EVP_des_ecb();
-            break;
-        case 2192:
-            cipher=EVP_des_ede3_ecb();
-            break;
-        case 3064:
-            cipher=EVP_des_cfb64();
-            break;
-        case 3192:
-            cipher=EVP_des_ede3_cfb64();
-            break;
-        case 4064:
-            cipher=EVP_des_ofb();
-            break;
-        case 4192:
-            cipher=EVP_des_ede3_ofb();
-            break;
-        case 5064:
-            cipher=EVP_des_cfb1();
-            break;
-        case 5192:
-            cipher=EVP_des_ede3_cfb1();
-            break;
-        case 6064:
-            cipher=EVP_des_cfb8();
-            break;
-        case 6192:
-            cipher=EVP_des_ede3_cfb8();
-            break;
-        default:
-            printf("Didn't handle mode %d\n",kt);
-            EXIT(1);
-            }
-        if(!EVP_CipherInit(ctx, cipher, aKey, iVec, dir))
-            {
-            ERR_print_errors_fp(stderr);
-            EXIT(1);
-            }
-        EVP_Cipher(ctx, out, in, len);
-        }
-    return 1;
-    }
-
-/*-----------------------------------------------*/
-
-int hex2bin(char *in, int len, unsigned char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1 = 0, n2 = 0; n1 < len; )
-        { /* first byte */
-        if ((in[n1] >= '0') && (in[n1] <= '9'))
-            ch = in[n1++] - '0';
-        else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-            ch = in[n1++] - 'A' + 10;
-        else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-            ch = in[n1++] - 'a' + 10;
-        else
-            return -1;
-        if(len == 1)
-            {
-            out[n2++]=ch;
-            break;
-            }
-        out[n2] = ch << 4;
-        /* second byte */
-        if ((in[n1] >= '0') && (in[n1] <= '9'))
-            ch = in[n1++] - '0';
-        else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-            ch = in[n1++] - 'A' + 10;
-        else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-            ch = in[n1++] - 'a' + 10;
-        else
-            return -1;
-        out[n2++] |= ch;
-        }
-    return n2;
-    }
-
-/*-----------------------------------------------*/
-
-int bin2hex(unsigned char *in, int len, char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1 = 0, n2 = 0; n1 < len; ++n1)
-        {
-        /* first nibble */
-        ch = in[n1] >> 4;
-        if (ch <= 0x09)
-            out[n2++] = ch + '0';
-        else
-            out[n2++] = ch - 10 + 'a';
-        /* second nibble */
-        ch = in[n1] & 0x0f;
-        if (ch <= 0x09)
-            out[n2++] = ch + '0';
-        else
-            out[n2++] = ch - 10 + 'a';
-        }
-    return n2;
-    }
 
-/* NB: this return the number of _bits_ read */
-int bint2bin(const char *in, int len, unsigned char *out)
-    {
-    int n;
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
+        return 0;
+    EVP_Cipher(ctx, out, in, len);
 
-    memset(out,0,len);
-    for(n=0 ; n < len ; ++n)
-        if(in[n] == '1')
-            out[n/8]|=(0x80 >> (n%8));
-    return len;
-    }
-
-int bin2bint(const unsigned char *in,int len,char *out)
-    {
-    int n;
-
-    for(n=0 ; n < len ; ++n)
-        out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
-    return n;
-    }
-
-/*-----------------------------------------------*/
-
-void PrintValue(char *tag, unsigned char *val, int len)
-    {
-#if VERBOSE
-    char obuf[2048];
-    int olen;
-    olen = bin2hex(val, len, obuf);
-    printf("%s = %.*s\n", tag, olen, obuf);
-#endif
+    return 1;
     }
 
 void DebugValue(char *tag, unsigned char *val, int len)
@@ -268,22 +140,6 @@ void DebugValue(char *tag, unsigned char *val, int len)
     printf("%s = %.*s\n", tag, olen, obuf);
     }
 
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
-    {
-    char obuf[2048];
-    int olen;
-
-    if(bitmode)
-        olen=bin2bint(val,len,obuf);
-    else
-        olen=bin2hex(val,len,obuf);
-
-    fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
-#if VERBOSE
-    printf("%s = %.*s\n", tag, olen, obuf);
-#endif
-    }
-
 void shiftin(unsigned char *dst,unsigned char *src,int nbits)
     {
     int n;
@@ -326,9 +182,10 @@ void do_mct(char *amode,
         {
         int j;
         int n;
-        EVP_CIPHER_CTX ctx;
         int kp=akeysz/64;
         unsigned char old_iv[8];
+        EVP_CIPHER_CTX ctx;
+        EVP_CIPHER_CTX_init(&ctx);
 
         fprintf(rfp,"\nCOUNT = %d\n",i);
         if(kp == 1)
@@ -410,11 +267,11 @@ void do_mct(char *amode,
         }
     }
     
-int proc_file(char *rqfile)
+int proc_file(char *rqfile, char *rspfile)
     {
     char afn[256], rfn[256];
     FILE *afp = NULL, *rfp = NULL;
-    char ibuf[2048];
+    char ibuf[2048], tbuf[2048];
     int ilen, len, ret = 0;
     char amode[8] = "";
     char atest[100] = "";
@@ -426,6 +283,7 @@ int proc_file(char *rqfile)
     char *rp;
     EVP_CIPHER_CTX ctx;
     int numkeys=1;
+    EVP_CIPHER_CTX_init(&ctx);
 
     if (!rqfile || !(*rqfile))
         {
@@ -440,13 +298,21 @@ int proc_file(char *rqfile)
                afn, strerror(errno));
         return -1;
         }
-    strcpy(rfn,afn);
-    rp=strstr(rfn,"req/");
-    assert(rp);
-    memcpy(rp,"rsp",3);
-    rp = strstr(rfn, ".req");
-    memcpy(rp, ".rsp", 4);
-    if ((rfp = fopen(rfn, "w")) == NULL)
+    if (!rspfile)
+        {
+        strcpy(rfn,afn);
+        rp=strstr(rfn,"req/");
+#ifdef OPENSSL_SYS_WIN32
+        if (!rp)
+            rp=strstr(rfn,"req\\");
+#endif
+        assert(rp);
+        memcpy(rp,"rsp",3);
+        rp = strstr(rfn, ".req");
+        memcpy(rp, ".rsp", 4);
+        rspfile = rfn;
+        }
+    if ((rfp = fopen(rspfile, "w")) == NULL)
         {
         printf("Cannot open file: %s, %s\n", 
                rfn, strerror(errno));
@@ -456,6 +322,7 @@ int proc_file(char *rqfile)
         }
     while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
         {
+        tidy_line(tbuf, ibuf);
         ilen = strlen(ibuf);
         /*      printf("step=%d ibuf=%s",step,ibuf);*/
         if(step == 3 && !strcmp(amode,"ECB"))
@@ -517,7 +384,8 @@ int proc_file(char *rqfile)
                         strncpy(amode, xp+1, n);
                         amode[n] = '\0';
                         /* amode[3] = '\0'; */
-                        printf("Test=%s, Mode=%s\n",atest,amode);
+                        if (VERBOSE)
+                                printf("Test=%s, Mode=%s\n",atest,amode);
                         }
                     }
                 }
@@ -576,7 +444,7 @@ int proc_file(char *rqfile)
             if(!strncasecmp(ibuf,"KEY = ",6))
                 {
                 akeysz=64;
-                len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey);
+                len = hex2bin((char*)ibuf+6, aKey);
                 if (len < 0)
                     {
                     printf("Invalid KEY\n");
@@ -589,7 +457,7 @@ int proc_file(char *rqfile)
             else if(!strncasecmp(ibuf,"KEYs = ",7))
                 {
                 akeysz=64*3;
-                len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey);
+                len=hex2bin(ibuf+7,aKey);
                 if(len != 8)
                     {
                     printf("Invalid KEY\n");
@@ -607,7 +475,7 @@ int proc_file(char *rqfile)
                 int n=ibuf[3]-'1';
 
                 akeysz=64*3;
-                len=hex2bin(ibuf+7,strlen(ibuf+7)-1,aKey+n*8);
+                len=hex2bin(ibuf+7,aKey+n*8);
                 if(len != 8)
                     {
                     printf("Invalid KEY\n");
@@ -635,7 +503,7 @@ int proc_file(char *rqfile)
                 }
             else
                 {
-                len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec);
+                len = hex2bin((char*)ibuf+5, iVec);
                 if (len < 0)
                     {
                     printf("Invalid IV\n");
@@ -660,7 +528,7 @@ int proc_file(char *rqfile)
                 if(!strcmp(amode,"CFB1"))
                     len=bint2bin(ibuf+12,nn-1,plaintext);
                 else
-                    len=hex2bin(ibuf+12, nn-1,plaintext);
+                    len=hex2bin(ibuf+12, plaintext);
                 if (len < 0)
                     {
                     printf("Invalid PLAINTEXT: %s", ibuf+12);
@@ -701,7 +569,7 @@ int proc_file(char *rqfile)
                 if(!strcmp(amode,"CFB1"))
                     len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
                 else
-                    len = hex2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
+                    len = hex2bin(ibuf+13,ciphertext);
                 if (len < 0)
                     {
                     printf("Invalid CIPHERTEXT\n");
@@ -760,20 +628,18 @@ int proc_file(char *rqfile)
 --------------------------------------------------*/
 int main(int argc, char **argv)
     {
-    char *rqlist = "req.txt";
+    char *rqlist = "req.txt", *rspfile = NULL;
     FILE *fp = NULL;
     char fn[250] = "", rfn[256] = "";
     int f_opt = 0, d_opt = 1;
 
 #ifdef OPENSSL_FIPS
-    if(!FIPS_mode_set(1,argv[0]))
+    if(!FIPS_mode_set(1))
         {
-        ERR_load_crypto_strings();
-        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+        do_print_errors();
         EXIT(1);
         }
 #endif
-    ERR_load_crypto_strings();
     if (argc > 1)
         {
         if (strcasecmp(argv[1], "-d") == 0)
@@ -798,7 +664,10 @@ int main(int argc, char **argv)
         if (d_opt)
             rqlist = argv[2];
         else
+            {
             strcpy(fn, argv[2]);
+            rspfile = argv[3];
+            }
         }
     if (d_opt)
         { /* list of files (directory) */
@@ -812,7 +681,7 @@ int main(int argc, char **argv)
             strtok(fn, "\r\n");
             strcpy(rfn, fn);
             printf("Processing: %s\n", rfn);
-            if (proc_file(rfn))
+            if (proc_file(rfn, rspfile))
                 {
                 printf(">>> Processing failed for: %s <<<\n", rfn);
                 EXIT(1);
@@ -822,8 +691,9 @@ int main(int argc, char **argv)
         }
     else /* single file */
         {
-        printf("Processing: %s\n", fn);
-        if (proc_file(fn))
+        if (VERBOSE)
+                printf("Processing: %s\n", fn);
+        if (proc_file(fn, rspfile))
             {
             printf(">>> Processing failed for: %s <<<\n", fn);
             }
@@ -831,3 +701,5 @@ int main(int argc, char **argv)
     EXIT(0);
     return 0;
     }
+
+#endif
diff --git a/src/lib/libssl/src/fips/dh/Makefile b/src/lib/libssl/src/fips/dh/Makefile
index 10b40aa9f6..2d3833a822 100644
--- a/src/lib/libssl/src/fips/dh/Makefile
+++ b/src/lib/libssl/src/fips/dh/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/fips/dh/Makefile
+# OpenSSL/fips/dh/Makefile
 #
 
 DIR=    dh
@@ -22,8 +22,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_dh_check.c fips_dh_gen.c fips_dh_key.c
-LIBOBJ=fips_dh_check.o fips_dh_gen.o fips_dh_key.o
+LIBSRC=fips_dh_check.c fips_dh_gen.c fips_dh_key.c fips_dh_lib.c
+LIBOBJ=fips_dh_check.o fips_dh_gen.o fips_dh_key.o fips_dh_lib.o
 
 SRC= $(LIBSRC)
 
@@ -35,15 +35,10 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
         (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
 
-all:    check lib
+all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @sleep 2; touch lib
-
-check:
-        TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
+        @echo $(LIBOBJ) > lib
 
 files:
         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -65,6 +60,8 @@ tags:
 
 tests:
 
+fips_test:
+
 lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
@@ -82,7 +79,8 @@ clean:
 
 fips_dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 fips_dh_check.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-fips_dh_check.o: ../../include/openssl/e_os2.h
+fips_dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_dh_check.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 fips_dh_check.o: ../../include/openssl/opensslconf.h
 fips_dh_check.o: ../../include/openssl/opensslv.h
 fips_dh_check.o: ../../include/openssl/ossl_typ.h
@@ -101,9 +99,17 @@ fips_dh_gen.o: ../../include/openssl/symhacks.h fips_dh_gen.c
 fips_dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 fips_dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
 fips_dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_dh_key.o: ../../include/openssl/lhash.h
+fips_dh_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
 fips_dh_key.o: ../../include/openssl/opensslconf.h
 fips_dh_key.o: ../../include/openssl/opensslv.h
 fips_dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 fips_dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 fips_dh_key.o: ../../include/openssl/symhacks.h fips_dh_key.c
+fips_dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dh_lib.o: ../../include/openssl/e_os2.h
+fips_dh_lib.o: ../../include/openssl/opensslconf.h
+fips_dh_lib.o: ../../include/openssl/opensslv.h
+fips_dh_lib.o: ../../include/openssl/ossl_typ.h
+fips_dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dh_lib.o: ../../include/openssl/symhacks.h fips_dh_lib.c
diff --git a/src/lib/libssl/src/fips/dh/dh_gen.c b/src/lib/libssl/src/fips/dh/dh_gen.c
new file mode 100644
index 0000000000..999e1deb40
--- /dev/null
+++ b/src/lib/libssl/src/fips/dh/dh_gen.c
@@ -0,0 +1,179 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.
+ *  - Geoff
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_FIPS
+
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+        {
+        if(ret->meth->generate_params)
+                return ret->meth->generate_params(ret, prime_len, generator, cb);
+        return dh_builtin_genparams(ret, prime_len, generator, cb);
+        }
+
+/* We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/* Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+        {
+        BIGNUM *t1,*t2;
+        int g,ok= -1;
+        BN_CTX *ctx=NULL;
+
+        ctx=BN_CTX_new();
+        if (ctx == NULL) goto err;
+        BN_CTX_start(ctx);
+        t1 = BN_CTX_get(ctx);
+        t2 = BN_CTX_get(ctx);
+        if (t1 == NULL || t2 == NULL) goto err;
+
+        /* Make sure 'ret' has the necessary elements */
+        if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
+        if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
+        
+        if (generator <= 1)
+                {
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+                goto err;
+                }
+        if (generator == DH_GENERATOR_2)
+                {
+                if (!BN_set_word(t1,24)) goto err;
+                if (!BN_set_word(t2,11)) goto err;
+                g=2;
+                }
+#if 0 /* does not work for safe primes */
+        else if (generator == DH_GENERATOR_3)
+                {
+                if (!BN_set_word(t1,12)) goto err;
+                if (!BN_set_word(t2,5)) goto err;
+                g=3;
+                }
+#endif
+        else if (generator == DH_GENERATOR_5)
+                {
+                if (!BN_set_word(t1,10)) goto err;
+                if (!BN_set_word(t2,3)) goto err;
+                /* BN_set_word(t3,7); just have to miss
+                 * out on these ones :-( */
+                g=5;
+                }
+        else
+                {
+                /* in the general case, don't worry if 'generator' is a
+                 * generator or not: since we are using safe primes,
+                 * it will generate either an order-q or an order-2q group,
+                 * which both is OK */
+                if (!BN_set_word(t1,2)) goto err;
+                if (!BN_set_word(t2,1)) goto err;
+                g=generator;
+                }
+        
+        if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
+        if(!BN_GENCB_call(cb, 3, 0)) goto err;
+        if (!BN_set_word(ret->g,g)) goto err;
+        ok=1;
+err:
+        if (ok == -1)
+                {
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
+                ok=0;
+                }
+
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        return ok;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/fips/dh/fips_dh_check.c b/src/lib/libssl/src/fips/dh/fips_dh_check.c
index 874920b466..7333f7c80f 100644
--- a/src/lib/libssl/src/fips/dh/fips_dh_check.c
+++ b/src/lib/libssl/src/fips/dh/fips_dh_check.c
@@ -58,10 +58,9 @@
 
 #include <stdio.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
-
-#ifdef OPENSSL_FIPS
+#include <openssl/err.h>
+#include <openssl/fips.h>
 
 /* Check that p is a safe prime and
  * if g is 2, 3 or 5, check that is is a suitable generator
@@ -72,6 +71,8 @@
  * should hold.
  */
 
+#ifdef OPENSSL_FIPS
+
 int DH_check(const DH *dh, int *ret)
         {
         int ok=0;
@@ -106,12 +107,12 @@ int DH_check(const DH *dh, int *ret)
         else
                 *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
 
-        if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+        if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
                 *ret|=DH_CHECK_P_NOT_PRIME;
         else
                 {
                 if (!BN_rshift1(q,dh->p)) goto err;
-                if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+                if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
                         *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
                 }
         ok=1;
@@ -121,5 +122,26 @@ err:
         return(ok);
         }
 
-#endif
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+        {
+        int ok=0;
+        BIGNUM *q=NULL;
+
+        *ret=0;
+        q=BN_new();
+        if (q == NULL) goto err;
+        BN_set_word(q,1);
+        if (BN_cmp(pub_key,q) <= 0)
+                *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
+        BN_copy(q,dh->p);
+        BN_sub_word(q,1);
+        if (BN_cmp(pub_key,q) >= 0)
+                *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+
+        ok = 1;
+err:
+        if (q != NULL) BN_free(q);
+        return(ok);
+        }
+
 #endif
diff --git a/src/lib/libssl/src/fips/dh/fips_dh_gen.c b/src/lib/libssl/src/fips/dh/fips_dh_gen.c
index b569e3912d..d115f9d5d2 100644
--- a/src/lib/libssl/src/fips/dh/fips_dh_gen.c
+++ b/src/lib/libssl/src/fips/dh/fips_dh_gen.c
@@ -56,18 +56,28 @@
  * [including the GNU Public Licence.]
  */
 
+/* NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.
+ *  - Geoff
+ */
+
 #include <stdio.h>
-#include <string.h>
-#include <openssl/err.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
-#endif
+#include <openssl/err.h>
 #include <openssl/fips.h>
 
-#ifndef OPENSSL_NO_DH
 #ifdef OPENSSL_FIPS
 
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+        {
+        if(ret->meth->generate_params)
+                return ret->meth->generate_params(ret, prime_len, generator, cb);
+        return dh_builtin_genparams(ret, prime_len, generator, cb);
+        }
+
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
  * p=(2*q)+1 or (p-1)/2 = q
@@ -93,33 +103,38 @@
  * It's just as OK (and in some sense better) to use a generator of the
  * order-q subgroup.
  */
-
-DH *DH_generate_parameters(int prime_len, int generator,
-             void (*callback)(int,int,void *), void *cb_arg)
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
         {
-        BIGNUM *p=NULL,*t1,*t2;
-        DH *ret=NULL;
+        BIGNUM *t1,*t2;
         int g,ok= -1;
         BN_CTX *ctx=NULL;
 
         if(FIPS_selftest_failed())
                 {
-                FIPSerr(FIPS_F_DH_GENERATE_PARAMETERS,FIPS_R_FIPS_SELFTEST_FAILED);
-                return NULL;
+                FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
+                return 0;
+                }
+
+        if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
+                {
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
+                goto err;
                 }
 
-        ret=DH_new();
-        if (ret == NULL) goto err;
         ctx=BN_CTX_new();
         if (ctx == NULL) goto err;
         BN_CTX_start(ctx);
         t1 = BN_CTX_get(ctx);
         t2 = BN_CTX_get(ctx);
         if (t1 == NULL || t2 == NULL) goto err;
+
+        /* Make sure 'ret' has the necessary elements */
+        if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
+        if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
         
         if (generator <= 1)
                 {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
                 goto err;
                 }
         if (generator == DH_GENERATOR_2)
@@ -155,17 +170,14 @@ DH *DH_generate_parameters(int prime_len, int generator,
                 g=generator;
                 }
         
-        p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
-        if (p == NULL) goto err;
-        if (callback != NULL) callback(3,0,cb_arg);
-        ret->p=p;
-        ret->g=BN_new();
+        if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
+        if(!BN_GENCB_call(cb, 3, 0)) goto err;
         if (!BN_set_word(ret->g,g)) goto err;
         ok=1;
 err:
         if (ok == -1)
                 {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
+                DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
                 ok=0;
                 }
 
@@ -174,13 +186,7 @@ err:
                 BN_CTX_end(ctx);
                 BN_CTX_free(ctx);
                 }
-        if (!ok && (ret != NULL))
-                {
-                DH_free(ret);
-                ret=NULL;
-                }
-        return(ret);
+        return ok;
         }
 
 #endif
-#endif
diff --git a/src/lib/libssl/src/fips/dh/fips_dh_key.c b/src/lib/libssl/src/fips/dh/fips_dh_key.c
index 41e3a661c0..d20fa91d5e 100644
--- a/src/lib/libssl/src/fips/dh/fips_dh_key.c
+++ b/src/lib/libssl/src/fips/dh/fips_dh_key.c
@@ -64,6 +64,7 @@
 #endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
+#include <openssl/fips.h>
 
 #ifdef OPENSSL_FIPS
 
@@ -86,7 +87,7 @@ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         return dh->meth->compute_key(key, pub_key, dh);
         }
 
-static DH_METHOD dh_ossl = {
+static const DH_METHOD dh_ossl = {
 "OpenSSL DH Method",
 generate_key,
 compute_key,
@@ -108,9 +109,15 @@ static int generate_key(DH *dh)
         int generate_new_key=0;
         unsigned l;
         BN_CTX *ctx;
-        BN_MONT_CTX *mont;
+        BN_MONT_CTX *mont=NULL;
         BIGNUM *pub_key=NULL,*priv_key=NULL;
 
+        if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
+                {
+                DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
+                return 0;
+                }
+
         ctx = BN_CTX_new();
         if (ctx == NULL) goto err;
 
@@ -131,28 +138,44 @@ static int generate_key(DH *dh)
         else
                 pub_key=dh->pub_key;
 
-        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                 {
-                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-                                dh->p,ctx)) goto err;
+                mont = BN_MONT_CTX_set_locked(
+                                (BN_MONT_CTX **)&dh->method_mont_p,
+                                CRYPTO_LOCK_DH, dh->p, ctx);
+                if (!mont)
+                        goto err;
                 }
-        mont=(BN_MONT_CTX *)dh->method_mont_p;
 
         if (generate_new_key)
                 {
                 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
                 if (!BN_rand(priv_key, l, 0, 0)) goto err;
                 }
-        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
-                goto err;
+
+        {
+                BIGNUM local_prk;
+                BIGNUM *prk;
+
+                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        BN_init(&local_prk);
+                        prk = &local_prk;
+                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+                        }
+                else
+                        prk = priv_key;
+
+                if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+                        goto err;
+        }
                 
         dh->pub_key=pub_key;
         dh->priv_key=priv_key;
         ok=1;
 err:
         if (ok != 1)
-                DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
+                DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
 
         if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
         if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
@@ -163,7 +186,7 @@ err:
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         {
         BN_CTX *ctx;
-        BN_MONT_CTX *mont;
+        BN_MONT_CTX *mont=NULL;
         BIGNUM *tmp;
         int ret= -1;
 
@@ -171,23 +194,42 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         if (ctx == NULL) goto err;
         BN_CTX_start(ctx);
         tmp = BN_CTX_get(ctx);
-        
+
+        if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+                {
+                DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+                goto err;
+                }
+
+        if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
+                {
+                DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
+                goto err;
+                }
+
         if (dh->priv_key == NULL)
                 {
-                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+                DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
                 goto err;
                 }
-        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+
+        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                 {
-                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-                                dh->p,ctx)) goto err;
+                mont = BN_MONT_CTX_set_locked(
+                                (BN_MONT_CTX **)&dh->method_mont_p,
+                                CRYPTO_LOCK_DH, dh->p, ctx);
+                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        /* XXX */
+                        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+                        }
+                if (!mont)
+                        goto err;
                 }
 
-        mont=(BN_MONT_CTX *)dh->method_mont_p;
         if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
                 {
-                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
+                DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
                 goto err;
                 }
 
@@ -203,7 +245,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
                         const BIGNUM *m, BN_CTX *ctx,
                         BN_MONT_CTX *m_ctx)
         {
-        if (a->top == 1)
+        /* If a is only one word long and constant time is false, use the faster
+         * exponenentiation function.
+         */
+        if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
                 {
                 BN_ULONG A = a->d[0];
                 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
@@ -215,6 +260,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 
 static int dh_init(DH *dh)
         {
+        FIPS_selftest_check();
         dh->flags |= DH_FLAG_CACHE_MONT_P;
         return(1);
         }
diff --git a/src/lib/libssl/src/fips/dh/fips_dh_lib.c b/src/lib/libssl/src/fips/dh/fips_dh_lib.c
new file mode 100644
index 0000000000..4a822cf192
--- /dev/null
+++ b/src/lib/libssl/src/fips/dh/fips_dh_lib.c
@@ -0,0 +1,95 @@
+/* fips_dh_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
+ * reduce external dependencies. 
+ */
+
+DH *FIPS_dh_new(void)
+        {
+        DH *ret;
+        ret = OPENSSL_malloc(sizeof(DH));
+        if (!ret)
+                return NULL;
+        memset(ret, 0, sizeof(DH));
+        ret->meth = DH_OpenSSL();
+        if (ret->meth->init)
+                ret->meth->init(ret);
+        return ret;
+        }
+
+void FIPS_dh_free(DH *r)
+        {
+        if (!r)
+                return;
+        if (r->meth->finish)
+                r->meth->finish(r);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->j != NULL) BN_clear_free(r->j);
+        if (r->seed) OPENSSL_free(r->seed);
+        if (r->counter != NULL) BN_clear_free(r->counter);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        OPENSSL_free(r);
+        }
diff --git a/src/lib/libssl/src/fips/dsa/Makefile b/src/lib/libssl/src/fips/dsa/Makefile
index 0cc5704ed1..251615e9ad 100644
--- a/src/lib/libssl/src/fips/dsa/Makefile
+++ b/src/lib/libssl/src/fips/dsa/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/fips/dsa/Makefile
+# OpenSSL/fips/dsa/Makefile
 #
 
 DIR=    dsa
@@ -18,12 +18,14 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST=fips_dsatest.c
+TEST=fips_dsatest.c fips_dssvs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_dsa_ossl.c fips_dsa_gen.c fips_dsa_selftest.c
-LIBOBJ=fips_dsa_ossl.o fips_dsa_gen.o fips_dsa_selftest.o
+LIBSRC=fips_dsa_ossl.c fips_dsa_gen.c fips_dsa_selftest.c fips_dsa_key.c \
+        fips_dsa_lib.c fips_dsa_sign.c
+LIBOBJ=fips_dsa_ossl.o fips_dsa_gen.o fips_dsa_selftest.o fips_dsa_key.o \
+        fips_dsa_lib.o fips_dsa_sign.o
 
 SRC= $(LIBSRC)
 
@@ -35,15 +37,10 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
         (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
 
-all:    check lib
+all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @sleep 2; touch lib
-
-check:
-        TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
+        @echo $(LIBOBJ) > lib
 
 files:
         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -65,23 +62,16 @@ tags:
 
 tests:
 
-top_fips_dssvs:
-        (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_dssvs sub_target)
-
-fips_dssvs: fips_dssvs.o $(TOP)/libcrypto.a
-        $(CC) $(CFLAGS) -o fips_dssvs fips_dssvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-        TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_dssvs
-
 Q=../testvectors/dsa/req
 A=../testvectors/dsa/rsp
 
-fips_test: top_fips_dssvs
+fips_test:
         -rm -rf $A
         mkdir $A
-        ./fips_dssvs pqg < $Q/PQGGen.req > $A/PQGGen.rsp
-        ./fips_dssvs keypair < $Q/KeyPair.req > $A/KeyPair.rsp
-        ./fips_dssvs siggen < $Q/SigGen.req > $A/SigGen.rsp
-        ./fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp
+        if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
+        if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
+        if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
+        if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
 
 lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -97,62 +87,105 @@ clean:
         rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-fips_dsa_gen.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-fips_dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
-fips_dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fips_dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 fips_dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 fips_dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/idea.h
-fips_dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-fips_dsa_gen.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-fips_dsa_gen.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-fips_dsa_gen.o: ../../include/openssl/objects.h
+fips_dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 fips_dsa_gen.o: ../../include/openssl/opensslconf.h
 fips_dsa_gen.o: ../../include/openssl/opensslv.h
 fips_dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-fips_dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-fips_dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-fips_dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-fips_dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-fips_dsa_gen.o: ../../include/openssl/ui_compat.h fips_dsa_gen.c
+fips_dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_gen.o: fips_dsa_gen.c
+fips_dsa_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dsa_key.o: ../../include/openssl/opensslconf.h
+fips_dsa_key.o: ../../include/openssl/opensslv.h
+fips_dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+fips_dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_key.o: ../../include/openssl/symhacks.h ../fips_locl.h fips_dsa_key.c
+fips_dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+fips_dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_lib.o: ../../include/openssl/e_os2.h
+fips_dsa_lib.o: ../../include/openssl/opensslconf.h
+fips_dsa_lib.o: ../../include/openssl/opensslv.h
+fips_dsa_lib.o: ../../include/openssl/ossl_typ.h
+fips_dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dsa_lib.o: ../../include/openssl/symhacks.h fips_dsa_lib.c
 fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-fips_dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-fips_dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-fips_dsa_ossl.o: ../../include/openssl/lhash.h
+fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+fips_dsa_ossl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsa_ossl.o: ../../include/openssl/objects.h
 fips_dsa_ossl.o: ../../include/openssl/opensslconf.h
 fips_dsa_ossl.o: ../../include/openssl/opensslv.h
-fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-fips_dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_dsa_ossl.o: ../../include/openssl/ui.h fips_dsa_ossl.c
-fips_dsa_selftest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dsa_selftest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+fips_dsa_ossl.o: ../../include/openssl/x509_vfy.h fips_dsa_ossl.c
+fips_dsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 fips_dsa_selftest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/fips.h
-fips_dsa_selftest.o: ../../include/openssl/lhash.h
+fips_dsa_selftest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_selftest.o: ../../include/openssl/obj_mac.h
+fips_dsa_selftest.o: ../../include/openssl/objects.h
 fips_dsa_selftest.o: ../../include/openssl/opensslconf.h
 fips_dsa_selftest.o: ../../include/openssl/opensslv.h
 fips_dsa_selftest.o: ../../include/openssl/ossl_typ.h
 fips_dsa_selftest.o: ../../include/openssl/safestack.h
 fips_dsa_selftest.o: ../../include/openssl/stack.h
 fips_dsa_selftest.o: ../../include/openssl/symhacks.h fips_dsa_selftest.c
+fips_dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dsa_sign.o: ../../include/openssl/obj_mac.h
+fips_dsa_sign.o: ../../include/openssl/objects.h
+fips_dsa_sign.o: ../../include/openssl/opensslconf.h
+fips_dsa_sign.o: ../../include/openssl/opensslv.h
+fips_dsa_sign.o: ../../include/openssl/ossl_typ.h
+fips_dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_dsa_sign.o: fips_dsa_sign.c
 fips_dsatest.o: ../../e_os.h ../../include/openssl/asn1.h
 fips_dsatest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-fips_dsatest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fips_dsatest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+fips_dsatest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+fips_dsatest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
 fips_dsatest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-fips_dsatest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+fips_dsatest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+fips_dsatest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+fips_dsatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 fips_dsatest.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
-fips_dsatest.o: ../../include/openssl/lhash.h
+fips_dsatest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_dsatest.o: ../../include/openssl/objects.h
 fips_dsatest.o: ../../include/openssl/opensslconf.h
 fips_dsatest.o: ../../include/openssl/opensslv.h
-fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-fips_dsatest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-fips_dsatest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-fips_dsatest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_dsatest.o: fips_dsatest.c
+fips_dsatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_dsatest.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+fips_dsatest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_dsatest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fips_dsatest.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+fips_dsatest.o: ../../include/openssl/x509_vfy.h ../fips_utl.h fips_dsatest.c
+fips_dssvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_dssvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_dssvs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_dssvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_dssvs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_dssvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_dssvs.o: ../../include/openssl/opensslconf.h
+fips_dssvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_dssvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_dssvs.o: ../../include/openssl/symhacks.h ../fips_utl.h fips_dssvs.c
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c b/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c
index 21fa3d1783..0cecf34ab2 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c
+++ b/src/lib/libssl/src/fips/dsa/fips_dsa_gen.c
@@ -69,47 +69,40 @@
 #define HASH    EVP_sha1()
 #endif 
 
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
+
+#ifndef OPENSSL_NO_SHA
+
 #include <stdio.h>
-#include <string.h>
 #include <time.h>
-/*#include "cryptlib.h"*/
+#include <string.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
-#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_RAND
 #include <openssl/rand.h>
-#endif
-#ifndef OPENSSL_NO_SHA
 #include <openssl/sha.h>
-#endif
-#include <openssl/fips.h>
 #include <openssl/err.h>
 
-#ifndef OPENSSL_NO_DSA
 #ifdef OPENSSL_FIPS
 
-static int fips_check_dsa(DSA *dsa)
-    {
-    static const unsigned char str1[]="12345678901234567890";
-    unsigned char sig[256];
-    unsigned int siglen;
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
         {
-        FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
-        return 0;
+        if(ret->meth->dsa_paramgen)
+                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                                counter_ret, h_ret, cb);
+        return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+                        counter_ret, h_ret, cb);
         }
-    return 1;
-    }
-
-DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
-                unsigned char *seed_in, FIPS_DSA_SIZE_T seed_len,
-                int *counter_ret, unsigned long *h_ret,
-                void (*callback)(int, int, void *),
-                void *cb_arg)
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+                unsigned char *seed_in, int seed_len,
+                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
         {
         int ok=0;
         unsigned char seed[SHA_DIGEST_LENGTH];
@@ -121,47 +114,56 @@ DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
         int k,n=0,i,b,m=0;
         int counter=0;
         int r=0;
-        BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
+        BN_CTX *ctx=NULL;
         unsigned int h=2;
-        DSA *ret=NULL;
-        unsigned char *seed_out=seed_in;
 
         if(FIPS_selftest_failed())
             {
-            FIPSerr(FIPS_F_DSA_GENERATE_PARAMETERS,
+            FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
                     FIPS_R_FIPS_SELFTEST_FAILED);
             goto err;
             }
 
+        if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+                {
+                DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+                goto err;
+                }
+
         if (bits < 512) bits=512;
         bits=(bits+63)/64*64;
 
-        if (seed_len < 20)
+        /* NB: seed_len == 0 is special case: copy generated seed to
+         * seed_in if it is not NULL.
+         */
+        if (seed_len && (seed_len < 20))
                 seed_in = NULL; /* seed buffer too small -- ignore */
         if (seed_len > 20) 
                 seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
                                 * but our internal buffers are restricted to 160 bits*/
         if ((seed_in != NULL) && (seed_len == 20))
+                {
                 memcpy(seed,seed_in,seed_len);
+                /* set seed_in to NULL to avoid it being copied back */
+                seed_in = NULL;
+                }
 
         if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if ((ctx2=BN_CTX_new()) == NULL) goto err;
-        if ((ctx3=BN_CTX_new()) == NULL) goto err;
-        if ((ret=DSA_new()) == NULL) goto err;
 
         if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
-        BN_CTX_start(ctx2);
-        r0 = BN_CTX_get(ctx2);
-        g = BN_CTX_get(ctx2);
-        W = BN_CTX_get(ctx2);
-        q = BN_CTX_get(ctx2);
-        X = BN_CTX_get(ctx2);
-        c = BN_CTX_get(ctx2);
-        p = BN_CTX_get(ctx2);
-        test = BN_CTX_get(ctx2);
+        BN_CTX_start(ctx);
+        r0 = BN_CTX_get(ctx);
+        g = BN_CTX_get(ctx);
+        W = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx);
+        c = BN_CTX_get(ctx);
+        p = BN_CTX_get(ctx);
+        test = BN_CTX_get(ctx);
 
-        BN_lshift(test,BN_value_one(),bits-1);
+        if (!BN_lshift(test,BN_value_one(),bits-1))
+                goto err;
 
         for (;;)
                 {
@@ -170,12 +172,12 @@ DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
                         int seed_is_random;
 
                         /* step 1 */
-                        if (callback != NULL) callback(0,m++,cb_arg);
+                        if(!BN_GENCB_call(cb, 0, m++))
+                                goto err;
 
                         if (!seed_len)
                                 {
-                                if(RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH) < 0)
-                                        goto err;
+                                RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
                                 seed_is_random = 1;
                                 }
                         else
@@ -204,7 +206,8 @@ DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
                         if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
 
                         /* step 4 */
-                        r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
+                        r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        seed_is_random, cb);
                         if (r > 0)
                                 break;
                         if (r != 0)
@@ -214,8 +217,8 @@ DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
                         /* step 5 */
                         }
 
-                if (callback != NULL) callback(2,0,cb_arg);
-                if (callback != NULL) callback(3,0,cb_arg);
+                if(!BN_GENCB_call(cb, 2, 0)) goto err;
+                if(!BN_GENCB_call(cb, 3, 0)) goto err;
 
                 /* step 6 */
                 counter=0;
@@ -226,8 +229,8 @@ DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
 
                 for (;;)
                         {
-                        if (callback != NULL && counter != 0)
-                                callback(0,counter,cb_arg);
+                        if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                                goto err;
 
                         /* step 7 */
                         BN_zero(W);
@@ -246,26 +249,27 @@ DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
                                 /* step 8 */
                                 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
                                         goto err;
-                                BN_lshift(r0,r0,160*k);
-                                BN_add(W,W,r0);
+                                if (!BN_lshift(r0,r0,160*k)) goto err;
+                                if (!BN_add(W,W,r0)) goto err;
                                 }
 
                         /* more of step 8 */
-                        BN_mask_bits(W,bits-1);
-                        BN_copy(X,W); /* this should be ok */
-                        BN_add(X,X,test); /* this should be ok */
+                        if (!BN_mask_bits(W,bits-1)) goto err;
+                        if (!BN_copy(X,W)) goto err;
+                        if (!BN_add(X,X,test)) goto err;
 
                         /* step 9 */
-                        BN_lshift1(r0,q);
-                        BN_mod(c,X,r0,ctx);
-                        BN_sub(r0,c,BN_value_one());
-                        BN_sub(p,X,r0);
+                        if (!BN_lshift1(r0,q)) goto err;
+                        if (!BN_mod(c,X,r0,ctx)) goto err;
+                        if (!BN_sub(r0,c,BN_value_one())) goto err;
+                        if (!BN_sub(p,X,r0)) goto err;
 
                         /* step 10 */
                         if (BN_cmp(p,test) >= 0)
                                 {
                                 /* step 11 */
-                                r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
+                                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
+                                                ctx, 1, cb);
                                 if (r > 0)
                                                 goto end; /* found it */
                                 if (r != 0)
@@ -281,94 +285,55 @@ DSA *DSA_generate_parameters(FIPS_DSA_SIZE_T bits,
                         }
                 }
 end:
-        if (callback != NULL) callback(2,1,cb_arg);
+        if(!BN_GENCB_call(cb, 2, 1))
+                goto err;
 
         /* We now need to generate g */
         /* Set r0=(p-1)/q */
-        BN_sub(test,p,BN_value_one());
-        BN_div(r0,NULL,test,q,ctx);
+        if (!BN_sub(test,p,BN_value_one())) goto err;
+        if (!BN_div(r0,NULL,test,q,ctx)) goto err;
 
-        BN_set_word(test,h);
-        BN_MONT_CTX_set(mont,p,ctx);
+        if (!BN_set_word(test,h)) goto err;
+        if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
 
         for (;;)
                 {
                 /* g=test^r0%p */
-                BN_mod_exp_mont(g,test,r0,p,ctx,mont);
+                if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
                 if (!BN_is_one(g)) break;
-                BN_add(test,test,BN_value_one());
+                if (!BN_add(test,test,BN_value_one())) goto err;
                 h++;
                 }
 
-        if (callback != NULL) callback(3,1,cb_arg);
+        if(!BN_GENCB_call(cb, 3, 1))
+                goto err;
 
         ok=1;
 err:
-        if (!ok)
-                {
-                if (ret != NULL) DSA_free(ret);
-                }
-        else
+        if (ok)
                 {
+                if(ret->p) BN_free(ret->p);
+                if(ret->q) BN_free(ret->q);
+                if(ret->g) BN_free(ret->g);
                 ret->p=BN_dup(p);
                 ret->q=BN_dup(q);
                 ret->g=BN_dup(g);
-                if(seed_out != NULL) memcpy(seed_out,seed,20);
+                if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
+                        {
+                        ok=0;
+                        goto err;
+                        }
+                if (seed_in != NULL) memcpy(seed_in,seed,20);
                 if (counter_ret != NULL) *counter_ret=counter;
                 if (h_ret != NULL) *h_ret=h;
                 }
-        if (ctx != NULL) BN_CTX_free(ctx);
-        if (ctx2 != NULL)
+        if(ctx)
                 {
-                BN_CTX_end(ctx2);
-                BN_CTX_free(ctx2);
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
                 }
-        if (ctx3 != NULL) BN_CTX_free(ctx3);
         if (mont != NULL) BN_MONT_CTX_free(mont);
-        return(ok?ret:NULL);
-        }
-
-int DSA_generate_key(DSA *dsa)
-        {
-        int ok=0;
-        BN_CTX *ctx=NULL;
-        BIGNUM *pub_key=NULL,*priv_key=NULL;
-
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-        if (dsa->priv_key == NULL)
-                {
-                if ((priv_key=BN_new()) == NULL) goto err;
-                }
-        else
-                priv_key=dsa->priv_key;
-
-        do
-                if (!BN_rand_range(priv_key,dsa->q)) goto err;
-        while (BN_is_zero(priv_key));
-
-        if (dsa->pub_key == NULL)
-                {
-                if ((pub_key=BN_new()) == NULL) goto err;
-                }
-        else
-                pub_key=dsa->pub_key;
-
-        if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
-
-        dsa->priv_key=priv_key;
-        dsa->pub_key=pub_key;
-
-        if(!fips_check_dsa(dsa))
-            goto err;
-
-        ok=1;
-
-err:
-        if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
-        if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
-        if (ctx != NULL) BN_CTX_free(ctx);
-        return(ok);
+        return ok;
         }
 #endif
 #endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_key.c b/src/lib/libssl/src/fips/dsa/fips_dsa_key.c
new file mode 100644
index 0000000000..b5f8cfa1d0
--- /dev/null
+++ b/src/lib/libssl/src/fips/dsa/fips_dsa_key.c
@@ -0,0 +1,169 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#ifndef OPENSSL_NO_SHA
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/fips.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+static int fips_dsa_pairwise_fail = 0;
+
+void FIPS_corrupt_dsa_keygen(void)
+        {
+        fips_dsa_pairwise_fail = 1;
+        }
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+int fips_check_dsa(DSA *dsa)
+        {
+        EVP_PKEY pk;
+        unsigned char tbs[] = "DSA Pairwise Check Data";
+        pk.type = EVP_PKEY_DSA;
+        pk.pkey.dsa = dsa;
+
+        if (!fips_pkey_signature_test(&pk, tbs, -1,
+                                        NULL, 0, EVP_dss1(), 0, NULL))
+                {
+                FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+                fips_set_selftest_fail();
+                return 0;
+                }
+        return 1;
+        }
+
+int DSA_generate_key(DSA *dsa)
+        {
+        if(dsa->meth->dsa_keygen)
+                return dsa->meth->dsa_keygen(dsa);
+        return dsa_builtin_keygen(dsa);
+        }
+
+static int dsa_builtin_keygen(DSA *dsa)
+        {
+        int ok=0;
+        BN_CTX *ctx=NULL;
+        BIGNUM *pub_key=NULL,*priv_key=NULL;
+
+        if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+                {
+                DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+                goto err;
+                }
+
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+        if (dsa->priv_key == NULL)
+                {
+                if ((priv_key=BN_new()) == NULL) goto err;
+                }
+        else
+                priv_key=dsa->priv_key;
+
+        do
+                if (!BN_rand_range(priv_key,dsa->q)) goto err;
+        while (BN_is_zero(priv_key));
+
+        if (dsa->pub_key == NULL)
+                {
+                if ((pub_key=BN_new()) == NULL) goto err;
+                }
+        else
+                pub_key=dsa->pub_key;
+        
+        {
+                BIGNUM local_prk;
+                BIGNUM *prk;
+
+                if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        BN_init(&local_prk);
+                        prk = &local_prk;
+                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+                        }
+                else
+                        prk = priv_key;
+
+                if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
+        }
+
+        dsa->priv_key=priv_key;
+        dsa->pub_key=pub_key;
+        if (fips_dsa_pairwise_fail)
+                BN_add_word(dsa->pub_key, 1);
+        if(!fips_check_dsa(dsa))
+            goto err;
+        ok=1;
+
+err:
+        if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
+        if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
+        if (ctx != NULL) BN_CTX_free(ctx);
+        return(ok);
+        }
+#endif
+
+#endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_lib.c b/src/lib/libssl/src/fips/dsa/fips_dsa_lib.c
new file mode 100644
index 0000000000..2545966d2a
--- /dev/null
+++ b/src/lib/libssl/src/fips/dsa/fips_dsa_lib.c
@@ -0,0 +1,95 @@
+/* fips_dsa_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+
+/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
+ * reduce external dependencies. 
+ */
+
+DSA *FIPS_dsa_new(void)
+        {
+        DSA *ret;
+        ret = OPENSSL_malloc(sizeof(DSA));
+        if (!ret)
+                return NULL;
+        memset(ret, 0, sizeof(DSA));
+        ret->meth = DSA_OpenSSL();
+        if (ret->meth->init)
+                ret->meth->init(ret);
+        return ret;
+        }
+
+void FIPS_dsa_free(DSA *r)
+        {
+        if (!r)
+                return;
+        if (r->meth->finish)
+                r->meth->finish(r);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->g != NULL) BN_clear_free(r->g);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
+        if (r->kinv != NULL) BN_clear_free(r->kinv);
+        if (r->r != NULL) BN_clear_free(r->r);
+        OPENSSL_free(r);
+        }
+
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c b/src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c
index 0ae5eb4b9e..50a6c13318 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c
+++ b/src/lib/libssl/src/fips/dsa/fips_dsa_ossl.c
@@ -63,6 +63,7 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#include <openssl/err.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
@@ -83,7 +84,7 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                                 const BIGNUM *m, BN_CTX *ctx,
                                 BN_MONT_CTX *m_ctx);
 
-static DSA_METHOD openssl_dsa_meth = {
+static const DSA_METHOD openssl_dsa_meth = {
 "OpenSSL FIPS DSA method",
 dsa_do_sign,
 dsa_sign_setup,
@@ -92,10 +93,10 @@ dsa_mod_exp,
 dsa_bn_mod_exp,
 dsa_init,
 dsa_finish,
-0,
+DSA_FLAG_FIPS_METHOD,
 NULL
 };
-
+#if 0
 int FIPS_dsa_check(struct dsa_st *dsa)
     {
     if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign
@@ -110,6 +111,7 @@ int FIPS_dsa_check(struct dsa_st *dsa)
         }
     return 1;
     }
+#endif
 
 const DSA_METHOD *DSA_OpenSSL(void)
 {
@@ -131,6 +133,12 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
             return NULL;
             }
 
+        if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+                {
+                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
+                return NULL;
+                }
+
         BN_init(&m);
         BN_init(&xr);
 
@@ -153,17 +161,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
         ctx=BN_CTX_new();
         if (ctx == NULL) goto err;
 
-        if ((dsa->kinv == NULL) || (dsa->r == NULL))
-                {
-                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-                }
-        else
-                {
-                kinv=dsa->kinv;
-                dsa->kinv=NULL;
-                r=dsa->r;
-                dsa->r=NULL;
-                }
+        if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r)) goto err;
 
         if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
 
@@ -174,7 +172,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
                 BN_sub(s,s,dsa->q);
         if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 
-        ret=DSA_SIG_new();
+        ret= DSA_SIG_new();
         if (ret == NULL) goto err;
         ret->r = r;
         ret->s = s;
@@ -197,7 +195,7 @@ err:
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         {
         BN_CTX *ctx;
-        BIGNUM k,*kinv=NULL,*r=NULL;
+        BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
         int ret=0;
 
         if (!dsa->p || !dsa->q || !dsa->g)
@@ -207,6 +205,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                 }
 
         BN_init(&k);
+        BN_init(&kq);
 
         if (ctx_in == NULL)
                 {
@@ -216,22 +215,49 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                 ctx=ctx_in;
 
         if ((r=BN_new()) == NULL) goto err;
-        kinv=NULL;
 
         /* Get random k */
         do
                 if (!BN_rand_range(&k, dsa->q)) goto err;
         while (BN_is_zero(&k));
+        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+                {
+                BN_set_flags(&k, BN_FLG_CONSTTIME);
+                }
 
-        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                 {
-                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-                                dsa->p,ctx)) goto err;
+                if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+                                                CRYPTO_LOCK_DSA,
+                                                dsa->p, ctx))
+                        goto err;
                 }
 
         /* Compute r = (g^k mod p) mod q */
-        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+
+        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+                {
+                if (!BN_copy(&kq, &k)) goto err;
+
+                /* We do not want timing information to leak the length of k,
+                 * so we compute g^k using an equivalent exponent of fixed length.
+                 *
+                 * (This is a kludge that we need because the BN_mod_exp_mont()
+                 * does not let us specify the desired timing behaviour.) */
+
+                if (!BN_add(&kq, &kq, dsa->q)) goto err;
+                if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
+                        {
+                        if (!BN_add(&kq, &kq, dsa->q)) goto err;
+                        }
+
+                K = &kq;
+                }
+        else
+                {
+                K = &k;
+                }
+        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
                 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
         if (!BN_mod(r,r,dsa->q,ctx)) goto err;
 
@@ -254,6 +280,7 @@ err:
         if (ctx_in == NULL) BN_CTX_free(ctx);
         if (kinv != NULL) BN_clear_free(kinv);
         BN_clear_free(&k);
+        BN_clear_free(&kq);
         return(ret);
         }
 
@@ -277,6 +304,24 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS
             return -1;
             }
 
+        if (BN_num_bits(dsa->q) != 160)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
+                return -1;
+                }
+
+        if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
+                return -1;
+                }
+
+        if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+                {
+                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+                }
+
         BN_init(&u1);
         BN_init(&u2);
         BN_init(&t1);
@@ -307,13 +352,15 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS
         /* u2 = r * w mod q */
         if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
 
-        if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+
+        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                 {
-                if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-                                dsa->p,ctx)) goto err;
+                mont = BN_MONT_CTX_set_locked(
+                                        (BN_MONT_CTX **)&dsa->method_mont_p,
+                                        CRYPTO_LOCK_DSA, dsa->p, ctx);
+                if (!mont)
+                        goto err;
                 }
-        mont=(BN_MONT_CTX *)dsa->method_mont_p;
 
 #if 0
         {
@@ -355,6 +402,7 @@ static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DS
 
 static int dsa_init(DSA *dsa)
 {
+        FIPS_selftest_check();
         dsa->flags|=DSA_FLAG_CACHE_MONT_P;
         return(1);
 }
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c b/src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c
index 2c88f0af44..6880760a77 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c
+++ b/src/lib/libssl/src/fips/dsa/fips_dsa_selftest.c
@@ -61,42 +61,49 @@
 #include <openssl/dsa.h>
 #include <openssl/fips.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
 
 #ifdef OPENSSL_FIPS
 
-/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
- * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
-static unsigned char seed[20]={
-        0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
-        0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
-        };
+/* seed, out_p, out_q, out_g are taken the NIST test vectors */
+
+static unsigned char seed[20] = {
+        0x77, 0x8f, 0x40, 0x74, 0x6f, 0x66, 0xbe, 0x33, 0xce, 0xbe, 0x99, 0x34,
+        0x4c, 0xfc, 0xf3, 0x28, 0xaa, 0x70, 0x2d, 0x3a
+        };
 
-static unsigned char out_p[]={
-        0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
-        0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
-        0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
-        0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
-        0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
-        0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
-        0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
-        0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+static unsigned char out_p[] = {
+        0xf7, 0x7c, 0x1b, 0x83, 0xd8, 0xe8, 0x5c, 0x7f, 0x85, 0x30, 0x17, 0x57,
+        0x21, 0x95, 0xfe, 0x26, 0x04, 0xeb, 0x47, 0x4c, 0x3a, 0x4a, 0x81, 0x4b,
+        0x71, 0x2e, 0xed, 0x6e, 0x4f, 0x3d, 0x11, 0x0f, 0x7c, 0xfe, 0x36, 0x43,
+        0x51, 0xd9, 0x81, 0x39, 0x17, 0xdf, 0x62, 0xf6, 0x9c, 0x01, 0xa8, 0x69,
+        0x71, 0xdd, 0x29, 0x7f, 0x47, 0xe6, 0x65, 0xa6, 0x22, 0xe8, 0x6a, 0x12,
+        0x2b, 0xc2, 0x81, 0xff, 0x32, 0x70, 0x2f, 0x9e, 0xca, 0x53, 0x26, 0x47,
+        0x0f, 0x59, 0xd7, 0x9e, 0x2c, 0xa5, 0x07, 0xc4, 0x49, 0x52, 0xa3, 0xe4,
+        0x6b, 0x04, 0x00, 0x25, 0x49, 0xe2, 0xe6, 0x7f, 0x28, 0x78, 0x97, 0xb8,
+        0x3a, 0x32, 0x14, 0x38, 0xa2, 0x51, 0x33, 0x22, 0x44, 0x7e, 0xd7, 0xef,
+        0x45, 0xdb, 0x06, 0x4a, 0xd2, 0x82, 0x4a, 0x82, 0x2c, 0xb1, 0xd7, 0xd8,
+        0xb6, 0x73, 0x00, 0x4d, 0x94, 0x77, 0x94, 0xef
         };
 
-static unsigned char out_q[]={
-        0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
-        0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
-        0xda,0xce,0x91,0x5f,
+static unsigned char out_q[] = {
+        0xd4, 0x0a, 0xac, 0x9f, 0xbd, 0x8c, 0x80, 0xc2, 0x38, 0x7e, 0x2e, 0x0c,
+        0x52, 0x5c, 0xea, 0x34, 0xa1, 0x83, 0x32, 0xf3
         };
 
-static unsigned char out_g[]={
-        0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
-        0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
-        0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
-        0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
-        0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
-        0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
-        0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
-        0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+static unsigned char out_g[] = {
+        0x34, 0x73, 0x8b, 0x57, 0x84, 0x8e, 0x55, 0xbf, 0x57, 0xcc, 0x41, 0xbb,
+        0x5e, 0x2b, 0xd5, 0x42, 0xdd, 0x24, 0x22, 0x2a, 0x09, 0xea, 0x26, 0x1e,
+        0x17, 0x65, 0xcb, 0x1a, 0xb3, 0x12, 0x44, 0xa3, 0x9e, 0x99, 0xe9, 0x63,
+        0xeb, 0x30, 0xb1, 0x78, 0x7b, 0x09, 0x40, 0x30, 0xfa, 0x83, 0xc2, 0x35,
+        0xe1, 0xc4, 0x2d, 0x74, 0x1a, 0xb1, 0x83, 0x54, 0xd8, 0x29, 0xf4, 0xcf,
+        0x7f, 0x6f, 0x67, 0x1c, 0x36, 0x49, 0xee, 0x6c, 0xa2, 0x3c, 0x2d, 0x6a,
+        0xe9, 0xd3, 0x9a, 0xf6, 0x57, 0x78, 0x6f, 0xfd, 0x33, 0xcd, 0x3c, 0xed,
+        0xfd, 0xd4, 0x41, 0xe6, 0x5c, 0x8b, 0xe0, 0x68, 0x31, 0x47, 0x47, 0xaf,
+        0x12, 0xa7, 0xf9, 0x32, 0x0d, 0x94, 0x15, 0x48, 0xd0, 0x54, 0x85, 0xb2,
+        0x04, 0xb5, 0x4d, 0xd4, 0x9d, 0x05, 0x22, 0x25, 0xd9, 0xfd, 0x6c, 0x36,
+        0xef, 0xbe, 0x69, 0x6c, 0x55, 0xf4, 0xee, 0xec
         };
 
 static const unsigned char str1[]="12345678901234567890";
@@ -109,60 +116,65 @@ void FIPS_corrupt_dsa()
 int FIPS_selftest_dsa()
     {
     DSA *dsa=NULL;
-    int counter,i,j;
+    int counter,i,j, ret = 0;
+    unsigned int slen;
     unsigned char buf[256];
     unsigned long h;
-    unsigned char sig[256];
-    unsigned int siglen;
+    EVP_MD_CTX mctx;
+    EVP_PKEY pk;
 
-    dsa=DSA_generate_parameters(512,seed,20,&counter,&h,NULL,NULL);
+    EVP_MD_CTX_init(&mctx);
+
+    dsa = FIPS_dsa_new();
 
     if(dsa == NULL)
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
-    if (counter != 105) 
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
+        goto err;
+    if(!DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,NULL))
+        goto err;
+    if (counter != 378) 
+        goto err;
     if (h != 2)
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
+        goto err;
     i=BN_bn2bin(dsa->q,buf);
     j=sizeof(out_q);
     if (i != j || memcmp(buf,out_q,i) != 0)
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
+        goto err;
 
     i=BN_bn2bin(dsa->p,buf);
     j=sizeof(out_p);
     if (i != j || memcmp(buf,out_p,i) != 0)
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
+        goto err;
 
     i=BN_bn2bin(dsa->g,buf);
     j=sizeof(out_g);
     if (i != j || memcmp(buf,out_g,i) != 0)
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
+        goto err;
     DSA_generate_key(dsa);
-    DSA_sign(0, str1, 20, sig, &siglen, dsa);
-    if(DSA_verify(0, str1, 20, sig, siglen, dsa) != 1)
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
-    DSA_free(dsa);
-    return 1;
+    pk.type = EVP_PKEY_DSA;
+    pk.pkey.dsa = dsa;
+
+    if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+        goto err;
+    if (!EVP_SignUpdate(&mctx, str1, 20))
+        goto err;
+    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+        goto err;
+
+    if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+        goto err;
+    if (!EVP_VerifyUpdate(&mctx, str1, 20))
+        goto err;
+    if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
+        goto err;
+
+    ret = 1;
+
+    err:
+    EVP_MD_CTX_cleanup(&mctx);
+    if (dsa)
+        FIPS_dsa_free(dsa);
+    if (ret == 0)
+            FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
+    return ret;
     }
 #endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsa_sign.c b/src/lib/libssl/src/fips/dsa/fips_dsa_sign.c
new file mode 100644
index 0000000000..32ea0b0fea
--- /dev/null
+++ b/src/lib/libssl/src/fips/dsa/fips_dsa_sign.c
@@ -0,0 +1,256 @@
+/* fips_dsa_sign.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/* FIPS versions of DSA_sign() and DSA_verify().
+ * These include a tiny ASN1 encoder/decoder to handle the specific
+ * case of a DSA signature.
+ */
+
+int FIPS_dsa_size(DSA *r)
+        {
+        int ilen;
+        ilen = BN_num_bytes(r->q);
+        if (ilen > 20)
+                return -1;
+        /* If MSB set need padding byte */
+        ilen ++;
+        /* Also need 2 bytes INTEGER header for r and s plus
+         * 2 bytes SEQUENCE header making 6 in total.
+         */
+        return ilen * 2 + 6;
+        }
+
+/* Tiny ASN1 encoder for DSA_SIG structure. We can assume r, s smaller than
+ * 0x80 octets as by the DSA standards they will be less than 2^160
+ */
+
+int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig)
+        {
+        int rlen, slen, rpad, spad, seqlen;
+        rlen = BN_num_bytes(sig->r);
+        if (rlen > 20)
+                return -1;
+        if (BN_num_bits(sig->r) & 0x7)
+                rpad = 0;
+        else
+                rpad = 1;
+        slen = BN_num_bytes(sig->s);
+        if (slen > 20)
+                return -1;
+        if (BN_num_bits(sig->s) & 0x7)
+                spad = 0;
+        else
+                spad = 1;
+        /* Length of SEQUENCE, (1 tag + 1 len octet) * 2 + content octets */
+        seqlen = rlen + rpad + slen + spad + 4;
+        /* Actual encoded length: include SEQUENCE header */
+        if (!out)
+                return seqlen + 2;
+
+        /* Output SEQUENCE header */
+        *out++ = V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED;
+        *out++ = (unsigned char)seqlen;
+
+        /* Output r */
+        *out++ = V_ASN1_INTEGER;
+        *out++ = (unsigned char)(rlen + rpad);
+        if (rpad)
+                *out++ = 0;
+        BN_bn2bin(sig->r, out);
+        out += rlen;
+
+        /* Output s */
+        *out++ = V_ASN1_INTEGER;
+        *out++ = (unsigned char)(slen + spad);
+        if (spad)
+                *out++ = 0;
+        BN_bn2bin(sig->s, out);
+        return seqlen + 2;
+        }
+
+/* Companion DSA_SIG decoder */
+
+int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen)
+        {
+        int seqlen, rlen, slen;
+        const unsigned char *rbin;
+        /* Sanity check */
+
+        /* Need SEQUENCE tag */
+        if (*in++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
+                return 0;
+        /* Get length octet */
+        seqlen = *in++;
+        /* Check sensible length value */
+        if (seqlen < 4 || seqlen > 0x7F)
+                return 0;
+        /* Check INTEGER tag */
+        if (*in++ != V_ASN1_INTEGER)
+                return 0;
+        rlen = *in++;
+        seqlen -= 2 + rlen;
+        /* Check sensible seqlen value */
+        if (seqlen < 2)
+                return 0;
+        rbin = in;
+        in += rlen;
+        /* Check INTEGER tag */
+        if (*in++ != V_ASN1_INTEGER)
+                return 0;
+        slen = *in++;
+        /* Remaining bytes of SEQUENCE should exactly match
+         * encoding of s
+         */
+        if (seqlen != (slen + 2))
+                return 0;
+        if (!sig->r && !(sig->r = BN_new()))
+                return 0;
+        if (!sig->s && !(sig->s = BN_new()))
+                return 0;
+        if (!BN_bin2bn(rbin, rlen, sig->r))
+                return 0;
+        if (!BN_bin2bn(in, slen, sig->s))
+                return 0;
+        return 1;
+        }
+
+static int fips_dsa_sign(int type, const unsigned char *x, int y,
+             unsigned char *sig, unsigned int *siglen, EVP_MD_SVCTX *sv)
+        {
+        DSA *dsa = sv->key;
+        unsigned char dig[EVP_MAX_MD_SIZE];
+        unsigned int dlen;
+        DSA_SIG *s;
+        EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
+        s=dsa->meth->dsa_do_sign(dig,dlen,dsa);
+        OPENSSL_cleanse(dig, dlen);
+        if (s == NULL)
+                {
+                *siglen=0;
+                return 0;
+                }
+        *siglen= FIPS_dsa_sig_encode(sig, s);
+        DSA_SIG_free(s);
+        if (*siglen < 0)
+                return 0;
+        return 1;
+        }
+
+static int fips_dsa_verify(int type, const unsigned char *x, int y,
+             const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
+        {
+        DSA *dsa = sv->key;
+        DSA_SIG *s;
+        int ret=-1;
+        unsigned char dig[EVP_MAX_MD_SIZE];
+        unsigned int dlen;
+
+        s = DSA_SIG_new();
+        if (s == NULL)
+                return ret;
+        if (!FIPS_dsa_sig_decode(s,sigbuf,siglen))
+                goto err;
+        EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
+        ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
+        OPENSSL_cleanse(dig, dlen);
+err:
+        DSA_SIG_free(s);
+        return ret;
+        }
+
+static int init(EVP_MD_CTX *ctx)
+        { return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dss1_md=
+        {
+        NID_dsa,
+        NID_dsaWithSHA1,
+        SHA_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        (evp_sign_method *)fips_dsa_sign,
+        (evp_verify_method *)fips_dsa_verify,
+        {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, EVP_PKEY_DSA4,0},
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+
+const EVP_MD *EVP_dss1(void)
+        {
+        return(&dss1_md);
+        }
+#endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dsatest.c b/src/lib/libssl/src/fips/dsa/fips_dsatest.c
index 7215940ede..c7e0f5164f 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dsatest.c
+++ b/src/lib/libssl/src/fips/dsa/fips_dsatest.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -68,11 +69,12 @@
 #include <openssl/rand.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
+
 
 #if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
 int main(int argc, char *argv[])
@@ -81,6 +83,8 @@ int main(int argc, char *argv[])
     return(0);
 }
 #else
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
 #include <openssl/dsa.h>
 
 #ifdef OPENSSL_SYS_WIN16
@@ -89,100 +93,98 @@ int main(int argc, char *argv[])
 #define MS_CALLBACK
 #endif
 
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+#include "fips_utl.h"
 
-/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
- * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
-static unsigned char seed[20]={
-        0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
-        0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
-        };
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
 
-static unsigned char out_p[]={
-        0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
-        0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
-        0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
-        0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
-        0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
-        0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
-        0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
-        0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+/* seed, out_p, out_q, out_g are taken from the earlier validation test
+ * vectors.
+ */
+
+static unsigned char seed[20] = {
+        0x1c, 0xfb, 0xa9, 0x6c, 0xf7, 0x95, 0xb3, 0x2e, 0x01, 0x01, 0x3c, 0x8d,
+        0x7f, 0x6e, 0xf4, 0x59, 0xcc, 0x2f, 0x19, 0x59
+        };
+
+static unsigned char out_p[] = {
+        0xc2, 0x3c, 0x48, 0x31, 0x7e, 0x3b, 0x4e, 0x5d, 0x3c, 0x93, 0x78, 0x60,
+        0x5c, 0xf2, 0x60, 0xbb, 0x5a, 0xfa, 0x7f, 0x17, 0xf9, 0x26, 0x69, 0x46,
+        0xe7, 0x07, 0xbb, 0x3b, 0x2e, 0xc4, 0xb5, 0x66, 0xf7, 0x4d, 0xae, 0x9b,
+        0x8f, 0xf0, 0x42, 0xea, 0xb3, 0xa0, 0x7e, 0x81, 0x85, 0x89, 0xe6, 0xb0,
+        0x29, 0x03, 0x6b, 0xcc, 0xfb, 0x8e, 0x46, 0x15, 0x4d, 0xc1, 0x69, 0xd8,
+        0x2f, 0xef, 0x5c, 0x8b, 0x29, 0x32, 0x41, 0xbd, 0x13, 0x72, 0x3d, 0xac,
+        0x81, 0xcc, 0x86, 0x6c, 0x06, 0x5d, 0x51, 0xa1, 0xa5, 0x07, 0x0c, 0x3e,
+        0xbe, 0xdd, 0xf4, 0x6e, 0xa8, 0xed, 0xb4, 0x2f, 0xbd, 0x3e, 0x64, 0xea,
+        0xee, 0x92, 0xec, 0x51, 0xe1, 0x0d, 0xab, 0x25, 0x45, 0xae, 0x55, 0x21,
+        0x4d, 0xd6, 0x96, 0x6f, 0xe6, 0xaa, 0xd3, 0xca, 0x87, 0x92, 0xb1, 0x1c,
+        0x3c, 0xaf, 0x29, 0x09, 0x8b, 0xc6, 0xed, 0xe1
         };
 
-static unsigned char out_q[]={
-        0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
-        0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
-        0xda,0xce,0x91,0x5f,
+static unsigned char out_q[] = {
+        0xae, 0x0a, 0x8c, 0xfb, 0x80, 0xe1, 0xc6, 0xd1, 0x09, 0x0f, 0x26, 0xde,
+        0x91, 0x53, 0xc2, 0x8b, 0x2b, 0x0f, 0xde, 0x7f
         };
 
-static unsigned char out_g[]={
-        0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
-        0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
-        0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
-        0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
-        0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
-        0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
-        0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
-        0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+static unsigned char out_g[] = {
+        0x0d, 0x7d, 0x92, 0x74, 0x10, 0xf6, 0xa4, 0x43, 0x86, 0x9a, 0xd1, 0xd9,
+        0x56, 0x00, 0xbc, 0x18, 0x97, 0x99, 0x4e, 0x9a, 0x93, 0xfb, 0x00, 0x3d,
+        0x6c, 0xa0, 0x1b, 0x95, 0x6b, 0xbd, 0xf7, 0x7a, 0xbc, 0x36, 0x3f, 0x3d,
+        0xb9, 0xbf, 0xf9, 0x91, 0x37, 0x68, 0xd1, 0xb9, 0x1e, 0xfe, 0x7f, 0x10,
+        0xc0, 0x6a, 0xcd, 0x5f, 0xc1, 0x65, 0x1a, 0xb8, 0xe7, 0xab, 0xb5, 0xc6,
+        0x8d, 0xb7, 0x86, 0xad, 0x3a, 0xbf, 0x6b, 0x7b, 0x0a, 0x66, 0xbe, 0xd5,
+        0x58, 0x23, 0x16, 0x48, 0x83, 0x29, 0xb6, 0xa7, 0x64, 0xc7, 0x08, 0xbe,
+        0x55, 0x4c, 0x6f, 0xcb, 0x34, 0xc1, 0x73, 0xb0, 0x39, 0x68, 0x52, 0xdf,
+        0x27, 0x7f, 0x32, 0xbc, 0x2b, 0x0d, 0x63, 0xed, 0x75, 0x3e, 0xb5, 0x54,
+        0xac, 0xc8, 0x20, 0x2a, 0x73, 0xe8, 0x29, 0x51, 0x03, 0x77, 0xe8, 0xc9,
+        0x61, 0x32, 0x25, 0xaf, 0x21, 0x5b, 0x6e, 0xda
         };
 
+
 static const unsigned char str1[]="12345678901234567890";
 
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static const unsigned char rnd_key1[]="12345678";
-static const unsigned char rnd_key2[]="abcdefgh";
-
-static BIO *bio_err=NULL;
 
 int main(int argc, char **argv)
         {
         DSA *dsa=NULL;
+        EVP_PKEY pk;
         int counter,ret=0,i,j;
+        unsigned int slen;
         unsigned char buf[256];
         unsigned long h;
-        unsigned char sig[256];
-        unsigned int siglen;
+        BN_GENCB cb;
+        EVP_MD_CTX mctx;
+        BN_GENCB_set(&cb, dsa_cb, stderr);
+        EVP_MD_CTX_init(&mctx);
 
-        if (bio_err == NULL)
-                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-#ifdef OPENSSL_FIPS
-        if(!FIPS_mode_set(1,argv[0]))
+        if(!FIPS_mode_set(1))
             {
-            ERR_print_errors(bio_err);
+            do_print_errors();
             EXIT(1);
             }
-#endif
-        CRYPTO_malloc_debug_init();
-        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-        ERR_load_crypto_strings();
-        FIPS_set_prng_key(rnd_key1,rnd_key2);
-        RAND_seed(rnd_seed, sizeof rnd_seed);
 
-        BIO_printf(bio_err,"test generation of DSA parameters\n");
+        fprintf(stderr,"test generation of DSA parameters\n");
 
-        dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
+        dsa = FIPS_dsa_new();
+        DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb);
 
-        BIO_printf(bio_err,"seed\n");
+        fprintf(stderr,"seed\n");
         for (i=0; i<20; i+=4)
                 {
-                BIO_printf(bio_err,"%02X%02X%02X%02X ",
+                fprintf(stderr,"%02X%02X%02X%02X ",
                         seed[i],seed[i+1],seed[i+2],seed[i+3]);
                 }
-        BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
-                
+        fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h);
+
         if (dsa == NULL) goto end;
-        DSA_print(bio_err,dsa,0);
-        if (counter != 105) 
+        if (counter != 16) 
                 {
-                BIO_printf(bio_err,"counter should be 105\n");
+                fprintf(stderr,"counter should be 105\n");
                 goto end;
                 }
         if (h != 2)
                 {
-                BIO_printf(bio_err,"h should be 2\n");
+                fprintf(stderr,"h should be 2\n");
                 goto end;
                 }
 
@@ -190,7 +192,7 @@ int main(int argc, char **argv)
         j=sizeof(out_q);
         if ((i != j) || (memcmp(buf,out_q,i) != 0))
                 {
-                BIO_printf(bio_err,"q value is wrong\n");
+                fprintf(stderr,"q value is wrong\n");
                 goto end;
                 }
 
@@ -198,7 +200,7 @@ int main(int argc, char **argv)
         j=sizeof(out_p);
         if ((i != j) || (memcmp(buf,out_p,i) != 0))
                 {
-                BIO_printf(bio_err,"p value is wrong\n");
+                fprintf(stderr,"p value is wrong\n");
                 goto end;
                 }
 
@@ -206,26 +208,37 @@ int main(int argc, char **argv)
         j=sizeof(out_g);
         if ((i != j) || (memcmp(buf,out_g,i) != 0))
                 {
-                BIO_printf(bio_err,"g value is wrong\n");
+                fprintf(stderr,"g value is wrong\n");
                 goto end;
                 }
         DSA_generate_key(dsa);
-        DSA_sign(0, str1, 20, sig, &siglen, dsa);
-        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-                ret=1;
+        pk.type = EVP_PKEY_DSA;
+        pk.pkey.dsa = dsa;
+
+        if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+                goto end;
+        if (!EVP_SignUpdate(&mctx, str1, 20))
+                goto end;
+        if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+                goto end;
+
+        if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+                goto end;
+        if (!EVP_VerifyUpdate(&mctx, str1, 20))
+                goto end;
+        if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
+                goto end;
+
+        ret = 1;
+
 end:
         if (!ret)
-                ERR_print_errors(bio_err);
-        if (dsa != NULL) DSA_free(dsa);
-        CRYPTO_cleanup_all_ex_data();
-        ERR_remove_state(0);
-        ERR_free_strings();
+                do_print_errors();
+        if (dsa != NULL) FIPS_dsa_free(dsa);
+        EVP_MD_CTX_cleanup(&mctx);
+#if 0
         CRYPTO_mem_leaks(bio_err);
-        if (bio_err != NULL)
-                {
-                BIO_free(bio_err);
-                bio_err = NULL;
-                }
+#endif
         EXIT(!ret);
         return(!ret);
         }
@@ -236,7 +249,7 @@ static int cb_exit(int ec)
         return(0);              /* To keep some compilers quiet */
         }
 
-static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
         {
         char c='*';
         static int ok=0,num=0;
@@ -245,13 +258,14 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
         if (p == 1) c='+';
         if (p == 2) { c='*'; ok++; }
         if (p == 3) c='\n';
-        BIO_write(arg,&c,1);
-        (void)BIO_flush(arg);
+        fwrite(&c,1, 1, cb->arg);
+        fflush(cb->arg);
 
         if (!ok && (p == 0) && (num > 1))
                 {
-                BIO_printf((BIO *)arg,"error in dsatest\n");
+                fprintf(cb->arg,"error in dsatest\n");
                 cb_exit(1);
                 }
+        return 1;
         }
 #endif
diff --git a/src/lib/libssl/src/fips/dsa/fips_dssvs.c b/src/lib/libssl/src/fips/dsa/fips_dssvs.c
index 50a4d96986..aa74e8e636 100644
--- a/src/lib/libssl/src/fips/dsa/fips_dssvs.c
+++ b/src/lib/libssl/src/fips/dsa/fips_dssvs.c
@@ -1,104 +1,64 @@
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS DSA support\n");
+    return(0);
+}
+#else
+
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/fips.h>
 #include <openssl/err.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 #include <string.h>
+#include <ctype.h>
 
-int hex2bin(const char *in, unsigned char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
-        { /* first byte */
-        if ((in[n1] >= '0') && (in[n1] <= '9'))
-            ch = in[n1++] - '0';
-        else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-            ch = in[n1++] - 'A' + 10;
-        else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-            ch = in[n1++] - 'a' + 10;
-        else
-            return -1;
-        if(!in[n1])
-            {
-            out[n2++]=ch;
-            break;
-            }
-        out[n2] = ch << 4;
-        /* second byte */
-        if ((in[n1] >= '0') && (in[n1] <= '9'))
-            ch = in[n1++] - '0';
-        else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
-            ch = in[n1++] - 'A' + 10;
-        else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
-            ch = in[n1++] - 'a' + 10;
-        else
-            return -1;
-        out[n2++] |= ch;
-        }
-    return n2;
-    }
-
-BIGNUM *hex2bn(const char *in)
-    {
-    BIGNUM *p=BN_new();
-
-    BN_hex2bn(&p,in);
+#include "fips_utl.h"
 
-    return p;
-    }
-
-int bin2hex(const unsigned char *in,int len,char *out)
-    {
-    int n1, n2;
-    unsigned char ch;
-
-    for (n1=0,n2=0 ; n1 < len ; ++n1)
+static void pbn(const char *name, BIGNUM *bn)
         {
-        ch=in[n1] >> 4;
-        if (ch <= 0x09)
-            out[n2++]=ch+'0';
-        else
-            out[n2++]=ch-10+'a';
-        ch=in[n1] & 0x0f;
-        if(ch <= 0x09)
-            out[n2++]=ch+'0';
-        else
-            out[n2++]=ch-10+'a';
+        int len, i;
+        unsigned char *tmp;
+        len = BN_num_bytes(bn);
+        tmp = OPENSSL_malloc(len);
+        if (!tmp)
+                {
+                fprintf(stderr, "Memory allocation error\n");
+                return;
+                }
+        BN_bn2bin(bn, tmp);
+        printf("%s = ", name);
+        for (i = 0; i < len; i++)
+                printf("%02X", tmp[i]);
+        fputs("\n", stdout);
+        OPENSSL_free(tmp);
+        return;
         }
-    out[n2]='\0';
-    return n2;
-    }
-
-void pv(const char *tag,const unsigned char *val,int len)
-    {
-    char obuf[2048];
-
-    bin2hex(val,len,obuf);
-    printf("%s = %s\n",tag,obuf);
-    }
-
-void pbn(const char *tag,const BIGNUM *val)
-    {
-    printf("%s = %s\n",tag,BN_bn2hex(val));
-    }
 
 void primes()
     {
     char buf[10240];
+    char lbuf[10240];
+    char *keyword, *value;
 
     while(fgets(buf,sizeof buf,stdin) != NULL)
         {
         fputs(buf,stdout);
-        if(!strncmp(buf,"Prime= ",7))
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                continue;
+        if(!strcmp(keyword,"Prime"))
             {
             BIGNUM *pp;
 
             pp=BN_new();
-            BN_hex2bn(&pp,buf+7);
+            do_hex2bn(&pp,value);
             printf("result= %c\n",
-                   BN_is_prime(pp,20,NULL,NULL,NULL) ? 'P' : 'F');
+                   BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
             }       
         }
     }
@@ -106,15 +66,22 @@ void primes()
 void pqg()
     {
     char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
     int nmod=0;
 
     while(fgets(buf,sizeof buf,stdin) != NULL)
         {
-        if(!strncmp(buf,"[mod = ",7))
-            nmod=atoi(buf+7);
-        else if(!strncmp(buf,"N = ",4))
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                {
+                fputs(buf,stdout);
+                continue;
+                }
+        if(!strcmp(keyword,"[mod"))
+            nmod=atoi(value);
+        else if(!strcmp(keyword,"N"))
             {
-            int n=atoi(buf+4);
+            int n=atoi(value);
 
             printf("[mod = %d]\n\n",nmod);
 
@@ -124,11 +91,16 @@ void pqg()
                 DSA *dsa;
                 int counter;
                 unsigned long h;
-
-                dsa=DSA_generate_parameters(nmod,seed,0,&counter,&h,NULL,NULL);
-                printf("P = %s\n",BN_bn2hex(dsa->p));
-                printf("Q = %s\n",BN_bn2hex(dsa->q));
-                printf("G = %s\n",BN_bn2hex(dsa->g));
+                dsa = FIPS_dsa_new();
+
+                if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
+                        {
+                        do_print_errors();
+                        exit(1);
+                        }
+                pbn("P",dsa->p);
+                pbn("Q",dsa->q);
+                pbn("G",dsa->g);
                 pv("Seed",seed,20);
                 printf("c = %d\n",counter);
                 printf("H = %lx\n",h);
@@ -140,23 +112,226 @@ void pqg()
         }
     }
 
+void pqgver()
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    int counter, counter2;
+    unsigned long h, h2;
+    DSA *dsa=NULL;
+    int nmod=0;
+    unsigned char seed[1024];
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+        {
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                {
+                fputs(buf,stdout);
+                continue;
+                }
+        if(!strcmp(keyword,"[mod"))
+            nmod=atoi(value);
+        else if(!strcmp(keyword,"P"))
+            p=hex2bn(value);
+        else if(!strcmp(keyword,"Q"))
+            q=hex2bn(value);
+        else if(!strcmp(keyword,"G"))
+            g=hex2bn(value);
+        else if(!strcmp(keyword,"Seed"))
+            {
+            int slen = hex2bin(value, seed);
+            if (slen != 20)
+                {
+                fprintf(stderr, "Seed parse length error\n");
+                exit (1);
+                }
+            }
+        else if(!strcmp(keyword,"c"))
+            counter =atoi(buf+4);
+        else if(!strcmp(keyword,"H"))
+            {
+            h = atoi(value);
+            if (!p || !q || !g)
+                {
+                fprintf(stderr, "Parse Error\n");
+                exit (1);
+                }
+            pbn("P",p);
+            pbn("Q",q);
+            pbn("G",g);
+            pv("Seed",seed,20);
+            printf("c = %d\n",counter);
+            printf("H = %lx\n",h);
+            dsa = FIPS_dsa_new();
+            if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
+                        {
+                        do_print_errors();
+                        exit(1);
+                        }
+            if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
+                || (counter != counter2) || (h != h2))
+                printf("Result = F\n");
+            else
+                printf("Result = T\n");
+            BN_free(p);
+            BN_free(q);
+            BN_free(g);
+            p = NULL;
+            q = NULL;
+            g = NULL;
+            FIPS_dsa_free(dsa);
+            dsa = NULL;
+            }
+        }
+    }
+
+/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
+ * algorithm tests. It is an additional test to perform sanity checks on the
+ * output of the KeyPair test.
+ */
+
+static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
+                                                        BN_CTX *ctx)
+    {
+    BIGNUM *rem = NULL;
+    if (BN_num_bits(p) != nmod)
+        return 0;
+    if (BN_num_bits(q) != 160)
+        return 0;
+    if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
+        return 0;
+    if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
+        return 0;
+    rem = BN_new();
+    if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
+        || (BN_cmp(g, BN_value_one()) <= 0)
+        || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
+        {
+        BN_free(rem);
+        return 0;
+        }
+    /* Todo: check g */
+    BN_free(rem);
+    return 1;
+    }
+
+void keyver()
+    {
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
+    BIGNUM *Y2;
+    BN_CTX *ctx = NULL;
+    int nmod=0, paramcheck = 0;
+
+    ctx = BN_CTX_new();
+    Y2 = BN_new();
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+        {
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                {
+                fputs(buf,stdout);
+                continue;
+                }
+        if(!strcmp(keyword,"[mod"))
+            {
+            if (p)
+                BN_free(p);
+            p = NULL;
+            if (q)
+                BN_free(q);
+            q = NULL;
+            if (g)
+                BN_free(g);
+            g = NULL;
+            paramcheck = 0;
+            nmod=atoi(value);
+            }
+        else if(!strcmp(keyword,"P"))
+            p=hex2bn(value);
+        else if(!strcmp(keyword,"Q"))
+            q=hex2bn(value);
+        else if(!strcmp(keyword,"G"))
+            g=hex2bn(value);
+        else if(!strcmp(keyword,"X"))
+            X=hex2bn(value);
+        else if(!strcmp(keyword,"Y"))
+            {
+            Y=hex2bn(value);
+            if (!p || !q || !g || !X || !Y)
+                {
+                fprintf(stderr, "Parse Error\n");
+                exit (1);
+                }
+            pbn("P",p);
+            pbn("Q",q);
+            pbn("G",g);
+            pbn("X",X);
+            pbn("Y",Y);
+            if (!paramcheck)
+                {
+                if (dss_paramcheck(nmod, p, q, g, ctx))
+                        paramcheck = 1;
+                else
+                        paramcheck = -1;
+                }
+            if (paramcheck != 1)
+                printf("Result = F\n");
+            else
+                {
+                if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
+                        printf("Result = F\n");
+                else
+                        printf("Result = T\n");
+                }
+            BN_free(X);
+            BN_free(Y);
+            X = NULL;
+            Y = NULL;
+            }
+        }
+        if (p)
+            BN_free(p);
+        if (q)
+            BN_free(q);
+        if (g)
+            BN_free(g);
+        if (Y2)
+            BN_free(Y2);
+    }
+
 void keypair()
     {
     char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
     int nmod=0;
 
     while(fgets(buf,sizeof buf,stdin) != NULL)
         {
-        if(!strncmp(buf,"[mod = ",7))
-            nmod=atoi(buf+7);
-        else if(!strncmp(buf,"N = ",4))
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                {
+                fputs(buf,stdout);
+                continue;
+                }
+        if(!strcmp(keyword,"[mod"))
+            nmod=atoi(value);
+        else if(!strcmp(keyword,"N"))
             {
             DSA *dsa;
-            int n=atoi(buf+4);
+            int n=atoi(value);
 
             printf("[mod = %d]\n\n",nmod);
-
-            dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL);
+            dsa = FIPS_dsa_new();
+            if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
+                {
+                do_print_errors();
+                exit(1);
+                }
             pbn("P",dsa->p);
             pbn("Q",dsa->q);
             pbn("G",dsa->g);
@@ -164,7 +339,11 @@ void keypair()
 
             while(n--)
                 {
-                DSA_generate_key(dsa);
+                if (!DSA_generate_key(dsa))
+                        {
+                        do_print_errors();
+                        exit(1);
+                        }
 
                 pbn("X",dsa->priv_key);
                 pbn("Y",dsa->pub_key);
@@ -177,68 +356,110 @@ void keypair()
 void siggen()
     {
     char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
     int nmod=0;
     DSA *dsa=NULL;
 
     while(fgets(buf,sizeof buf,stdin) != NULL)
         {
-        if(!strncmp(buf,"[mod = ",7))
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                {
+                fputs(buf,stdout);
+                continue;
+                }
+        if(!strcmp(keyword,"[mod"))
             {
-            nmod=atoi(buf+7);
+            nmod=atoi(value);
             printf("[mod = %d]\n\n",nmod);
-
-            dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL);
+            if (dsa)
+                FIPS_dsa_free(dsa);
+            dsa = FIPS_dsa_new();
+            if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
+                {
+                do_print_errors();
+                exit(1);
+                }
             pbn("P",dsa->p);
             pbn("Q",dsa->q);
             pbn("G",dsa->g);
             putc('\n',stdout);
             }
-        else if(!strncmp(buf,"Msg = ",6))
+        else if(!strcmp(keyword,"Msg"))
             {
             unsigned char msg[1024];
-            unsigned char hash[20];
+            unsigned char sbuf[60];
+            unsigned int slen;
             int n;
+            EVP_PKEY pk;
+            EVP_MD_CTX mctx;
             DSA_SIG *sig;
+            EVP_MD_CTX_init(&mctx);
 
-            n=hex2bin(buf+6,msg);
+            n=hex2bin(value,msg);
             pv("Msg",msg,n);
 
-            DSA_generate_key(dsa);
+            if (!DSA_generate_key(dsa))
+                {
+                do_print_errors();
+                exit(1);
+                }
+            pk.type = EVP_PKEY_DSA;
+            pk.pkey.dsa = dsa;
             pbn("Y",dsa->pub_key);
 
-            SHA1(msg,n,hash);
-            sig=DSA_do_sign(hash,sizeof hash,dsa);
+            EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
+            EVP_SignUpdate(&mctx, msg, n);
+            EVP_SignFinal(&mctx, sbuf, &slen, &pk);
+
+            sig = DSA_SIG_new();
+            FIPS_dsa_sig_decode(sig, sbuf, slen);
+
             pbn("R",sig->r);
             pbn("S",sig->s);
             putc('\n',stdout);
+            DSA_SIG_free(sig);
+            EVP_MD_CTX_cleanup(&mctx);
             }
         }
+        if (dsa)
+                FIPS_dsa_free(dsa);
     }
 
 void sigver()
     {
     DSA *dsa=NULL;
     char buf[1024];
-    int nmod=0;
-    unsigned char hash[20];
-    DSA_SIG *sig=DSA_SIG_new();
+    char lbuf[1024];
+    unsigned char msg[1024];
+    char *keyword, *value;
+    int nmod=0, n=0;
+    DSA_SIG sg, *sig = &sg;
+
+    sig->r = NULL;
+    sig->s = NULL;
 
     while(fgets(buf,sizeof buf,stdin) != NULL)
         {
-        if(!strncmp(buf,"[mod = ",7))
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                {
+                fputs(buf,stdout);
+                continue;
+                }
+        if(!strcmp(keyword,"[mod"))
             {
-            nmod=atoi(buf+7);
+            nmod=atoi(value);
             if(dsa)
-                DSA_free(dsa);
-            dsa=DSA_new();
+                FIPS_dsa_free(dsa);
+            dsa=FIPS_dsa_new();
             }
-        else if(!strncmp(buf,"P = ",4))
-            dsa->p=hex2bn(buf+4);
-        else if(!strncmp(buf,"Q = ",4))
-            dsa->q=hex2bn(buf+4);
-        else if(!strncmp(buf,"G = ",4))
+        else if(!strcmp(keyword,"P"))
+            dsa->p=hex2bn(value);
+        else if(!strcmp(keyword,"Q"))
+            dsa->q=hex2bn(value);
+        else if(!strcmp(keyword,"G"))
             {
-            dsa->g=hex2bn(buf+4);
+            dsa->g=hex2bn(value);
 
             printf("[mod = %d]\n\n",nmod);
             pbn("P",dsa->p);
@@ -246,28 +467,38 @@ void sigver()
             pbn("G",dsa->g);
             putc('\n',stdout);
             }
-        else if(!strncmp(buf,"Msg = ",6))
+        else if(!strcmp(keyword,"Msg"))
             {
-            unsigned char msg[1024];
-            int n;
-
-            n=hex2bin(buf+6,msg);
+            n=hex2bin(value,msg);
             pv("Msg",msg,n);
-            SHA1(msg,n,hash);
             }
-        else if(!strncmp(buf,"Y = ",4))
-            dsa->pub_key=hex2bn(buf+4);
-        else if(!strncmp(buf,"R = ",4))
-            sig->r=hex2bn(buf+4);
-        else if(!strncmp(buf,"S = ",4))
+        else if(!strcmp(keyword,"Y"))
+            dsa->pub_key=hex2bn(value);
+        else if(!strcmp(keyword,"R"))
+            sig->r=hex2bn(value);
+        else if(!strcmp(keyword,"S"))
             {
-            sig->s=hex2bn(buf+4);
+            EVP_MD_CTX mctx;
+            EVP_PKEY pk;
+            unsigned char sigbuf[60];
+            unsigned int slen;
+            int r;
+            EVP_MD_CTX_init(&mctx);
+            pk.type = EVP_PKEY_DSA;
+            pk.pkey.dsa = dsa;
+            sig->s=hex2bn(value);
         
             pbn("Y",dsa->pub_key);
             pbn("R",sig->r);
             pbn("S",sig->s);
-            printf("Result = %c\n",DSA_do_verify(hash,sizeof hash,sig,dsa)
-                   ? 'P' : 'F');
+
+            slen = FIPS_dsa_sig_encode(sigbuf, sig);
+            EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
+            EVP_VerifyUpdate(&mctx, msg, n);
+            r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
+            EVP_MD_CTX_cleanup(&mctx);
+        
+            printf("Result = %c\n", r == 1 ? 'P' : 'F');
             putc('\n',stdout);
             }
         }
@@ -277,21 +508,24 @@ int main(int argc,char **argv)
     {
     if(argc != 2)
         {
-        fprintf(stderr,"%s [prime|pqg]\n",argv[0]);
+        fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
         exit(1);
         }
-    if(!FIPS_mode_set(1,argv[0]))
+    if(!FIPS_mode_set(1))
         {
-        ERR_load_crypto_strings();
-        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+        do_print_errors();
         exit(1);
         }
     if(!strcmp(argv[1],"prime"))
         primes();
     else if(!strcmp(argv[1],"pqg"))
         pqg();
+    else if(!strcmp(argv[1],"pqgver"))
+        pqgver();
     else if(!strcmp(argv[1],"keypair"))
         keypair();
+    else if(!strcmp(argv[1],"keyver"))
+        keyver();
     else if(!strcmp(argv[1],"siggen"))
         siggen();
     else if(!strcmp(argv[1],"sigver"))
@@ -304,3 +538,5 @@ int main(int argc,char **argv)
 
     return 0;
     }
+
+#endif
diff --git a/src/lib/libssl/src/fips/fips-lib.com b/src/lib/libssl/src/fips/fips-lib.com
index f3571bf845..539117b2ed 100644
--- a/src/lib/libssl/src/fips/fips-lib.com
+++ b/src/lib/libssl/src/fips/fips-lib.com
@@ -75,7 +75,7 @@ $ ENDIF
 $!
 $! Define The Different Encryption Types.
 $!
-$ ENCRYPT_TYPES = "Basic,SHA1,RAND,DES,AES,DSA,RSA,DH"
+$ ENCRYPT_TYPES = "Basic,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC"
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -151,20 +151,26 @@ $!
 $! Define The Different Encryption "library" Strings.
 $!
 $ LIB_ = "fips,fips_err_wrapper"
-$ LIB_SHA1 = "fips_sha1dgst,fips_sha1_selftest"
-$ LIB_RAND = "fips_rand"
+$ LIB_SHA = "fips_sha1dgst,fips_sha1_selftest,fips_sha256,fips_sha512"
+$ LIB_RAND = "fips_rand,fips_rand_selftest"
 $ LIB_DES = "fips_des_enc,fips_des_selftest,fips_set_key"
 $ LIB_AES = "fips_aes_core,fips_aes_selftest"
 $ LIB_DSA = "fips_dsa_ossl,fips_dsa_gen,fips_dsa_selftest"
-$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest"
+$ LIB_RSA = "fips_rsa_eay,fips_rsa_gen,fips_rsa_selftest,fips_rsa_x931g"
 $ LIB_DH = "fips_dh_check,fips_dh_gen,fips_dh_key"
+$ LIB_HMAC = "fips_hmac,fips_hmac_selftest"
 $!
 $! Setup exceptional compilations
 $!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher
 $ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ ! Disable the DOLLARID warning
 $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
+$ ! Disable disjoint optimization
 $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
                     "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$ ! Disable the MIXLINKAGE warning
+$ COMPILEWITH_CC6 = ",fips_set_key,"
 $!
 $! Figure Out What Other Modules We Are To Build.
 $!
@@ -393,7 +399,12 @@ $       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
 $       THEN
 $         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $       ELSE
-$         CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
+$         THEN
+$           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         ELSE
+$           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         ENDIF
 $       ENDIF
 $     ENDIF
 $   ENDIF
@@ -856,7 +867,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
         CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
@@ -973,14 +984,18 @@ $   THEN
 $     IF CCDISABLEWARNINGS .EQS. ""
 $     THEN
 $       CC4DISABLEWARNINGS = "DOLLARID"
+$       CC6DISABLEWARNINGS = "MIXLINKAGE"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
 $       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
 $     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
+$     CC6DISABLEWARNINGS = ""
 $   ENDIF
 $   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
 $   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -991,6 +1006,7 @@ $   ELSE
 $     CC5 = CC + "/NOOPTIMIZE"
 $   ENDIF
 $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
 $!
 $!  Show user the result
 $!
@@ -1153,7 +1169,7 @@ $! Save directory information
 $!
 $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
 $ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "FIPS]"
+$ __TOP = __HERE - "FIPS-1_0]"
 $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
diff --git a/src/lib/libssl/src/fips/fips-nodiff.txt b/src/lib/libssl/src/fips/fips-nodiff.txt
new file mode 100644
index 0000000000..fb2944b4fc
--- /dev/null
+++ b/src/lib/libssl/src/fips/fips-nodiff.txt
@@ -0,0 +1,7 @@
+KeyPair.rsp
+PQGGen.rsp
+SigGen.rsp
+SigGen15.rsp
+SigGenPSS.rsp
+SigGenRSA.rsp
+SigGenPSS.rsp
diff --git a/src/lib/libssl/src/fips/fips.c b/src/lib/libssl/src/fips/fips.c
index 7ecba57f70..7dcc34403f 100644
--- a/src/lib/libssl/src/fips/fips.c
+++ b/src/lib/libssl/src/fips/fips.c
@@ -47,50 +47,80 @@
  *
  */
 
-#include <openssl/fips.h>
+
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
 #include <openssl/err.h>
 #include <openssl/bio.h>
 #include <openssl/hmac.h>
+#include <openssl/rsa.h>
 #include <string.h>
 #include <limits.h>
 #include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
 
+#include <openssl/fips.h>
+
 #ifndef PATH_MAX
 #define PATH_MAX 1024
 #endif
 
-static int fips_md5_allowed = 0;
-static int fips_selftest_fail = 0;
+static int fips_selftest_fail;
+static int fips_mode;
+static const void *fips_rand_check;
 
-void FIPS_allow_md5(int onoff)
-    {
-    if (fips_is_started())
+static void fips_set_mode(int onoff)
         {
         int owning_thread = fips_is_owning_thread();
 
-        if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
-        fips_md5_allowed = onoff;
-        if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+        if (fips_is_started())
+                {
+                if (!owning_thread) fips_w_lock();
+                fips_mode = onoff;
+                if (!owning_thread) fips_w_unlock();
+                }
         }
-    }
 
-int FIPS_md5_allowed(void)
-    {
-    int ret = 1;
-    if (fips_is_started())
+static void fips_set_rand_check(const void *rand_check)
         {
         int owning_thread = fips_is_owning_thread();
 
-        if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
-        ret = fips_md5_allowed;
-        if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+        if (fips_is_started())
+                {
+                if (!owning_thread) fips_w_lock();
+                fips_rand_check = rand_check;
+                if (!owning_thread) fips_w_unlock();
+                }
+        }
+
+int FIPS_mode(void)
+        {
+        int ret = 0;
+        int owning_thread = fips_is_owning_thread();
+
+        if (fips_is_started())
+                {
+                if (!owning_thread) fips_r_lock();
+                ret = fips_mode;
+                if (!owning_thread) fips_r_unlock();
+                }
+        return ret;
+        }
+
+const void *FIPS_rand_check(void)
+        {
+        const void *ret = 0;
+        int owning_thread = fips_is_owning_thread();
+
+        if (fips_is_started())
+                {
+                if (!owning_thread) fips_r_lock();
+                ret = fips_rand_check;
+                if (!owning_thread) fips_r_unlock();
+                }
+        return ret;
         }
-    return ret;
-    }
 
 int FIPS_selftest_failed(void)
     {
@@ -99,99 +129,134 @@ int FIPS_selftest_failed(void)
         {
         int owning_thread = fips_is_owning_thread();
 
-        if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+        if (!owning_thread) fips_r_lock();
         ret = fips_selftest_fail;
-        if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+        if (!owning_thread) fips_r_unlock();
         }
     return ret;
     }
 
+/* Selftest failure fatal exit routine. This will be called
+ * during *any* cryptographic operation. It has the minimum
+ * overhead possible to avoid too big a performance hit.
+ */
+
+void FIPS_selftest_check(void)
+    {
+    if (fips_selftest_fail)
+        {
+        OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
+        }
+    }
+
+void fips_set_selftest_fail(void)
+    {
+    fips_selftest_fail = 1;
+    }
+
 int FIPS_selftest()
     {
-    ERR_load_crypto_strings();
 
     return FIPS_selftest_sha1()
+        && FIPS_selftest_hmac()
         && FIPS_selftest_aes()
         && FIPS_selftest_des()
         && FIPS_selftest_rsa()
         && FIPS_selftest_dsa();
     }
 
-static int FIPS_check_exe(const char *path)
+extern const void         *FIPS_text_start(),  *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+unsigned char              FIPS_signature [20] = { 0 };
+static const char          FIPS_hmac_key[]="etaonrishdlcupfm";
+
+unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
     {
-    unsigned char buf[1024];
-    char p2[PATH_MAX];
-    unsigned int n;
-    unsigned char mdbuf[EVP_MAX_MD_SIZE];
-    FILE *f;
-    static char key[]="etaonrishdlcupfm";
-    HMAC_CTX hmac;
-    const char *sha1_fmt="%s.sha1";
-
-    f=fopen(path,"rb");
-#ifdef __CYGWIN32__
-    /* cygwin scrupulously strips .exe extentions:-( as of now it's
-       actually no point to attempt above fopen, but we keep the call
-       just in case the behavior changes in the future... */
-    if (!f)
+    const unsigned char *p1 = FIPS_text_start();
+    const unsigned char *p2 = FIPS_text_end();
+    const unsigned char *p3 = FIPS_rodata_start;
+    const unsigned char *p4 = FIPS_rodata_end;
+    HMAC_CTX c;
+
+    HMAC_CTX_init(&c);
+    HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
+
+    /* detect overlapping regions */
+    if (p1<=p3 && p2>=p3)
+        p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
+    else if (p3<=p1 && p4>=p1)
+        p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
+
+    if (p1)
+        HMAC_Update(&c,p1,(size_t)p2-(size_t)p1);
+
+    if (FIPS_signature>=p3 && FIPS_signature<p4)
         {
-        sha1_fmt="%s.exe.sha1";
-        BIO_snprintf(p2,sizeof p2,"%s.exe",path);
-        f=fopen(p2,"rb");
+        /* "punch" hole */
+        HMAC_Update(&c,p3,(size_t)FIPS_signature-(size_t)p3);
+        p3 = FIPS_signature+sizeof(FIPS_signature);
+        if (p3<p4)
+            HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
         }
+    else
+        HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
+
+    HMAC_Final(&c,sig,&len);
+    HMAC_CTX_cleanup(&c);
+
+    return len;
+    }
+
+int FIPS_check_incore_fingerprint(void)
+    {
+    unsigned char sig[EVP_MAX_MD_SIZE];
+    unsigned int len;
+#if defined(__sgi) && (defined(__mips) || defined(mips))
+    extern int __dso_displacement[];
+#else
+    extern int OPENSSL_NONPIC_relocated;
 #endif
-    if(!f)
-        {
-        FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
-        return 0;
-        }
-    HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
-    while(!feof(f))
-        {
-        n=fread(buf,1,sizeof buf,f);
-        if(ferror(f))
-            {
-            clearerr(f);
-            fclose(f);
-            FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
-            return 0;
-            }
-        if (n) HMAC_Update(&hmac,buf,n);
-        }
-    fclose(f);
-    HMAC_Final(&hmac,mdbuf,&n);
-    HMAC_CTX_cleanup(&hmac);
-    BIO_snprintf(p2,sizeof p2,sha1_fmt,path);
-    f=fopen(p2,"rb");
-    if(!f || fread(buf,1,20,f) != 20)
+
+    if (FIPS_text_start()==NULL)
         {
-        if (f) fclose(f);
-        FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
+        FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM);
         return 0;
         }
-    fclose(f);
-    if(memcmp(buf,mdbuf,20))
+
+    len=FIPS_incore_fingerprint (sig,sizeof(sig));
+
+    if (len!=sizeof(FIPS_signature) ||
+        memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
         {
-        FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
+        if (FIPS_signature>=FIPS_rodata_start && FIPS_signature<FIPS_rodata_end)
+            FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING);
+#if defined(__sgi) && (defined(__mips) || defined(mips))
+        else if (__dso_displacement!=NULL)
+#else
+        else if (OPENSSL_NONPIC_relocated)
+#endif
+            FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED);
+        else
+            FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
         return 0;
         }
+
     return 1;
     }
 
-int FIPS_mode_set(int onoff,const char *path)
+int FIPS_mode_set(int onoff)
     {
-    void fips_set_mode(int _onoff);
     int fips_set_owning_thread();
     int fips_clear_owning_thread();
     int ret = 0;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+    fips_w_lock();
     fips_set_started();
     fips_set_owning_thread();
 
     if(onoff)
         {
-        unsigned char buf[24];
+        unsigned char buf[48];
 
         fips_selftest_fail = 0;
 
@@ -205,7 +270,33 @@ int FIPS_mode_set(int onoff,const char *path)
             goto end;
             }
 
-        if(!FIPS_check_exe(path))
+#ifdef OPENSSL_IA32_SSE2
+        if ((OPENSSL_ia32cap & (1<<25|1<<26)) != (1<<25|1<<26))
+            {
+            FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
+            fips_selftest_fail = 1;
+            ret = 0;
+            goto end;
+            }
+#endif
+
+        if(fips_signature_witness() != FIPS_signature)
+            {
+            FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
+            fips_selftest_fail = 1;
+            ret = 0;
+            goto end;
+            }
+
+        if(!FIPS_check_incore_fingerprint())
+            {
+            fips_selftest_fail = 1;
+            ret = 0;
+            goto end;
+            }
+
+        /* Perform RNG KAT before seeding */
+        if (!FIPS_selftest_rng())
             {
             fips_selftest_fail = 1;
             ret = 0;
@@ -213,7 +304,7 @@ int FIPS_mode_set(int onoff,const char *path)
             }
 
         /* automagically seed PRNG if not already seeded */
-        if(!FIPS_rand_seeded())
+        if(!FIPS_rand_status())
             {
             if(RAND_bytes(buf,sizeof buf) <= 0)
                 {
@@ -221,8 +312,8 @@ int FIPS_mode_set(int onoff,const char *path)
                 ret = 0;
                 goto end;
                 }
-            FIPS_set_prng_key(buf,buf+8);
-            FIPS_rand_seed(buf+16,8);
+            FIPS_rand_set_key(buf,32);
+            FIPS_rand_seed(buf+32,16);
             }
 
         /* now switch into FIPS mode */
@@ -244,17 +335,185 @@ int FIPS_mode_set(int onoff,const char *path)
     ret = 1;
 end:
     fips_clear_owning_thread();
-    CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+    fips_w_unlock();
     return ret;
     }
 
+void fips_w_lock(void)          { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
+void fips_w_unlock(void)        { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
+void fips_r_lock(void)          { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
+void fips_r_unlock(void)        { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+
+static int fips_started = 0;
+static unsigned long fips_thread = 0;
+
+void fips_set_started(void)
+        {
+        fips_started = 1;
+        }
+
+int fips_is_started(void)
+        {
+        return fips_started;
+        }
+
+int fips_is_owning_thread(void)
+        {
+        int ret = 0;
+
+        if (fips_is_started())
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
+                        ret = 1;
+                CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+
+int fips_set_owning_thread(void)
+        {
+        int ret = 0;
+
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == 0)
+                        {
+                        fips_thread = CRYPTO_thread_id();
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+
+int fips_clear_owning_thread(void)
+        {
+        int ret = 0;
+
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == CRYPTO_thread_id())
+                        {
+                        fips_thread = 0;
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+
+unsigned char *fips_signature_witness(void)
+        {
+        extern unsigned char FIPS_signature[];
+        return FIPS_signature;
+        }
+
+/* Generalized public key test routine. Signs and verifies the data
+ * supplied in tbs using mesage digest md and setting option digest
+ * flags md_flags. If the 'kat' parameter is not NULL it will
+ * additionally check the signature matches it: a known answer test
+ * The string "fail_str" is used for identification purposes in case
+ * of failure.
+ */
+
+int fips_pkey_signature_test(EVP_PKEY *pkey,
+                        const unsigned char *tbs, int tbslen,
+                        const unsigned char *kat, unsigned int katlen,
+                        const EVP_MD *digest, unsigned int md_flags,
+                        const char *fail_str)
+        {       
+        int ret = 0;
+        unsigned char sigtmp[256], *sig = sigtmp;
+        unsigned int siglen;
+        EVP_MD_CTX mctx;
+        EVP_MD_CTX_init(&mctx);
+
+        if ((pkey->type == EVP_PKEY_RSA)
+                && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
+                {
+                sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
+                if (!sig)
+                        {
+                        FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                }
+
+        if (tbslen == -1)
+                tbslen = strlen((char *)tbs);
+
+        if (md_flags)
+                M_EVP_MD_CTX_set_flags(&mctx, md_flags);
+
+        if (!EVP_SignInit_ex(&mctx, digest, NULL))
+                goto error;
+        if (!EVP_SignUpdate(&mctx, tbs, tbslen))
+                goto error;
+        if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
+                goto error;
+
+        if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
+                goto error;
+
+        if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
+                goto error;
+        if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
+                goto error;
+        ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
+
+        error:
+        if (sig != sigtmp)
+                OPENSSL_free(sig);
+        EVP_MD_CTX_cleanup(&mctx);
+        if (ret != 1)
+                {
+                FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
+                if (fail_str)
+                        ERR_add_error_data(2, "Type=", fail_str);
+                return 0;
+                }
+        return 1;
+        }
+
+/* Generalized symmetric cipher test routine. Encrypt data, verify result
+ * against known answer, decrypt and compare with original plaintext.
+ */
+
+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                        const unsigned char *key,
+                        const unsigned char *iv,
+                        const unsigned char *plaintext,
+                        const unsigned char *ciphertext,
+                        int len)
+        {
+        unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
+        unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
+        OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
+        if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
+                return 0;
+        EVP_Cipher(ctx, citmp, plaintext, len);
+        if (memcmp(citmp, ciphertext, len))
+                return 0;
+        if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
+                return 0;
+        EVP_Cipher(ctx, pltmp, citmp, len);
+        if (memcmp(pltmp, plaintext, len))
+                return 0;
+        return 1;
+        }
+
 #if 0
-/* here just to cause error codes to exist */
-static void dummy()
-    {
-    FIPSerr(FIPS_F_HASH_FINAL,FIPS_F_NON_FIPS_METHOD);
-    FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_FIPS_SELFTEST_FAILED);
-    }
+/* The purpose of this is to ensure the error code exists and the function
+ * name is to keep the error checking script quiet
+ */
+void hash_final(void)
+        {
+        FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
+        }
 #endif
 
+
 #endif
diff --git a/src/lib/libssl/src/fips/fips.h b/src/lib/libssl/src/fips/fips.h
index a4df06b148..42bdcf2596 100644
--- a/src/lib/libssl/src/fips/fips.h
+++ b/src/lib/libssl/src/fips/fips.h
@@ -49,22 +49,27 @@
 
 #include <openssl/opensslconf.h>
 
+#ifndef OPENSSL_FIPS
+#error FIPS is disabled.
+#endif
+
 #ifdef OPENSSL_FIPS
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-/* Note that these are defined in crypto/cryptlib.c so they're
- * available even without -lfips.
- */
 struct dsa_st;
+struct evp_pkey_st;
+struct env_md_st;
+struct evp_cipher_st;
+struct evp_cipher_ctx_st;
 
-int FIPS_mode_set(int onoff,const char *path);
-void FIPS_allow_md5(int onoff);
-int FIPS_md5_allowed(void);
+int FIPS_mode_set(int onoff);
+int FIPS_mode(void);
+const void *FIPS_rand_check(void);
 int FIPS_selftest_failed(void);
-int FIPS_dsa_check(struct dsa_st *dsa);
+void FIPS_selftest_check(void);
 void FIPS_corrupt_sha1(void);
 int FIPS_selftest_sha1(void);
 void FIPS_corrupt_aes(void);
@@ -72,14 +77,29 @@ int FIPS_selftest_aes(void);
 void FIPS_corrupt_des(void);
 int FIPS_selftest_des(void);
 void FIPS_corrupt_rsa(void);
+void FIPS_corrupt_rsa_keygen(void);
 int FIPS_selftest_rsa(void);
 void FIPS_corrupt_dsa(void);
+void FIPS_corrupt_dsa_keygen(void);
 int FIPS_selftest_dsa(void);
+void FIPS_corrupt_rng(void);
+void FIPS_rng_stick(void);
+int FIPS_selftest_rng(void);
+int FIPS_selftest_hmac(void);
 
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_FIPS_strings(void);
+int fips_pkey_signature_test(struct evp_pkey_st *pkey,
+                        const unsigned char *tbs, int tbslen,
+                        const unsigned char *kat, unsigned int katlen,
+                        const struct env_md_st *digest, unsigned int md_flags,
+                        const char *fail_str);
+
+int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
+                        const struct evp_cipher_st *cipher,
+                        const unsigned char *key,
+                        const unsigned char *iv,
+                        const unsigned char *plaintext,
+                        const unsigned char *ciphertext,
+                        int len);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -90,34 +110,52 @@ void ERR_load_FIPS_strings(void);
 /* Error codes for the FIPS functions. */
 
 /* Function codes. */
-#define FIPS_F_DSA_DO_SIGN                               111
-#define FIPS_F_DSA_DO_VERIFY                             112
-#define FIPS_F_DSA_GENERATE_PARAMETERS                   110
-#define FIPS_F_FIPS_CHECK_DSA                            116
-#define FIPS_F_FIPS_CHECK_EXE                            106
-#define FIPS_F_FIPS_CHECK_RSA                            115
-#define FIPS_F_FIPS_DSA_CHECK                            102
-#define FIPS_F_FIPS_MODE_SET                             105
-#define FIPS_F_FIPS_SELFTEST_AES                         104
-#define FIPS_F_FIPS_SELFTEST_DES                         107
-#define FIPS_F_FIPS_SELFTEST_DSA                         109
-#define FIPS_F_FIPS_SELFTEST_RSA                         108
-#define FIPS_F_FIPS_SELFTEST_SHA1                        103
-#define FIPS_F_HASH_FINAL                                100
-#define FIPS_F_DH_GENERATE_PARAMETERS                    117
-#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT                    114
-#define FIPS_F_RSA_GENERATE_KEY                          113
-#define FIPS_F_SSLEAY_RAND_BYTES                         101
+#define FIPS_F_DH_BUILTIN_GENPARAMS                      100
+#define FIPS_F_DSA_BUILTIN_PARAMGEN                      101
+#define FIPS_F_DSA_DO_SIGN                               102
+#define FIPS_F_DSA_DO_VERIFY                             103
+#define FIPS_F_EVP_CIPHERINIT_EX                         124
+#define FIPS_F_EVP_DIGESTINIT_EX                         125
+#define FIPS_F_FIPS_CHECK_DSA                            104
+#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT             105
+#define FIPS_F_FIPS_CHECK_RSA                            106
+#define FIPS_F_FIPS_DSA_CHECK                            107
+#define FIPS_F_FIPS_MODE_SET                             108
+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST                  109
+#define FIPS_F_FIPS_SELFTEST_AES                         110
+#define FIPS_F_FIPS_SELFTEST_DES                         111
+#define FIPS_F_FIPS_SELFTEST_DSA                         112
+#define FIPS_F_FIPS_SELFTEST_HMAC                        113
+#define FIPS_F_FIPS_SELFTEST_RNG                         114
+#define FIPS_F_FIPS_SELFTEST_SHA1                        115
+#define FIPS_F_HASH_FINAL                                123
+#define FIPS_F_RSA_BUILTIN_KEYGEN                        116
+#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT                   117
+#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT                   118
+#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT                    119
+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT                    120
+#define FIPS_F_RSA_X931_GENERATE_KEY_EX                  121
+#define FIPS_F_SSLEAY_RAND_BYTES                         122
 
 /* Reason codes. */
 #define FIPS_R_CANNOT_READ_EXE                           103
 #define FIPS_R_CANNOT_READ_EXE_DIGEST                    104
+#define FIPS_R_CONTRADICTING_EVIDENCE                    114
 #define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH                 105
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH                110
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
 #define FIPS_R_FIPS_MODE_ALREADY_SET                     102
 #define FIPS_R_FIPS_SELFTEST_FAILED                      106
+#define FIPS_R_INVALID_KEY_LENGTH                        109
+#define FIPS_R_KEY_TOO_SHORT                             108
 #define FIPS_R_NON_FIPS_METHOD                           100
 #define FIPS_R_PAIRWISE_TEST_FAILED                      107
+#define FIPS_R_RSA_DECRYPT_ERROR                         115
+#define FIPS_R_RSA_ENCRYPT_ERROR                         116
 #define FIPS_R_SELFTEST_FAILED                           101
+#define FIPS_R_TEST_FAILURE                              117
+#define FIPS_R_UNSUPPORTED_PLATFORM                      113
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/fips/fips_canister.c b/src/lib/libssl/src/fips/fips_canister.c
new file mode 100644
index 0000000000..64580694c4
--- /dev/null
+++ b/src/lib/libssl/src/fips/fips_canister.c
@@ -0,0 +1,186 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#if defined(__DECC)
+# include <c_asm.h>
+# pragma __nostandard
+#endif
+
+#include "e_os.h"
+
+#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+# if    (defined(__sun) && (defined(__sparc) || defined(__sparcv9)))    || \
+        (defined(__sgi) && (defined(__mips) || defined(mips)))          || \
+        (defined(__osf__) && defined(__alpha))                          || \
+        (defined(__linux) && (defined(__arm) || defined(__arm__)))      || \
+        (defined(__i386) || defined(__i386__))                          || \
+        (defined(__x86_64) || defined(__x86_64__))                      || \
+        (defined(vax) || defined(__vax__))
+#  define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+# endif
+#endif
+
+#if defined(__xlC__) && __xlC__>=0x600 && (defined(_POWER) || defined(_ARCH_PPC))
+static void *instruction_pointer_xlc(void);
+# pragma mc_func instruction_pointer_xlc {\
+        "7c0802a6"      /* mflr r0  */  \
+        "48000005"      /* bl   $+4 */  \
+        "7c6802a6"      /* mflr r3  */  \
+        "7c0803a6"      /* mtlr r0  */  }
+# pragma reg_killed_by instruction_pointer_xlc gr0 gr3
+# define INSTRUCTION_POINTER_IMPLEMENTED(ret) (ret=instruction_pointer_xlc());
+#endif
+
+#ifdef FIPS_START
+#define FIPS_ref_point FIPS_text_start
+/* Some compilers put string literals into a separate segment. As we
+ * are mostly interested to hash AES tables in .rodata, we declare
+ * reference points accordingly. In case you wonder, the values are
+ * big-endian encoded variable names, just to prevent these arrays
+ * from being merged by linker. */
+const unsigned int FIPS_rodata_start[]=
+        { 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
+#else
+#define FIPS_ref_point FIPS_text_end
+const unsigned int FIPS_rodata_end[]=
+        { 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
+#endif
+
+/*
+ * I declare reference function as static in order to avoid certain
+ * pitfalls in -dynamic linker behaviour...
+ */
+static void *instruction_pointer(void)
+{ void *ret=NULL;
+/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
+ * that they are designed to work under any OS running on particular
+ * CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
+ * this function. */
+#if     defined(INSTRUCTION_POINTER_IMPLEMENTED)
+    INSTRUCTION_POINTER_IMPLEMENTED(ret);
+#elif   defined(__GNUC__) && __GNUC__>=2
+# if    defined(__alpha) || defined(__alpha__)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    __asm __volatile (  "br     %0,1f\n1:" : "=r"(ret) );
+# elif  defined(__i386) || defined(__i386__)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    __asm __volatile (  "call 1f\n1:    popl %0" : "=r"(ret) );
+    ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# elif  defined(__ia64) || defined(__ia64__)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    __asm __volatile (  "mov    %0=ip" : "=r"(ret) );
+# elif  defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    __asm __volatile (  "blr    %%r0,%0\n\tnop" : "=r"(ret) );
+    ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
+# elif  defined(__mips) || defined(__mips__)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    void *scratch;
+    __asm __volatile (  "move   %1,$31\n\t"     /* save ra */
+                        "bal    .+8; nop\n\t"
+                        "move   %0,$31\n\t"
+                        "move   $31,%1"         /* restore ra */
+                        : "=r"(ret),"=r"(scratch) );
+# elif  defined(__ppc__) || defined(__powerpc) || defined(__powerpc__) || \
+        defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
+        defined(__PPC64__) || defined(__powerpc64__)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    void *scratch;
+    __asm __volatile (  "mfspr  %1,8\n\t"       /* save lr */
+                        "bl     $+4\n\t"
+                        "mfspr  %0,8\n\t"       /* mflr ret */
+                        "mtspr  8,%1"           /* restore lr */
+                        : "=r"(ret),"=r"(scratch) );
+# elif  defined(__s390__) || defined(__s390x__)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    __asm __volatile (  "bras   %0,1f\n1:" : "=r"(ret) );
+    ret = (void *)((size_t)ret&~3UL);
+# elif  defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    void *scratch;
+    __asm __volatile (  "mov    %%o7,%1\n\t"
+                        "call   .+8; nop\n\t"
+                        "mov    %%o7,%0\n\t"
+                        "mov    %1,%%o7"
+                        : "=r"(ret),"=r"(scratch) );
+# elif  defined(__x86_64) || defined(__x86_64__)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    __asm __volatile (  "leaq   0(%%rip),%0" : "=r"(ret) );
+    ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# endif
+#elif   defined(__DECC) && defined(__alpha)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    ret = (void *)(size_t)asm("br %v0,1f\n1:");
+#elif   defined(_MSC_VER) && defined(_M_IX86)
+#   define INSTRUCTION_POINTER_IMPLEMENTED
+    void *scratch;
+    _asm {
+            call    self
+    self:   pop     eax
+            mov     scratch,eax
+         }
+    ret = (void *)((size_t)scratch&~3UL);
+#endif
+  return ret;
+}
+
+/*
+ * This function returns pointer to an instruction in the vicinity of
+ * its entry point, but not outside this object module. This guarantees
+ * that sequestered code is covered...
+ */
+void *FIPS_ref_point()
+{
+#if     defined(INSTRUCTION_POINTER_IMPLEMENTED)
+    return instruction_pointer();
+/* Below we essentially cover vendor compilers which do not support
+ * inline assembler... */
+#elif   defined(_AIX)
+    struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
+    return p->ip;
+#elif   defined(_HPUX_SOURCE)
+# if    defined(__hppa) || defined(__hppa__)
+    struct { void *i[4]; } *p = (void *)FIPS_ref_point;
+
+    if (sizeof(p) == 8) /* 64-bit */
+        return p->i[2];
+    else if ((size_t)p & 2)
+    {   p = (void *)((size_t)p&~3UL);
+        return p->i[0];
+    }
+    else
+        return (void *)p;
+# elif  defined(__ia64) || defined(__ia64__)
+    struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
+    return (void *)(size_t)p->ip;
+# endif
+#elif   (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
+    /* applies to both alpha and ia64 */
+    struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
+    return (void *)(size_t)p->ip;
+#elif   defined(__VOS__)
+    /* applies to both pa-risc and ia32 */
+    struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
+    return p->ip;
+#elif   defined(_WIN32)
+# if    defined(_WIN64) && defined(_M_IA64)
+    struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
+    return p->ip;
+# else
+    return (void *)FIPS_ref_point;
+# endif
+/*
+ * In case you wonder why there is no #ifdef __linux. All Linux targets
+ * are GCC-based and therefore are covered by instruction_pointer above
+ * [well, some are covered by by the one below]...
+ */ 
+#elif   defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+    return (void *)instruction_pointer;
+#else
+    return NULL;
+#endif
+}
diff --git a/src/lib/libssl/src/fips/fips_locl.h b/src/lib/libssl/src/fips/fips_locl.h
index 215e382549..03fed36e3c 100644
--- a/src/lib/libssl/src/fips/fips_locl.h
+++ b/src/lib/libssl/src/fips/fips_locl.h
@@ -53,13 +53,19 @@
 extern "C" {
 #endif
 
-/* These are really defined in crypto/cryptlib.c */
-void fips_set_started(void);
+void fips_w_lock(void);
+void fips_w_unlock(void);
+void fips_r_lock(void);
+void fips_r_unlock(void);
 int fips_is_started(void);
+void fips_set_started(void);
 int fips_is_owning_thread(void);
 int fips_set_owning_thread(void);
+void fips_set_selftest_fail(void);
 int fips_clear_owning_thread(void);
-void fips_set_rand_check(void *rand_check);
+unsigned char *fips_signature_witness(void);
+
+#define FIPS_MAX_CIPHER_TEST_SIZE       16
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/fips/fips_premain.c b/src/lib/libssl/src/fips/fips_premain.c
new file mode 100644
index 0000000000..165d2c5dc9
--- /dev/null
+++ b/src/lib/libssl/src/fips/fips_premain.c
@@ -0,0 +1,176 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if defined(__unix) || defined(__unix__)
+#include <unistd.h>
+#endif
+
+#ifndef FINGERPRINT_PREMAIN_DSO_LOAD
+
+#if defined(__GNUC__) && __GNUC__>=2
+  void FINGERPRINT_premain(void) __attribute__((constructor));
+  /* Most commonly this results in pointer to premain to be dropped
+   * to .ctors segment, which is traversed by GCC crtbegin.o upon
+   * program startup. Except on a.out OpenBSD where it results in
+   * _GLOBAL_$I$premain() {premain();} being auto-generated by
+   * compiler... But one way or another this is believed to cover
+   * *all* GCC targets. */
+#elif defined(_MSC_VER)
+# ifdef _WINDLL
+  __declspec(dllexport) /* this is essentially cosmetics... */
+# endif
+  void FINGERPRINT_premain(void);
+  static int premain_wrapper(void) { FINGERPRINT_premain(); return 0; }
+# ifdef _WIN64
+# pragma section(".CRT$XCU",read)
+  __declspec(allocate(".CRT$XCU"))
+# else
+# pragma data_seg(".CRT$XCU")
+# endif
+  static int (*p)(void) = premain_wrapper;
+  /* This results in pointer to premain to appear in .CRT segment,
+   * which is traversed by Visual C run-time initialization code.
+   * This applies to both Win32 and [all flavors of] Win64. */
+# pragma data_seg()
+#elif defined(__SUNPRO_C)
+  void FINGERPRINT_premain(void);
+# pragma init(FINGERPRINT_premain)
+  /* This results in a call to premain to appear in .init segment. */
+#elif defined(__DECC) && (defined(__VMS) || defined(VMS))
+  void FINGERPRINT_premain(void);
+# pragma __nostandard
+  globaldef { "LIB$INITIALIZ" } readonly _align (LONGWORD)
+        int spare[8] = {0};
+  globaldef { "LIB$INITIALIZE" } readonly _align (LONGWORD)
+        void (*x_FINGERPRINT_premain)(void) = FINGERPRINT_premain;
+  /* Refer to LIB$INITIALIZE to ensure it exists in the image. */
+  int lib$initialize();
+  globaldef int (*lib_init_ref)() = lib$initialize;
+# pragma __standard
+#elif 0
+  The rest has to be taken care of through command line:
+
+        -Wl,-init,FINGERPRINT_premain           on OSF1 and IRIX
+        -Wl,+init,FINGERPRINT_premain           on HP-UX
+        -Wl,-binitfini:FINGERPRINT_premain      on AIX
+
+  On ELF platforms this results in a call to premain to appear in
+  .init segment...
+#endif
+
+#ifndef HMAC_SHA1_SIG
+#define HMAC_SHA1_SIG "?have to make sure this string is unique"
+#endif
+
+static const unsigned char FINGERPRINT_ascii_value[40] = HMAC_SHA1_SIG;
+
+#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
+
+extern const void         *FIPS_text_start(),  *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+extern unsigned char       FIPS_signature[20];
+extern unsigned int        FIPS_incore_fingerprint(unsigned char *,unsigned int);
+
+/*
+ * As name suggests this code is executed prior main(). We use this
+ * opportunity to fingerprint sequestered code in virtual address
+ * space of target application.
+ */
+void FINGERPRINT_premain(void)
+{ unsigned char sig[sizeof(FIPS_signature)];
+  const unsigned char * volatile p=FINGERPRINT_ascii_value;
+  unsigned int len=sizeof(sig),i;
+
+    /* "volatilization" is done to disengage unwanted optimization... */
+    if (*((volatile unsigned char *)p)=='?')
+    {   if (FIPS_text_start()==NULL)
+        {   fprintf(stderr,"FIPS_text_start() returns NULL\n");
+            _exit(1);
+        }
+#if defined(DEBUG_FINGERPRINT_PREMAIN)
+        fprintf(stderr,".text:%p+%d=%p\n",FIPS_text_start(),
+                (int)((size_t)FIPS_text_end()-(size_t)FIPS_text_start()),
+                FIPS_text_end());
+        fprintf(stderr,".rodata:%p+%d=%p\n",FIPS_rodata_start,
+                (int)((size_t)FIPS_rodata_end-(size_t)FIPS_rodata_start),
+                FIPS_rodata_end);
+#endif
+
+        len=FIPS_incore_fingerprint(sig,sizeof(sig));
+
+        if (len!=sizeof(sig))
+        {   fprintf(stderr,"fingerprint length mismatch: %u\n",len);
+            _exit(1);
+        }
+
+        for (i=0;i<len;i++) printf("%02x",sig[i]);
+        printf("\n");
+        fflush(stdout);
+        _exit(0);
+    }
+    else if (FIPS_signature[0]=='\0') do
+    {   for (i=0;i<sizeof(FIPS_signature);i++,p+=2)
+            FIPS_signature[i] = (atox(p[0])<<4)|atox(p[1]);
+
+#if defined(DEBUG_FINGERPRINT_PREMAIN)
+        if (getenv("OPENSSL_FIPS")==NULL) break;
+
+        len=FIPS_incore_fingerprint(sig,sizeof(sig));
+
+        if (memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
+        {   fprintf(stderr,"FINGERPRINT_premain: FIPS_signature mismatch\n");
+            _exit(1);
+        }
+#endif
+    } while(0);
+}
+
+#else
+
+#include <openssl/bio.h>
+#include <openssl/dso.h>
+#include <openssl/err.h>
+
+int main(int argc,char *argv[])
+{ DSO *dso;
+  DSO_FUNC_TYPE func;
+  BIO *bio_err;
+
+    if (argc < 2)
+    {   fprintf (stderr,"usage: %s libcrypto.dso\n",argv[0]);
+        return 1;
+    }
+
+    if ((bio_err=BIO_new(BIO_s_file())) == NULL)
+    {   fprintf (stderr,"unable to allocate BIO\n");
+        return 1;
+    }
+    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+    ERR_load_crypto_strings();
+
+    dso = DSO_load(NULL,argv[1],NULL,DSO_FLAG_NO_NAME_TRANSLATION);
+    if (dso == NULL)
+    {   ERR_print_errors(bio_err);
+        return 1;
+    }
+
+    /* This is not normally reached, because FINGERPRINT_premain should
+     * have executed and terminated application already upon DSO_load... */
+    func = DSO_bind_func(dso,"FINGERPRINT_premain");
+    if (func == NULL)
+    {   ERR_print_errors(bio_err);
+        return 1;
+    }
+
+    (*func)();
+
+  return 0;
+}
+
+#endif
diff --git a/src/lib/libssl/src/fips/fips_premain.c.sha1 b/src/lib/libssl/src/fips/fips_premain.c.sha1
new file mode 100644
index 0000000000..c16f964bb8
--- /dev/null
+++ b/src/lib/libssl/src/fips/fips_premain.c.sha1
@@ -0,0 +1 @@
+HMAC-SHA1(fips_premain.c)= 9e5ddba185ac446e0cf36fcf8e1b3acffe5d0b2c
diff --git a/src/lib/libssl/src/fips/fips_test_suite.c b/src/lib/libssl/src/fips/fips_test_suite.c
index 60ee8d856b..78a15b7758 100644
--- a/src/lib/libssl/src/fips/fips_test_suite.c
+++ b/src/lib/libssl/src/fips/fips_test_suite.c
@@ -20,12 +20,15 @@
 #include <openssl/des.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
-#include <openssl/sha.h>
-#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/hmac.h>
 #include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/bn.h>                                                                                          
-#include <openssl/rand.h>                                                                                          
+
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+
 #ifndef OPENSSL_FIPS
 int main(int argc, char *argv[])
     {
@@ -34,150 +37,338 @@ int main(int argc, char *argv[])
     }
 #else
 
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
 */
-static int FIPS_aes_test()
+static int FIPS_aes_test(void)
+        {
+        int ret = 0;
+        unsigned char pltmp[16];
+        unsigned char citmp[16];
+        unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
+        unsigned char plaintext[16] = "etaonrishdlcu";
+        EVP_CIPHER_CTX ctx;
+        EVP_CIPHER_CTX_init(&ctx);
+        if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
+                goto err;
+        EVP_Cipher(&ctx, citmp, plaintext, 16);
+        if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
+                goto err;
+        EVP_Cipher(&ctx, pltmp, citmp, 16);
+        if (memcmp(pltmp, plaintext, 16))
+                goto err;
+        ret = 1;
+        err:
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        return ret;
+        }
+
+static int FIPS_des3_test(void)
+        {
+        int ret = 0;
+        unsigned char pltmp[8];
+        unsigned char citmp[8];
+        unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
+                              19,20,21,22,23,24};
+        unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
+        EVP_CIPHER_CTX ctx;
+        EVP_CIPHER_CTX_init(&ctx);
+        if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
+                goto err;
+        EVP_Cipher(&ctx, citmp, plaintext, 8);
+        if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
+                goto err;
+        EVP_Cipher(&ctx, pltmp, citmp, 8);
+        if (memcmp(pltmp, plaintext, 8))
+                goto err;
+        ret = 1;
+        err:
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        return ret;
+        }
+
+/*
+ * DSA: generate keys and sign, verify input plaintext.
+ */
+static int FIPS_dsa_test(int bad)
     {
-    unsigned char userkey[16] = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
-    unsigned char plaintext[16] = "etaonrishdlcu";
-    unsigned char ciphertext[16];
-    unsigned char buf[16];
-    AES_KEY key;
-    AES_KEY dkey;
+    DSA *dsa = NULL;
+    EVP_PKEY pk;
+    unsigned char dgst[] = "etaonrishdlc";
+    unsigned char buf[60];
+    unsigned int slen;
+    int r = 0;
+    EVP_MD_CTX mctx;
 
     ERR_clear_error();
-    if (AES_set_encrypt_key( userkey, 128, &key ))
+    EVP_MD_CTX_init(&mctx);
+    dsa = FIPS_dsa_new();
+    if (!dsa)
+        goto end;
+    if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
+        goto end;
+    if (!DSA_generate_key(dsa))
+        goto end;
+    if (bad)
+            BN_add_word(dsa->pub_key, 1);
+
+    pk.type = EVP_PKEY_DSA;
+    pk.pkey.dsa = dsa;
+
+    if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+        goto end;
+    if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
+        goto end;
+    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+        goto end;
+
+    if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+        goto end;
+    if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
+        goto end;
+    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
+    end:
+    EVP_MD_CTX_cleanup(&mctx);
+    if (dsa)
+          FIPS_dsa_free(dsa);
+    if (r != 1)
+        return 0;
+    return 1;
+    }
+
+/*
+ * RSA: generate keys and sign, verify input plaintext.
+ */
+static int FIPS_rsa_test(int bad)
+    {
+    RSA *key;
+    unsigned char input_ptext[] = "etaonrishdlc";
+    unsigned char buf[256];
+    unsigned int slen;
+    BIGNUM *bn;
+    EVP_MD_CTX mctx;
+    EVP_PKEY pk;
+    int r = 0;
+
+    ERR_clear_error();
+    EVP_MD_CTX_init(&mctx);
+    key = FIPS_rsa_new();
+    bn = BN_new();
+    if (!key || !bn)
         return 0;
-    AES_encrypt( plaintext, ciphertext, &key);
-    if (AES_set_decrypt_key( userkey, 128, &dkey ))
+    BN_set_word(bn, 65537);
+    if (!RSA_generate_key_ex(key, 1024,bn,NULL))
+        return 0;
+    BN_free(bn);
+    if (bad)
+            BN_add_word(key->n, 1);
+
+    pk.type = EVP_PKEY_RSA;
+    pk.pkey.rsa = key;
+
+    if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
+        goto end;
+    if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
+        goto end;
+    if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+        goto end;
+
+    if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
+        goto end;
+    if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
+        goto end;
+    r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
+    end:
+    EVP_MD_CTX_cleanup(&mctx);
+    if (key)
+          FIPS_rsa_free(key);
+    if (r != 1)
+        return 0;
+    return 1;
+    }
+
+/* SHA1: generate hash of known digest value and compare to known
+   precomputed correct hash
+*/
+static int FIPS_sha1_test()
+    {
+    unsigned char digest[SHA_DIGEST_LENGTH] =
+        { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
+    unsigned char str[] = "etaonrishd";
+
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    ERR_clear_error();
+    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
+    if (memcmp(md,digest,sizeof(md)))
         return 0;
-    AES_decrypt( ciphertext, buf, &dkey);
-    if (memcmp(buf, plaintext, sizeof(buf)))
+    return 1;
+    }
+
+/* SHA256: generate hash of known digest value and compare to known
+   precomputed correct hash
+*/
+static int FIPS_sha256_test()
+    {
+    unsigned char digest[SHA256_DIGEST_LENGTH] =
+        {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
+         0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
+    unsigned char str[] = "etaonrishd";
+
+    unsigned char md[SHA256_DIGEST_LENGTH];
+
+    ERR_clear_error();
+    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
+    if (memcmp(md,digest,sizeof(md)))
         return 0;
     return 1;
     }
 
-/* DES: encrypt and decrypt known plaintext, verify result matches original plaintext
+/* SHA512: generate hash of known digest value and compare to known
+   precomputed correct hash
 */
-static int FIPS_des_test()
+static int FIPS_sha512_test()
     {
-    DES_cblock userkey = { 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xf0, 0x0d };
-    DES_cblock plaintext = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
+    unsigned char digest[SHA512_DIGEST_LENGTH] =
+        {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
+         0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
+         0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
+         0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
+    unsigned char str[] = "etaonrishd";
 
-    DES_key_schedule key;
-    DES_cblock ciphertext;
-    DES_cblock buf;
+    unsigned char md[SHA512_DIGEST_LENGTH];
 
     ERR_clear_error();
-    if (DES_set_key(&userkey, &key) < 0)
+    if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
+    if (memcmp(md,digest,sizeof(md)))
         return 0;
-    DES_ecb_encrypt( &plaintext, &ciphertext, &key, 1);
-    DES_ecb_encrypt( &ciphertext, &buf, &key, 0);
-    if (memcmp(buf, plaintext, sizeof(buf)))
+    return 1;
+    }
+
+/* HMAC-SHA1: generate hash of known digest value and compare to known
+   precomputed correct hash
+*/
+static int FIPS_hmac_sha1_test()
+    {
+    unsigned char key[] = "etaonrishd";
+    unsigned char iv[] = "Sample text";
+    unsigned char kaval[EVP_MAX_MD_SIZE] =
+        {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
+         0xb2, 0xfb, 0xec, 0xc6};
+
+    unsigned char out[EVP_MAX_MD_SIZE];
+    unsigned int outlen;
+
+    ERR_clear_error();
+    if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+    if (memcmp(out,kaval,outlen))
         return 0;
     return 1;
     }
 
-/* DSA: generate key and sign a known digest, then verify the signature
- * against the digest
+/* HMAC-SHA224: generate hash of known digest value and compare to known
+   precomputed correct hash
 */
-static int FIPS_dsa_test()
+static int FIPS_hmac_sha224_test()
     {
-    DSA *dsa = NULL;
-    unsigned char dgst[] = "etaonrishdlc";
-    unsigned char sig[256];
-    unsigned int siglen;
+    unsigned char key[] = "etaonrishd";
+    unsigned char iv[] = "Sample text";
+    unsigned char kaval[EVP_MAX_MD_SIZE] =
+        {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
+         0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
+
+    unsigned char out[EVP_MAX_MD_SIZE];
+    unsigned int outlen;
 
     ERR_clear_error();
-    dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL);
-    if (!dsa)
-        return 0;
-    if (!DSA_generate_key(dsa))
-        return 0;
-    if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 )
-        return 0;
-    if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 )
-        return 0;
-    DSA_free(dsa);
+    if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+    if (memcmp(out,kaval,outlen))
+        return 0;
     return 1;
     }
 
-/* RSA: generate keys and encrypt and decrypt known plaintext, verify result
- * matches the original plaintext
+/* HMAC-SHA256: generate hash of known digest value and compare to known
+   precomputed correct hash
 */
-static int FIPS_rsa_test()
+static int FIPS_hmac_sha256_test()
     {
-    RSA *key;
-    unsigned char input_ptext[] = "etaonrishdlc";
-    unsigned char ctext[256];
-    unsigned char ptext[256];
-    int n;
+    unsigned char key[] = "etaonrishd";
+    unsigned char iv[] = "Sample text";
+    unsigned char kaval[EVP_MAX_MD_SIZE] =
+        {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
+         0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
+
+    unsigned char out[EVP_MAX_MD_SIZE];
+    unsigned int outlen;
 
     ERR_clear_error();
-    key = RSA_generate_key(1024,65537,NULL,NULL);
-    if (!key)
-        return 0;
-    n = RSA_size(key);
-    n = RSA_public_encrypt(sizeof(input_ptext) - 1,input_ptext,ctext,key,RSA_PKCS1_PADDING);
-    if (n < 0)
-        return 0;
-    n = RSA_private_decrypt(n,ctext,ptext,key,RSA_PKCS1_PADDING);
-    if (n < 0)
-        return 0;
-    RSA_free(key);
-    if (memcmp(input_ptext,ptext,sizeof(input_ptext) - 1))
+    if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+    if (memcmp(out,kaval,outlen))
         return 0;
     return 1;
     }
 
-/* SHA1: generate hash of known digest value and compare to known
+/* HMAC-SHA384: generate hash of known digest value and compare to known
    precomputed correct hash
 */
-static int FIPS_sha1_test()
+static int FIPS_hmac_sha384_test()
     {
-    unsigned char digest[SHA_DIGEST_LENGTH] =
-        { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
-    unsigned char str[] = "etaonrishd";
+    unsigned char key[] = "etaonrishd";
+    unsigned char iv[] = "Sample text";
+    unsigned char kaval[EVP_MAX_MD_SIZE] =
+        {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
+         0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
+         0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
 
-    unsigned char md[SHA_DIGEST_LENGTH];
+    unsigned char out[EVP_MAX_MD_SIZE];
+    unsigned int outlen;
 
     ERR_clear_error();
-    if (!SHA1(str,sizeof(str) - 1,md)) return 0;
-    if (memcmp(md,digest,sizeof(md)))
+    if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+    if (memcmp(out,kaval,outlen))
         return 0;
     return 1;
     }
 
-/* MD5: generate hash of known digest value and compare to known
+/* HMAC-SHA512: generate hash of known digest value and compare to known
    precomputed correct hash
 */
-static int md5_test()
+static int FIPS_hmac_sha512_test()
     {
-    unsigned char digest[MD5_DIGEST_LENGTH] =
-        { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
-    unsigned char str[] = "etaonrishd";
+    unsigned char key[] = "etaonrishd";
+    unsigned char iv[] = "Sample text";
+    unsigned char kaval[EVP_MAX_MD_SIZE] =
+        {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
+         0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
+         0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
+         0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
 
-    unsigned char md[MD5_DIGEST_LENGTH];
+    unsigned char out[EVP_MAX_MD_SIZE];
+    unsigned int outlen;
 
     ERR_clear_error();
-    if (!MD5(str,sizeof(str) - 1,md))
-        return 0;
-    if (memcmp(md,digest,sizeof(md)))
-        return 0;
+    if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
+    if (memcmp(out,kaval,outlen))
+        return 0;
     return 1;
     }
 
+
 /* DH: generate shared parameters
 */
 static int dh_test()
     {
     DH *dh;
-
     ERR_clear_error();
-    dh = DH_generate_parameters(256, 2, NULL, NULL);
-    if (dh)
-        return 1;
-    return 0;
+    dh = FIPS_dh_new();
+    if (!dh)
+        return 0;
+    if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
+        return 0;
+    FIPS_dh_free(dh);
+    return 1;
     }
 
 /* Zeroize
@@ -185,18 +376,27 @@ static int dh_test()
 static int Zeroize()
     {
     RSA *key;
+    BIGNUM *bn;
     unsigned char userkey[16] = 
         { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
     int i, n;
-    
-    key = RSA_generate_key(1024,65537,NULL,NULL);
-    if (!key)
+
+    key = FIPS_rsa_new();
+    bn = BN_new();
+    if (!key || !bn)
+        return 0;
+    BN_set_word(bn, 65537);
+    if (!RSA_generate_key_ex(key, 1024,bn,NULL))
         return 0;
+    BN_free(bn);
+    
     n = BN_num_bytes(key->d);
     printf(" Generated %d byte RSA private key\n", n);
-    printf("\tBN key before overwriting:\n%s\n", BN_bn2hex(key->d));
+    printf("\tBN key before overwriting:\n");
+    do_bn_print(stdout, key->d);
     BN_rand(key->d,n*8,-1,0);
-    printf("\tBN key after overwriting:\n%s\n", BN_bn2hex(key->d));
+    printf("\tBN key after overwriting:\n");
+    do_bn_print(stdout, key->d);
 
     printf("\tchar buffer key before overwriting: \n\t\t");
     for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
@@ -212,6 +412,7 @@ static int Zeroize()
 static int Error;
 const char * Fail(const char *msg)
     {
+    do_print_errors();
     Error++;
     return msg; 
     }
@@ -219,6 +420,11 @@ const char * Fail(const char *msg)
 int main(int argc,char **argv)
     {
 
+    int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
+    int bad_rsa = 0, bad_dsa = 0;
+    int do_rng_stick = 0;
+    int no_exit = 0;
+
     printf("\tFIPS-mode test application\n\n");
 
     /* Load entropy from external file, if any */
@@ -228,72 +434,79 @@ int main(int argc,char **argv)
         /* Corrupted KAT tests */
         if (!strcmp(argv[1], "aes")) {
             FIPS_corrupt_aes();
-            printf("3. AES encryption/decryption with corrupted KAT...\n");
+            printf("AES encryption/decryption with corrupted KAT...\n");
         } else if (!strcmp(argv[1], "des")) {
             FIPS_corrupt_des();
-            printf("5. DES-ECB encryption/decryption with corrupted KAT...\n");
+            printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
         } else if (!strcmp(argv[1], "dsa")) {
             FIPS_corrupt_dsa();
-            printf("6. DSA key generation and signature validation with corrupted KAT...\n");
+            printf("DSA key generation and signature validation with corrupted KAT...\n");
         } else if (!strcmp(argv[1], "rsa")) {
             FIPS_corrupt_rsa();
-            printf("4. RSA key generation and encryption/decryption with corrupted KAT...\n");
+            printf("RSA key generation and signature validation with corrupted KAT...\n");
+        } else if (!strcmp(argv[1], "rsakey")) {
+            printf("RSA key generation and signature validation with corrupted key...\n");
+            bad_rsa = 1;
+            no_exit = 1;
+        } else if (!strcmp(argv[1], "rsakeygen")) {
+            do_corrupt_rsa_keygen = 1;
+            no_exit = 1;
+            printf("RSA key generation and signature validation with corrupted keygen...\n");
+        } else if (!strcmp(argv[1], "dsakey")) {
+            printf("DSA key generation and signature validation with corrupted key...\n");
+            bad_dsa = 1;
+            no_exit = 1;
+        } else if (!strcmp(argv[1], "dsakeygen")) {
+            do_corrupt_dsa_keygen = 1;
+            no_exit = 1;
+            printf("DSA key generation and signature validation with corrupted keygen...\n");
         } else if (!strcmp(argv[1], "sha1")) {
             FIPS_corrupt_sha1();
-            printf("7. SHA-1 hash with corrupted KAT...\n");
+            printf("SHA-1 hash with corrupted KAT...\n");
+        } else if (!strcmp(argv[1], "rng")) {
+            FIPS_corrupt_rng();
+        } else if (!strcmp(argv[1], "rngstick")) {
+            do_rng_stick = 1;
+            no_exit = 1;
+            printf("RNG test with stuck continuous test...\n");
         } else {
             printf("Bad argument \"%s\"\n", argv[1]);
             exit(1);
         }
-        if (!FIPS_mode_set(1,argv[0]))
-            {
-            ERR_load_crypto_strings();
-            ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-            printf("Power-up self test failed\n");
-            exit(1);
+        if (!no_exit) {
+                if (!FIPS_mode_set(1)) {
+                    do_print_errors();
+                    printf("Power-up self test failed\n");
+                    exit(1);
+                }
+                printf("Power-up self test successful\n");
+                exit(0);
         }
-        printf("Power-up self test successful\n");
-        exit(0);
     }
 
     /* Non-Approved cryptographic operation
     */
-    printf("0. Non-Approved cryptographic operation test...\n");
-    printf("\ta. Excluded algorithm (MD5)...");
-    printf( md5_test() ? "successful\n" :  Fail("FAILED!\n") );
-    printf("\tb. Included algorithm (D-H)...");
+    printf("1. Non-Approved cryptographic operation test...\n");
+    printf("\ta. Included algorithm (D-H)...");
     printf( dh_test() ? "successful\n" :  Fail("FAILED!\n") );
 
-    /* Power-up self test failure
-    */
-    printf("1. Automatic power-up self test...");
-    printf( FIPS_mode_set(1,"/dev/null") ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
-
-    /* Algorithm call when uninitialized failure
-    */
-    printf("\ta. AES API failure on failed power-up self test...");
-    printf( FIPS_aes_test() ? Fail("passed INCORRECTLY!\n") :"failed as expected\n" );
-    printf("\tb. RSA API failure on failed power-up self test...");
-    printf( FIPS_rsa_test() ? Fail("passed INCORRECTLY!\n") :  "failed as expected\n" );
-    printf("\tc. DES API failure on failed power-up self test...");
-    printf( FIPS_des_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
-    printf("\td. DSA API failure on failed power-up self test...");
-    printf( FIPS_dsa_test() ? Fail("passed INCORRECTLY!\n") :  "failed as expected\n" );
-    printf("\te. SHA1 API failure on failed power-up self test...");
-    printf( FIPS_sha1_test() ? Fail("passed INCORRECTLY!\n") : "failed as expected\n" );
-
-    /* Power-up self test retry
+    /* Power-up self test
     */
     ERR_clear_error();
-    printf("2. Automatic power-up self test retry...");
-    if (!FIPS_mode_set(1,argv[0]))
+    printf("2. Automatic power-up self test...");
+    if (!FIPS_mode_set(1))
         {
-        ERR_load_crypto_strings();
-        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+        do_print_errors();
         printf(Fail("FAILED!\n"));
         exit(1);
         }
     printf("successful\n");
+    if (do_corrupt_dsa_keygen)
+            FIPS_corrupt_dsa_keygen();
+    if (do_corrupt_rsa_keygen)
+            FIPS_corrupt_rsa_keygen();
+    if (do_rng_stick)
+            FIPS_rng_stick();
 
     /* AES encryption/decryption
     */
@@ -303,39 +516,73 @@ int main(int argc,char **argv)
     /* RSA key generation and encryption/decryption
     */
     printf("4. RSA key generation and encryption/decryption...");
-    printf( FIPS_rsa_test() ? "successful\n" :  Fail("FAILED!\n") );
+    printf( FIPS_rsa_test(bad_rsa) ? "successful\n" :  Fail("FAILED!\n") );
 
     /* DES-CBC encryption/decryption
     */
     printf("5. DES-ECB encryption/decryption...");
-    printf( FIPS_des_test() ? "successful\n" :  Fail("FAILED!\n") );
+    printf( FIPS_des3_test() ? "successful\n" :  Fail("FAILED!\n") );
 
     /* DSA key generation and signature validation
     */
     printf("6. DSA key generation and signature validation...");
-    printf( FIPS_dsa_test() ? "successful\n" :  Fail("FAILED!\n") );
+    printf( FIPS_dsa_test(bad_dsa) ? "successful\n" :  Fail("FAILED!\n") );
 
     /* SHA-1 hash
     */
-    printf("7. SHA-1 hash...");
+    printf("7a. SHA-1 hash...");
     printf( FIPS_sha1_test() ? "successful\n" :  Fail("FAILED!\n") );
 
+    /* SHA-256 hash
+    */
+    printf("7b. SHA-256 hash...");
+    printf( FIPS_sha256_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* SHA-512 hash
+    */
+    printf("7c. SHA-512 hash...");
+    printf( FIPS_sha512_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* HMAC-SHA-1 hash
+    */
+    printf("7d. HMAC-SHA-1 hash...");
+    printf( FIPS_hmac_sha1_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* HMAC-SHA-224 hash
+    */
+    printf("7e. HMAC-SHA-224 hash...");
+    printf( FIPS_hmac_sha224_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* HMAC-SHA-256 hash
+    */
+    printf("7f. HMAC-SHA-256 hash...");
+    printf( FIPS_hmac_sha256_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* HMAC-SHA-384 hash
+    */
+    printf("7g. HMAC-SHA-384 hash...");
+    printf( FIPS_hmac_sha384_test() ? "successful\n" :  Fail("FAILED!\n") );
+
+    /* HMAC-SHA-512 hash
+    */
+    printf("7h. HMAC-SHA-512 hash...");
+    printf( FIPS_hmac_sha512_test() ? "successful\n" :  Fail("FAILED!\n") );
+
     /* Non-Approved cryptographic operation
     */
     printf("8. Non-Approved cryptographic operation test...\n");
-    printf("\ta. Excluded algorithm (MD5)...");
-    printf( md5_test() ? Fail("passed INCORRECTLY!\n")
-            : "failed as expected\n" );
-    printf("\tb. Included algorithm (D-H)...");
+    printf("\ta. Included algorithm (D-H)...");
     printf( dh_test() ? "successful as expected\n"
             : Fail("failed INCORRECTLY!\n") );
 
     /* Zeroization
     */
     printf("9. Zero-ization...\n");
-    Zeroize();
+    printf( Zeroize() ? "\tsuccessful as expected\n"
+            : Fail("\tfailed INCORRECTLY!\n") );
 
     printf("\nAll tests completed with %d errors\n", Error);
-    return 0;
+    return Error ? 1 : 0;
     }
+
 #endif
diff --git a/src/lib/libssl/src/fips/fips_utl.h b/src/lib/libssl/src/fips/fips_utl.h
new file mode 100644
index 0000000000..02d4e44c82
--- /dev/null
+++ b/src/lib/libssl/src/fips/fips_utl.h
@@ -0,0 +1,343 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+void do_print_errors(void)
+        {
+        const char *file, *data;
+        int line, flags;
+        unsigned long l;
+        while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)))
+                {
+                fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
+                                ":file=%s:line=%d:%s\n",
+                        l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
+                        file, line, flags & ERR_TXT_STRING ? data : "");
+                }
+        }
+
+int hex2bin(const char *in, unsigned char *out)
+    {
+    int n1, n2;
+    unsigned char ch;
+
+    for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
+        { /* first byte */
+        if ((in[n1] >= '0') && (in[n1] <= '9'))
+            ch = in[n1++] - '0';
+        else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+            ch = in[n1++] - 'A' + 10;
+        else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+            ch = in[n1++] - 'a' + 10;
+        else
+            return -1;
+        if(!in[n1])
+            {
+            out[n2++]=ch;
+            break;
+            }
+        out[n2] = ch << 4;
+        /* second byte */
+        if ((in[n1] >= '0') && (in[n1] <= '9'))
+            ch = in[n1++] - '0';
+        else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+            ch = in[n1++] - 'A' + 10;
+        else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+            ch = in[n1++] - 'a' + 10;
+        else
+            return -1;
+        out[n2++] |= ch;
+        }
+    return n2;
+    }
+
+unsigned char *hex2bin_m(const char *in, long *plen)
+        {
+        unsigned char *p;
+        p = OPENSSL_malloc((strlen(in) + 1)/2);
+        *plen = hex2bin(in, p);
+        return p;
+        }
+
+int do_hex2bn(BIGNUM **pr, const char *in)
+        {
+        unsigned char *p;
+        long plen;
+        int r = 0;
+        p = hex2bin_m(in, &plen);
+        if (!p)
+                return 0;
+        if (!*pr)
+                *pr = BN_new();
+        if (!*pr)
+                return 0;
+        if (BN_bin2bn(p, plen, *pr))
+                r = 1;
+        OPENSSL_free(p);
+        return r;
+        }
+
+int do_bn_print(FILE *out, BIGNUM *bn)
+        {
+        int len, i;
+        unsigned char *tmp;
+        len = BN_num_bytes(bn);
+        if (len == 0)
+                {
+                fputs("00", out);
+                return 1;
+                }
+
+        tmp = OPENSSL_malloc(len);
+        if (!tmp)
+                {
+                fprintf(stderr, "Memory allocation error\n");
+                return 0;
+                }
+        BN_bn2bin(bn, tmp);
+        for (i = 0; i < len; i++)
+                fprintf(out, "%02x", tmp[i]);
+        OPENSSL_free(tmp);
+        return 1;
+        }
+
+int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn)
+        {
+        int r;
+        fprintf(out, "%s = ", name);
+        r = do_bn_print(out, bn);
+        if (!r)
+                return 0;
+        fputs("\n", out);
+        return 1;
+        }
+
+int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
+        {
+        char *keyword, *value, *p, *q;
+        strcpy(linebuf, olinebuf);
+        keyword = linebuf;
+        /* Skip leading space */
+        while (isspace((unsigned char)*keyword))
+                keyword++;
+
+        /* Look for = sign */
+        p = strchr(linebuf, '=');
+
+        /* If no '=' exit */
+        if (!p)
+                return 0;
+
+        q = p - 1;
+
+        /* Remove trailing space */
+        while (isspace((unsigned char)*q))
+                *q-- = 0;
+
+        *p = 0;
+        value = p + 1;
+
+        /* Remove leading space from value */
+        while (isspace((unsigned char)*value))
+                value++;
+
+        /* Remove trailing space from value */
+        p = value + strlen(value) - 1;
+
+        while (*p == '\n' || isspace((unsigned char)*p))
+                *p-- = 0;
+
+        *pkw = keyword;
+        *pval = value;
+        return 1;
+        }
+
+BIGNUM *hex2bn(const char *in)
+    {
+    BIGNUM *p=NULL;
+
+    if (!do_hex2bn(&p, in))
+        return NULL;
+
+    return p;
+    }
+
+int bin2hex(const unsigned char *in,int len,char *out)
+    {
+    int n1, n2;
+    unsigned char ch;
+
+    for (n1=0,n2=0 ; n1 < len ; ++n1)
+        {
+        ch=in[n1] >> 4;
+        if (ch <= 0x09)
+            out[n2++]=ch+'0';
+        else
+            out[n2++]=ch-10+'a';
+        ch=in[n1] & 0x0f;
+        if(ch <= 0x09)
+            out[n2++]=ch+'0';
+        else
+            out[n2++]=ch-10+'a';
+        }
+    out[n2]='\0';
+    return n2;
+    }
+
+void pv(const char *tag,const unsigned char *val,int len)
+    {
+    char obuf[2048];
+
+    bin2hex(val,len,obuf);
+    printf("%s = %s\n",tag,obuf);
+    }
+
+/* To avoid extensive changes to test program at this stage just convert
+ * the input line into an acceptable form. Keyword lines converted to form
+ * "keyword = value\n" no matter what white space present, all other lines
+ * just have leading and trailing space removed.
+ */
+
+int tidy_line(char *linebuf, char *olinebuf)
+        {
+        char *keyword, *value, *p, *q;
+        strcpy(linebuf, olinebuf);
+        keyword = linebuf;
+        /* Skip leading space */
+        while (isspace((unsigned char)*keyword))
+                keyword++;
+        /* Look for = sign */
+        p = strchr(linebuf, '=');
+
+        /* If no '=' just chop leading, trailing ws */
+        if (!p)
+                {
+                p = keyword + strlen(keyword) - 1;
+                while (*p == '\n' || isspace((unsigned char)*p))
+                        *p-- = 0;
+                strcpy(olinebuf, keyword);
+                strcat(olinebuf, "\n");
+                return 1;
+                }
+
+        q = p - 1;
+
+        /* Remove trailing space */
+        while (isspace((unsigned char)*q))
+                *q-- = 0;
+
+        *p = 0;
+        value = p + 1;
+
+        /* Remove leading space from value */
+        while (isspace((unsigned char)*value))
+                value++;
+
+        /* Remove trailing space from value */
+        p = value + strlen(value) - 1;
+
+        while (*p == '\n' || isspace((unsigned char)*p))
+                *p-- = 0;
+
+        strcpy(olinebuf, keyword);
+        strcat(olinebuf, " = ");
+        strcat(olinebuf, value);
+        strcat(olinebuf, "\n");
+
+        return 1;
+        }
+
+/* NB: this return the number of _bits_ read */
+int bint2bin(const char *in, int len, unsigned char *out)
+    {
+    int n;
+
+    memset(out,0,len);
+    for(n=0 ; n < len ; ++n)
+        if(in[n] == '1')
+            out[n/8]|=(0x80 >> (n%8));
+    return len;
+    }
+
+int bin2bint(const unsigned char *in,int len,char *out)
+    {
+    int n;
+
+    for(n=0 ; n < len ; ++n)
+        out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
+    return n;
+    }
+
+/*-----------------------------------------------*/
+
+void PrintValue(char *tag, unsigned char *val, int len)
+{
+#if VERBOSE
+  char obuf[2048];
+  int olen;
+  olen = bin2hex(val, len, obuf);
+  printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+}
+
+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
+    {
+    char obuf[2048];
+    int olen;
+
+    if(bitmode)
+        olen=bin2bint(val,len,obuf);
+    else
+        olen=bin2hex(val,len,obuf);
+
+    fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
+#if VERBOSE
+    printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+    }
+
diff --git a/src/lib/libssl/src/fips/fipsalgtest.pl b/src/lib/libssl/src/fips/fipsalgtest.pl
new file mode 100644
index 0000000000..44a5ccac7a
--- /dev/null
+++ b/src/lib/libssl/src/fips/fipsalgtest.pl
@@ -0,0 +1,848 @@
+#!/usr/bin/perl -w
+# Perl utility to run or verify FIPS 140-2 CMVP algorithm tests based on the
+# pathnames of input algorithm test files actually present (the unqualified
+# file names are consistent but the pathnames are not).
+#
+
+# FIPS test definitions
+# List of all the unqualified file names we expect and command lines to run
+
+# DSA tests
+my @fips_dsa_test_list = (
+
+    "DSA",
+
+    [ "PQGGen",  "fips_dssvs pqg" ],
+    [ "KeyPair", "fips_dssvs keypair" ],
+    [ "SigGen",  "fips_dssvs siggen" ],
+    [ "SigVer",  "fips_dssvs sigver" ]
+
+);
+
+# RSA tests
+
+my @fips_rsa_test_list = (
+
+    "RSA",
+
+    [ "SigGen15",  "fips_rsastest" ],
+    [ "SigVer15",  "fips_rsavtest" ],
+    [ "SigVerRSA", "fips_rsavtest -x931" ],
+    [ "KeyGenRSA", "fips_rsagtest" ],
+    [ "SigGenRSA", "fips_rsastest -x931" ]
+
+);
+
+# Special cases for PSS. The filename itself is
+# not sufficient to determine the test. Addditionally we
+# need to examine the file contents to determine the salt length
+# In these cases the test filename has (saltlen) appended.
+
+# RSA PSS salt length 0 tests
+
+my @fips_rsa_pss0_test_list = (
+
+    [ "SigGenPSS(0)", "fips_rsastest -saltlen 0" ],
+    [ "SigVerPSS(0)", "fips_rsavtest -saltlen 0" ]
+
+);
+
+# RSA PSS salt length 62 tests
+
+my @fips_rsa_pss62_test_list = (
+    [ "SigGenPSS(62)", "fips_rsastest -saltlen 62" ],
+    [ "SigVerPSS(62)", "fips_rsavtest -saltlen 62" ]
+
+);
+
+# SHA tests
+
+my @fips_sha_test_list = (
+
+    "SHA",
+
+    [ "SHA1LongMsg",    "fips_shatest" ],
+    [ "SHA1Monte",      "fips_shatest" ],
+    [ "SHA1ShortMsg",   "fips_shatest" ],
+    [ "SHA224LongMsg",  "fips_shatest" ],
+    [ "SHA224Monte",    "fips_shatest" ],
+    [ "SHA224ShortMsg", "fips_shatest" ],
+    [ "SHA256LongMsg",  "fips_shatest" ],
+    [ "SHA256Monte",    "fips_shatest" ],
+    [ "SHA256ShortMsg", "fips_shatest" ],
+    [ "SHA384LongMsg",  "fips_shatest" ],
+    [ "SHA384Monte",    "fips_shatest" ],
+    [ "SHA384ShortMsg", "fips_shatest" ],
+    [ "SHA512LongMsg",  "fips_shatest" ],
+    [ "SHA512Monte",    "fips_shatest" ],
+    [ "SHA512ShortMsg", "fips_shatest" ]
+
+);
+
+# HMAC
+
+my @fips_hmac_test_list = (
+
+    "HMAC",
+
+    [ "HMAC", "fips_hmactest" ]
+
+);
+
+# RAND tests, AES version
+
+my @fips_rand_aes_test_list = (
+
+    "RAND (AES)",
+
+    [ "ANSI931_AES128MCT", "fips_rngvs mct" ],
+    [ "ANSI931_AES192MCT", "fips_rngvs mct" ],
+    [ "ANSI931_AES256MCT", "fips_rngvs mct" ],
+    [ "ANSI931_AES128VST", "fips_rngvs vst" ],
+    [ "ANSI931_AES192VST", "fips_rngvs vst" ],
+    [ "ANSI931_AES256VST", "fips_rngvs vst" ]
+
+);
+
+# RAND tests, DES2 version
+
+my @fips_rand_des2_test_list = (
+
+    "RAND (DES2)",
+
+    [ "ANSI931_TDES2MCT", "fips_rngvs mct" ],
+    [ "ANSI931_TDES2VST", "fips_rngvs vst" ]
+
+);
+
+# AES tests
+
+my @fips_aes_test_list = (
+
+    "AES",
+
+    [ "CBCGFSbox128",     "fips_aesavs -f" ],
+    [ "CBCGFSbox192",     "fips_aesavs -f" ],
+    [ "CBCGFSbox256",     "fips_aesavs -f" ],
+    [ "CBCKeySbox128",    "fips_aesavs -f" ],
+    [ "CBCKeySbox192",    "fips_aesavs -f" ],
+    [ "CBCKeySbox256",    "fips_aesavs -f" ],
+    [ "CBCMCT128",        "fips_aesavs -f" ],
+    [ "CBCMCT192",        "fips_aesavs -f" ],
+    [ "CBCMCT256",        "fips_aesavs -f" ],
+    [ "CBCMMT128",        "fips_aesavs -f" ],
+    [ "CBCMMT192",        "fips_aesavs -f" ],
+    [ "CBCMMT256",        "fips_aesavs -f" ],
+    [ "CBCVarKey128",     "fips_aesavs -f" ],
+    [ "CBCVarKey192",     "fips_aesavs -f" ],
+    [ "CBCVarKey256",     "fips_aesavs -f" ],
+    [ "CBCVarTxt128",     "fips_aesavs -f" ],
+    [ "CBCVarTxt192",     "fips_aesavs -f" ],
+    [ "CBCVarTxt256",     "fips_aesavs -f" ],
+    [ "CFB128GFSbox128",  "fips_aesavs -f" ],
+    [ "CFB128GFSbox192",  "fips_aesavs -f" ],
+    [ "CFB128GFSbox256",  "fips_aesavs -f" ],
+    [ "CFB128KeySbox128", "fips_aesavs -f" ],
+    [ "CFB128KeySbox192", "fips_aesavs -f" ],
+    [ "CFB128KeySbox256", "fips_aesavs -f" ],
+    [ "CFB128MCT128",     "fips_aesavs -f" ],
+    [ "CFB128MCT192",     "fips_aesavs -f" ],
+    [ "CFB128MCT256",     "fips_aesavs -f" ],
+    [ "CFB128MMT128",     "fips_aesavs -f" ],
+    [ "CFB128MMT192",     "fips_aesavs -f" ],
+    [ "CFB128MMT256",     "fips_aesavs -f" ],
+    [ "CFB128VarKey128",  "fips_aesavs -f" ],
+    [ "CFB128VarKey192",  "fips_aesavs -f" ],
+    [ "CFB128VarKey256",  "fips_aesavs -f" ],
+    [ "CFB128VarTxt128",  "fips_aesavs -f" ],
+    [ "CFB128VarTxt192",  "fips_aesavs -f" ],
+    [ "CFB128VarTxt256",  "fips_aesavs -f" ],
+    [ "CFB8GFSbox128",    "fips_aesavs -f" ],
+    [ "CFB8GFSbox192",    "fips_aesavs -f" ],
+    [ "CFB8GFSbox256",    "fips_aesavs -f" ],
+    [ "CFB8KeySbox128",   "fips_aesavs -f" ],
+    [ "CFB8KeySbox192",   "fips_aesavs -f" ],
+    [ "CFB8KeySbox256",   "fips_aesavs -f" ],
+    [ "CFB8MCT128",       "fips_aesavs -f" ],
+    [ "CFB8MCT192",       "fips_aesavs -f" ],
+    [ "CFB8MCT256",       "fips_aesavs -f" ],
+    [ "CFB8MMT128",       "fips_aesavs -f" ],
+    [ "CFB8MMT192",       "fips_aesavs -f" ],
+    [ "CFB8MMT256",       "fips_aesavs -f" ],
+    [ "CFB8VarKey128",    "fips_aesavs -f" ],
+    [ "CFB8VarKey192",    "fips_aesavs -f" ],
+    [ "CFB8VarKey256",    "fips_aesavs -f" ],
+    [ "CFB8VarTxt128",    "fips_aesavs -f" ],
+    [ "CFB8VarTxt192",    "fips_aesavs -f" ],
+    [ "CFB8VarTxt256",    "fips_aesavs -f" ],
+
+    [ "ECBGFSbox128",  "fips_aesavs -f" ],
+    [ "ECBGFSbox192",  "fips_aesavs -f" ],
+    [ "ECBGFSbox256",  "fips_aesavs -f" ],
+    [ "ECBKeySbox128", "fips_aesavs -f" ],
+    [ "ECBKeySbox192", "fips_aesavs -f" ],
+    [ "ECBKeySbox256", "fips_aesavs -f" ],
+    [ "ECBMCT128",     "fips_aesavs -f" ],
+    [ "ECBMCT192",     "fips_aesavs -f" ],
+    [ "ECBMCT256",     "fips_aesavs -f" ],
+    [ "ECBMMT128",     "fips_aesavs -f" ],
+    [ "ECBMMT192",     "fips_aesavs -f" ],
+    [ "ECBMMT256",     "fips_aesavs -f" ],
+    [ "ECBVarKey128",  "fips_aesavs -f" ],
+    [ "ECBVarKey192",  "fips_aesavs -f" ],
+    [ "ECBVarKey256",  "fips_aesavs -f" ],
+    [ "ECBVarTxt128",  "fips_aesavs -f" ],
+    [ "ECBVarTxt192",  "fips_aesavs -f" ],
+    [ "ECBVarTxt256",  "fips_aesavs -f" ],
+    [ "OFBGFSbox128",  "fips_aesavs -f" ],
+    [ "OFBGFSbox192",  "fips_aesavs -f" ],
+    [ "OFBGFSbox256",  "fips_aesavs -f" ],
+    [ "OFBKeySbox128", "fips_aesavs -f" ],
+    [ "OFBKeySbox192", "fips_aesavs -f" ],
+    [ "OFBKeySbox256", "fips_aesavs -f" ],
+    [ "OFBMCT128",     "fips_aesavs -f" ],
+    [ "OFBMCT192",     "fips_aesavs -f" ],
+    [ "OFBMCT256",     "fips_aesavs -f" ],
+    [ "OFBMMT128",     "fips_aesavs -f" ],
+    [ "OFBMMT192",     "fips_aesavs -f" ],
+    [ "OFBMMT256",     "fips_aesavs -f" ],
+    [ "OFBVarKey128",  "fips_aesavs -f" ],
+    [ "OFBVarKey192",  "fips_aesavs -f" ],
+    [ "OFBVarKey256",  "fips_aesavs -f" ],
+    [ "OFBVarTxt128",  "fips_aesavs -f" ],
+    [ "OFBVarTxt192",  "fips_aesavs -f" ],
+    [ "OFBVarTxt256",  "fips_aesavs -f" ]
+
+);
+
+my @fips_aes_cfb1_test_list = (
+
+    # AES CFB1 tests
+
+    [ "CFB1GFSbox128",  "fips_aesavs -f" ],
+    [ "CFB1GFSbox192",  "fips_aesavs -f" ],
+    [ "CFB1GFSbox256",  "fips_aesavs -f" ],
+    [ "CFB1KeySbox128", "fips_aesavs -f" ],
+    [ "CFB1KeySbox192", "fips_aesavs -f" ],
+    [ "CFB1KeySbox256", "fips_aesavs -f" ],
+    [ "CFB1MCT128",     "fips_aesavs -f" ],
+    [ "CFB1MCT192",     "fips_aesavs -f" ],
+    [ "CFB1MCT256",     "fips_aesavs -f" ],
+    [ "CFB1MMT128",     "fips_aesavs -f" ],
+    [ "CFB1MMT192",     "fips_aesavs -f" ],
+    [ "CFB1MMT256",     "fips_aesavs -f" ],
+    [ "CFB1VarKey128",  "fips_aesavs -f" ],
+    [ "CFB1VarKey192",  "fips_aesavs -f" ],
+    [ "CFB1VarKey256",  "fips_aesavs -f" ],
+    [ "CFB1VarTxt128",  "fips_aesavs -f" ],
+    [ "CFB1VarTxt192",  "fips_aesavs -f" ],
+    [ "CFB1VarTxt256",  "fips_aesavs -f" ]
+
+);
+
+# Triple DES tests
+
+my @fips_des3_test_list = (
+
+    "Triple DES",
+
+    [ "TCBCinvperm",   "fips_desmovs -f" ],
+    [ "TCBCMMT1",      "fips_desmovs -f" ],
+    [ "TCBCMMT2",      "fips_desmovs -f" ],
+    [ "TCBCMMT3",      "fips_desmovs -f" ],
+    [ "TCBCMonte1",    "fips_desmovs -f" ],
+    [ "TCBCMonte2",    "fips_desmovs -f" ],
+    [ "TCBCMonte3",    "fips_desmovs -f" ],
+    [ "TCBCpermop",    "fips_desmovs -f" ],
+    [ "TCBCsubtab",    "fips_desmovs -f" ],
+    [ "TCBCvarkey",    "fips_desmovs -f" ],
+    [ "TCBCvartext",   "fips_desmovs -f" ],
+    [ "TCFB64invperm", "fips_desmovs -f" ],
+    [ "TCFB64MMT1",    "fips_desmovs -f" ],
+    [ "TCFB64MMT2",    "fips_desmovs -f" ],
+    [ "TCFB64MMT3",    "fips_desmovs -f" ],
+    [ "TCFB64Monte1",  "fips_desmovs -f" ],
+    [ "TCFB64Monte2",  "fips_desmovs -f" ],
+    [ "TCFB64Monte3",  "fips_desmovs -f" ],
+    [ "TCFB64permop",  "fips_desmovs -f" ],
+    [ "TCFB64subtab",  "fips_desmovs -f" ],
+    [ "TCFB64varkey",  "fips_desmovs -f" ],
+    [ "TCFB64vartext", "fips_desmovs -f" ],
+    [ "TCFB8invperm",  "fips_desmovs -f" ],
+    [ "TCFB8MMT1",     "fips_desmovs -f" ],
+    [ "TCFB8MMT2",     "fips_desmovs -f" ],
+    [ "TCFB8MMT3",     "fips_desmovs -f" ],
+    [ "TCFB8Monte1",   "fips_desmovs -f" ],
+    [ "TCFB8Monte2",   "fips_desmovs -f" ],
+    [ "TCFB8Monte3",   "fips_desmovs -f" ],
+    [ "TCFB8permop",   "fips_desmovs -f" ],
+    [ "TCFB8subtab",   "fips_desmovs -f" ],
+    [ "TCFB8varkey",   "fips_desmovs -f" ],
+    [ "TCFB8vartext",  "fips_desmovs -f" ],
+    [ "TECBinvperm",   "fips_desmovs -f" ],
+    [ "TECBMMT1",      "fips_desmovs -f" ],
+    [ "TECBMMT2",      "fips_desmovs -f" ],
+    [ "TECBMMT3",      "fips_desmovs -f" ],
+    [ "TECBMonte1",    "fips_desmovs -f" ],
+    [ "TECBMonte2",    "fips_desmovs -f" ],
+    [ "TECBMonte3",    "fips_desmovs -f" ],
+    [ "TECBpermop",    "fips_desmovs -f" ],
+    [ "TECBsubtab",    "fips_desmovs -f" ],
+    [ "TECBvarkey",    "fips_desmovs -f" ],
+    [ "TECBvartext",   "fips_desmovs -f" ],
+    [ "TOFBinvperm",   "fips_desmovs -f" ],
+    [ "TOFBMMT1",      "fips_desmovs -f" ],
+    [ "TOFBMMT2",      "fips_desmovs -f" ],
+    [ "TOFBMMT3",      "fips_desmovs -f" ],
+    [ "TOFBMonte1",    "fips_desmovs -f" ],
+    [ "TOFBMonte2",    "fips_desmovs -f" ],
+    [ "TOFBMonte3",    "fips_desmovs -f" ],
+    [ "TOFBpermop",    "fips_desmovs -f" ],
+    [ "TOFBsubtab",    "fips_desmovs -f" ],
+    [ "TOFBvarkey",    "fips_desmovs -f" ],
+    [ "TOFBvartext",   "fips_desmovs -f" ]
+
+);
+
+# Verification special cases.
+# In most cases the output of a test is deterministic and
+# it can be compared to a known good result. A few involve
+# the genration and use of random keys and the output will
+# be different each time. In thoses cases we perform special tests
+# to simply check their consistency. For example signature generation
+# output will be run through signature verification to see if all outputs
+# show as valid.
+#
+
+my %verify_special = (
+    "PQGGen"        => "fips_dssvs pqgver",
+    "KeyPair"       => "fips_dssvs keyver",
+    "SigGen"        => "fips_dssvs sigver",
+    "SigGen15"      => "fips_rsavtest",
+    "SigGenRSA"     => "fips_rsavtest -x931",
+    "SigGenPSS(0)"  => "fips_rsavtest -saltlen 0",
+    "SigGenPSS(62)" => "fips_rsavtest -saltlen 62",
+);
+
+my $win32  = $^O =~ m/mswin/i;
+my $onedir = 0;
+my $filter = "";
+my $tvdir;
+my $tprefix;
+my $shwrap_prefix;
+my $debug          = 0;
+my $quiet          = 0;
+my $notest         = 0;
+my $verify         = 1;
+my $rspdir         = "rsp";
+my $ignore_missing = 0;
+my $ignore_bogus   = 0;
+my $bufout         = '';
+my $list_tests     = 0;
+
+my %fips_enabled = (
+    dsa         => 1,
+    rsa         => 1,
+    "rsa-pss0"  => 0,
+    "rsa-pss62" => 1,
+    sha         => 1,
+    hmac        => 1,
+    "rand-aes"  => 1,
+    "rand-des2" => 0,
+    aes         => 1,
+    "aes-cfb1"  => 0,
+    des3        => 1
+);
+
+foreach (@ARGV) {
+    if ( $_ eq "--win32" ) {
+        $win32 = 1;
+    }
+    elsif ( $_ eq "--onedir" ) {
+        $onedir = 1;
+    }
+    elsif ( $_ eq "--debug" ) {
+        $debug = 1;
+    }
+    elsif ( $_ eq "--ignore-missing" ) {
+        $ignore_missing = 1;
+    }
+    elsif ( $_ eq "--ignore-bogus" ) {
+        $ignore_bogus = 1;
+    }
+    elsif ( $_ eq "--generate" ) {
+        $verify = 0;
+    }
+    elsif ( $_ eq "--notest" ) {
+        $notest = 1;
+    }
+    elsif ( $_ eq "--quiet" ) {
+        $quiet = 1;
+    }
+    elsif (/--dir=(.*)$/) {
+        $tvdir = $1;
+    }
+    elsif (/--rspdir=(.*)$/) {
+        $rspdir = $1;
+    }
+    elsif (/--tprefix=(.*)$/) {
+        $tprefix = $1;
+    }
+    elsif (/--shwrap_prefix=(.*)$/) {
+        $shwrap_prefix = $1;
+    }
+    elsif (/^--(enable|disable)-(.*)$/) {
+        if ( !exists $fips_enabled{$2} ) {
+            print STDERR "Unknown test $2\n";
+        }
+        if ( $1 eq "enable" ) {
+            $fips_enabled{$2} = 1;
+        }
+        else {
+            $fips_enabled{$2} = 0;
+        }
+    }
+    elsif (/--filter=(.*)$/) {
+        $filter = $1;
+    }
+    elsif (/^--list-tests$/) {
+        $list_tests = 1;
+    }
+    else {
+        Help();
+        exit(1);
+    }
+}
+
+my @fips_test_list;
+
+push @fips_test_list, @fips_dsa_test_list       if $fips_enabled{"dsa"};
+push @fips_test_list, @fips_rsa_test_list       if $fips_enabled{"rsa"};
+push @fips_test_list, @fips_rsa_pss0_test_list  if $fips_enabled{"rsa-pss0"};
+push @fips_test_list, @fips_rsa_pss62_test_list if $fips_enabled{"rsa-pss62"};
+push @fips_test_list, @fips_sha_test_list       if $fips_enabled{"sha"};
+push @fips_test_list, @fips_hmac_test_list      if $fips_enabled{"hmac"};
+push @fips_test_list, @fips_rand_aes_test_list  if $fips_enabled{"rand-aes"};
+push @fips_test_list, @fips_rand_des2_test_list if $fips_enabled{"rand-des2"};
+push @fips_test_list, @fips_aes_test_list       if $fips_enabled{"aes"};
+push @fips_test_list, @fips_aes_cfb1_test_list  if $fips_enabled{"aes-cfb1"};
+push @fips_test_list, @fips_des3_test_list      if $fips_enabled{"des3"};
+
+if ($list_tests) {
+    my ( $test, $en );
+    print "=====TEST LIST=====\n";
+    foreach $test ( sort keys %fips_enabled ) {
+        $en = $fips_enabled{$test};
+        $test =~ tr/[a-z]/[A-Z]/;
+        printf "%-10s %s\n", $test, $en ? "enabled" : "disabled";
+    }
+    exit(0);
+}
+
+foreach (@fips_test_list) {
+    next unless ref($_);
+    my $nm = $_->[0];
+    $_->[2] = "";
+    $_->[3] = "";
+    print STDERR "Duplicate test $nm\n" if exists $fips_tests{$nm};
+    $fips_tests{$nm} = $_;
+}
+
+$tvdir = "." unless defined $tvdir;
+
+if ($win32) {
+    if ( !defined $tprefix ) {
+        if ($onedir) {
+            $tprefix = ".\\";
+        }
+        else {
+            $tprefix = "..\\out32dll\\";
+        }
+    }
+}
+else {
+    if ($onedir) {
+        $tprefix       = "./" unless defined $tprefix;
+        $shwrap_prefix = "./" unless defined $shwrap_prefix;
+    }
+    else {
+        $tprefix       = "../test/" unless defined $tprefix;
+        $shwrap_prefix = "../util/" unless defined $shwrap_prefix;
+    }
+}
+
+sanity_check_exe( $win32, $tprefix, $shwrap_prefix );
+
+my $cmd_prefix = $win32 ? "" : "${shwrap_prefix}shlib_wrap.sh ";
+
+find_files( $filter, $tvdir );
+
+sanity_check_files();
+
+my ( $runerr, $cmperr, $cmpok, $scheckrunerr, $scheckerr, $scheckok, $skipcnt )
+  = ( 0, 0, 0, 0, 0, 0, 0 );
+
+exit(0) if $notest;
+
+run_tests( $verify, $win32, $tprefix, $filter, $tvdir );
+
+if ($verify) {
+    print "ALGORITHM TEST VERIFY SUMMARY REPORT:\n";
+    print "Tests skipped due to missing files:        $skipcnt\n";
+    print "Algorithm test program execution failures: $runerr\n";
+    print "Test comparisons successful:               $cmpok\n";
+    print "Test comparisons failed:                   $cmperr\n";
+    print "Test sanity checks successful:             $scheckok\n";
+    print "Test sanity checks failed:                 $scheckerr\n";
+    print "Sanity check program execution failures:   $scheckrunerr\n";
+
+    if ( $runerr || $cmperr || $scheckrunerr || $scheckerr ) {
+        print "***TEST FAILURE***\n";
+    }
+    else {
+        print "***ALL TESTS SUCCESSFUL***\n";
+    }
+}
+else {
+    print "ALGORITHM TEST SUMMARY REPORT:\n";
+    print "Tests skipped due to missing files:        $skipcnt\n";
+    print "Algorithm test program execution failures: $runerr\n";
+
+    if ($runerr) {
+        print "***TEST FAILURE***\n";
+    }
+    else {
+        print "***ALL TESTS SUCCESSFUL***\n";
+    }
+}
+
+#--------------------------------
+sub Help {
+    ( my $cmd ) = ( $0 =~ m#([^/]+)$# );
+    print <<EOF;
+$cmd: generate run CMVP algorithm tests
+        --debug                     Enable debug output
+        --dir=<dirname>             Optional root for *.req file search
+        --filter=<regexp>
+        --onedir <dirname>          Assume all components in current directory
+        --rspdir=<dirname>          Name of subdirectories containing *.rsp files, default "resp"
+        --shwrap_prefix=<prefix>
+        --tprefix=<prefix>
+        --ignore-bogus              Ignore duplicate or bogus files
+        --ignore-missing            Ignore missing test files
+        --quiet                     Shhh....
+        --generate                  Generate algorithm test output
+        --win32                     Win32 environment
+EOF
+}
+
+# Sanity check to see if all necessary executables exist
+
+sub sanity_check_exe {
+    my ( $win32, $tprefix, $shwrap_prefix ) = @_;
+    my %exe_list;
+    my $bad = 0;
+    $exe_list{ $shwrap_prefix . "shlib_wrap.sh" } = 1 unless $win32;
+    foreach (@fips_test_list) {
+        next unless ref($_);
+        my $cmd = $_->[1];
+        $cmd =~ s/ .*$//;
+        $cmd = $tprefix . $cmd;
+        $cmd .= ".exe" if $win32;
+        $exe_list{$cmd} = 1;
+    }
+
+    foreach ( sort keys %exe_list ) {
+        if ( !-f $_ ) {
+            print STDERR "ERROR: can't find executable $_\n";
+            $bad = 1;
+        }
+    }
+    if ($bad) {
+        print STDERR "FATAL ERROR: executables missing\n";
+        exit(1);
+    }
+    elsif ($debug) {
+        print STDERR "Executable sanity check passed OK\n";
+    }
+}
+
+# Search for all request and response files
+
+sub find_files {
+    my ( $filter, $dir ) = @_;
+    my ( $dirh, $testname );
+    opendir( $dirh, $dir );
+    while ( $_ = readdir($dirh) ) {
+        next if ( $_ eq "." || $_ eq ".." );
+        $_ = "$dir/$_";
+        if ( -f "$_" ) {
+            if (/\/([^\/]*)\.rsp$/) {
+                $testname = fix_pss( $1, $_ );
+                if ( exists $fips_tests{$testname} ) {
+                    if ( $fips_tests{$testname}->[3] eq "" ) {
+                        $fips_tests{$testname}->[3] = $_;
+                    }
+                    else {
+                        print STDERR
+"WARNING: duplicate response file $_ for test $testname\n";
+                        $nbogus++;
+                    }
+                }
+                else {
+                    print STDERR "WARNING: bogus file $_\n";
+                    $nbogus++;
+                }
+            }
+            next unless /$filter.*\.req$/i;
+            if (/\/([^\/]*)\.req$/) {
+                $testname = fix_pss( $1, $_ );
+                if ( exists $fips_tests{$testname} ) {
+                    if ( $fips_tests{$testname}->[2] eq "" ) {
+                        $fips_tests{$testname}->[2] = $_;
+                    }
+                    else {
+                        print STDERR
+"WARNING: duplicate request file $_ for test $testname\n";
+                        $nbogus++;
+                    }
+
+                }
+                elsif ( !/SHAmix\.req$/ ) {
+                    print STDERR "WARNING: unrecognized filename $_\n";
+                    $nbogus++;
+                }
+            }
+        }
+        elsif ( -d "$_" ) {
+            find_files( $filter, $_ );
+        }
+    }
+    closedir($dirh);
+}
+
+sub fix_pss {
+    my ( $test, $path ) = @_;
+    my $sl = "";
+    local $_;
+    if ( $test =~ /PSS/ ) {
+        open( IN, $path ) || die "Can't Open File $path";
+        while (<IN>) {
+            if (/^\s*#\s*salt\s+len:\s+(\d+)\s*$/i) {
+                $sl = $1;
+                last;
+            }
+        }
+        close IN;
+        if ( $sl eq "" ) {
+            print STDERR "WARNING: No Salt length detected for file $path\n";
+        }
+        else {
+            return $test . "($sl)";
+        }
+    }
+    return $test;
+}
+
+sub sanity_check_files {
+    my $bad = 0;
+    foreach (@fips_test_list) {
+        next unless ref($_);
+        my ( $tst, $cmd, $req, $resp ) = @$_;
+
+        #print STDERR "FILES $tst, $cmd, $req, $resp\n";
+        if ( $req eq "" ) {
+            print STDERR "WARNING: missing request file for $tst\n";
+            $bad = 1;
+            next;
+        }
+        if ( $verify && $resp eq "" ) {
+            print STDERR "WARNING: no response file for test $tst\n";
+            $bad = 1;
+        }
+        elsif ( !$verify && $resp ne "" ) {
+            print STDERR "WARNING: response file $resp will be overwritten\n";
+        }
+    }
+    if ($bad) {
+        print STDERR "ERROR: test vector file set not complete\n";
+        exit(1) unless $ignore_missing;
+    }
+    if ($nbogus) {
+        print STDERR
+          "ERROR: $nbogus bogus or duplicate request and response files\n";
+        exit(1) unless $ignore_bogus;
+    }
+    if ( $debug && !$nbogus && !$bad ) {
+        print STDERR "test vector file set complete\n";
+    }
+}
+
+sub run_tests {
+    my ( $verify, $win32, $tprefix, $filter, $tvdir ) = @_;
+    my ( $tname, $tref );
+    my $bad = 0;
+    foreach (@fips_test_list) {
+        if ( !ref($_) ) {
+            print "Running $_ tests\n" unless $quiet;
+            next;
+        }
+        my ( $tname, $tcmd, $req, $rsp ) = @$_;
+        my $out = $rsp;
+        if ($verify) {
+            $out =~ s/\.rsp$/.tst/;
+        }
+        if ( $req eq "" ) {
+            print STDERR
+              "WARNING: Request file for $tname missing: test skipped\n";
+            $skipcnt++;
+            next;
+        }
+        if ( $verify && $rsp eq "" ) {
+            print STDERR
+              "WARNING: Response file for $tname missing: test skipped\n";
+            $skipcnt++;
+            next;
+        }
+        elsif ( !$verify ) {
+            if ( $rsp ne "" ) {
+                print STDERR "WARNING: Response file for $tname deleted\n";
+                unlink $rsp;
+            }
+            $out = $req;
+            $out =~ s|/req/(\S+)\.req|/$rspdir/$1.rsp|;
+            my $outdir = $out;
+            $outdir =~ s|/[^/]*$||;
+            if ( !-d $outdir ) {
+                print STDERR "DEBUG: Creating directory $outdir\n" if $debug;
+                mkdir($outdir) || die "Can't create directory $outdir";
+            }
+        }
+        my $cmd = "$cmd_prefix$tprefix$tcmd ";
+        if ( $tcmd =~ /-f$/ ) {
+            $cmd .= "$req $out";
+        }
+        else {
+            $cmd .= "<$req >$out";
+        }
+        print STDERR "DEBUG: running test $tname\n" if ( $debug && !$verify );
+        system($cmd);
+        if ( $? != 0 ) {
+            print STDERR
+              "WARNING: error executing test $tname for command: $cmd\n";
+            $runerr++;
+            next;
+        }
+        if ($verify) {
+            if ( exists $verify_special{$tname} ) {
+                my $vout = $rsp;
+                $vout =~ s/\.rsp$/.ver/;
+                $tcmd = $verify_special{$tname};
+                $cmd  = "$cmd_prefix$tprefix$tcmd ";
+                $cmd .= "<$out >$vout";
+                system($cmd);
+                if ( $? != 0 ) {
+                    print STDERR
+                      "WARNING: error executing verify test $tname $cmd\n";
+                    $scheckrunerr++;
+                    next;
+                }
+                my ( $fcount, $pcount ) = ( 0, 0 );
+                open VER, "$vout";
+                while (<VER>) {
+                    if (/^Result\s*=\s*(\S*)\s*$/i)
+
+                    {
+                        if ( $1 eq "F" ) {
+                            $fcount++;
+                        }
+                        else {
+                            $pcount++;
+                        }
+                    }
+                }
+                close VER;
+
+                unlink $vout;
+                if ( $fcount || $debug ) {
+                    print STDERR "DEBUG: $tname, Pass=$pcount, Fail=$fcount\n";
+                }
+                if ( $fcount || !$pcount ) {
+                    $scheckerr++;
+                }
+                else {
+                    $scheckok++;
+                }
+
+            }
+            elsif ( !cmp_file( $tname, $rsp, $out ) ) {
+                $cmperr++;
+            }
+            else {
+                $cmpok++;
+            }
+            unlink $out;
+        }
+    }
+}
+
+sub cmp_file {
+    my ( $tname, $rsp, $tst ) = @_;
+    my ( $rspf,    $tstf );
+    my ( $rspline, $tstline );
+    if ( !open( $rspf, $rsp ) ) {
+        print STDERR "ERROR: can't open request file $rsp\n";
+        return 0;
+    }
+    if ( !open( $tstf, $tst ) ) {
+        print STDERR "ERROR: can't open output file $tst\n";
+        return 0;
+    }
+    for ( ; ; ) {
+        $rspline = next_line($rspf);
+        $tstline = next_line($tstf);
+        if ( !defined($rspline) && !defined($tstline) ) {
+            print STDERR "DEBUG: $tname file comparison OK\n" if $debug;
+            return 1;
+        }
+        if ( !defined($rspline) ) {
+            print STDERR "ERROR: $tname EOF on $rspf\n";
+            return 0;
+        }
+        if ( !defined($tstline) ) {
+            print STDERR "ERROR: $tname EOF on $tstf\n";
+            return 0;
+        }
+
+        # Workaround for bug in RAND des2 test output */
+        if ( $tstline =~ /^Key2 =/ && $rspline =~ /^Key1 =/ ) {
+            $rspline =~ s/^Key1/Key2/;
+        }
+
+        if ( $tstline ne $rspline ) {
+            print STDERR "ERROR: $tname mismatch:\n";
+            print STDERR "\t $tstline != $rspline\n";
+            return 0;
+        }
+    }
+    return 1;
+}
+
+sub next_line {
+    my ($in) = @_;
+
+    while (<$in>) {
+        chomp;
+
+        # Delete comments
+        s/#.*$//;
+
+        # Ignore blank lines
+        next if (/^\s*$/);
+
+        # Translate multiple space into one
+        s/\s+/ /g;
+        return $_;
+    }
+    return undef;
+}
diff --git a/src/lib/libssl/src/fips/fipsld b/src/lib/libssl/src/fips/fipsld
new file mode 100755
index 0000000000..c71d4d95a5
--- /dev/null
+++ b/src/lib/libssl/src/fips/fipsld
@@ -0,0 +1,170 @@
+#!/bin/sh -e
+#
+# Copyright (c) 2005-2007 The OpenSSL Project.
+#
+# Depending on output file name, the script either embeds fingerprint
+# into libcrypto.so or static application. "Static" refers to static
+# libcrypto.a, not [necessarily] application per se.
+#
+# Even though this script is called fipsld, it expects C compiler
+# command line syntax and $FIPSLD_CC or $CC environment variable set
+# and can even be used to compile source files.
+
+#set -x
+
+CC=${FIPSLD_CC:-${CC}}
+[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }
+
+# Initially -c wasn't intended to be interpreted here, but it might
+# make life easier for those who want to build FIPS-ified applications
+# with minimal [if any] modifications to their Makefiles...
+(   while [ "x$1" != "x" -a "x$1" != "x-c" -a "x$1" != "x-E" ]; do shift; done;
+    [ $# -ge 1 ]
+) && exec ${CC} "$@"
+
+TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
+
+# If using an auto-tooled (autoconf/automake/libtool) project,
+# configure will fail when testing the compiler or even performing
+# simple checks. Pass-through to compiler directly if application is
+# is not being linked with libcrypto, allowing auto-tooled applications
+# to utilize fipsld (e.g. CC=/usr/local/ssl/bin/fipsld FIPSLD_CC=gcc
+# ./configure && make). But keep in mind[!] that if certified code
+# resides in a shared library, then fipsld *may not* be used and
+# end-developer should not modify application configuration and build
+# procedures. This is because in-core fingerprint and associated
+# procedures are already embedded into and executed in shared library
+# context.
+case `basename "${TARGET}"` in
+libcrypto*|libfips*|*.dll)              ;;
+*)      case "$*" in
+        *libcrypto.a*|*-lcrypto*|*fipscanister.o*)      ;;
+        *)      exec ${CC} "$@"         ;;
+        esac
+esac
+
+[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
+
+# Turn on debugging output?
+(   while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
+    [ $# -ge 1 ]
+) && set -x
+
+THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
+
+# fipscanister.o can appear in command line
+CANISTER_O=`(while [ "x$1" != "x" ]; do case "$1" in *fipscanister.o) echo $1; exit;; esac; shift; done)`
+if [ -z "${CANISTER_O}" ]; then
+        # If set, FIPSLIBDIR is location of installed validated FIPS module
+        if [ -n "${FIPSLIBDIR}" ]; then
+                CANISTER_O="${FIPSLIBDIR}/fipscanister.o"
+        elif [ -f "${THERE}/fips/fipscanister.o" ]; then
+                CANISTER_O="${THERE}/fips/fipscanister.o"
+        elif [ -f "${THERE}/lib/fipscanister.o" ]; then
+                CANISTER_O="${THERE}/lib/fipscanister.o"
+        fi
+        CANISTER_O_CMD="${CANISTER_O}"
+fi
+[ -f ${CANISTER_O} ] || { echo "unable to find ${CANISTER_O}"; exit 1; }
+
+PREMAIN_C=`dirname "${CANISTER_O}"`/fips_premain.c
+
+HMAC_KEY="etaonrishdlcupfm"
+
+case "`(uname -s) 2>/dev/null`" in
+OSF1|IRIX*)     _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain"     ;;
+HP-UX)          _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain"     ;;
+AIX)            _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain,-bnoobjreorder";;
+Darwin)         (   while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
+                    [ $# -ge 1 ]
+                ) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
+esac
+
+case "${TARGET}" in
+[!/]*)  TARGET=./${TARGET} ;;
+esac
+
+case `basename "${TARGET}"` in
+lib*|*.dll)     # must be linking a shared lib...
+        # Shared lib creation can be taking place in the source
+        # directory only, but fipscanister.o can reside elsewhere...
+        FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
+
+        # verify fipspremain.c against its detached signature...
+        ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
+                diff -w "${PREMAIN_C}.sha1" - || \
+        { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
+        # verify fipscanister.o against its detached signature...
+        ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
+                diff -w "${CANISTER_O}.sha1" - || \
+        { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
+
+        # Temporarily remove fipscanister.o from libcrypto.a!
+        # We are required to use the standalone copy...
+        if [ -f "${THERE}/libcrypto.a" ]; then
+            if ar d "${THERE}/libcrypto.a" fipscanister.o; then
+                (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
+                trap    'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
+                         (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :;
+                         sleep 1;
+                         touch -c "${TARGET}"' 0
+            fi
+        fi
+
+        /bin/rm -f "${TARGET}"
+        ${CC}   ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
+                "${PREMAIN_C}" \
+                ${_WL_PREMAIN} "$@"
+
+        # generate signature...
+        SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`
+        /bin/rm -f "${TARGET}"
+        if [ -z "${SIG}" ]; then
+           echo "unable to collect signature"; exit 1
+        fi
+
+        # recompile with signature...
+        ${CC}   ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
+                -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
+                ${_WL_PREMAIN} "$@"
+        ;;
+
+*)      # must be linking statically...
+        # Static linking can be taking place either in the source
+        # directory or off the installed binary target destination.
+        if [ -x "${THERE}/fips/fips_standalone_sha1" ]; then
+                FINGERTYPE="${THERE}/fips/fips_standalone_sha1"
+        else    # Installed tree is expected to contain
+                # lib/fipscanister.o, lib/fipscanister.o.sha1 and
+                # lib/fips_premain.c [not to mention bin/openssl].
+                FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
+        fi
+
+        # verify fipscanister.o against its detached signature...
+        ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
+                diff -w "${CANISTER_O}.sha1" - || \
+        { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
+
+        # verify fips_premain.c against its detached signature...
+        ${FINGERTYPE} "${PREMAIN_C}" | sed "s/(.*\//(/" | \
+                diff -w "${PREMAIN_C}.sha1" - || \
+        { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
+
+        /bin/rm -f "${TARGET}"
+        ${CC}   ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
+                "${PREMAIN_C}" \
+                ${_WL_PREMAIN} "$@"
+
+        # generate signature...
+        SIG=`"${TARGET}"`
+        /bin/rm -f "${TARGET}"
+        if [ -z "${SIG}" ]; then
+           echo "unable to collect signature"; exit 1
+        fi
+
+        # recompile with signature...
+        ${CC}   ${CANISTER_O_CMD:+"${CANISTER_O_CMD}"} \
+                -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
+                ${_WL_PREMAIN} "$@"
+        ;;
+esac
diff --git a/src/lib/libssl/src/fips/fipstests.bat b/src/lib/libssl/src/fips/fipstests.bat
new file mode 100644
index 0000000000..aae3b13fd1
--- /dev/null
+++ b/src/lib/libssl/src/fips/fipstests.bat
@@ -0,0 +1,229 @@
+@echo off
+rem Test vector run script
+rem Auto generated by mkfipsscr.pl script
+rem Do not edit
+
+
+echo Running tests in .\testvectors\AES\req
+if exist ".\testvectors\AES\rsp" rd /s /q ".\testvectors\AES\rsp"
+md ".\testvectors\AES\rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCGFSbox128.req" ".\testvectors\AES\rsp\CBCGFSbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCGFSbox192.req" ".\testvectors\AES\rsp\CBCGFSbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCGFSbox256.req" ".\testvectors\AES\rsp\CBCGFSbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCKeySbox128.req" ".\testvectors\AES\rsp\CBCKeySbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCKeySbox192.req" ".\testvectors\AES\rsp\CBCKeySbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCKeySbox256.req" ".\testvectors\AES\rsp\CBCKeySbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCMCT128.req" ".\testvectors\AES\rsp\CBCMCT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCMCT192.req" ".\testvectors\AES\rsp\CBCMCT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCMCT256.req" ".\testvectors\AES\rsp\CBCMCT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCMMT128.req" ".\testvectors\AES\rsp\CBCMMT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCMMT192.req" ".\testvectors\AES\rsp\CBCMMT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCMMT256.req" ".\testvectors\AES\rsp\CBCMMT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCVarKey128.req" ".\testvectors\AES\rsp\CBCVarKey128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCVarKey192.req" ".\testvectors\AES\rsp\CBCVarKey192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCVarKey256.req" ".\testvectors\AES\rsp\CBCVarKey256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCVarTxt128.req" ".\testvectors\AES\rsp\CBCVarTxt128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCVarTxt192.req" ".\testvectors\AES\rsp\CBCVarTxt192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CBCVarTxt256.req" ".\testvectors\AES\rsp\CBCVarTxt256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128GFSbox128.req" ".\testvectors\AES\rsp\CFB128GFSbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128GFSbox192.req" ".\testvectors\AES\rsp\CFB128GFSbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128GFSbox256.req" ".\testvectors\AES\rsp\CFB128GFSbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128KeySbox128.req" ".\testvectors\AES\rsp\CFB128KeySbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128KeySbox192.req" ".\testvectors\AES\rsp\CFB128KeySbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128KeySbox256.req" ".\testvectors\AES\rsp\CFB128KeySbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128MCT128.req" ".\testvectors\AES\rsp\CFB128MCT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128MCT192.req" ".\testvectors\AES\rsp\CFB128MCT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128MCT256.req" ".\testvectors\AES\rsp\CFB128MCT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128MMT128.req" ".\testvectors\AES\rsp\CFB128MMT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128MMT192.req" ".\testvectors\AES\rsp\CFB128MMT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128MMT256.req" ".\testvectors\AES\rsp\CFB128MMT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128VarKey128.req" ".\testvectors\AES\rsp\CFB128VarKey128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128VarKey192.req" ".\testvectors\AES\rsp\CFB128VarKey192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128VarKey256.req" ".\testvectors\AES\rsp\CFB128VarKey256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128VarTxt128.req" ".\testvectors\AES\rsp\CFB128VarTxt128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128VarTxt192.req" ".\testvectors\AES\rsp\CFB128VarTxt192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB128VarTxt256.req" ".\testvectors\AES\rsp\CFB128VarTxt256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1GFSbox128.req" ".\testvectors\AES\rsp\CFB1GFSbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1GFSbox192.req" ".\testvectors\AES\rsp\CFB1GFSbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1GFSbox256.req" ".\testvectors\AES\rsp\CFB1GFSbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1KeySbox128.req" ".\testvectors\AES\rsp\CFB1KeySbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1KeySbox192.req" ".\testvectors\AES\rsp\CFB1KeySbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1KeySbox256.req" ".\testvectors\AES\rsp\CFB1KeySbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1MCT128.req" ".\testvectors\AES\rsp\CFB1MCT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1MCT192.req" ".\testvectors\AES\rsp\CFB1MCT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1MCT256.req" ".\testvectors\AES\rsp\CFB1MCT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1MMT128.req" ".\testvectors\AES\rsp\CFB1MMT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1MMT192.req" ".\testvectors\AES\rsp\CFB1MMT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1MMT256.req" ".\testvectors\AES\rsp\CFB1MMT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1VarKey128.req" ".\testvectors\AES\rsp\CFB1VarKey128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1VarKey192.req" ".\testvectors\AES\rsp\CFB1VarKey192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1VarKey256.req" ".\testvectors\AES\rsp\CFB1VarKey256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1VarTxt128.req" ".\testvectors\AES\rsp\CFB1VarTxt128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1VarTxt192.req" ".\testvectors\AES\rsp\CFB1VarTxt192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB1VarTxt256.req" ".\testvectors\AES\rsp\CFB1VarTxt256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8GFSbox128.req" ".\testvectors\AES\rsp\CFB8GFSbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8GFSbox192.req" ".\testvectors\AES\rsp\CFB8GFSbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8GFSbox256.req" ".\testvectors\AES\rsp\CFB8GFSbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8KeySbox128.req" ".\testvectors\AES\rsp\CFB8KeySbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8KeySbox192.req" ".\testvectors\AES\rsp\CFB8KeySbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8KeySbox256.req" ".\testvectors\AES\rsp\CFB8KeySbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8MCT128.req" ".\testvectors\AES\rsp\CFB8MCT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8MCT192.req" ".\testvectors\AES\rsp\CFB8MCT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8MCT256.req" ".\testvectors\AES\rsp\CFB8MCT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8MMT128.req" ".\testvectors\AES\rsp\CFB8MMT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8MMT192.req" ".\testvectors\AES\rsp\CFB8MMT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8MMT256.req" ".\testvectors\AES\rsp\CFB8MMT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8VarKey128.req" ".\testvectors\AES\rsp\CFB8VarKey128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8VarKey192.req" ".\testvectors\AES\rsp\CFB8VarKey192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8VarKey256.req" ".\testvectors\AES\rsp\CFB8VarKey256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8VarTxt128.req" ".\testvectors\AES\rsp\CFB8VarTxt128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8VarTxt192.req" ".\testvectors\AES\rsp\CFB8VarTxt192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\CFB8VarTxt256.req" ".\testvectors\AES\rsp\CFB8VarTxt256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBGFSbox128.req" ".\testvectors\AES\rsp\ECBGFSbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBGFSbox192.req" ".\testvectors\AES\rsp\ECBGFSbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBGFSbox256.req" ".\testvectors\AES\rsp\ECBGFSbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBKeySbox128.req" ".\testvectors\AES\rsp\ECBKeySbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBKeySbox192.req" ".\testvectors\AES\rsp\ECBKeySbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBKeySbox256.req" ".\testvectors\AES\rsp\ECBKeySbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBMCT128.req" ".\testvectors\AES\rsp\ECBMCT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBMCT192.req" ".\testvectors\AES\rsp\ECBMCT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBMCT256.req" ".\testvectors\AES\rsp\ECBMCT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBMMT128.req" ".\testvectors\AES\rsp\ECBMMT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBMMT192.req" ".\testvectors\AES\rsp\ECBMMT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBMMT256.req" ".\testvectors\AES\rsp\ECBMMT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBVarKey128.req" ".\testvectors\AES\rsp\ECBVarKey128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBVarKey192.req" ".\testvectors\AES\rsp\ECBVarKey192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBVarKey256.req" ".\testvectors\AES\rsp\ECBVarKey256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBVarTxt128.req" ".\testvectors\AES\rsp\ECBVarTxt128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBVarTxt192.req" ".\testvectors\AES\rsp\ECBVarTxt192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\ECBVarTxt256.req" ".\testvectors\AES\rsp\ECBVarTxt256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBGFSbox128.req" ".\testvectors\AES\rsp\OFBGFSbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBGFSbox192.req" ".\testvectors\AES\rsp\OFBGFSbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBGFSbox256.req" ".\testvectors\AES\rsp\OFBGFSbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBKeySbox128.req" ".\testvectors\AES\rsp\OFBKeySbox128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBKeySbox192.req" ".\testvectors\AES\rsp\OFBKeySbox192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBKeySbox256.req" ".\testvectors\AES\rsp\OFBKeySbox256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBMCT128.req" ".\testvectors\AES\rsp\OFBMCT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBMCT192.req" ".\testvectors\AES\rsp\OFBMCT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBMCT256.req" ".\testvectors\AES\rsp\OFBMCT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBMMT128.req" ".\testvectors\AES\rsp\OFBMMT128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBMMT192.req" ".\testvectors\AES\rsp\OFBMMT192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBMMT256.req" ".\testvectors\AES\rsp\OFBMMT256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBVarKey128.req" ".\testvectors\AES\rsp\OFBVarKey128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBVarKey192.req" ".\testvectors\AES\rsp\OFBVarKey192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBVarKey256.req" ".\testvectors\AES\rsp\OFBVarKey256.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBVarTxt128.req" ".\testvectors\AES\rsp\OFBVarTxt128.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBVarTxt192.req" ".\testvectors\AES\rsp\OFBVarTxt192.rsp"
+..\out32dll\fips_aesavs -f ".\testvectors\AES\req\OFBVarTxt256.req" ".\testvectors\AES\rsp\OFBVarTxt256.rsp"
+
+echo Running tests in .\testvectors\DSA\req
+if exist ".\testvectors\DSA\rsp" rd /s /q ".\testvectors\DSA\rsp"
+md ".\testvectors\DSA\rsp"
+..\out32dll\fips_dssvs keypair < ".\testvectors\DSA\req\KeyPair.req" > ".\testvectors\DSA\rsp\KeyPair.rsp"
+..\out32dll\fips_dssvs pqg < ".\testvectors\DSA\req\PQGGen.req" > ".\testvectors\DSA\rsp\PQGGen.rsp"
+..\out32dll\fips_dssvs siggen < ".\testvectors\DSA\req\SigGen.req" > ".\testvectors\DSA\rsp\SigGen.rsp"
+..\out32dll\fips_dssvs sigver < ".\testvectors\DSA\req\SigVer.req" > ".\testvectors\DSA\rsp\SigVer.rsp"
+
+echo Running tests in .\testvectors\HMAC\req
+if exist ".\testvectors\HMAC\rsp" rd /s /q ".\testvectors\HMAC\rsp"
+md ".\testvectors\HMAC\rsp"
+..\out32dll\fips_hmactest < ".\testvectors\HMAC\req\HMAC.req" > ".\testvectors\HMAC\rsp\HMAC.rsp"
+
+echo Running tests in .\testvectors\RNG\req
+if exist ".\testvectors\RNG\rsp" rd /s /q ".\testvectors\RNG\rsp"
+md ".\testvectors\RNG\rsp"
+..\out32dll\fips_rngvs mct < ".\testvectors\RNG\req\ANSI931_AES128MCT.req" > ".\testvectors\RNG\rsp\ANSI931_AES128MCT.rsp"
+..\out32dll\fips_rngvs vst < ".\testvectors\RNG\req\ANSI931_AES128VST.req" > ".\testvectors\RNG\rsp\ANSI931_AES128VST.rsp"
+..\out32dll\fips_rngvs mct < ".\testvectors\RNG\req\ANSI931_AES192MCT.req" > ".\testvectors\RNG\rsp\ANSI931_AES192MCT.rsp"
+..\out32dll\fips_rngvs vst < ".\testvectors\RNG\req\ANSI931_AES192VST.req" > ".\testvectors\RNG\rsp\ANSI931_AES192VST.rsp"
+..\out32dll\fips_rngvs mct < ".\testvectors\RNG\req\ANSI931_AES256MCT.req" > ".\testvectors\RNG\rsp\ANSI931_AES256MCT.rsp"
+..\out32dll\fips_rngvs vst < ".\testvectors\RNG\req\ANSI931_AES256VST.req" > ".\testvectors\RNG\rsp\ANSI931_AES256VST.rsp"
+
+echo Running tests in .\testvectors\RSA\req
+if exist ".\testvectors\RSA\rsp" rd /s /q ".\testvectors\RSA\rsp"
+md ".\testvectors\RSA\rsp"
+..\out32dll\fips_rsagtest < ".\testvectors\RSA\req\KeyGenRSA.req" > ".\testvectors\RSA\rsp\KeyGenRSA.rsp"
+..\out32dll\fips_rsastest < ".\testvectors\RSA\req\SigGen15.req" > ".\testvectors\RSA\rsp\SigGen15.rsp"
+..\out32dll\fips_rsastest -saltlen 0 < ".\testvectors\RSA\req\SigGenPSS.req" > ".\testvectors\RSA\rsp\SigGenPSS.rsp"
+..\out32dll\fips_rsastest -x931 < ".\testvectors\RSA\req\SigGenRSA.req" > ".\testvectors\RSA\rsp\SigGenRSA.rsp"
+..\out32dll\fips_rsavtest < ".\testvectors\RSA\req\SigVer15.req" > ".\testvectors\RSA\rsp\SigVer15.rsp"
+..\out32dll\fips_rsavtest -saltlen 0 < ".\testvectors\RSA\req\SigVerPSS.req" > ".\testvectors\RSA\rsp\SigVerPSS.rsp"
+..\out32dll\fips_rsavtest -x931 < ".\testvectors\RSA\req\SigVerRSA.req" > ".\testvectors\RSA\rsp\SigVerRSA.rsp"
+
+echo Running tests in .\testvectors\SHA\req
+if exist ".\testvectors\SHA\rsp" rd /s /q ".\testvectors\SHA\rsp"
+md ".\testvectors\SHA\rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA1LongMsg.req" > ".\testvectors\SHA\rsp\SHA1LongMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA1Monte.req" > ".\testvectors\SHA\rsp\SHA1Monte.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA1ShortMsg.req" > ".\testvectors\SHA\rsp\SHA1ShortMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA224LongMsg.req" > ".\testvectors\SHA\rsp\SHA224LongMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA224Monte.req" > ".\testvectors\SHA\rsp\SHA224Monte.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA224ShortMsg.req" > ".\testvectors\SHA\rsp\SHA224ShortMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA256LongMsg.req" > ".\testvectors\SHA\rsp\SHA256LongMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA256Monte.req" > ".\testvectors\SHA\rsp\SHA256Monte.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA256ShortMsg.req" > ".\testvectors\SHA\rsp\SHA256ShortMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA384LongMsg.req" > ".\testvectors\SHA\rsp\SHA384LongMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA384Monte.req" > ".\testvectors\SHA\rsp\SHA384Monte.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA384ShortMsg.req" > ".\testvectors\SHA\rsp\SHA384ShortMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA512LongMsg.req" > ".\testvectors\SHA\rsp\SHA512LongMsg.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA512Monte.req" > ".\testvectors\SHA\rsp\SHA512Monte.rsp"
+..\out32dll\fips_shatest < ".\testvectors\SHA\req\SHA512ShortMsg.req" > ".\testvectors\SHA\rsp\SHA512ShortMsg.rsp"
+
+echo Running tests in .\testvectors\TDES\req
+if exist ".\testvectors\TDES\rsp" rd /s /q ".\testvectors\TDES\rsp"
+md ".\testvectors\TDES\rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCinvperm.req" ".\testvectors\TDES\rsp\TCBCinvperm.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCMMT1.req" ".\testvectors\TDES\rsp\TCBCMMT1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCMMT2.req" ".\testvectors\TDES\rsp\TCBCMMT2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCMMT3.req" ".\testvectors\TDES\rsp\TCBCMMT3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCMonte1.req" ".\testvectors\TDES\rsp\TCBCMonte1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCMonte2.req" ".\testvectors\TDES\rsp\TCBCMonte2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCMonte3.req" ".\testvectors\TDES\rsp\TCBCMonte3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCpermop.req" ".\testvectors\TDES\rsp\TCBCpermop.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCsubtab.req" ".\testvectors\TDES\rsp\TCBCsubtab.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCvarkey.req" ".\testvectors\TDES\rsp\TCBCvarkey.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCBCvartext.req" ".\testvectors\TDES\rsp\TCBCvartext.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64invperm.req" ".\testvectors\TDES\rsp\TCFB64invperm.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64MMT1.req" ".\testvectors\TDES\rsp\TCFB64MMT1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64MMT2.req" ".\testvectors\TDES\rsp\TCFB64MMT2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64MMT3.req" ".\testvectors\TDES\rsp\TCFB64MMT3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64Monte1.req" ".\testvectors\TDES\rsp\TCFB64Monte1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64Monte2.req" ".\testvectors\TDES\rsp\TCFB64Monte2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64Monte3.req" ".\testvectors\TDES\rsp\TCFB64Monte3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64permop.req" ".\testvectors\TDES\rsp\TCFB64permop.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64subtab.req" ".\testvectors\TDES\rsp\TCFB64subtab.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64varkey.req" ".\testvectors\TDES\rsp\TCFB64varkey.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB64vartext.req" ".\testvectors\TDES\rsp\TCFB64vartext.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8invperm.req" ".\testvectors\TDES\rsp\TCFB8invperm.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8MMT1.req" ".\testvectors\TDES\rsp\TCFB8MMT1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8MMT2.req" ".\testvectors\TDES\rsp\TCFB8MMT2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8MMT3.req" ".\testvectors\TDES\rsp\TCFB8MMT3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8Monte1.req" ".\testvectors\TDES\rsp\TCFB8Monte1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8Monte2.req" ".\testvectors\TDES\rsp\TCFB8Monte2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8Monte3.req" ".\testvectors\TDES\rsp\TCFB8Monte3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8permop.req" ".\testvectors\TDES\rsp\TCFB8permop.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8subtab.req" ".\testvectors\TDES\rsp\TCFB8subtab.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8varkey.req" ".\testvectors\TDES\rsp\TCFB8varkey.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TCFB8vartext.req" ".\testvectors\TDES\rsp\TCFB8vartext.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBinvperm.req" ".\testvectors\TDES\rsp\TECBinvperm.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBMMT1.req" ".\testvectors\TDES\rsp\TECBMMT1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBMMT2.req" ".\testvectors\TDES\rsp\TECBMMT2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBMMT3.req" ".\testvectors\TDES\rsp\TECBMMT3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBMonte1.req" ".\testvectors\TDES\rsp\TECBMonte1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBMonte2.req" ".\testvectors\TDES\rsp\TECBMonte2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBMonte3.req" ".\testvectors\TDES\rsp\TECBMonte3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBpermop.req" ".\testvectors\TDES\rsp\TECBpermop.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBsubtab.req" ".\testvectors\TDES\rsp\TECBsubtab.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBvarkey.req" ".\testvectors\TDES\rsp\TECBvarkey.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TECBvartext.req" ".\testvectors\TDES\rsp\TECBvartext.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBinvperm.req" ".\testvectors\TDES\rsp\TOFBinvperm.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBMMT1.req" ".\testvectors\TDES\rsp\TOFBMMT1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBMMT2.req" ".\testvectors\TDES\rsp\TOFBMMT2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBMMT3.req" ".\testvectors\TDES\rsp\TOFBMMT3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBMonte1.req" ".\testvectors\TDES\rsp\TOFBMonte1.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBMonte2.req" ".\testvectors\TDES\rsp\TOFBMonte2.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBMonte3.req" ".\testvectors\TDES\rsp\TOFBMonte3.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBpermop.req" ".\testvectors\TDES\rsp\TOFBpermop.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBsubtab.req" ".\testvectors\TDES\rsp\TOFBsubtab.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBvarkey.req" ".\testvectors\TDES\rsp\TOFBvarkey.rsp"
+..\out32dll\fips_desmovs -f ".\testvectors\TDES\req\TOFBvartext.req" ".\testvectors\TDES\rsp\TOFBvartext.rsp"
diff --git a/src/lib/libssl/src/fips/fipstests.sh b/src/lib/libssl/src/fips/fipstests.sh
new file mode 100644
index 0000000000..a351446942
--- /dev/null
+++ b/src/lib/libssl/src/fips/fipstests.sh
@@ -0,0 +1,400 @@
+#!/bin/sh
+
+# Test vector run script
+# Auto generated by mkfipsscr.pl script
+# Do not edit
+
+
+echo Running tests in "./testvectors/AES/req"
+rm -rf "./testvectors/AES/rsp"
+mkdir "./testvectors/AES/rsp"
+
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCGFSbox128.req" "./testvectors/AES/rsp/CBCGFSbox128.rsp" || { echo "./testvectors/AES/req/CBCGFSbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCGFSbox192.req" "./testvectors/AES/rsp/CBCGFSbox192.rsp" || { echo "./testvectors/AES/req/CBCGFSbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCGFSbox256.req" "./testvectors/AES/rsp/CBCGFSbox256.rsp" || { echo "./testvectors/AES/req/CBCGFSbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCKeySbox128.req" "./testvectors/AES/rsp/CBCKeySbox128.rsp" || { echo "./testvectors/AES/req/CBCKeySbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCKeySbox192.req" "./testvectors/AES/rsp/CBCKeySbox192.rsp" || { echo "./testvectors/AES/req/CBCKeySbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCKeySbox256.req" "./testvectors/AES/rsp/CBCKeySbox256.rsp" || { echo "./testvectors/AES/req/CBCKeySbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCMCT128.req" "./testvectors/AES/rsp/CBCMCT128.rsp" || { echo "./testvectors/AES/req/CBCMCT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCMCT192.req" "./testvectors/AES/rsp/CBCMCT192.rsp" || { echo "./testvectors/AES/req/CBCMCT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCMCT256.req" "./testvectors/AES/rsp/CBCMCT256.rsp" || { echo "./testvectors/AES/req/CBCMCT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCMMT128.req" "./testvectors/AES/rsp/CBCMMT128.rsp" || { echo "./testvectors/AES/req/CBCMMT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCMMT192.req" "./testvectors/AES/rsp/CBCMMT192.rsp" || { echo "./testvectors/AES/req/CBCMMT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCMMT256.req" "./testvectors/AES/rsp/CBCMMT256.rsp" || { echo "./testvectors/AES/req/CBCMMT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCVarKey128.req" "./testvectors/AES/rsp/CBCVarKey128.rsp" || { echo "./testvectors/AES/req/CBCVarKey128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCVarKey192.req" "./testvectors/AES/rsp/CBCVarKey192.rsp" || { echo "./testvectors/AES/req/CBCVarKey192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCVarKey256.req" "./testvectors/AES/rsp/CBCVarKey256.rsp" || { echo "./testvectors/AES/req/CBCVarKey256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCVarTxt128.req" "./testvectors/AES/rsp/CBCVarTxt128.rsp" || { echo "./testvectors/AES/req/CBCVarTxt128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCVarTxt192.req" "./testvectors/AES/rsp/CBCVarTxt192.rsp" || { echo "./testvectors/AES/req/CBCVarTxt192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CBCVarTxt256.req" "./testvectors/AES/rsp/CBCVarTxt256.rsp" || { echo "./testvectors/AES/req/CBCVarTxt256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128GFSbox128.req" "./testvectors/AES/rsp/CFB128GFSbox128.rsp" || { echo "./testvectors/AES/req/CFB128GFSbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128GFSbox192.req" "./testvectors/AES/rsp/CFB128GFSbox192.rsp" || { echo "./testvectors/AES/req/CFB128GFSbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128GFSbox256.req" "./testvectors/AES/rsp/CFB128GFSbox256.rsp" || { echo "./testvectors/AES/req/CFB128GFSbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128KeySbox128.req" "./testvectors/AES/rsp/CFB128KeySbox128.rsp" || { echo "./testvectors/AES/req/CFB128KeySbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128KeySbox192.req" "./testvectors/AES/rsp/CFB128KeySbox192.rsp" || { echo "./testvectors/AES/req/CFB128KeySbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128KeySbox256.req" "./testvectors/AES/rsp/CFB128KeySbox256.rsp" || { echo "./testvectors/AES/req/CFB128KeySbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128MCT128.req" "./testvectors/AES/rsp/CFB128MCT128.rsp" || { echo "./testvectors/AES/req/CFB128MCT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128MCT192.req" "./testvectors/AES/rsp/CFB128MCT192.rsp" || { echo "./testvectors/AES/req/CFB128MCT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128MCT256.req" "./testvectors/AES/rsp/CFB128MCT256.rsp" || { echo "./testvectors/AES/req/CFB128MCT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128MMT128.req" "./testvectors/AES/rsp/CFB128MMT128.rsp" || { echo "./testvectors/AES/req/CFB128MMT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128MMT192.req" "./testvectors/AES/rsp/CFB128MMT192.rsp" || { echo "./testvectors/AES/req/CFB128MMT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128MMT256.req" "./testvectors/AES/rsp/CFB128MMT256.rsp" || { echo "./testvectors/AES/req/CFB128MMT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128VarKey128.req" "./testvectors/AES/rsp/CFB128VarKey128.rsp" || { echo "./testvectors/AES/req/CFB128VarKey128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128VarKey192.req" "./testvectors/AES/rsp/CFB128VarKey192.rsp" || { echo "./testvectors/AES/req/CFB128VarKey192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128VarKey256.req" "./testvectors/AES/rsp/CFB128VarKey256.rsp" || { echo "./testvectors/AES/req/CFB128VarKey256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128VarTxt128.req" "./testvectors/AES/rsp/CFB128VarTxt128.rsp" || { echo "./testvectors/AES/req/CFB128VarTxt128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128VarTxt192.req" "./testvectors/AES/rsp/CFB128VarTxt192.rsp" || { echo "./testvectors/AES/req/CFB128VarTxt192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB128VarTxt256.req" "./testvectors/AES/rsp/CFB128VarTxt256.rsp" || { echo "./testvectors/AES/req/CFB128VarTxt256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1GFSbox128.req" "./testvectors/AES/rsp/CFB1GFSbox128.rsp" || { echo "./testvectors/AES/req/CFB1GFSbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1GFSbox192.req" "./testvectors/AES/rsp/CFB1GFSbox192.rsp" || { echo "./testvectors/AES/req/CFB1GFSbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1GFSbox256.req" "./testvectors/AES/rsp/CFB1GFSbox256.rsp" || { echo "./testvectors/AES/req/CFB1GFSbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1KeySbox128.req" "./testvectors/AES/rsp/CFB1KeySbox128.rsp" || { echo "./testvectors/AES/req/CFB1KeySbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1KeySbox192.req" "./testvectors/AES/rsp/CFB1KeySbox192.rsp" || { echo "./testvectors/AES/req/CFB1KeySbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1KeySbox256.req" "./testvectors/AES/rsp/CFB1KeySbox256.rsp" || { echo "./testvectors/AES/req/CFB1KeySbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1MCT128.req" "./testvectors/AES/rsp/CFB1MCT128.rsp" || { echo "./testvectors/AES/req/CFB1MCT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1MCT192.req" "./testvectors/AES/rsp/CFB1MCT192.rsp" || { echo "./testvectors/AES/req/CFB1MCT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1MCT256.req" "./testvectors/AES/rsp/CFB1MCT256.rsp" || { echo "./testvectors/AES/req/CFB1MCT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1MMT128.req" "./testvectors/AES/rsp/CFB1MMT128.rsp" || { echo "./testvectors/AES/req/CFB1MMT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1MMT192.req" "./testvectors/AES/rsp/CFB1MMT192.rsp" || { echo "./testvectors/AES/req/CFB1MMT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1MMT256.req" "./testvectors/AES/rsp/CFB1MMT256.rsp" || { echo "./testvectors/AES/req/CFB1MMT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1VarKey128.req" "./testvectors/AES/rsp/CFB1VarKey128.rsp" || { echo "./testvectors/AES/req/CFB1VarKey128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1VarKey192.req" "./testvectors/AES/rsp/CFB1VarKey192.rsp" || { echo "./testvectors/AES/req/CFB1VarKey192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1VarKey256.req" "./testvectors/AES/rsp/CFB1VarKey256.rsp" || { echo "./testvectors/AES/req/CFB1VarKey256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1VarTxt128.req" "./testvectors/AES/rsp/CFB1VarTxt128.rsp" || { echo "./testvectors/AES/req/CFB1VarTxt128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1VarTxt192.req" "./testvectors/AES/rsp/CFB1VarTxt192.rsp" || { echo "./testvectors/AES/req/CFB1VarTxt192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB1VarTxt256.req" "./testvectors/AES/rsp/CFB1VarTxt256.rsp" || { echo "./testvectors/AES/req/CFB1VarTxt256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8GFSbox128.req" "./testvectors/AES/rsp/CFB8GFSbox128.rsp" || { echo "./testvectors/AES/req/CFB8GFSbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8GFSbox192.req" "./testvectors/AES/rsp/CFB8GFSbox192.rsp" || { echo "./testvectors/AES/req/CFB8GFSbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8GFSbox256.req" "./testvectors/AES/rsp/CFB8GFSbox256.rsp" || { echo "./testvectors/AES/req/CFB8GFSbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8KeySbox128.req" "./testvectors/AES/rsp/CFB8KeySbox128.rsp" || { echo "./testvectors/AES/req/CFB8KeySbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8KeySbox192.req" "./testvectors/AES/rsp/CFB8KeySbox192.rsp" || { echo "./testvectors/AES/req/CFB8KeySbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8KeySbox256.req" "./testvectors/AES/rsp/CFB8KeySbox256.rsp" || { echo "./testvectors/AES/req/CFB8KeySbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8MCT128.req" "./testvectors/AES/rsp/CFB8MCT128.rsp" || { echo "./testvectors/AES/req/CFB8MCT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8MCT192.req" "./testvectors/AES/rsp/CFB8MCT192.rsp" || { echo "./testvectors/AES/req/CFB8MCT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8MCT256.req" "./testvectors/AES/rsp/CFB8MCT256.rsp" || { echo "./testvectors/AES/req/CFB8MCT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8MMT128.req" "./testvectors/AES/rsp/CFB8MMT128.rsp" || { echo "./testvectors/AES/req/CFB8MMT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8MMT192.req" "./testvectors/AES/rsp/CFB8MMT192.rsp" || { echo "./testvectors/AES/req/CFB8MMT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8MMT256.req" "./testvectors/AES/rsp/CFB8MMT256.rsp" || { echo "./testvectors/AES/req/CFB8MMT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8VarKey128.req" "./testvectors/AES/rsp/CFB8VarKey128.rsp" || { echo "./testvectors/AES/req/CFB8VarKey128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8VarKey192.req" "./testvectors/AES/rsp/CFB8VarKey192.rsp" || { echo "./testvectors/AES/req/CFB8VarKey192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8VarKey256.req" "./testvectors/AES/rsp/CFB8VarKey256.rsp" || { echo "./testvectors/AES/req/CFB8VarKey256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8VarTxt128.req" "./testvectors/AES/rsp/CFB8VarTxt128.rsp" || { echo "./testvectors/AES/req/CFB8VarTxt128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8VarTxt192.req" "./testvectors/AES/rsp/CFB8VarTxt192.rsp" || { echo "./testvectors/AES/req/CFB8VarTxt192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/CFB8VarTxt256.req" "./testvectors/AES/rsp/CFB8VarTxt256.rsp" || { echo "./testvectors/AES/req/CFB8VarTxt256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBGFSbox128.req" "./testvectors/AES/rsp/ECBGFSbox128.rsp" || { echo "./testvectors/AES/req/ECBGFSbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBGFSbox192.req" "./testvectors/AES/rsp/ECBGFSbox192.rsp" || { echo "./testvectors/AES/req/ECBGFSbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBGFSbox256.req" "./testvectors/AES/rsp/ECBGFSbox256.rsp" || { echo "./testvectors/AES/req/ECBGFSbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBKeySbox128.req" "./testvectors/AES/rsp/ECBKeySbox128.rsp" || { echo "./testvectors/AES/req/ECBKeySbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBKeySbox192.req" "./testvectors/AES/rsp/ECBKeySbox192.rsp" || { echo "./testvectors/AES/req/ECBKeySbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBKeySbox256.req" "./testvectors/AES/rsp/ECBKeySbox256.rsp" || { echo "./testvectors/AES/req/ECBKeySbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBMCT128.req" "./testvectors/AES/rsp/ECBMCT128.rsp" || { echo "./testvectors/AES/req/ECBMCT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBMCT192.req" "./testvectors/AES/rsp/ECBMCT192.rsp" || { echo "./testvectors/AES/req/ECBMCT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBMCT256.req" "./testvectors/AES/rsp/ECBMCT256.rsp" || { echo "./testvectors/AES/req/ECBMCT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBMMT128.req" "./testvectors/AES/rsp/ECBMMT128.rsp" || { echo "./testvectors/AES/req/ECBMMT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBMMT192.req" "./testvectors/AES/rsp/ECBMMT192.rsp" || { echo "./testvectors/AES/req/ECBMMT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBMMT256.req" "./testvectors/AES/rsp/ECBMMT256.rsp" || { echo "./testvectors/AES/req/ECBMMT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBVarKey128.req" "./testvectors/AES/rsp/ECBVarKey128.rsp" || { echo "./testvectors/AES/req/ECBVarKey128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBVarKey192.req" "./testvectors/AES/rsp/ECBVarKey192.rsp" || { echo "./testvectors/AES/req/ECBVarKey192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBVarKey256.req" "./testvectors/AES/rsp/ECBVarKey256.rsp" || { echo "./testvectors/AES/req/ECBVarKey256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBVarTxt128.req" "./testvectors/AES/rsp/ECBVarTxt128.rsp" || { echo "./testvectors/AES/req/ECBVarTxt128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBVarTxt192.req" "./testvectors/AES/rsp/ECBVarTxt192.rsp" || { echo "./testvectors/AES/req/ECBVarTxt192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/ECBVarTxt256.req" "./testvectors/AES/rsp/ECBVarTxt256.rsp" || { echo "./testvectors/AES/req/ECBVarTxt256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBGFSbox128.req" "./testvectors/AES/rsp/OFBGFSbox128.rsp" || { echo "./testvectors/AES/req/OFBGFSbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBGFSbox192.req" "./testvectors/AES/rsp/OFBGFSbox192.rsp" || { echo "./testvectors/AES/req/OFBGFSbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBGFSbox256.req" "./testvectors/AES/rsp/OFBGFSbox256.rsp" || { echo "./testvectors/AES/req/OFBGFSbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBKeySbox128.req" "./testvectors/AES/rsp/OFBKeySbox128.rsp" || { echo "./testvectors/AES/req/OFBKeySbox128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBKeySbox192.req" "./testvectors/AES/rsp/OFBKeySbox192.rsp" || { echo "./testvectors/AES/req/OFBKeySbox192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBKeySbox256.req" "./testvectors/AES/rsp/OFBKeySbox256.rsp" || { echo "./testvectors/AES/req/OFBKeySbox256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBMCT128.req" "./testvectors/AES/rsp/OFBMCT128.rsp" || { echo "./testvectors/AES/req/OFBMCT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBMCT192.req" "./testvectors/AES/rsp/OFBMCT192.rsp" || { echo "./testvectors/AES/req/OFBMCT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBMCT256.req" "./testvectors/AES/rsp/OFBMCT256.rsp" || { echo "./testvectors/AES/req/OFBMCT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBMMT128.req" "./testvectors/AES/rsp/OFBMMT128.rsp" || { echo "./testvectors/AES/req/OFBMMT128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBMMT192.req" "./testvectors/AES/rsp/OFBMMT192.rsp" || { echo "./testvectors/AES/req/OFBMMT192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBMMT256.req" "./testvectors/AES/rsp/OFBMMT256.rsp" || { echo "./testvectors/AES/req/OFBMMT256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBVarKey128.req" "./testvectors/AES/rsp/OFBVarKey128.rsp" || { echo "./testvectors/AES/req/OFBVarKey128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBVarKey192.req" "./testvectors/AES/rsp/OFBVarKey192.rsp" || { echo "./testvectors/AES/req/OFBVarKey192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBVarKey256.req" "./testvectors/AES/rsp/OFBVarKey256.rsp" || { echo "./testvectors/AES/req/OFBVarKey256.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBVarTxt128.req" "./testvectors/AES/rsp/OFBVarTxt128.rsp" || { echo "./testvectors/AES/req/OFBVarTxt128.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBVarTxt192.req" "./testvectors/AES/rsp/OFBVarTxt192.rsp" || { echo "./testvectors/AES/req/OFBVarTxt192.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_aesavs -f "./testvectors/AES/req/OFBVarTxt256.req" "./testvectors/AES/rsp/OFBVarTxt256.rsp" || { echo "./testvectors/AES/req/OFBVarTxt256.req failure" ; exit 1 
+}
+
+echo Running tests in "./testvectors/DSA/req"
+rm -rf "./testvectors/DSA/rsp"
+mkdir "./testvectors/DSA/rsp"
+
+../util/shlib_wrap.sh ../test/fips_dssvs keypair < "./testvectors/DSA/req/KeyPair.req" > "./testvectors/DSA/rsp/KeyPair.rsp" || { echo "./testvectors/DSA/req/KeyPair.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_dssvs pqg < "./testvectors/DSA/req/PQGGen.req" > "./testvectors/DSA/rsp/PQGGen.rsp" || { echo "./testvectors/DSA/req/PQGGen.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_dssvs siggen < "./testvectors/DSA/req/SigGen.req" > "./testvectors/DSA/rsp/SigGen.rsp" || { echo "./testvectors/DSA/req/SigGen.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_dssvs sigver < "./testvectors/DSA/req/SigVer.req" > "./testvectors/DSA/rsp/SigVer.rsp" || { echo "./testvectors/DSA/req/SigVer.req failure" ; exit 1; }
+
+echo Running tests in "./testvectors/HMAC/req"
+rm -rf "./testvectors/HMAC/rsp"
+mkdir "./testvectors/HMAC/rsp"
+
+../util/shlib_wrap.sh ../test/fips_hmactest < "./testvectors/HMAC/req/HMAC.req" > "./testvectors/HMAC/rsp/HMAC.rsp" || { echo "./testvectors/HMAC/req/HMAC.req failure" ; exit 1; }
+
+echo Running tests in "./testvectors/RNG/req"
+rm -rf "./testvectors/RNG/rsp"
+mkdir "./testvectors/RNG/rsp"
+
+../util/shlib_wrap.sh ../test/fips_rngvs mct < "./testvectors/RNG/req/ANSI931_AES128MCT.req" > "./testvectors/RNG/rsp/ANSI931_AES128MCT.rsp" || { echo "./testvectors/RNG/req/ANSI931_AES128MCT.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rngvs vst < "./testvectors/RNG/req/ANSI931_AES128VST.req" > "./testvectors/RNG/rsp/ANSI931_AES128VST.rsp" || { echo "./testvectors/RNG/req/ANSI931_AES128VST.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rngvs mct < "./testvectors/RNG/req/ANSI931_AES192MCT.req" > "./testvectors/RNG/rsp/ANSI931_AES192MCT.rsp" || { echo "./testvectors/RNG/req/ANSI931_AES192MCT.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rngvs vst < "./testvectors/RNG/req/ANSI931_AES192VST.req" > "./testvectors/RNG/rsp/ANSI931_AES192VST.rsp" || { echo "./testvectors/RNG/req/ANSI931_AES192VST.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rngvs mct < "./testvectors/RNG/req/ANSI931_AES256MCT.req" > "./testvectors/RNG/rsp/ANSI931_AES256MCT.rsp" || { echo "./testvectors/RNG/req/ANSI931_AES256MCT.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rngvs vst < "./testvectors/RNG/req/ANSI931_AES256VST.req" > "./testvectors/RNG/rsp/ANSI931_AES256VST.rsp" || { echo "./testvectors/RNG/req/ANSI931_AES256VST.req failure" ; exit 1; }
+
+echo Running tests in "./testvectors/RSA/req"
+rm -rf "./testvectors/RSA/rsp"
+mkdir "./testvectors/RSA/rsp"
+
+../util/shlib_wrap.sh ../test/fips_rsagtest < "./testvectors/RSA/req/KeyGenRSA.req" > "./testvectors/RSA/rsp/KeyGenRSA.rsp" || { echo "./testvectors/RSA/req/KeyGenRSA.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rsastest < "./testvectors/RSA/req/SigGen15.req" > "./testvectors/RSA/rsp/SigGen15.rsp" || { echo "./testvectors/RSA/req/SigGen15.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rsastest -saltlen 0 < "./testvectors/RSA/req/SigGenPSS.req" > "./testvectors/RSA/rsp/SigGenPSS.rsp" || { echo "./testvectors/RSA/req/SigGenPSS.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rsastest -x931 < "./testvectors/RSA/req/SigGenRSA.req" > "./testvectors/RSA/rsp/SigGenRSA.rsp" || { echo "./testvectors/RSA/req/SigGenRSA.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rsavtest < "./testvectors/RSA/req/SigVer15.req" > "./testvectors/RSA/rsp/SigVer15.rsp" || { echo "./testvectors/RSA/req/SigVer15.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rsavtest -saltlen 0 < "./testvectors/RSA/req/SigVerPSS.req" > "./testvectors/RSA/rsp/SigVerPSS.rsp" || { echo "./testvectors/RSA/req/SigVerPSS.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_rsavtest -x931 < "./testvectors/RSA/req/SigVerRSA.req" > "./testvectors/RSA/rsp/SigVerRSA.rsp" || { echo "./testvectors/RSA/req/SigVerRSA.req failure" ; exit 1; }
+
+echo Running tests in "./testvectors/SHA/req"
+rm -rf "./testvectors/SHA/rsp"
+mkdir "./testvectors/SHA/rsp"
+
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA1LongMsg.req" > "./testvectors/SHA/rsp/SHA1LongMsg.rsp" || { echo "./testvectors/SHA/req/SHA1LongMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA1Monte.req" > "./testvectors/SHA/rsp/SHA1Monte.rsp" || { echo "./testvectors/SHA/req/SHA1Monte.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA1ShortMsg.req" > "./testvectors/SHA/rsp/SHA1ShortMsg.rsp" || { echo "./testvectors/SHA/req/SHA1ShortMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA224LongMsg.req" > "./testvectors/SHA/rsp/SHA224LongMsg.rsp" || { echo "./testvectors/SHA/req/SHA224LongMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA224Monte.req" > "./testvectors/SHA/rsp/SHA224Monte.rsp" || { echo "./testvectors/SHA/req/SHA224Monte.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA224ShortMsg.req" > "./testvectors/SHA/rsp/SHA224ShortMsg.rsp" || { echo "./testvectors/SHA/req/SHA224ShortMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA256LongMsg.req" > "./testvectors/SHA/rsp/SHA256LongMsg.rsp" || { echo "./testvectors/SHA/req/SHA256LongMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA256Monte.req" > "./testvectors/SHA/rsp/SHA256Monte.rsp" || { echo "./testvectors/SHA/req/SHA256Monte.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA256ShortMsg.req" > "./testvectors/SHA/rsp/SHA256ShortMsg.rsp" || { echo "./testvectors/SHA/req/SHA256ShortMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA384LongMsg.req" > "./testvectors/SHA/rsp/SHA384LongMsg.rsp" || { echo "./testvectors/SHA/req/SHA384LongMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA384Monte.req" > "./testvectors/SHA/rsp/SHA384Monte.rsp" || { echo "./testvectors/SHA/req/SHA384Monte.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA384ShortMsg.req" > "./testvectors/SHA/rsp/SHA384ShortMsg.rsp" || { echo "./testvectors/SHA/req/SHA384ShortMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA512LongMsg.req" > "./testvectors/SHA/rsp/SHA512LongMsg.rsp" || { echo "./testvectors/SHA/req/SHA512LongMsg.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA512Monte.req" > "./testvectors/SHA/rsp/SHA512Monte.rsp" || { echo "./testvectors/SHA/req/SHA512Monte.req failure" ; exit 1; }
+../util/shlib_wrap.sh ../test/fips_shatest < "./testvectors/SHA/req/SHA512ShortMsg.req" > "./testvectors/SHA/rsp/SHA512ShortMsg.rsp" || { echo "./testvectors/SHA/req/SHA512ShortMsg.req failure" ; exit 1; }
+
+echo Running tests in "./testvectors/TDES/req"
+rm -rf "./testvectors/TDES/rsp"
+mkdir "./testvectors/TDES/rsp"
+
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCinvperm.req" "./testvectors/TDES/rsp/TCBCinvperm.rsp" || { echo "./testvectors/TDES/req/TCBCinvperm.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCMMT1.req" "./testvectors/TDES/rsp/TCBCMMT1.rsp" || { echo "./testvectors/TDES/req/TCBCMMT1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCMMT2.req" "./testvectors/TDES/rsp/TCBCMMT2.rsp" || { echo "./testvectors/TDES/req/TCBCMMT2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCMMT3.req" "./testvectors/TDES/rsp/TCBCMMT3.rsp" || { echo "./testvectors/TDES/req/TCBCMMT3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCMonte1.req" "./testvectors/TDES/rsp/TCBCMonte1.rsp" || { echo "./testvectors/TDES/req/TCBCMonte1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCMonte2.req" "./testvectors/TDES/rsp/TCBCMonte2.rsp" || { echo "./testvectors/TDES/req/TCBCMonte2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCMonte3.req" "./testvectors/TDES/rsp/TCBCMonte3.rsp" || { echo "./testvectors/TDES/req/TCBCMonte3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCpermop.req" "./testvectors/TDES/rsp/TCBCpermop.rsp" || { echo "./testvectors/TDES/req/TCBCpermop.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCsubtab.req" "./testvectors/TDES/rsp/TCBCsubtab.rsp" || { echo "./testvectors/TDES/req/TCBCsubtab.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCvarkey.req" "./testvectors/TDES/rsp/TCBCvarkey.rsp" || { echo "./testvectors/TDES/req/TCBCvarkey.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCBCvartext.req" "./testvectors/TDES/rsp/TCBCvartext.rsp" || { echo "./testvectors/TDES/req/TCBCvartext.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64invperm.req" "./testvectors/TDES/rsp/TCFB64invperm.rsp" || { echo "./testvectors/TDES/req/TCFB64invperm.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64MMT1.req" "./testvectors/TDES/rsp/TCFB64MMT1.rsp" || { echo "./testvectors/TDES/req/TCFB64MMT1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64MMT2.req" "./testvectors/TDES/rsp/TCFB64MMT2.rsp" || { echo "./testvectors/TDES/req/TCFB64MMT2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64MMT3.req" "./testvectors/TDES/rsp/TCFB64MMT3.rsp" || { echo "./testvectors/TDES/req/TCFB64MMT3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64Monte1.req" "./testvectors/TDES/rsp/TCFB64Monte1.rsp" || { echo "./testvectors/TDES/req/TCFB64Monte1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64Monte2.req" "./testvectors/TDES/rsp/TCFB64Monte2.rsp" || { echo "./testvectors/TDES/req/TCFB64Monte2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64Monte3.req" "./testvectors/TDES/rsp/TCFB64Monte3.rsp" || { echo "./testvectors/TDES/req/TCFB64Monte3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64permop.req" "./testvectors/TDES/rsp/TCFB64permop.rsp" || { echo "./testvectors/TDES/req/TCFB64permop.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64subtab.req" "./testvectors/TDES/rsp/TCFB64subtab.rsp" || { echo "./testvectors/TDES/req/TCFB64subtab.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64varkey.req" "./testvectors/TDES/rsp/TCFB64varkey.rsp" || { echo "./testvectors/TDES/req/TCFB64varkey.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB64vartext.req" "./testvectors/TDES/rsp/TCFB64vartext.rsp" || { echo "./testvectors/TDES/req/TCFB64vartext.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8invperm.req" "./testvectors/TDES/rsp/TCFB8invperm.rsp" || { echo "./testvectors/TDES/req/TCFB8invperm.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8MMT1.req" "./testvectors/TDES/rsp/TCFB8MMT1.rsp" || { echo "./testvectors/TDES/req/TCFB8MMT1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8MMT2.req" "./testvectors/TDES/rsp/TCFB8MMT2.rsp" || { echo "./testvectors/TDES/req/TCFB8MMT2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8MMT3.req" "./testvectors/TDES/rsp/TCFB8MMT3.rsp" || { echo "./testvectors/TDES/req/TCFB8MMT3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8Monte1.req" "./testvectors/TDES/rsp/TCFB8Monte1.rsp" || { echo "./testvectors/TDES/req/TCFB8Monte1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8Monte2.req" "./testvectors/TDES/rsp/TCFB8Monte2.rsp" || { echo "./testvectors/TDES/req/TCFB8Monte2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8Monte3.req" "./testvectors/TDES/rsp/TCFB8Monte3.rsp" || { echo "./testvectors/TDES/req/TCFB8Monte3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8permop.req" "./testvectors/TDES/rsp/TCFB8permop.rsp" || { echo "./testvectors/TDES/req/TCFB8permop.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8subtab.req" "./testvectors/TDES/rsp/TCFB8subtab.rsp" || { echo "./testvectors/TDES/req/TCFB8subtab.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8varkey.req" "./testvectors/TDES/rsp/TCFB8varkey.rsp" || { echo "./testvectors/TDES/req/TCFB8varkey.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TCFB8vartext.req" "./testvectors/TDES/rsp/TCFB8vartext.rsp" || { echo "./testvectors/TDES/req/TCFB8vartext.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBinvperm.req" "./testvectors/TDES/rsp/TECBinvperm.rsp" || { echo "./testvectors/TDES/req/TECBinvperm.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBMMT1.req" "./testvectors/TDES/rsp/TECBMMT1.rsp" || { echo "./testvectors/TDES/req/TECBMMT1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBMMT2.req" "./testvectors/TDES/rsp/TECBMMT2.rsp" || { echo "./testvectors/TDES/req/TECBMMT2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBMMT3.req" "./testvectors/TDES/rsp/TECBMMT3.rsp" || { echo "./testvectors/TDES/req/TECBMMT3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBMonte1.req" "./testvectors/TDES/rsp/TECBMonte1.rsp" || { echo "./testvectors/TDES/req/TECBMonte1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBMonte2.req" "./testvectors/TDES/rsp/TECBMonte2.rsp" || { echo "./testvectors/TDES/req/TECBMonte2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBMonte3.req" "./testvectors/TDES/rsp/TECBMonte3.rsp" || { echo "./testvectors/TDES/req/TECBMonte3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBpermop.req" "./testvectors/TDES/rsp/TECBpermop.rsp" || { echo "./testvectors/TDES/req/TECBpermop.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBsubtab.req" "./testvectors/TDES/rsp/TECBsubtab.rsp" || { echo "./testvectors/TDES/req/TECBsubtab.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBvarkey.req" "./testvectors/TDES/rsp/TECBvarkey.rsp" || { echo "./testvectors/TDES/req/TECBvarkey.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TECBvartext.req" "./testvectors/TDES/rsp/TECBvartext.rsp" || { echo "./testvectors/TDES/req/TECBvartext.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBinvperm.req" "./testvectors/TDES/rsp/TOFBinvperm.rsp" || { echo "./testvectors/TDES/req/TOFBinvperm.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBMMT1.req" "./testvectors/TDES/rsp/TOFBMMT1.rsp" || { echo "./testvectors/TDES/req/TOFBMMT1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBMMT2.req" "./testvectors/TDES/rsp/TOFBMMT2.rsp" || { echo "./testvectors/TDES/req/TOFBMMT2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBMMT3.req" "./testvectors/TDES/rsp/TOFBMMT3.rsp" || { echo "./testvectors/TDES/req/TOFBMMT3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBMonte1.req" "./testvectors/TDES/rsp/TOFBMonte1.rsp" || { echo "./testvectors/TDES/req/TOFBMonte1.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBMonte2.req" "./testvectors/TDES/rsp/TOFBMonte2.rsp" || { echo "./testvectors/TDES/req/TOFBMonte2.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBMonte3.req" "./testvectors/TDES/rsp/TOFBMonte3.rsp" || { echo "./testvectors/TDES/req/TOFBMonte3.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBpermop.req" "./testvectors/TDES/rsp/TOFBpermop.rsp" || { echo "./testvectors/TDES/req/TOFBpermop.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBsubtab.req" "./testvectors/TDES/rsp/TOFBsubtab.rsp" || { echo "./testvectors/TDES/req/TOFBsubtab.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBvarkey.req" "./testvectors/TDES/rsp/TOFBvarkey.rsp" || { echo "./testvectors/TDES/req/TOFBvarkey.req failure" ; exit 1 
+}
+../util/shlib_wrap.sh ../test/fips_desmovs -f "./testvectors/TDES/req/TOFBvartext.req" "./testvectors/TDES/rsp/TOFBvartext.rsp" || { echo "./testvectors/TDES/req/TOFBvartext.req failure" ; exit 1 
+}
diff --git a/src/lib/libssl/src/fips/hmac/Makefile b/src/lib/libssl/src/fips/hmac/Makefile
new file mode 100644
index 0000000000..be230ade9d
--- /dev/null
+++ b/src/lib/libssl/src/fips/hmac/Makefile
@@ -0,0 +1,123 @@
+#
+# OpenSSL/fips/hmac/Makefile
+#
+
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=fips_hmactest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_hmac.c fips_hmac_selftest.c
+LIBOBJ=fips_hmac.o fips_hmac_selftest.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=
+HEADER= $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+        @echo $(LIBOBJ) > lib
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do \
+          (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+          chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+Q=../testvectors/hmac/req
+A=../testvectors/hmac/rsp
+
+fips_test:
+        -rm -rf $(A)
+        mkdir $(A)
+        if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_hmac.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h
+fips_hmac.o: ../../include/openssl/objects.h
+fips_hmac.o: ../../include/openssl/opensslconf.h
+fips_hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_hmac.o: ../../include/openssl/symhacks.h fips_hmac.c
+fips_hmac_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_hmac_selftest.o: ../../include/openssl/crypto.h
+fips_hmac_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_hmac_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_hmac_selftest.o: ../../include/openssl/hmac.h
+fips_hmac_selftest.o: ../../include/openssl/lhash.h
+fips_hmac_selftest.o: ../../include/openssl/obj_mac.h
+fips_hmac_selftest.o: ../../include/openssl/objects.h
+fips_hmac_selftest.o: ../../include/openssl/opensslconf.h
+fips_hmac_selftest.o: ../../include/openssl/opensslv.h
+fips_hmac_selftest.o: ../../include/openssl/ossl_typ.h
+fips_hmac_selftest.o: ../../include/openssl/safestack.h
+fips_hmac_selftest.o: ../../include/openssl/stack.h
+fips_hmac_selftest.o: ../../include/openssl/symhacks.h fips_hmac_selftest.c
+fips_hmactest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_hmactest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_hmactest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_hmactest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_hmactest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_hmactest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_hmactest.o: ../../include/openssl/fips.h ../../include/openssl/hmac.h
+fips_hmactest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_hmactest.o: ../../include/openssl/objects.h
+fips_hmactest.o: ../../include/openssl/opensslconf.h
+fips_hmactest.o: ../../include/openssl/opensslv.h
+fips_hmactest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_hmactest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_hmactest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_hmactest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+fips_hmactest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_hmactest.c
diff --git a/src/lib/libssl/src/fips/hmac/fips_hmac.c b/src/lib/libssl/src/fips/hmac/fips_hmac.c
new file mode 100644
index 0000000000..7c49c9882a
--- /dev/null
+++ b/src/lib/libssl/src/fips/hmac/fips_hmac.c
@@ -0,0 +1,191 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                  const EVP_MD *md, ENGINE *impl)
+        {
+        int i,j,reset=0;
+        unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+        if (md != NULL)
+                {
+                reset=1;
+                ctx->md=md;
+                }
+        else
+                md=ctx->md;
+
+        if (key != NULL)
+                {
+                if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
+                && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+                 || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+                 || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
+                OpenSSLDie(__FILE__,__LINE__,
+                        "HMAC: digest not allowed in FIPS mode");
+                
+                reset=1;
+                j=M_EVP_MD_block_size(md);
+                OPENSSL_assert(j <= sizeof ctx->key);
+                if (j < len)
+                        {
+                        EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
+                        EVP_DigestUpdate(&ctx->md_ctx,key,len);
+                        EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
+                                &ctx->key_length);
+                        }
+                else
+                        {
+                        OPENSSL_assert(len <= sizeof ctx->key);
+                        memcpy(ctx->key,key,len);
+                        ctx->key_length=len;
+                        }
+                if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
+                        memset(&ctx->key[ctx->key_length], 0,
+                                HMAC_MAX_MD_CBLOCK - ctx->key_length);
+                }
+
+        if (reset)      
+                {
+                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+                        pad[i]=0x36^ctx->key[i];
+                EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
+                EVP_DigestUpdate(&ctx->i_ctx,pad,M_EVP_MD_block_size(md));
+
+                for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
+                        pad[i]=0x5c^ctx->key[i];
+                EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
+                EVP_DigestUpdate(&ctx->o_ctx,pad,M_EVP_MD_block_size(md));
+                }
+        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+        }
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+               const EVP_MD *md)
+        {
+        if(key && md)
+            HMAC_CTX_init(ctx);
+        HMAC_Init_ex(ctx,key,len,md, NULL);
+        }
+
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+        {
+        EVP_DigestUpdate(&ctx->md_ctx,data,len);
+        }
+
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+        {
+        int j;
+        unsigned int i;
+        unsigned char buf[EVP_MAX_MD_SIZE];
+
+        j=M_EVP_MD_block_size(ctx->md);
+
+        EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+        EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+        EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+        EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+        }
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+        {
+        EVP_MD_CTX_init(&ctx->i_ctx);
+        EVP_MD_CTX_init(&ctx->o_ctx);
+        EVP_MD_CTX_init(&ctx->md_ctx);
+        }
+
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+        {
+        EVP_MD_CTX_cleanup(&ctx->i_ctx);
+        EVP_MD_CTX_cleanup(&ctx->o_ctx);
+        EVP_MD_CTX_cleanup(&ctx->md_ctx);
+        memset(ctx,0,sizeof *ctx);
+        }
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len)
+        {
+        HMAC_CTX c;
+        static unsigned char m[EVP_MAX_MD_SIZE];
+
+        if (md == NULL) md=m;
+        HMAC_CTX_init(&c);
+        HMAC_Init(&c,key,key_len,evp_md);
+        HMAC_Update(&c,d,n);
+        HMAC_Final(&c,md,md_len);
+        HMAC_CTX_cleanup(&c);
+        return(md);
+        }
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+        {
+        M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+        M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+        M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+        }
+
+#endif
+
diff --git a/src/lib/libssl/src/fips/hmac/fips_hmac_selftest.c b/src/lib/libssl/src/fips/hmac/fips_hmac_selftest.c
new file mode 100644
index 0000000000..a697770732
--- /dev/null
+++ b/src/lib/libssl/src/fips/hmac/fips_hmac_selftest.c
@@ -0,0 +1,135 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/hmac.h>
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+        const EVP_MD *(*alg)(void);
+        const char *key, *iv;
+        unsigned char kaval[EVP_MAX_MD_SIZE];
+} HMAC_KAT;
+
+static const HMAC_KAT vector[] = {
+    {   EVP_sha1,
+        /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
+        "0123456789:;<=>?@ABC",
+        "Sample #2",
+        { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
+          0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
+          0xc6,0xc7,0x5d,0x24 }
+    },
+    {   EVP_sha224,
+        /* just keep extending the above... */
+        "0123456789:;<=>?@ABC",
+        "Sample #2",
+        { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
+          0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
+          0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
+          0x8c,0x8d,0x12,0xc7 }
+    },
+    {   EVP_sha256,
+        "0123456789:;<=>?@ABC",
+        "Sample #2",
+        { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
+          0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
+          0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
+          0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
+    },
+    {   EVP_sha384,
+        "0123456789:;<=>?@ABC",
+        "Sample #2",
+        { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
+          0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
+          0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
+          0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
+          0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
+          0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
+    },
+    {   EVP_sha512,
+        "0123456789:;<=>?@ABC",
+        "Sample #2",
+        { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
+          0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
+          0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
+          0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
+          0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
+          0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
+          0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
+          0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
+    },
+};
+
+int FIPS_selftest_hmac()
+    {
+    int n;
+    unsigned int    outlen;
+    unsigned char   out[EVP_MAX_MD_SIZE];
+    const EVP_MD   *md;
+    const HMAC_KAT *t;
+
+    for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+        {
+        md = (*t->alg)();
+        HMAC(md,t->key,strlen(t->key),
+                (const unsigned char *)t->iv,strlen(t->iv),
+                out,&outlen);
+
+        if(memcmp(out,t->kaval,outlen))
+            {
+            FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
+            return 0;
+            }
+        }
+    return 1;
+    }
+#endif
diff --git a/src/lib/libssl/src/fips/hmac/fips_hmactest.c b/src/lib/libssl/src/fips/hmac/fips_hmactest.c
new file mode 100644
index 0000000000..69ebf68622
--- /dev/null
+++ b/src/lib/libssl/src/fips/hmac/fips_hmactest.c
@@ -0,0 +1,328 @@
+/* fips_hmactest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS HMAC support\n");
+    return(0);
+}
+
+#else
+
+#include <openssl/fips.h>
+#include "fips_utl.h"
+
+static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
+static int print_hmac(const EVP_MD *md, FILE *out,
+                unsigned char *Key, int Klen,
+                unsigned char *Msg, int Msglen, int Tlen);
+
+int main(int argc, char **argv)
+        {
+        FILE *in = NULL, *out = NULL;
+
+        int ret = 1;
+
+        if(!FIPS_mode_set(1))
+                {
+                do_print_errors();
+                goto end;
+                }
+
+        if (argc == 1)
+                in = stdin;
+        else
+                in = fopen(argv[1], "r");
+
+        if (argc < 2)
+                out = stdout;
+        else
+                out = fopen(argv[2], "w");
+
+        if (!in)
+                {
+                fprintf(stderr, "FATAL input initialization error\n");
+                goto end;
+                }
+
+        if (!out)
+                {
+                fprintf(stderr, "FATAL output initialization error\n");
+                goto end;
+                }
+
+        if (!hmac_test(EVP_sha1(), out, in))
+                {
+                fprintf(stderr, "FATAL hmac file processing error\n");
+                goto end;
+                }
+        else
+                ret = 0;
+
+        end:
+
+        if (ret)
+                do_print_errors();
+
+        if (in && (in != stdin))
+                fclose(in);
+        if (out && (out != stdout))
+                fclose(out);
+
+        return ret;
+
+        }
+
+#define HMAC_TEST_MAXLINELEN    1024
+
+int hmac_test(const EVP_MD *md, FILE *out, FILE *in)
+        {
+        char *linebuf, *olinebuf, *p, *q;
+        char *keyword, *value;
+        unsigned char *Key = NULL, *Msg = NULL;
+        int Count, Klen, Tlen;
+        long Keylen, Msglen;
+        int ret = 0;
+        int lnum = 0;
+
+        olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+        linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+
+        if (!linebuf || !olinebuf)
+                goto error;
+
+        Count = -1;
+        Klen = -1;
+        Tlen = -1;
+
+        while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in))
+                {
+                lnum++;
+                strcpy(linebuf, olinebuf);
+                keyword = linebuf;
+                /* Skip leading space */
+                while (isspace((unsigned char)*keyword))
+                        keyword++;
+
+                /* Look for = sign */
+                p = strchr(linebuf, '=');
+
+                /* If no = or starts with [ (for [L=20] line) just copy */
+                if (!p)
+                        {
+                        if (fputs(olinebuf, out) < 0)
+                                goto error;
+                        continue;
+                        }
+
+                q = p - 1;
+
+                /* Remove trailing space */
+                while (isspace((unsigned char)*q))
+                        *q-- = 0;
+
+                *p = 0;
+                value = p + 1;
+
+                /* Remove leading space from value */
+                while (isspace((unsigned char)*value))
+                        value++;
+
+                /* Remove trailing space from value */
+                p = value + strlen(value) - 1;
+
+                while (*p == '\n' || isspace((unsigned char)*p))
+                        *p-- = 0;
+
+                if (!strcmp(keyword,"[L") && *p==']')
+                        {
+                        switch (atoi(value))
+                                {
+                                case 20: md=EVP_sha1();   break;
+                                case 28: md=EVP_sha224(); break;
+                                case 32: md=EVP_sha256(); break;
+                                case 48: md=EVP_sha384(); break;
+                                case 64: md=EVP_sha512(); break;
+                                default: goto parse_error;
+                                }
+                        }
+                else if (!strcmp(keyword, "Count"))
+                        {
+                        if (Count != -1)
+                                goto parse_error;
+                        Count = atoi(value);
+                        if (Count < 0)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Klen"))
+                        {
+                        if (Klen != -1)
+                                goto parse_error;
+                        Klen = atoi(value);
+                        if (Klen < 0)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Tlen"))
+                        {
+                        if (Tlen != -1)
+                                goto parse_error;
+                        Tlen = atoi(value);
+                        if (Tlen < 0)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Msg"))
+                        {
+                        if (Msg)
+                                goto parse_error;
+                        Msg = hex2bin_m(value, &Msglen);
+                        if (!Msg)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Key"))
+                        {
+                        if (Key)
+                                goto parse_error;
+                        Key = hex2bin_m(value, &Keylen);
+                        if (!Key)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Mac"))
+                        continue;
+                else
+                        goto parse_error;
+
+                fputs(olinebuf, out);
+
+                if (Key && Msg && (Tlen > 0) && (Klen > 0))
+                        {
+                        if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen))
+                                goto error;
+                        OPENSSL_free(Key);
+                        Key = NULL;
+                        OPENSSL_free(Msg);
+                        Msg = NULL;
+                        Klen = -1;
+                        Tlen = -1;
+                        Count = -1;
+                        }
+
+                }
+
+
+        ret = 1;
+
+
+        error:
+
+        if (olinebuf)
+                OPENSSL_free(olinebuf);
+        if (linebuf)
+                OPENSSL_free(linebuf);
+        if (Key)
+                OPENSSL_free(Key);
+        if (Msg)
+                OPENSSL_free(Msg);
+
+        return ret;
+
+        parse_error:
+
+        fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+        goto error;
+
+        }
+
+static int print_hmac(const EVP_MD *emd, FILE *out,
+                unsigned char *Key, int Klen,
+                unsigned char *Msg, int Msglen, int Tlen)
+        {
+        int i, mdlen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        if (!HMAC(emd, Key, Klen, Msg, Msglen, md,
+                                                (unsigned int *)&mdlen))
+                {
+                fputs("Error calculating HMAC\n", stderr);
+                return 0;
+                }
+        if (Tlen > mdlen)
+                {
+                fputs("Parameter error, Tlen > HMAC length\n", stderr);
+                return 0;
+                }
+        fputs("Mac = ", out);
+        for (i = 0; i < Tlen; i++)
+                fprintf(out, "%02x", md[i]);
+        fputs("\n", out);
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/fips/install.com b/src/lib/libssl/src/fips/install.com
index aa19f0599d..a2d22d387f 100644
--- a/src/lib/libssl/src/fips/install.com
+++ b/src/lib/libssl/src/fips/install.com
@@ -26,14 +26,16 @@ $	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
 $       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
            CREATE/DIR/LOG WRK_SSLINCLUDE:
 $
-$       FDIRS := ,RAND,SHA1,DES,AES,DSA,RSA
+$       FDIRS := ,RAND,SHA,DES,AES,DSA,RSA,DH,HMAC
 $       EXHEADER_ := fips.h
-$       EXHEADER_SHA1 :=
+$       EXHEADER_SHA := fips_sha.h
 $       EXHEADER_RAND := fips_rand.h
 $       EXHEADER_DES :=
 $       EXHEADER_AES :=
 $       EXHEADER_DSA :=
 $       EXHEADER_RSA :=
+$       EXHEADER_DH :=
+$       EXHEADER_HMAC :=
 $
 $       I = 0
 $ LOOP_FDIRS: 
diff --git a/src/lib/libssl/src/fips/mkfipsscr.pl b/src/lib/libssl/src/fips/mkfipsscr.pl
new file mode 100644
index 0000000000..dc60cdf580
--- /dev/null
+++ b/src/lib/libssl/src/fips/mkfipsscr.pl
@@ -0,0 +1,632 @@
+#!/usr/local/bin/perl -w
+# Quick & dirty utility to generate a script for executing the
+# FIPS 140-2 CMVP algorithm tests based on the pathnames of
+# input algorithm test files actually present (the unqualified
+# file names are consistent but the pathnames are not).
+#
+
+# List of all the unqualified file names we expect.
+my %fips_tests = (
+
+# FIPS test definitions
+
+# DSA tests
+
+"PQGGen" => "fips_dssvs pqg",
+"KeyPair" => "fips_dssvs keypair",
+"SigGen" => "fips_dssvs siggen",
+"SigVer" => "fips_dssvs sigver",
+
+# SHA tests
+
+"SHA1LongMsg" => "fips_shatest",
+"SHA1Monte" => "fips_shatest",
+"SHA1ShortMsg" => "fips_shatest",
+"SHA224LongMsg" => "fips_shatest",
+"SHA224Monte" => "fips_shatest",
+"SHA224ShortMsg" => "fips_shatest",
+"SHA256LongMsg" => "fips_shatest",
+"SHA256Monte" => "fips_shatest",
+"SHA256ShortMsg" => "fips_shatest",
+"SHA384LongMsg" => "fips_shatest",
+"SHA384Monte" => "fips_shatest",
+"SHA384ShortMsg" => "fips_shatest",
+"SHA512LongMsg" => "fips_shatest",
+"SHA512Monte" => "fips_shatest",
+"SHA512ShortMsg" => "fips_shatest",
+
+# HMAC
+
+"HMAC" => "fips_hmactest",
+
+# RAND tests
+
+"ANSI931_AES128MCT" => "fips_rngvs mct",
+"ANSI931_AES192MCT" => "fips_rngvs mct",
+"ANSI931_AES256MCT" => "fips_rngvs mct",
+"ANSI931_AES128VST" => "fips_rngvs vst",
+"ANSI931_AES192VST" => "fips_rngvs vst",
+"ANSI931_AES256VST" => "fips_rngvs vst",
+
+# RSA tests
+
+"SigGen15" => "fips_rsastest",
+"SigVer15" => "fips_rsavtest",
+"SigGenPSS" => "fips_rsastest -saltlen SALT",
+"SigVerPSS" => "fips_rsavtest -saltlen SALT",
+"SigGenRSA" => "fips_rsastest -x931",
+"SigVerRSA" => "fips_rsavtest -x931",
+"KeyGenRSA" => "fips_rsagtest",
+
+# AES tests
+
+"CBCGFSbox128" => "fips_aesavs -f",
+"CBCGFSbox192" => "fips_aesavs -f",
+"CBCGFSbox256" => "fips_aesavs -f",
+"CBCKeySbox128" => "fips_aesavs -f",
+"CBCKeySbox192" => "fips_aesavs -f",
+"CBCKeySbox256" => "fips_aesavs -f",
+"CBCMCT128" => "fips_aesavs -f",
+"CBCMCT192" => "fips_aesavs -f",
+"CBCMCT256" => "fips_aesavs -f",
+"CBCMMT128" => "fips_aesavs -f",
+"CBCMMT192" => "fips_aesavs -f",
+"CBCMMT256" => "fips_aesavs -f",
+"CBCVarKey128" => "fips_aesavs -f",
+"CBCVarKey192" => "fips_aesavs -f",
+"CBCVarKey256" => "fips_aesavs -f",
+"CBCVarTxt128" => "fips_aesavs -f",
+"CBCVarTxt192" => "fips_aesavs -f",
+"CBCVarTxt256" => "fips_aesavs -f",
+"CFB128GFSbox128" => "fips_aesavs -f",
+"CFB128GFSbox192" => "fips_aesavs -f",
+"CFB128GFSbox256" => "fips_aesavs -f",
+"CFB128KeySbox128" => "fips_aesavs -f",
+"CFB128KeySbox192" => "fips_aesavs -f",
+"CFB128KeySbox256" => "fips_aesavs -f",
+"CFB128MCT128" => "fips_aesavs -f",
+"CFB128MCT192" => "fips_aesavs -f",
+"CFB128MCT256" => "fips_aesavs -f",
+"CFB128MMT128" => "fips_aesavs -f",
+"CFB128MMT192" => "fips_aesavs -f",
+"CFB128MMT256" => "fips_aesavs -f",
+"CFB128VarKey128" => "fips_aesavs -f",
+"CFB128VarKey192" => "fips_aesavs -f",
+"CFB128VarKey256" => "fips_aesavs -f",
+"CFB128VarTxt128" => "fips_aesavs -f",
+"CFB128VarTxt192" => "fips_aesavs -f",
+"CFB128VarTxt256" => "fips_aesavs -f",
+"CFB8GFSbox128" => "fips_aesavs -f",
+"CFB8GFSbox192" => "fips_aesavs -f",
+"CFB8GFSbox256" => "fips_aesavs -f",
+"CFB8KeySbox128" => "fips_aesavs -f",
+"CFB8KeySbox192" => "fips_aesavs -f",
+"CFB8KeySbox256" => "fips_aesavs -f",
+"CFB8MCT128" => "fips_aesavs -f",
+"CFB8MCT192" => "fips_aesavs -f",
+"CFB8MCT256" => "fips_aesavs -f",
+"CFB8MMT128" => "fips_aesavs -f",
+"CFB8MMT192" => "fips_aesavs -f",
+"CFB8MMT256" => "fips_aesavs -f",
+"CFB8VarKey128" => "fips_aesavs -f",
+"CFB8VarKey192" => "fips_aesavs -f",
+"CFB8VarKey256" => "fips_aesavs -f",
+"CFB8VarTxt128" => "fips_aesavs -f",
+"CFB8VarTxt192" => "fips_aesavs -f",
+"CFB8VarTxt256" => "fips_aesavs -f",
+#"CFB1GFSbox128" => "fips_aesavs -f",
+#"CFB1GFSbox192" => "fips_aesavs -f",
+#"CFB1GFSbox256" => "fips_aesavs -f",
+#"CFB1KeySbox128" => "fips_aesavs -f",
+#"CFB1KeySbox192" => "fips_aesavs -f",
+#"CFB1KeySbox256" => "fips_aesavs -f",
+#"CFB1MCT128" => "fips_aesavs -f",
+#"CFB1MCT192" => "fips_aesavs -f",
+#"CFB1MCT256" => "fips_aesavs -f",
+#"CFB1MMT128" => "fips_aesavs -f",
+#"CFB1MMT192" => "fips_aesavs -f",
+#"CFB1MMT256" => "fips_aesavs -f",
+#"CFB1VarKey128" => "fips_aesavs -f",
+#"CFB1VarKey192" => "fips_aesavs -f",
+#"CFB1VarKey256" => "fips_aesavs -f",
+#"CFB1VarTxt128" => "fips_aesavs -f",
+#"CFB1VarTxt192" => "fips_aesavs -f",
+#"CFB1VarTxt256" => "fips_aesavs -f",
+"ECBGFSbox128" => "fips_aesavs -f",
+"ECBGFSbox192" => "fips_aesavs -f",
+"ECBGFSbox256" => "fips_aesavs -f",
+"ECBKeySbox128" => "fips_aesavs -f",
+"ECBKeySbox192" => "fips_aesavs -f",
+"ECBKeySbox256" => "fips_aesavs -f",
+"ECBMCT128" => "fips_aesavs -f",
+"ECBMCT192" => "fips_aesavs -f",
+"ECBMCT256" => "fips_aesavs -f",
+"ECBMMT128" => "fips_aesavs -f",
+"ECBMMT192" => "fips_aesavs -f",
+"ECBMMT256" => "fips_aesavs -f",
+"ECBVarKey128" => "fips_aesavs -f",
+"ECBVarKey192" => "fips_aesavs -f",
+"ECBVarKey256" => "fips_aesavs -f",
+"ECBVarTxt128" => "fips_aesavs -f",
+"ECBVarTxt192" => "fips_aesavs -f",
+"ECBVarTxt256" => "fips_aesavs -f",
+"OFBGFSbox128" => "fips_aesavs -f",
+"OFBGFSbox192" => "fips_aesavs -f",
+"OFBGFSbox256" => "fips_aesavs -f",
+"OFBKeySbox128" => "fips_aesavs -f",
+"OFBKeySbox192" => "fips_aesavs -f",
+"OFBKeySbox256" => "fips_aesavs -f",
+"OFBMCT128" => "fips_aesavs -f",
+"OFBMCT192" => "fips_aesavs -f",
+"OFBMCT256" => "fips_aesavs -f",
+"OFBMMT128" => "fips_aesavs -f",
+"OFBMMT192" => "fips_aesavs -f",
+"OFBMMT256" => "fips_aesavs -f",
+"OFBVarKey128" => "fips_aesavs -f",
+"OFBVarKey192" => "fips_aesavs -f",
+"OFBVarKey256" => "fips_aesavs -f",
+"OFBVarTxt128" => "fips_aesavs -f",
+"OFBVarTxt192" => "fips_aesavs -f",
+"OFBVarTxt256" => "fips_aesavs -f",
+
+# Triple DES tests
+
+"TCBCinvperm" => "fips_desmovs -f",
+"TCBCMMT1" => "fips_desmovs -f",
+"TCBCMMT2" => "fips_desmovs -f",
+"TCBCMMT3" => "fips_desmovs -f",
+"TCBCMonte1" => "fips_desmovs -f",
+"TCBCMonte2" => "fips_desmovs -f",
+"TCBCMonte3" => "fips_desmovs -f",
+"TCBCpermop" => "fips_desmovs -f",
+"TCBCsubtab" => "fips_desmovs -f",
+"TCBCvarkey" => "fips_desmovs -f",
+"TCBCvartext" => "fips_desmovs -f",
+"TCFB64invperm" => "fips_desmovs -f",
+"TCFB64MMT1" => "fips_desmovs -f",
+"TCFB64MMT2" => "fips_desmovs -f",
+"TCFB64MMT3" => "fips_desmovs -f",
+"TCFB64Monte1" => "fips_desmovs -f",
+"TCFB64Monte2" => "fips_desmovs -f",
+"TCFB64Monte3" => "fips_desmovs -f",
+"TCFB64permop" => "fips_desmovs -f",
+"TCFB64subtab" => "fips_desmovs -f",
+"TCFB64varkey" => "fips_desmovs -f",
+"TCFB64vartext" => "fips_desmovs -f",
+"TCFB8invperm" => "fips_desmovs -f",
+"TCFB8MMT1" => "fips_desmovs -f",
+"TCFB8MMT2" => "fips_desmovs -f",
+"TCFB8MMT3" => "fips_desmovs -f",
+"TCFB8Monte1" => "fips_desmovs -f",
+"TCFB8Monte2" => "fips_desmovs -f",
+"TCFB8Monte3" => "fips_desmovs -f",
+"TCFB8permop" => "fips_desmovs -f",
+"TCFB8subtab" => "fips_desmovs -f",
+"TCFB8varkey" => "fips_desmovs -f",
+"TCFB8vartext" => "fips_desmovs -f",
+"TECBinvperm" => "fips_desmovs -f",
+"TECBMMT1" => "fips_desmovs -f",
+"TECBMMT2" => "fips_desmovs -f",
+"TECBMMT3" => "fips_desmovs -f",
+"TECBMonte1" => "fips_desmovs -f",
+"TECBMonte2" => "fips_desmovs -f",
+"TECBMonte3" => "fips_desmovs -f",
+"TECBpermop" => "fips_desmovs -f",
+"TECBsubtab" => "fips_desmovs -f",
+"TECBvarkey" => "fips_desmovs -f",
+"TECBvartext" => "fips_desmovs -f",
+"TOFBinvperm" => "fips_desmovs -f",
+"TOFBMMT1" => "fips_desmovs -f",
+"TOFBMMT2" => "fips_desmovs -f",
+"TOFBMMT3" => "fips_desmovs -f",
+"TOFBMonte1" => "fips_desmovs -f",
+"TOFBMonte2" => "fips_desmovs -f",
+"TOFBMonte3" => "fips_desmovs -f",
+"TOFBpermop" => "fips_desmovs -f",
+"TOFBsubtab" => "fips_desmovs -f",
+"TOFBvarkey" => "fips_desmovs -f",
+"TOFBvartext" => "fips_desmovs -f",
+"TCBCinvperm" => "fips_desmovs -f",
+"TCBCMMT1" => "fips_desmovs -f",
+"TCBCMMT2" => "fips_desmovs -f",
+"TCBCMMT3" => "fips_desmovs -f",
+"TCBCMonte1" => "fips_desmovs -f",
+"TCBCMonte2" => "fips_desmovs -f",
+"TCBCMonte3" => "fips_desmovs -f",
+"TCBCpermop" => "fips_desmovs -f",
+"TCBCsubtab" => "fips_desmovs -f",
+"TCBCvarkey" => "fips_desmovs -f",
+"TCBCvartext" => "fips_desmovs -f",
+"TCFB64invperm" => "fips_desmovs -f",
+"TCFB64MMT1" => "fips_desmovs -f",
+"TCFB64MMT2" => "fips_desmovs -f",
+"TCFB64MMT3" => "fips_desmovs -f",
+"TCFB64Monte1" => "fips_desmovs -f",
+"TCFB64Monte2" => "fips_desmovs -f",
+"TCFB64Monte3" => "fips_desmovs -f",
+"TCFB64permop" => "fips_desmovs -f",
+"TCFB64subtab" => "fips_desmovs -f",
+"TCFB64varkey" => "fips_desmovs -f",
+"TCFB64vartext" => "fips_desmovs -f",
+"TCFB8invperm" => "fips_desmovs -f",
+"TCFB8MMT1" => "fips_desmovs -f",
+"TCFB8MMT2" => "fips_desmovs -f",
+"TCFB8MMT3" => "fips_desmovs -f",
+"TCFB8Monte1" => "fips_desmovs -f",
+"TCFB8Monte2" => "fips_desmovs -f",
+"TCFB8Monte3" => "fips_desmovs -f",
+"TCFB8permop" => "fips_desmovs -f",
+"TCFB8subtab" => "fips_desmovs -f",
+"TCFB8varkey" => "fips_desmovs -f",
+"TCFB8vartext" => "fips_desmovs -f",
+"TECBinvperm" => "fips_desmovs -f",
+"TECBMMT1" => "fips_desmovs -f",
+"TECBMMT2" => "fips_desmovs -f",
+"TECBMMT3" => "fips_desmovs -f",
+"TECBMonte1" => "fips_desmovs -f",
+"TECBMonte2" => "fips_desmovs -f",
+"TECBMonte3" => "fips_desmovs -f",
+"TECBpermop" => "fips_desmovs -f",
+"TECBsubtab" => "fips_desmovs -f",
+"TECBvarkey" => "fips_desmovs -f",
+"TECBvartext" => "fips_desmovs -f",
+"TOFBinvperm" => "fips_desmovs -f",
+"TOFBMMT1" => "fips_desmovs -f",
+"TOFBMMT2" => "fips_desmovs -f",
+"TOFBMMT3" => "fips_desmovs -f",
+"TOFBMonte1" => "fips_desmovs -f",
+"TOFBMonte2" => "fips_desmovs -f",
+"TOFBMonte3" => "fips_desmovs -f",
+"TOFBpermop" => "fips_desmovs -f",
+"TOFBsubtab" => "fips_desmovs -f",
+"TOFBvarkey" => "fips_desmovs -f",
+"TOFBvartext" => "fips_desmovs -f"
+
+);
+my %salt_names = (
+"SigVerPSS (salt 0)" => "SigVerPSS",
+"SigVerPSS (salt 62)" => "SigVerPSS",
+"SigGenPSS (salt 0)" => "SigGenPSS",
+"SigGenPSS (salt 62)" => "SigGenPSS",
+);
+
+
+my $win32 = $^O =~ m/mswin/i;
+my $onedir = 0;
+my $filter = "";
+my $tvdir;
+my $tprefix;
+my $shwrap_prefix;
+my $debug = 0;
+my $quiet = 0;
+my $rspdir = "rsp";
+my $rspignore = 0;
+my @bogus = ();                 # list of unmatched *.rsp files
+my $bufout = '';
+my %_programs = ();             # list of external programs to check
+
+foreach (@ARGV)
+        {
+        if ($_ eq "--win32")
+                {
+                $win32 = 1;
+                }
+        elsif ($_ eq "--onedir")
+                {
+                $onedir = 1;
+                }
+        elsif ($_ eq "--debug")
+                {
+                $debug = 1;
+                }
+        elsif ($_ eq "--quiet")
+                {
+                $quiet = 1;
+                }
+        elsif (/--dir=(.*)$/)
+                {
+                $tvdir = $1;
+                }
+        elsif (/--rspdir=(.*)$/)
+                {
+                $rspdir = $1;
+                }
+        elsif (/--rspignore$/)
+                {
+                $rspignore = 1;
+                }
+        elsif (/--tprefix=(.*)$/)
+                {
+                $tprefix = $1;
+                }
+        elsif (/--shwrap_prefix=(.*)$/)
+                {
+                $shwrap_prefix = $1;
+                }
+        elsif (/--filter=(.*)$/)
+                {
+                $filter = $1;
+                }
+        elsif (/--outfile=(.*)$/)
+                {
+                $outfile = $1;
+                }
+        else
+                {
+                &Help();
+                exit(1);
+                }
+        }
+
+$tvdir = "." unless defined $tvdir;
+
+if ($win32)
+        {
+        if (!defined $tprefix)
+                {
+                if ($onedir)
+                        {
+                        $tprefix = ".\\";
+                        }
+                else
+                        {
+                        $tprefix = "..\\out32dll\\";
+                        }
+                }
+
+        $bufinit .= <<END;
+\@echo off
+rem Test vector run script
+rem Auto generated by mkfipsscr.pl script
+rem Do not edit
+
+END
+
+        }
+else
+        {
+        if ($onedir)
+                {
+                $tprefix = "./" unless defined $tprefix;
+                $shwrap_prefix = "./" unless defined $shwrap_prefix;
+                }
+        else
+                {
+                $tprefix = "../test/" unless defined $tprefix;
+                $shwrap_prefix = "../util/" unless defined $shwrap_prefix;
+                }
+
+        $bufinit .= <<END;
+#!/bin/sh
+
+# Test vector run script
+# Auto generated by mkfipsscr.pl script
+# Do not edit
+
+END
+
+        }
+my %fips_found;
+foreach (keys %fips_tests)
+        {
+        $fips_found{$_} = 0;
+        }
+my %saltPSS;
+for (keys %salt_names)
+        {
+        $salt_found{$_} = 0;
+        }
+
+recurse_test($win32, $tprefix, $filter, $tvdir);
+
+while (($key, $value) = each %salt_found)
+        {
+        &countentry($key, $value);
+        delete $fips_found{$salt_names{$key}};
+        }
+while (($key, $value) = each %fips_found)
+        {
+        &countentry($key, $value);
+        }
+
+# If no fatal errors write out the script file
+        $outfile = "fipstests.sh" unless defined $outfile;
+        open(OUT, ">$outfile") || die "Error opening $outfile: $!";
+        print OUT $bufinit;
+        if (!$rspignore && @bogus)
+                {
+                print STDERR "ERROR: please remove bogus *.rsp files\n";
+                print OUT <<EOF;
+echo $outfile generation failed due to presence of bogus *.rsp files
+EOF
+                }
+        else
+                {
+                print OUT $bufout;
+                }
+        close OUT;
+
+# Check for external programs
+        for (keys %_programs)
+                {
+                s/ .*$//;
+                -x $_ || print STDERR "WARNING: program $_ not found\n";
+                }
+
+#--------------------------------
+sub Help {
+(my $cmd) = ($0 =~ m#([^/]+)$#);
+        print <<EOF;
+$cmd: generate script for CMVP algorithm tests
+        --debug                     Enable debug output
+        --dir=<dirname>             Optional root for *.req file search
+        --filter=<regexp>
+        --onedir <dirname>          Assume all components in current directory
+        --outfile=<filename>        Optional name of output script, default fipstests.{sh|bat}
+        --rspdir=<dirname>          Name of subdirectories containing *.rsp files, default "resp"
+        --rspignore                 Ignore any bogus *.rsp files
+        --shwrap_prefix=<prefix>
+        --tprefix=<prefix>
+        --quiet                     Shhh....
+        --win32                     Generate script for Win32 environment
+EOF
+}
+
+#--------------------------------
+sub countentry {
+        my ($key,$value) = @_;
+        if ($value == 0)
+                {
+                print STDERR "WARNING: test file $key not found\n" unless $quiet;
+                }
+        elsif ($value > 1)
+                {
+                print STDERR "WARNING: test file $key found $value times\n" unless $quiet;
+                }
+        else 
+                {
+                print STDERR "Found test file $key\n" if $debug;
+                }
+        }
+
+#--------------------------------
+sub recurse_test
+        {
+        my ($win32, $tprefix, $filter, $dir) = @_;
+        my $dirh;
+        opendir($dirh, $dir);
+        while ($_ = readdir($dirh))
+                {
+                next if ($_ eq "." || $_ eq "..");
+                $_ = "$dir/$_";
+                if (-f "$_")
+                        {
+                        if (/\/([^\/]*)\.rsp$/)
+                                {
+                                if (exists $fips_tests{$1})
+                                        {
+                                        $debug && print "DEBUG: $1 found, will be overwritten\n";
+                                        }
+                                else
+                                        {
+                                        print STDERR "ERROR: bogus file $_\n";
+                                        push @bogus, $_;
+                                        }
+                                }
+                        next unless /$filter.*\.req$/i;
+                        if (/\/([^\/]*)\.req$/ && exists $fips_tests{$1})
+                                {
+                                $fips_found{$1}++;
+                                test_line($win32, $_, $tprefix, $1);
+                                }
+                        elsif (! /SHAmix\.req$/)
+                                {
+                                print STDERR "WARNING: unrecognized filename $_\n";
+                                }
+                        }
+                elsif (-d "$_")
+                        {
+                        if (/$filter.*req$/i)
+                                {
+                                test_dir($win32, $_);
+                                }
+                        recurse_test($win32, $tprefix, $filter, $_);
+                        }
+                }
+        closedir($dirh);
+        }
+
+#--------------------------------
+sub test_dir
+        {
+        my ($win32, $req) = @_;
+        my $rsp = $req;
+        $rsp =~ s/req$/$rspdir/;
+        if ($win32)
+                {
+                $rsp =~ tr|/|\\|;
+                $req =~ tr|/|\\|;
+                $bufout .= <<END;
+
+echo Running tests in $req
+if exist "$rsp" rd /s /q "$rsp"
+md "$rsp"
+END
+                }
+        else
+                {
+                $bufout .= <<END;
+
+echo Running tests in "$req"
+rm -rf "$rsp"
+mkdir "$rsp"
+
+END
+                }
+        }
+
+#--------------------------------
+sub test_line
+        {
+        my ($win32, $req, $tprefix, $tnam) = @_;
+        my $rsp = $req;
+        my $tcmd = $fips_tests{$tnam};
+        $rsp =~ s/req\/([^\/]*).req$/$rspdir\/$1.rsp/;
+        if ($tcmd =~ /-f$/)
+                {
+                if ($win32)
+                        {
+                        $req =~ tr|/|\\|;
+                        $rsp =~ tr|/|\\|;
+                        $bufout .= "$tprefix$tcmd \"$req\" \"$rsp\"\n";
+                        $_programs{"$tprefix$tcmd.exe"} = 1;
+                        }
+                else
+                        {
+                        $bufout .= <<END;
+${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1 
+}
+END
+                        $_programs{"${shwrap_prefix}shlib_wrap.sh"} = 1;
+                        $_programs{"$tprefix$tcmd"} = 1;
+                        }
+                return;
+                }
+        if ($tcmd =~ /SALT$/)
+                {
+                open (IN, $req) || die "Can't Open File $req";
+                my $saltlen;
+                while (<IN>)
+                        {
+                        if (/^\s*#\s*salt\s+len:\s+(\d+)\s*$/i)
+                                {
+                                my $sl = $1;
+                                print STDERR "$req salt length $sl\n" if $debug;
+                                $tcmd =~ s/SALT$/$sl/;
+                                $salt_found{"$tnam (salt $sl)"}++;
+                                last;
+                                }
+                        }
+                close IN;
+                if ($tcmd =~ /SALT$/)
+                        {
+                        die "Can't detect salt length for $req";
+                        }
+                }
+                
+        if ($win32)
+                {
+                $req =~ tr|/|\\|;
+                $rsp =~ tr|/|\\|;
+                $bufout .= "$tprefix$tcmd < \"$req\" > \"$rsp\"\n";
+                $_programs{"$tprefix$tcmd.exe"} = 1;
+                }
+        else
+                {
+                $bufout .= <<END;
+${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
+END
+                $_programs{"$tprefix$tcmd"} = 1;
+                }
+        }
+
diff --git a/src/lib/libssl/src/fips/openssl_fips_fingerprint b/src/lib/libssl/src/fips/openssl_fips_fingerprint
index d3dfb7eb61..f59a67d537 100755
--- a/src/lib/libssl/src/fips/openssl_fips_fingerprint
+++ b/src/lib/libssl/src/fips/openssl_fips_fingerprint
@@ -5,6 +5,7 @@
 
 lib=$1
 exe=$2
+ext=${HMAC_EXT:-sha1}
 
 # deal with the case where we're run from within the build and OpenSSL is
 # not yet installed.  Also, make sure LD_LIBRARY_PATH is properly set in
@@ -27,4 +28,4 @@ openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1
 [ -x $exe.exe ] && exe=$exe.exe
 
 echo "Making fingerprint for $exe"
-openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1 || rm $exe.sha1
+openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext
diff --git a/src/lib/libssl/src/fips/rand/Makefile b/src/lib/libssl/src/fips/rand/Makefile
index c8922abc77..20303c862b 100644
--- a/src/lib/libssl/src/fips/rand/Makefile
+++ b/src/lib/libssl/src/fips/rand/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/fips/rand/Makefile
+# OpenSSL/fips/rand/Makefile
 #
 
 DIR=    rand
@@ -18,12 +18,12 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST= fips_randtest.c
+TEST= fips_randtest.c fips_rngvs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_rand.c
-LIBOBJ=fips_rand.o
+LIBSRC=fips_rand.c fips_rand_selftest.c
+LIBOBJ=fips_rand.o fips_rand_selftest.o
 
 SRC= $(LIBSRC)
 
@@ -35,15 +35,10 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
         (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
 
-all:    check lib
-
-check:
-        TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
+all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @sleep 2; touch lib
+        @echo $(LIBOBJ) > lib
 
 files:
         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -65,6 +60,19 @@ tags:
 
 tests:
 
+Q=../testvectors/rng/req
+A=../testvectors/rng/rsp
+
+fips_test:
+        -rm -rf $(A)
+        mkdir $(A)
+        if [ -f $(Q)/ANSI931_AES128MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES128MCT.req > $(A)/ANSI931_AES128MCT.rsp; fi
+        if [ -f $(Q)/ANSI931_AES192MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES192MCT.req > $(A)/ANSI931_AES192MCT.rsp; fi
+        if [ -f $(Q)/ANSI931_AES256MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_AES256MCT.req > $(A)/ANSI931_AES256MCT.rsp; fi
+        if [ -f $(Q)/ANSI931_AES128VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES128VST.req > $(A)/ANSI931_AES128VST.rsp; fi
+        if [ -f $(Q)/ANSI931_AES192VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES192VST.req > $(A)/ANSI931_AES192VST.rsp; fi
+        if [ -f $(Q)/ANSI931_AES256VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_AES256VST.req > $(A)/ANSI931_AES256VST.rsp; fi
+
 lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
@@ -80,20 +88,39 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-fips_rand.o: ../../e_os.h ../../include/openssl/bio.h
-fips_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fips_rand.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-fips_rand.o: ../../include/openssl/err.h ../../include/openssl/fips_rand.h
+fips_rand.o: ../../e_os.h ../../include/openssl/aes.h
+fips_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+fips_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rand.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
 fips_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
 fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 fips_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_rand.o: fips_rand.c
+fips_rand.o: ../fips_locl.h fips_rand.c
+fips_rand_selftest.o: ../../include/openssl/bio.h
+fips_rand_selftest.o: ../../include/openssl/crypto.h
+fips_rand_selftest.o: ../../include/openssl/des.h
+fips_rand_selftest.o: ../../include/openssl/des_old.h
+fips_rand_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rand_selftest.o: ../../include/openssl/fips.h
+fips_rand_selftest.o: ../../include/openssl/fips_rand.h
+fips_rand_selftest.o: ../../include/openssl/lhash.h
+fips_rand_selftest.o: ../../include/openssl/opensslconf.h
+fips_rand_selftest.o: ../../include/openssl/opensslv.h
+fips_rand_selftest.o: ../../include/openssl/ossl_typ.h
+fips_rand_selftest.o: ../../include/openssl/rand.h
+fips_rand_selftest.o: ../../include/openssl/safestack.h
+fips_rand_selftest.o: ../../include/openssl/stack.h
+fips_rand_selftest.o: ../../include/openssl/symhacks.h
+fips_rand_selftest.o: ../../include/openssl/ui.h
+fips_rand_selftest.o: ../../include/openssl/ui_compat.h fips_rand_selftest.c
 fips_randtest.o: ../../e_os.h ../../include/openssl/bio.h
-fips_randtest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fips_randtest.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-fips_randtest.o: ../../include/openssl/err.h ../../include/openssl/fips_rand.h
+fips_randtest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_randtest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_randtest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_randtest.o: ../../include/openssl/fips_rand.h
 fips_randtest.o: ../../include/openssl/lhash.h
 fips_randtest.o: ../../include/openssl/opensslconf.h
 fips_randtest.o: ../../include/openssl/opensslv.h
@@ -101,4 +128,22 @@ fips_randtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 fips_randtest.o: ../../include/openssl/safestack.h
 fips_randtest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 fips_randtest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-fips_randtest.o: fips_randtest.c
+fips_randtest.o: ../fips_utl.h fips_randtest.c
+fips_rngvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rngvs.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_rngvs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_rngvs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fips_rngvs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+fips_rngvs.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+fips_rngvs.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+fips_rngvs.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rngvs.o: ../../include/openssl/fips_rand.h ../../include/openssl/lhash.h
+fips_rngvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_rngvs.o: ../../include/openssl/opensslconf.h
+fips_rngvs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+fips_rngvs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+fips_rngvs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_rngvs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rngvs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fips_rngvs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+fips_rngvs.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_rngvs.c
diff --git a/src/lib/libssl/src/fips/rand/fips_rand.c b/src/lib/libssl/src/fips/rand/fips_rand.c
index cc2f12deb9..58453e996d 100644
--- a/src/lib/libssl/src/fips/rand/fips_rand.c
+++ b/src/lib/libssl/src/fips/rand/fips_rand.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -48,7 +48,7 @@
  */
 
 /*
- * This is a FIPS approved PRNG, ANSI X9.31 A.2.4.
+ * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
  */
 
 #include "e_os.h"
@@ -60,8 +60,8 @@
 #define _XOPEN_SOURCE_EXTENDED 1
 #endif
 
-#include <openssl/des.h>
 #include <openssl/rand.h>
+#include <openssl/aes.h>
 #include <openssl/err.h>
 #include <openssl/fips_rand.h>
 #ifndef OPENSSL_SYS_WIN32
@@ -76,280 +76,335 @@
 # endif
 #endif
 #include <string.h>
+#include <openssl/fips.h>
+#include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
 
-#define SEED_SIZE       8
+void *OPENSSL_stderr(void);
 
-static unsigned char seed[SEED_SIZE];
-static FIPS_RAND_SIZE_T n_seed;
-static FIPS_RAND_SIZE_T o_seed;
-static DES_cblock key1;
-static DES_cblock key2;
-static DES_key_schedule ks1,ks2;
-static int key_set;
-static int test_mode;
-static unsigned char test_faketime[8];
+#define AES_BLOCK_LENGTH        16
 
-#ifndef GETPID_IS_MEANINGLESS
-static int seed_pid;
-static int key_pid;
-#endif
-
-static void fips_rand_cleanup(void);
-static void fips_rand_add(const void *buf, FIPS_RAND_SIZE_T num, double add_entropy);
-static int fips_rand_bytes(unsigned char *buf, FIPS_RAND_SIZE_T num);
-static int fips_rand_status(void);
 
-static RAND_METHOD rand_fips_meth=
-    {
-    FIPS_rand_seed,
-    fips_rand_bytes,
-    fips_rand_cleanup,
-    fips_rand_add,
-    fips_rand_bytes,
-    fips_rand_status
-    };
+/* AES FIPS PRNG implementation */
 
-static int second;
+typedef struct 
+        {
+        int seeded;
+        int keyed;
+        int test_mode;
+        int second;
+        int error;
+        unsigned long counter;
+        AES_KEY ks;
+        int vpos;
+        /* Temporary storage for key if it equals seed length */
+        unsigned char tmp_key[AES_BLOCK_LENGTH];
+        unsigned char V[AES_BLOCK_LENGTH];
+        unsigned char DT[AES_BLOCK_LENGTH];
+        unsigned char last[AES_BLOCK_LENGTH];
+        } FIPS_PRNG_CTX;
+
+static FIPS_PRNG_CTX sctx;
+
+static int fips_prng_fail = 0;
+
+void FIPS_rng_stick(void)
+        {
+        fips_prng_fail = 1;
+        }
 
-RAND_METHOD *FIPS_rand_method(void)
-{
-  return &rand_fips_meth;
-}
+void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
+        {
+        ctx->seeded = 0;
+        ctx->keyed = 0;
+        ctx->test_mode = 0;
+        ctx->counter = 0;
+        ctx->second = 0;
+        ctx->error = 0;
+        ctx->vpos = 0;
+        OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
+        OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
+        }
+        
 
-void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8])
-    {
-    memcpy(&key1,k1,sizeof key1);
-    memcpy(&key2,k2,sizeof key2);
-    key_set=1;
-#ifndef GETPID_IS_MEANINGLESS
-    key_pid=getpid();
-#endif
-    second=0;
-    }
+static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
+                        const unsigned char *key, FIPS_RAND_SIZE_T keylen)
+        {
+        FIPS_selftest_check();
+        if (keylen != 16 && keylen != 24 && keylen != 32)
+                {
+                /* error: invalid key size */
+                return 0;
+                }
+        AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
+        if (keylen == 16)
+                {
+                memcpy(ctx->tmp_key, key, 16);
+                ctx->keyed = 2;
+                }
+        else
+                ctx->keyed = 1;
+        ctx->seeded = 0;
+        ctx->second = 0;
+        return 1;
+        }
 
-void FIPS_test_mode(int test,const unsigned char faketime[8])
-    {
-    test_mode=test;
-    if(!test_mode)
-        return;
-    memcpy(test_faketime,faketime,sizeof test_faketime);
-    }
+static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
+                        const unsigned char *seed, FIPS_RAND_SIZE_T seedlen)
+        {
+        int i;
+        if (!ctx->keyed)
+                return 0;
+        /* In test mode seed is just supplied data */
+        if (ctx->test_mode)
+                {
+                if (seedlen != AES_BLOCK_LENGTH)
+                        return 0;
+                memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
+                ctx->seeded = 1;
+                return 1;
+                }
+        /* Outside test mode XOR supplied data with existing seed */
+        for (i = 0; i < seedlen; i++)
+                {
+                ctx->V[ctx->vpos++] ^= seed[i];
+                if (ctx->vpos == AES_BLOCK_LENGTH)
+                        {
+                        ctx->vpos = 0;
+                        /* Special case if first seed and key length equals
+                         * block size check key and seed do not match.
+                         */ 
+                        if (ctx->keyed == 2)
+                                {
+                                if (!memcmp(ctx->tmp_key, ctx->V, 16))
+                                        {
+                                        RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
+                                                RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
+                                        return 0;
+                                        }
+                                OPENSSL_cleanse(ctx->tmp_key, 16);
+                                ctx->keyed = 1;
+                                }
+                        ctx->seeded = 1;
+                        }
+                }
+        return 1;
+        }
 
-/* NB: this returns true if _partially_ seeded */
-int FIPS_rand_seeded()
-    { return key_set || n_seed; }
+int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
+        {
+        if (ctx->keyed)
+                {
+                RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
+                return 0;
+                }
+        ctx->test_mode = 1;
+        return 1;
+        }
 
-static void fips_gettime(unsigned char buf[8])
-    {
-#ifdef OPENSSL_SYS_WIN32
-    FILETIME ft;
-#else
-    struct timeval tv;
-#endif
+int FIPS_rand_test_mode(void)
+        {
+        return fips_set_test_mode(&sctx);
+        }
 
-    if(test_mode)
+int FIPS_rand_set_dt(unsigned char *dt)
         {
-        fprintf(stderr,"WARNING!!! PRNG IN TEST MODE!!!\n");
-        memcpy(buf,test_faketime,sizeof test_faketime);
-        return;
+        if (!sctx.test_mode)
+                {
+                RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);
+                return 0;
+                }
+        memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
+        return 1;
         }
+
+static void fips_get_dt(FIPS_PRNG_CTX *ctx)
+    {
 #ifdef OPENSSL_SYS_WIN32
-    GetSystemTimeAsFileTime(&ft);
-    buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
-    buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
-    buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
-    buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
-    buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
-    buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
-    buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
-    buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
+        FILETIME ft;
 #else
-    gettimeofday(&tv,NULL);
-    buf[0] = (unsigned char) (tv.tv_sec & 0xff);
-    buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
-    buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
-    buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
-    buf[4] = (unsigned char) (tv.tv_usec & 0xff);
-    buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
-    buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
-    buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
+        struct timeval tv;
 #endif
+        unsigned char *buf = ctx->DT;
 
-#if 0  /* This eminently sensible strategy is not acceptable to NIST. Sigh. */
 #ifndef GETPID_IS_MEANINGLESS
-    /* we mix in the PID to ensure that after a fork the children don't give
-     * the same results as each other
-     */
-    pid=getpid();
-    /* make sure we shift the pid to the MSB */
-    if((pid&0xffff0000) == 0)
-        pid<<=16;
-    *(long *)&buf[0]^=pid;
+        unsigned long pid;
 #endif
+
+#ifdef OPENSSL_SYS_WIN32
+        GetSystemTimeAsFileTime(&ft);
+        buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
+        buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
+        buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
+        buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
+        buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
+        buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
+        buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
+        buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
+#else
+        gettimeofday(&tv,NULL);
+        buf[0] = (unsigned char) (tv.tv_sec & 0xff);
+        buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
+        buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
+        buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
+        buf[4] = (unsigned char) (tv.tv_usec & 0xff);
+        buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
+        buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
+        buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
 #endif
-    }
+        buf[8] = (unsigned char) (ctx->counter & 0xff);
+        buf[9] = (unsigned char) ((ctx->counter >> 8) & 0xff);
+        buf[10] = (unsigned char) ((ctx->counter >> 16) & 0xff);
+        buf[11] = (unsigned char) ((ctx->counter >> 24) & 0xff);
 
-static void fips_rand_encrypt(unsigned char *out,const unsigned char *in)
-    {
-    DES_ecb2_encrypt(in,out,&ks1,&ks2,1);
-    }
+        ctx->counter++;
 
-static void fips_rand_cleanup(void)
-    {
-    OPENSSL_cleanse(seed,sizeof seed);
-    n_seed=0;
+
+#ifndef GETPID_IS_MEANINGLESS
+        pid=(unsigned long)getpid();
+        buf[12] = (unsigned char) (pid & 0xff);
+        buf[13] = (unsigned char) ((pid >> 8) & 0xff);
+        buf[14] = (unsigned char) ((pid >> 16) & 0xff);
+        buf[15] = (unsigned char) ((pid >> 24) & 0xff);
+#endif
     }
 
-void FIPS_rand_seed(const void *buf_, FIPS_RAND_SIZE_T num)
-    {
-    const char *buf=buf_;
-    FIPS_RAND_SIZE_T n;
-    static int init;
+static int fips_rand(FIPS_PRNG_CTX *ctx,
+                        unsigned char *out, FIPS_RAND_SIZE_T outlen)
+        {
+        unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
+        unsigned char tmp[AES_BLOCK_LENGTH];
+        int i;
+        if (ctx->error)
+                {
+                RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
+                return 0;
+                }
+        if (!ctx->keyed)
+                {
+                RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
+                return 0;
+                }
+        if (!ctx->seeded)
+                {
+                RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
+                return 0;
+                }
+        for (;;)
+                {
+                if (!ctx->test_mode)
+                        fips_get_dt(ctx);
+                AES_encrypt(ctx->DT, I, &ctx->ks);
+                for (i = 0; i < AES_BLOCK_LENGTH; i++)
+                        tmp[i] = I[i] ^ ctx->V[i];
+                AES_encrypt(tmp, R, &ctx->ks);
+                for (i = 0; i < AES_BLOCK_LENGTH; i++)
+                        tmp[i] = R[i] ^ I[i];
+                AES_encrypt(tmp, ctx->V, &ctx->ks);
+                /* Continuous PRNG test */
+                if (ctx->second)
+                        {
+                        if (fips_prng_fail)
+                                memcpy(ctx->last, R, AES_BLOCK_LENGTH);
+                        if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
+                                {
+                                RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
+                                ctx->error = 1;
+                                fips_set_selftest_fail();
+                                return 0;
+                                }
+                        }
+                memcpy(ctx->last, R, AES_BLOCK_LENGTH);
+                if (!ctx->second)
+                        {
+                        ctx->second = 1;
+                        if (!ctx->test_mode)
+                                continue;
+                        }
+
+                if (outlen <= AES_BLOCK_LENGTH)
+                        {
+                        memcpy(out, R, outlen);
+                        break;
+                        }
+
+                memcpy(out, R, AES_BLOCK_LENGTH);
+                out += AES_BLOCK_LENGTH;
+                outlen -= AES_BLOCK_LENGTH;
+                }
+        return 1;
+        }
 
-    /* If the key hasn't been set, we can't seed! */
-    if(!key_set)
-        return;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-    if(!init)
+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
         {
-        init=1;
-        DES_set_key(&key1,&ks1);
-        DES_set_key(&key2,&ks2);
+        int ret;
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        ret = fips_set_prng_key(&sctx, key, keylen);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        return ret;
         }
 
-    /*
-     * This algorithm only uses 64 bits of seed, so ensure that we use
-     * the most recent 64 bits.
-     */
-    for(n=0 ; n < num ; )
+int FIPS_rand_seed(const void *seed, FIPS_RAND_SIZE_T seedlen)
         {
-        FIPS_RAND_SIZE_T t=num-n;
-
-        if(o_seed+t > sizeof seed)
-            t=sizeof seed-o_seed;
-        memcpy(seed+o_seed,buf+n,t);
-        n+=t;
-        o_seed+=t;
-        if(o_seed == sizeof seed)
-            o_seed=0;
-        if(n_seed < sizeof seed)
-            n_seed+=t;
+        int ret;
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        ret = fips_set_prng_seed(&sctx, seed, seedlen);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        return ret;
         }
 
-#ifndef GETPID_IS_MEANINGLESS
-    seed_pid=getpid();
-#endif
-
-    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-    }
-
-static void fips_rand_add(const void *buf, FIPS_RAND_SIZE_T num, double add_entropy)
-    {
-    FIPS_rand_seed(buf,num);
-    }
-
-static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
-    {
-    FIPS_RAND_SIZE_T n;
-    unsigned char timeseed[8];
-    unsigned char intermediate[SEED_SIZE];
-    unsigned char output[SEED_SIZE];
-    static unsigned char previous[SEED_SIZE];
-#ifndef GETPID_IS_MEANINGLESS
-    int pid;
-#endif
 
-    if(n_seed < sizeof seed)
+int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T count)
         {
-        RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
-        return 0;
+        int ret;
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        ret = fips_rand(&sctx, out, count);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        return ret;
         }
 
-#ifdef FIPS_RAND_MAX_SIZE_T
-    if (num > FIPS_RAND_MAX_SIZE_T)
+int FIPS_rand_status(void)
         {
-#ifdef RAND_R_PRNG_ASKING_FOR_TOO_MUCH
-        RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_ASKING_FOR_TOO_MUCH);
-        return 0;
-#else
-        return -1; /* signal "not supported" condition */
-#endif
+        int ret;
+        CRYPTO_r_lock(CRYPTO_LOCK_RAND);
+        ret = sctx.seeded;
+        CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
+        return ret;
         }
-#endif
 
-#ifndef GETPID_IS_MEANINGLESS
-    pid=getpid();
-    if(pid != seed_pid)
+void FIPS_rand_reset(void)
         {
-        RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_RESEEDED);
-        return 0;
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        fips_rand_prng_reset(&sctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
         }
-    if(pid != key_pid)
+
+static void fips_do_rand_seed(const void *seed, FIPS_RAND_SIZE_T seedlen)
         {
-        RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_REKEYED);
-        return 0;
+        FIPS_rand_seed(seed, seedlen);
         }
-#endif
-
-    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
-    for(n=0 ; n < num ; )
+static void fips_do_rand_add(const void *seed, FIPS_RAND_SIZE_T seedlen,
+                                        double add_entropy)
         {
-        unsigned char t[SEED_SIZE];
-        FIPS_RAND_SIZE_T l;
-        
-        /* ANS X9.31 A.2.4:     I = ede*K(DT)
-               timeseed == DT
-               intermediate == I
-        */
-        fips_gettime(timeseed);
-        fips_rand_encrypt(intermediate,timeseed);
-
-        /* ANS X9.31 A.2.4:     R = ede*K(I^V)
-               intermediate == I
-               seed == V
-               output == R
-        */
-        for(l=0 ; l < sizeof t ; ++l)
-            t[l]=intermediate[l]^seed[l];
-        fips_rand_encrypt(output,t);
-
-        /* ANS X9.31 A.2.4:     V = ede*K(R^I)
-               output == R
-               intermediate == I
-               seed == V
-        */
-        for(l=0 ; l < sizeof t ; ++l)
-            t[l]=output[l]^intermediate[l];
-        fips_rand_encrypt(seed,t);
-
-        if(second && !memcmp(output,previous,sizeof previous))
-            {
-            RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_STUCK);
-            CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-            return 0;
-            }
-        memcpy(previous,output,sizeof previous);
-        second=1;
-
-        /* Successive values of R may be concatenated to produce a
-           pseudo random number of the desired length */ 
-        l=SEED_SIZE < num-n ? SEED_SIZE : num-n;
-        memcpy(buf+n,output,l);
-        n+=l;
+        FIPS_rand_seed(seed, seedlen);
         }
 
-    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-    return 1;
-    }
-
-static int fips_rand_status(void)
+static const RAND_METHOD rand_fips_meth=
     {
-    return n_seed == sizeof seed;
-    }
+    fips_do_rand_seed,
+    FIPS_rand_bytes,
+    FIPS_rand_reset,
+    fips_do_rand_add,
+    FIPS_rand_bytes,
+    FIPS_rand_status
+    };
 
-#endif /* OPENSSL_FIPS */
+const RAND_METHOD *FIPS_rand_method(void)
+{
+  return &rand_fips_meth;
+}
+
+#endif
diff --git a/src/lib/libssl/src/fips/rand/fips_rand.h b/src/lib/libssl/src/fips/rand/fips_rand.h
index 1286b63ab2..a175aaf6c5 100644
--- a/src/lib/libssl/src/fips/rand/fips_rand.h
+++ b/src/lib/libssl/src/fips/rand/fips_rand.h
@@ -58,13 +58,17 @@
 extern "C" {
 #endif
 
-void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]);
-void FIPS_test_mode(int test,const unsigned char faketime[8]);
-void FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
-/* NB: this returns true if _partially_ seeded */
-int FIPS_rand_seeded(void);
+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
+int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
 
-RAND_METHOD *FIPS_rand_method(void);
+int FIPS_rand_test_mode(void);
+void FIPS_rand_reset(void);
+int FIPS_rand_set_dt(unsigned char *dt);
+
+int FIPS_rand_status(void);
+
+const RAND_METHOD *FIPS_rand_method(void);
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/src/fips/rand/fips_rand_selftest.c b/src/lib/libssl/src/fips/rand/fips_rand_selftest.c
new file mode 100644
index 0000000000..2194a76cd1
--- /dev/null
+++ b/src/lib/libssl/src/fips/rand/fips_rand_selftest.c
@@ -0,0 +1,371 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+
+#ifdef OPENSSL_FIPS
+
+
+
+typedef struct
+        {
+        unsigned char DT[16];
+        unsigned char V[16];
+        unsigned char R[16];
+        } AES_PRNG_TV;
+
+/* The following test vectors are taken directly from the RGNVS spec */
+
+static unsigned char aes_128_key[16] =
+                {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
+                 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
+
+static AES_PRNG_TV aes_128_tv[] = {
+        {
+                                /* DT */
+                {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
+                 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
+                                /* V */
+                {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
+                 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
+        },
+        {
+                                /* DT */
+                {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
+                 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfa},
+                                /* V */
+                {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x7c,0x22,0x2c,0xf4,0xca,0x8f,0xa2,0x4c,
+                 0x1c,0x9c,0xb6,0x41,0xa9,0xf3,0x22,0x0d}
+        },
+        {
+                                /* DT */
+                {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
+                 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfb},
+                                /* V */
+                {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x8a,0xaa,0x00,0x39,0x66,0x67,0x5b,0xe5,
+                 0x29,0x14,0x28,0x81,0xa9,0x4d,0x4e,0xc7}
+        },
+        {
+                                /* DT */
+                {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
+                 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfc},
+                                /* V */
+                {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x88,0xdd,0xa4,0x56,0x30,0x24,0x23,0xe5,
+                 0xf6,0x9d,0xa5,0x7e,0x7b,0x95,0xc7,0x3a}
+        },
+        {
+                                /* DT */
+                {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
+                 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfd},
+                                /* V */
+                {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x05,0x25,0x92,0x46,0x61,0x79,0xd2,0xcb,
+                 0x78,0xc4,0x0b,0x14,0x0a,0x5a,0x9a,0xc8}
+        },
+        {
+                                /* DT */
+                {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
+                 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x23,0x77},
+                                /* V */
+                {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+                 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
+                                /* R */
+                {0x0d,0xd5,0xa0,0x36,0x7a,0x59,0x26,0xbc,
+                 0x48,0xd9,0x38,0xbf,0xf0,0x85,0x8f,0xea}
+        },
+        {
+                                /* DT */
+                {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
+                 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x23,0x78},
+                                /* V */
+                {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+                 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+                                /* R */
+                {0xae,0x53,0x87,0xee,0x8c,0xd9,0x12,0xf5,
+                 0x73,0x53,0xae,0x03,0xf9,0xd5,0x13,0x33}
+        },
+};
+
+static unsigned char aes_192_key[24] =
+                {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
+                 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
+                 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
+
+static AES_PRNG_TV aes_192_tv[] = {
+        {
+                                /* DT */
+                {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
+                 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
+                                /* V */
+                {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
+                 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
+        },
+        {
+                                /* DT */
+                {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
+                 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4c},
+                                /* V */
+                {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x92,0x8d,0xbe,0x07,0xdd,0xc7,0x58,0xc0,
+                 0x6f,0x35,0x41,0x9b,0x17,0xc9,0xbd,0x9b}
+        },
+        {
+                                /* DT */
+                {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
+                 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4d},
+                                /* V */
+                {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0xd5,0xde,0xf4,0x50,0xf3,0xb7,0x10,0x4e,
+                 0xb8,0xc6,0xf8,0xcf,0xe2,0xb1,0xca,0xa2}
+        },
+        {
+                                /* DT */
+                {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
+                 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4e},
+                                /* V */
+                {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0xce,0x29,0x08,0x43,0xfc,0x34,0x41,0xe7,
+                 0x47,0x8f,0xb3,0x66,0x2b,0x46,0xb1,0xbb}
+        },
+        {
+                                /* DT */
+                {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
+                 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4f},
+                                /* V */
+                {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0xb3,0x26,0x0f,0xf5,0xd6,0xca,0xa8,0xbf,
+                 0x89,0xb8,0x5e,0x2f,0x22,0x56,0x92,0x2f}
+        },
+        {
+                                /* DT */
+                {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
+                 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0xc9},
+                                /* V */
+                {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+                 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
+                                /* R */
+                {0x05,0xeb,0x18,0x52,0x34,0x43,0x00,0x43,
+                 0x6e,0x5a,0xa5,0xfe,0x7b,0x32,0xc4,0x2d}
+        },
+        {
+                                /* DT */
+                {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
+                 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0xca},
+                                /* V */
+                {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+                 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+                                /* R */
+                {0x15,0x3c,0xe8,0xd1,0x04,0xc7,0xad,0x50,
+                 0x0b,0xf0,0x07,0x16,0xe7,0x56,0x7a,0xea}
+        },
+};
+
+static unsigned char aes_256_key[32] =
+                {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
+                 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
+                 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
+                 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
+
+static AES_PRNG_TV aes_256_tv[] = {
+        {
+                                /* DT */
+                {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
+                 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
+                                /* V */
+                {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
+                 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
+        },
+        {
+                                /* DT */
+                {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
+                 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x89},
+                                /* V */
+                {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x6c,0xf4,0x42,0x5d,0xc7,0x04,0x1a,0x41,
+                 0x28,0x2a,0x78,0xa9,0xb0,0x12,0xc4,0x95}
+        },
+        {
+                                /* DT */
+                {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
+                 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8a},
+                                /* V */
+                {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x16,0x90,0xa4,0xff,0x7b,0x7e,0xb9,0x30,
+                 0xdb,0x67,0x4b,0xac,0x2d,0xe1,0xd1,0x75}
+        },
+        {
+                                /* DT */
+                {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
+                 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8b},
+                                /* V */
+                {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x14,0x6f,0xf5,0x95,0xa1,0x46,0x65,0x30,
+                 0xbc,0x57,0xe2,0x4a,0xf7,0x45,0x62,0x05}
+        },
+        {
+                                /* DT */
+                {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
+                 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8c},
+                                /* V */
+                {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+                                /* R */
+                {0x96,0xe2,0xb4,0x1e,0x66,0x5e,0x0f,0xa4,
+                 0xc5,0xcd,0xa2,0x07,0xcc,0xb7,0x94,0x40}
+        },
+        {
+                                /* DT */
+                {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
+                 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9f,0x06},
+                                /* V */
+                {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+                 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
+                                /* R */
+                {0x61,0xce,0x1d,0x6a,0x48,0x75,0x97,0x28,
+                 0x4b,0x41,0xde,0x18,0x44,0x4f,0x56,0xec}
+        },
+        {
+                                /* DT */
+                {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
+                 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9f,0x07},
+                                /* V */
+                {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+                 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+                                /* R */
+                {0x52,0x89,0x59,0x79,0x2d,0xaa,0x28,0xb3,
+                 0xb0,0x8a,0x3e,0x70,0xfa,0x71,0x59,0x84}
+        },
+};
+
+
+void FIPS_corrupt_rng()
+    {
+    aes_192_tv[0].V[0]++;
+    }
+
+#define fips_rand_test(key, tv) \
+        do_rand_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
+
+static int do_rand_test(unsigned char *key, int keylen,
+                        AES_PRNG_TV *tv, int ntv)
+        {
+        unsigned char R[16];
+        int i;
+        if (!FIPS_rand_set_key(key, keylen))
+                return 0;
+        for (i = 0; i < ntv; i++)
+                {
+                FIPS_rand_seed(tv[i].V, 16);
+                FIPS_rand_set_dt(tv[i].DT);
+                FIPS_rand_bytes(R, 16);
+                if (memcmp(R, tv[i].R, 16))
+                        return 0;
+                }
+        return 1;
+        }
+        
+
+int FIPS_selftest_rng()
+        {
+        FIPS_rand_reset();
+        if (!FIPS_rand_test_mode())
+                {
+                FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+                return 0;
+                }
+        if (!fips_rand_test(aes_128_key,aes_128_tv)
+                || !fips_rand_test(aes_192_key, aes_192_tv)
+                || !fips_rand_test(aes_256_key, aes_256_tv))
+                {
+                FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
+                return 0;
+                }
+        FIPS_rand_reset();
+        return 1;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/fips/rand/fips_randtest.c b/src/lib/libssl/src/fips/rand/fips_randtest.c
index 6165944e56..5582941c11 100644
--- a/src/lib/libssl/src/fips/rand/fips_randtest.c
+++ b/src/lib/libssl/src/fips/rand/fips_randtest.c
@@ -105,9 +105,12 @@
 
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
 #include <openssl/err.h>
+#include <openssl/bn.h>
 
 #include "e_os.h"
 
@@ -120,42 +123,65 @@ int main(int argc, char *argv[])
 
 #else
 
-/* some FIPS 140-1 random number test */
-/* some simple tests */
-
-static DES_cblock prng_key1={0x21,0x58,0x47,0xb7,0xc2,0x97,0x5a,0x8e};
-static DES_cblock prng_key2={0x61,0x23,0x05,0x96,0x18,0x91,0x86,0xac};
-static unsigned char prng_seed[8]={0x6b,0xa3,0x4f,0x07,0xe4,0x2a,0xb0,0xc};
+#include "fips_utl.h"
 
 typedef struct
-    {
-    DES_cblock keys[2];
-    const unsigned char time[8];
-    const unsigned char seed[8];
-    const unsigned char block1[8];
-    const unsigned char block100[8];
-    } PRNGtest;
-
-/* FIXME: these test vectors are made up! */
-static PRNGtest t1=
-    {
-    { { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 },
-      { 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f },
-    },
-    { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
-    { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
-    { 0x33,0xc3,0xdf,0xfe,0x60,0x60,0x49,0x9e },
-    { 0xcd,0x2b,0x41,0xaf,0x80,0x51,0x37,0xd8 }
-    };
-static PRNGtest t2=
-    {
-    { { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
-      { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff } },
-    { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
-    { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
-    { 0x65,0xf1,0xa4,0x07,0x42,0x38,0xd5,0x25 },
-    { 0xbb,0x75,0x84,0x20,0x7a,0x44,0xf0,0xa0 }
-    };
+        {
+        unsigned char DT[16];
+        unsigned char V[16];
+        unsigned char R[16];
+        } AES_PRNG_MCT;
+
+static unsigned char aes_128_mct_key[16] =
+        {0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
+         0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
+
+static AES_PRNG_MCT aes_128_mct_tv = {
+                        /* DT */
+        {0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
+         0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
+                        /* V */
+        {0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
+         0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
+                        /* R */
+        {0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
+         0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
+};
+
+static unsigned char aes_192_mct_key[24] =
+        {0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
+         0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
+         0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
+
+static AES_PRNG_MCT aes_192_mct_tv = {
+                        /* DT */
+        {0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
+         0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
+                        /* V */
+        {0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
+         0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
+                        /* R */
+        {0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
+         0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
+};
+
+static unsigned char aes_256_mct_key[32] =
+        {0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
+         0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
+         0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
+         0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
+
+static AES_PRNG_MCT aes_256_mct_tv = {
+                        /* DT */
+        {0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
+         0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
+                        /* V */
+        {0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
+         0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
+                        /* R */
+        {0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
+         0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
+};
 
 static void dump(const unsigned char *b,int n)
     {
@@ -174,196 +200,49 @@ static void compare(const unsigned char *result,const unsigned char *expected,
         if(result[i] != expected[i])
             {
             puts("Random test failed, got:");
-            dump(result,8);
+            dump(result,n);
             puts("\n               expected:");
-            dump(expected,8);
+            dump(expected,n);
             putchar('\n');
             EXIT(1);
             }
     }
 
-static void run_test(const PRNGtest *t)
-    {
-    unsigned char buf[8];
-    int n;
-
-    FIPS_set_prng_key(t->keys[0],t->keys[1]);
-    FIPS_test_mode(1,t->time);
-    RAND_seed(t->seed,sizeof t->seed);
 
-    if(RAND_bytes(buf,8) <= 0)
+static void run_test(unsigned char *key, int keylen, AES_PRNG_MCT *tv)
+    {
+    unsigned char buf[16], dt[16];
+    int i, j;
+    FIPS_rand_reset();
+    FIPS_rand_test_mode();
+    FIPS_rand_set_key(key, keylen);
+    FIPS_rand_seed(tv->V, 16);
+    memcpy(dt, tv->DT, 16);
+    for (i = 0; i < 10000; i++)
         {
-        ERR_print_errors_fp(stderr);
-        EXIT(2);
+        FIPS_rand_set_dt(dt);
+        FIPS_rand_bytes(buf, 16);
+        /* Increment DT */
+        for (j = 15; j >= 0; j--)
+                {
+                dt[j]++;
+                if (dt[j])
+                        break;
+                }
         }
-    compare(buf,t->block1,8);
-    for(n=0 ; n < 99 ; ++n)
-        if(RAND_bytes(buf,8) <= 0)
-            {
-            ERR_print_errors_fp(stderr);
-            EXIT(2);
-            }
-    compare(buf,t->block100,8);
-    FIPS_test_mode(0,NULL);
+
+    compare(buf,tv->R, 16);
     }
 
 int main()
         {
-        unsigned char buf[2500];
-        int i,j,k,s,sign,nsign,err=0;
-        unsigned long n1;
-        unsigned long n2[16];
-        unsigned long runs[2][34];
-        /*double d; */
-        long d;
-
-        ERR_load_crypto_strings();
-        RAND_set_rand_method(FIPS_rand_method());
-
-        run_test(&t1);
-        run_test(&t2);
-
-        FIPS_set_prng_key(prng_key1,prng_key2);
-        RAND_seed(prng_seed,sizeof prng_seed);
-
-        i = RAND_pseudo_bytes(buf,2500);
-        if (i <= 0)
-                {
-                printf ("init failed, the rand method is not properly installed\n");
-                err++;
-                goto err;
-                }
-
-        n1=0;
-        for (i=0; i<16; i++) n2[i]=0;
-        for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
-
-        /* test 1 and 2 */
-        sign=0;
-        nsign=0;
-        for (i=0; i<2500; i++)
-                {
-                j=buf[i];
-
-                n2[j&0x0f]++;
-                n2[(j>>4)&0x0f]++;
-
-                for (k=0; k<8; k++)
-                        {
-                        s=(j&0x01);
-                        if (s == sign)
-                                nsign++;
-                        else
-                                {
-                                if (nsign > 34) nsign=34;
-                                if (nsign != 0)
-                                        {
-                                        runs[sign][nsign-1]++;
-                                        if (nsign > 6)
-                                                runs[sign][5]++;
-                                        }
-                                sign=s;
-                                nsign=1;
-                                }
-
-                        if (s) n1++;
-                        j>>=1;
-                        }
-                }
-                if (nsign > 34) nsign=34;
-                if (nsign != 0) runs[sign][nsign-1]++;
-
-        /* test 1 */
-        if (!((9654 < n1) && (n1 < 10346)))
-                {
-                printf("test 1 failed, X=%lu\n",n1);
-                err++;
-                }
-        printf("test 1 done\n");
-
-        /* test 2 */
-#ifdef undef
-        d=0;
-        for (i=0; i<16; i++)
-                d+=n2[i]*n2[i];
-        d=d*16.0/5000.0-5000.0;
-        if (!((1.03 < d) && (d < 57.4)))
-                {
-                printf("test 2 failed, X=%.2f\n",d);
-                err++;
-                }
-#endif
-        d=0;
-        for (i=0; i<16; i++)
-                d+=n2[i]*n2[i];
-        d=(d*8)/25-500000;
-        if (!((103 < d) && (d < 5740)))
-                {
-                printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
-                err++;
-                }
-        printf("test 2 done\n");
-
-        /* test 3 */
-        for (i=0; i<2; i++)
-                {
-                if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
-                        {
-                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                                i,1,runs[i][0]);
-                        err++;
-                        }
-                if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
-                        {
-                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                                i,2,runs[i][1]);
-                        err++;
-                        }
-                if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
-                        {
-                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                                i,3,runs[i][2]);
-                        err++;
-                        }
-                if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
-                        {
-                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                                i,4,runs[i][3]);
-                        err++;
-                        }
-                if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
-                        {
-                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                                i,5,runs[i][4]);
-                        err++;
-                        }
-                if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
-                        {
-                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
-                                i,6,runs[i][5]);
-                        err++;
-                        }
-                }
-        printf("test 3 done\n");
-        
-        /* test 4 */
-        if (runs[0][33] != 0)
-                {
-                printf("test 4 failed, bit=%d run=%d num=%lu\n",
-                        0,34,runs[0][33]);
-                err++;
-                }
-        if (runs[1][33] != 0)
-                {
-                printf("test 4 failed, bit=%d run=%d num=%lu\n",
-                        1,34,runs[1][33]);
-                err++;
-                }
-        printf("test 4 done\n");
- err:
-        err=((err)?1:0);
-        EXIT(err);
-        return(err);
+        run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
+        printf("FIPS PRNG test 1 done\n");
+        run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
+        printf("FIPS PRNG test 2 done\n");
+        run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
+        printf("FIPS PRNG test 3 done\n");
+        return 0;
         }
 
 #endif
diff --git a/src/lib/libssl/src/fips/rand/fips_rngvs.c b/src/lib/libssl/src/fips/rand/fips_rngvs.c
new file mode 100644
index 0000000000..cb904eaf0b
--- /dev/null
+++ b/src/lib/libssl/src/fips/rand/fips_rngvs.c
@@ -0,0 +1,230 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+    printf("No FIPS RNG support\n");
+    return 0;
+}
+#else
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/x509v3.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+void vst()
+    {
+    unsigned char *key = NULL;
+    unsigned char *v = NULL;
+    unsigned char *dt = NULL;
+    unsigned char ret[16];
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    long i, keylen;
+
+    keylen = 0;
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+        {
+        fputs(buf,stdout);
+        if(!strncmp(buf,"[AES 128-Key]", 13))
+                keylen = 16;
+        else if(!strncmp(buf,"[AES 192-Key]", 13))
+                keylen = 24;
+        else if(!strncmp(buf,"[AES 256-Key]", 13))
+                keylen = 32;
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                continue;
+        if(!strcmp(keyword,"Key"))
+            {
+            key=hex2bin_m(value,&i);
+            if (i != keylen)
+                {
+                fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
+                return;
+                }
+            }
+        else if(!strcmp(keyword,"DT"))
+            {
+            dt=hex2bin_m(value,&i);
+            if (i != 16)
+                {
+                fprintf(stderr, "Invalid DT length\n");
+                return;
+                }
+            }
+        else if(!strcmp(keyword,"V"))
+            {
+            v=hex2bin_m(value,&i);
+            if (i != 16)
+                {
+                fprintf(stderr, "Invalid V length\n");
+                return;
+                }
+
+            if (!key || !dt)
+                {
+                fprintf(stderr, "Missing key or DT\n");
+                return;
+                }
+
+            FIPS_rand_set_key(key, keylen);
+            FIPS_rand_seed(v,16);
+            FIPS_rand_set_dt(dt);
+            if (FIPS_rand_bytes(ret,16) <= 0)
+                {
+                fprintf(stderr, "Error getting PRNG value\n");
+                return;
+                }
+
+            pv("R",ret,16);
+            OPENSSL_free(key);
+            key = NULL;
+            OPENSSL_free(dt);
+            dt = NULL;
+            OPENSSL_free(v);
+            v = NULL;
+            }
+        }
+    }
+
+void mct()
+    {
+    unsigned char *key = NULL;
+    unsigned char *v = NULL;
+    unsigned char *dt = NULL;
+    unsigned char ret[16];
+    char buf[1024];
+    char lbuf[1024];
+    char *keyword, *value;
+    long i, keylen;
+    int j;
+
+    keylen = 0;
+
+    while(fgets(buf,sizeof buf,stdin) != NULL)
+        {
+        fputs(buf,stdout);
+        if(!strncmp(buf,"[AES 128-Key]", 13))
+                keylen = 16;
+        else if(!strncmp(buf,"[AES 192-Key]", 13))
+                keylen = 24;
+        else if(!strncmp(buf,"[AES 256-Key]", 13))
+                keylen = 32;
+        if (!parse_line(&keyword, &value, lbuf, buf))
+                continue;
+        if(!strcmp(keyword,"Key"))
+            {
+            key=hex2bin_m(value,&i);
+            if (i != keylen)
+                {
+                fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
+                return;
+                }
+            }
+        else if(!strcmp(keyword,"DT"))
+            {
+            dt=hex2bin_m(value,&i);
+            if (i != 16)
+                {
+                fprintf(stderr, "Invalid DT length\n");
+                return;
+                }
+            }
+        else if(!strcmp(keyword,"V"))
+            {
+            v=hex2bin_m(value,&i);
+            if (i != 16)
+                {
+                fprintf(stderr, "Invalid V length\n");
+                return;
+                }
+
+            if (!key || !dt)
+                {
+                fprintf(stderr, "Missing key or DT\n");
+                return;
+                }
+
+            FIPS_rand_set_key(key, keylen);
+            FIPS_rand_seed(v,16);
+            for (i = 0; i < 10000; i++)
+                {
+                    FIPS_rand_set_dt(dt);
+                    if (FIPS_rand_bytes(ret,16) <= 0)
+                        {
+                        fprintf(stderr, "Error getting PRNG value\n");
+                        return;
+                        }
+                    /* Increment DT */
+                    for (j = 15; j >= 0; j--)
+                        {
+                        dt[j]++;
+                        if (dt[j])
+                                break;
+                        }
+                }
+
+            pv("R",ret,16);
+            OPENSSL_free(key);
+            key = NULL;
+            OPENSSL_free(dt);
+            dt = NULL;
+            OPENSSL_free(v);
+            v = NULL;
+            }
+        }
+    }
+
+int main(int argc,char **argv)
+    {
+    if(argc != 2)
+        {
+        fprintf(stderr,"%s [mct|vst]\n",argv[0]);
+        exit(1);
+        }
+    if(!FIPS_mode_set(1))
+        {
+        do_print_errors();
+        exit(1);
+        }
+    FIPS_rand_reset();
+    if (!FIPS_rand_test_mode())
+        {
+        fprintf(stderr, "Error setting PRNG test mode\n");
+        do_print_errors();
+        exit(1);
+        }
+    if(!strcmp(argv[1],"mct"))
+        mct();
+    else if(!strcmp(argv[1],"vst"))
+        vst();
+    else
+        {
+        fprintf(stderr,"Don't know how to %s.\n",argv[1]);
+        exit(1);
+        }
+
+    return 0;
+    }
+#endif
diff --git a/src/lib/libssl/src/fips/rsa/Makefile b/src/lib/libssl/src/fips/rsa/Makefile
index bb20f86442..da28c13aa6 100644
--- a/src/lib/libssl/src/fips/rsa/Makefile
+++ b/src/lib/libssl/src/fips/rsa/Makefile
@@ -1,5 +1,5 @@
 #
-# SSLeay/fips/rsa/Makefile
+# OpenSSL/fips/rsa/Makefile
 #
 
 DIR=    rsa
@@ -18,12 +18,14 @@ AR=		ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST=
+TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c
-LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o
+LIBSRC=fips_rsa_eay.c fips_rsa_gen.c fips_rsa_selftest.c fips_rsa_x931g.c \
+        fips_rsa_sign.c fips_rsa_lib.c
+LIBOBJ=fips_rsa_eay.o fips_rsa_gen.o fips_rsa_selftest.o fips_rsa_x931g.o \
+        fips_rsa_sign.o fips_rsa_lib.o
 
 SRC= $(LIBSRC)
 
@@ -35,15 +37,10 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
         (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all)
 
-all:    check lib
+all:    lib
 
 lib:    $(LIBOBJ)
-        $(AR) $(LIB) $(LIBOBJ)
-        $(RANLIB) $(LIB) || echo Never mind.
-        @sleep 2; touch lib
-
-check:
-        TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER)
+        @echo $(LIBOBJ) > lib
 
 files:
         $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -65,6 +62,24 @@ tags:
 
 tests:
 
+Q=../testvectors/rsa/req
+A=../testvectors/rsa/rsp
+Q62=../testvectors/rsa_salt_62/req
+A62=../testvectors/rsa_salt_62/rsp
+
+fips_test:
+        -rm -rf $(A) $(A62)
+        mkdir $(A) $(A62)
+        if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req  > $(A)/SigGen15.rsp; fi
+        if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
+        if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
+        if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
+        if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
+        if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
+        if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
+        if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
+        if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi
+
 lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
@@ -92,20 +107,109 @@ fips_rsa_eay.o: fips_rsa_eay.c
 fips_rsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_rsa_gen.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 fips_rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_rsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_gen.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsa_gen.o: ../../include/openssl/objects.h
 fips_rsa_gen.o: ../../include/openssl/opensslconf.h
 fips_rsa_gen.o: ../../include/openssl/opensslv.h
 fips_rsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
 fips_rsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-fips_rsa_gen.o: ../../include/openssl/symhacks.h fips_rsa_gen.c
+fips_rsa_gen.o: ../../include/openssl/symhacks.h ../fips_locl.h fips_rsa_gen.c
+fips_rsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsa_lib.o: ../../include/openssl/objects.h
+fips_rsa_lib.o: ../../include/openssl/opensslconf.h
+fips_rsa_lib.o: ../../include/openssl/opensslv.h
+fips_rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_rsa_lib.o: ../../include/openssl/symhacks.h fips_rsa_lib.c
 fips_rsa_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 fips_rsa_selftest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 fips_rsa_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-fips_rsa_selftest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_rsa_selftest.o: ../../include/openssl/lhash.h
+fips_rsa_selftest.o: ../../include/openssl/obj_mac.h
+fips_rsa_selftest.o: ../../include/openssl/objects.h
 fips_rsa_selftest.o: ../../include/openssl/opensslconf.h
 fips_rsa_selftest.o: ../../include/openssl/opensslv.h
 fips_rsa_selftest.o: ../../include/openssl/ossl_typ.h
 fips_rsa_selftest.o: ../../include/openssl/rsa.h
 fips_rsa_selftest.o: ../../include/openssl/safestack.h
-fips_rsa_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_rsa_selftest.o: ../../include/openssl/stack.h
 fips_rsa_selftest.o: ../../include/openssl/symhacks.h fips_rsa_selftest.c
+fips_rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_sign.o: ../../include/openssl/obj_mac.h
+fips_rsa_sign.o: ../../include/openssl/objects.h
+fips_rsa_sign.o: ../../include/openssl/opensslconf.h
+fips_rsa_sign.o: ../../include/openssl/opensslv.h
+fips_rsa_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_rsa_sign.o: fips_rsa_sign.c
+fips_rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_rsa_x931g.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_rsa_x931g.o: ../../include/openssl/opensslconf.h
+fips_rsa_x931g.o: ../../include/openssl/opensslv.h
+fips_rsa_x931g.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+fips_rsa_x931g.o: ../../include/openssl/safestack.h
+fips_rsa_x931g.o: ../../include/openssl/stack.h
+fips_rsa_x931g.o: ../../include/openssl/symhacks.h fips_rsa_x931g.c
+fips_rsagtest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsagtest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_rsagtest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_rsagtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_rsagtest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_rsagtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsagtest.o: ../../include/openssl/fips.h ../../include/openssl/hmac.h
+fips_rsagtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsagtest.o: ../../include/openssl/objects.h
+fips_rsagtest.o: ../../include/openssl/opensslconf.h
+fips_rsagtest.o: ../../include/openssl/opensslv.h
+fips_rsagtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_rsagtest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_rsagtest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_rsagtest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+fips_rsagtest.o: ../../include/openssl/x509_vfy.h
+fips_rsagtest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_rsagtest.c
+fips_rsastest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsastest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_rsastest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_rsastest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_rsastest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_rsastest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsastest.o: ../../include/openssl/fips.h ../../include/openssl/hmac.h
+fips_rsastest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsastest.o: ../../include/openssl/objects.h
+fips_rsastest.o: ../../include/openssl/opensslconf.h
+fips_rsastest.o: ../../include/openssl/opensslv.h
+fips_rsastest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_rsastest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_rsastest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_rsastest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+fips_rsastest.o: ../../include/openssl/x509_vfy.h
+fips_rsastest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_rsastest.c
+fips_rsavtest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_rsavtest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_rsavtest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_rsavtest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_rsavtest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_rsavtest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_rsavtest.o: ../../include/openssl/fips.h ../../include/openssl/hmac.h
+fips_rsavtest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+fips_rsavtest.o: ../../include/openssl/objects.h
+fips_rsavtest.o: ../../include/openssl/opensslconf.h
+fips_rsavtest.o: ../../include/openssl/opensslv.h
+fips_rsavtest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_rsavtest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+fips_rsavtest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_rsavtest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+fips_rsavtest.o: ../../include/openssl/x509_vfy.h
+fips_rsavtest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_rsavtest.c
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c b/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c
index c571e2b1bf..937a14e684 100644
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c
+++ b/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c
@@ -55,25 +55,78 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
-#include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#include <openssl/err.h>
 #include <openssl/fips.h>
 
 #if !defined(RSA_NULL) && defined(OPENSSL_FIPS)
 
-static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
                 unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                 unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
                 unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                 unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
 static RSA_METHOD rsa_pkcs1_eay_meth={
@@ -86,10 +139,11 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
         BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
         RSA_eay_init,
         RSA_eay_finish,
-        0, /* flags */
+        RSA_FLAG_FIPS_METHOD, /* flags */
         NULL,
         0, /* rsa_sign */
-        0  /* rsa_verify */
+        0, /* rsa_verify */
+        NULL /* rsa_keygen */
         };
 
 const RSA_METHOD *RSA_PKCS1_SSLeay(void)
@@ -97,26 +151,65 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
         return(&rsa_pkcs1_eay_meth);
         }
 
-static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+/* Usage example;
+ *    MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+ */
+#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
+        if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
+                        !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
+                                CRYPTO_LOCK_RSA, \
+                                (rsa)->m, (ctx))) \
+                err_instr
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
-        BIGNUM f,ret;
+        BIGNUM *f,*ret;
         int i,j,k,num=0,r= -1;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
 
-        BN_init(&f);
-        BN_init(&ret);
-
         if(FIPS_selftest_failed())
                 {
                 FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
                 goto err;
                 }
 
+        if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+                }
+
+        if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+                return -1;
+                }
+
+        if (BN_ucmp(rsa->n, rsa->e) <= 0)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+                return -1;
+                }
+
+        /* for large moduli, enforce exponent limit */
+        if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
+                {
+                if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+                        return -1;
+                        }
+                }
+        
         if ((ctx=BN_CTX_new()) == NULL) goto err;
+        BN_CTX_start(ctx);
+        f = BN_CTX_get(ctx);
+        ret = BN_CTX_get(ctx);
         num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+        buf = OPENSSL_malloc(num);
+        if (!f || !ret || !buf)
                 {
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -144,54 +237,34 @@ static int RSA_eay_public_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fro
                 }
         if (i <= 0) goto err;
 
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+        if (BN_bin2bn(buf,num,f) == NULL) goto err;
         
-        if (BN_ucmp(&f, rsa->n) >= 0)
+        if (BN_ucmp(f, rsa->n) >= 0)
                 {       
                 /* usually the padding functions would catch this */
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
                 }
 
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                BN_MONT_CTX* bn_mont_ctx;
-                if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                        goto err;
-                if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
-                        {
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                        goto err;
-                        }
-                if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
-                        {
-                        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                        if (rsa->_method_mod_n == NULL)
-                                {
-                                rsa->_method_mod_n = bn_mont_ctx;
-                                bn_mont_ctx = NULL;
-                                }
-                        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                        }
-                if (bn_mont_ctx)
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                }
-                
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+        MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+
+        if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
                 rsa->_method_mod_n)) goto err;
 
         /* put in leading 0 bytes if the number is less than the
          * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
+        j=BN_num_bytes(ret);
+        i=BN_bn2bin(ret,&(to[num-j]));
         for (k=0; k<(num-i); k++)
                 to[k]=0;
 
         r=num;
 err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
         if (buf != NULL) 
                 {
                 OPENSSL_cleanse(buf,num);
@@ -200,76 +273,127 @@ err:
         return(r);
         }
 
-static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
-        {
-        int ret = 1;
-        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-        /* Check again inside the lock - the macro's check is racey */
-        if(rsa->blinding == NULL)
-                ret = RSA_blinding_on(rsa, ctx);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-        return ret;
-        }
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+{
+        BN_BLINDING *ret;
+        int got_write_lock = 0;
 
-#define BLINDING_HELPER(rsa, ctx, err_instr) \
-        do { \
-                if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
-                    ((rsa)->blinding == NULL) && \
-                    !rsa_eay_blinding(rsa, ctx)) \
-                    err_instr \
-        } while(0)
+        CRYPTO_r_lock(CRYPTO_LOCK_RSA);
 
-static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
-        {
-        BIGNUM *A, *Ai;
-        BN_BLINDING *ret = NULL;
+        if (rsa->blinding == NULL)
+                {
+                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+                got_write_lock = 1;
 
-        /* added in OpenSSL 0.9.6j and 0.9.7b */
+                if (rsa->blinding == NULL)
+                        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+                }
 
-        /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
-         * this should be placed in a new function of its own, but for reasons
-         * of binary compatibility can't */
+        ret = rsa->blinding;
+        if (ret == NULL)
+                goto err;
 
-        BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
-        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+        if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
                 {
-                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
-                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
-                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+                /* rsa->blinding is ours! */
+
+                *local = 1;
                 }
         else
                 {
-                if (!BN_rand_range(A,rsa->n)) goto err;
+                /* resort to rsa->mt_blinding instead */
+
+                *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
+                             * that the BN_BLINDING is shared, meaning that accesses
+                             * require locks, and that the blinding factor must be
+                             * stored outside the BN_BLINDING
+                             */
+
+                if (rsa->mt_blinding == NULL)
+                        {
+                        if (!got_write_lock)
+                                {
+                                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+                                got_write_lock = 1;
+                                }
+                        
+                        if (rsa->mt_blinding == NULL)
+                                rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+                        }
+                ret = rsa->mt_blinding;
                 }
-        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
-        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
-                goto err;
-        ret = BN_BLINDING_new(A,Ai,rsa->n);
-        BN_free(Ai);
-err:
-        BN_CTX_end(ctx);
+ err:
+        if (got_write_lock)
+                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        else
+                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
         return ret;
-        }
+}
+
+static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
+        BIGNUM *r, BN_CTX *ctx)
+{
+        if (local)
+                return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+        else
+                {
+                int ret;
+                CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
+                ret = BN_BLINDING_convert_ex(f, r, b, ctx);
+                CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
+                return ret;
+                }
+}
+
+static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
+        BIGNUM *r, BN_CTX *ctx)
+{
+        if (local)
+                return BN_BLINDING_invert_ex(f, NULL, b, ctx);
+        else
+                {
+                int ret;
+                CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
+                ret = BN_BLINDING_invert_ex(f, r, b, ctx);
+                CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
+                return ret;
+                }
+}
 
 /* signing */
-static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
-        BIGNUM f,ret;
+        BIGNUM *f, *ret, *br, *res;
         int i,j,k,num=0,r= -1;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
         int local_blinding = 0;
         BN_BLINDING *blinding = NULL;
 
-        BN_init(&f);
-        BN_init(&ret);
+        if(FIPS_selftest_failed())
+                {
+                FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
+                goto err;
+                }
+
+        if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
+                {
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+                }
 
         if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+        BN_CTX_start(ctx);
+        f   = BN_CTX_get(ctx);
+        br  = BN_CTX_get(ctx);
+        ret = BN_CTX_get(ctx);
+        num = BN_num_bytes(rsa->n);
+        buf = OPENSSL_malloc(num);
+        if(!f || !ret || !buf)
                 {
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -280,6 +404,9 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
         case RSA_PKCS1_PADDING:
                 i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
                 break;
+        case RSA_X931_PADDING:
+                i=RSA_padding_add_X931(buf,num,from,flen);
+                break;
         case RSA_NO_PADDING:
                 i=RSA_padding_add_none(buf,num,from,flen);
                 break;
@@ -290,26 +417,18 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 }
         if (i <= 0) goto err;
 
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+        if (BN_bin2bn(buf,num,f) == NULL) goto err;
         
-        if (BN_ucmp(&f, rsa->n) >= 0)
+        if (BN_ucmp(f, rsa->n) >= 0)
                 {       
                 /* usually the padding functions would catch this */
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
                 }
 
-        BLINDING_HELPER(rsa, ctx, goto err;);
-        blinding = rsa->blinding;
-        
-        /* Now unless blinding is disabled, 'blinding' is non-NULL.
-         * But the BN_BLINDING object may be owned by some other thread
-         * (we don't want to keep it constant and we don't want to use
-         * lots of locking to avoid race conditions, so only a single
-         * thread can use it; other threads have to use local blinding
-         * factors) */
         if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
                 {
+                blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
                 if (blinding == NULL)
                         {
                         RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
@@ -318,20 +437,8 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 }
         
         if (blinding != NULL)
-                {
-                if (blinding->thread_id != CRYPTO_thread_id())
-                        {
-                        /* we need a local one-time blinding factor */
-
-                        blinding = setup_blinding(rsa, ctx);
-                        if (blinding == NULL)
-                                goto err;
-                        local_blinding = 1;
-                        }
-                }
-
-        if (blinding)
-                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
+                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                        goto err;
 
         if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
                 ((rsa->p != NULL) &&
@@ -339,29 +446,58 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 (rsa->dmp1 != NULL) &&
                 (rsa->dmq1 != NULL) &&
                 (rsa->iqmp != NULL)) )
-                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+                { 
+                if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
+                }
         else
                 {
-                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
+                BIGNUM local_d;
+                BIGNUM *d = NULL;
+                
+                if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                        {
+                        BN_init(&local_d);
+                        d = &local_d;
+                        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                        }
+                else
+                        d = rsa->d;
+
+                MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+
+                if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
+                                rsa->_method_mod_n)) goto err;
                 }
 
         if (blinding)
-                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                        goto err;
+
+        if (padding == RSA_X931_PADDING)
+                {
+                BN_sub(f, rsa->n, ret);
+                if (BN_cmp(ret, f))
+                        res = f;
+                else
+                        res = ret;
+                }
+        else
+                res = ret;
 
         /* put in leading 0 bytes if the number is less than the
          * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
+        j=BN_num_bytes(res);
+        i=BN_bn2bin(res,&(to[num-j]));
         for (k=0; k<(num-i); k++)
                 to[k]=0;
 
         r=num;
 err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&ret);
-        BN_clear_free(&f);
-        if (local_blinding)
-                BN_BLINDING_free(blinding);
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
         if (buf != NULL)
                 {
                 OPENSSL_cleanse(buf,num);
@@ -370,10 +506,10 @@ err:
         return(r);
         }
 
-static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
-        BIGNUM f,ret;
+        BIGNUM *f, *ret, *br;
         int j,num=0,r= -1;
         unsigned char *p;
         unsigned char *buf=NULL;
@@ -381,14 +517,26 @@ static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
         int local_blinding = 0;
         BN_BLINDING *blinding = NULL;
 
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
+        if(FIPS_selftest_failed())
+                {
+                FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
+                goto err;
+                }
 
-        num=BN_num_bytes(rsa->n);
+        if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
+                {
+                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+                }
 
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
+        if((ctx = BN_CTX_new()) == NULL) goto err;
+        BN_CTX_start(ctx);
+        f   = BN_CTX_get(ctx);
+        br  = BN_CTX_get(ctx);
+        ret = BN_CTX_get(ctx);
+        num = BN_num_bytes(rsa->n);
+        buf = OPENSSL_malloc(num);
+        if(!f || !ret || !buf)
                 {
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -403,25 +551,17 @@ static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 }
 
         /* make data into a big number */
-        if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
+        if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
 
-        if (BN_ucmp(&f, rsa->n) >= 0)
+        if (BN_ucmp(f, rsa->n) >= 0)
                 {
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
                 }
 
-        BLINDING_HELPER(rsa, ctx, goto err;);
-        blinding = rsa->blinding;
-        
-        /* Now unless blinding is disabled, 'blinding' is non-NULL.
-         * But the BN_BLINDING object may be owned by some other thread
-         * (we don't want to keep it constant and we don't want to use
-         * lots of locking to avoid race conditions, so only a single
-         * thread can use it; other threads have to use local blinding
-         * factors) */
         if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
                 {
+                blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
                 if (blinding == NULL)
                         {
                         RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
@@ -430,20 +570,8 @@ static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 }
         
         if (blinding != NULL)
-                {
-                if (blinding->thread_id != CRYPTO_thread_id())
-                        {
-                        /* we need a local one-time blinding factor */
-
-                        blinding = setup_blinding(rsa, ctx);
-                        if (blinding == NULL)
-                                goto err;
-                        local_blinding = 1;
-                        }
-                }
-
-        if (blinding)
-                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
+                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                        goto err;
 
         /* do the decrypt */
         if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -452,18 +580,34 @@ static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 (rsa->dmp1 != NULL) &&
                 (rsa->dmq1 != NULL) &&
                 (rsa->iqmp != NULL)) )
-                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
+                {
+                if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
+                }
         else
                 {
-                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
-                        goto err;
+                BIGNUM local_d;
+                BIGNUM *d = NULL;
+                
+                if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                        {
+                        d = &local_d;
+                        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                        }
+                else
+                        d = rsa->d;
+
+                MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+                if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
+                                rsa->_method_mod_n))
+                  goto err;
                 }
 
         if (blinding)
-                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
+                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                        goto err;
 
         p=buf;
-        j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
+        j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
 
         switch (padding)
                 {
@@ -489,11 +633,11 @@ static int RSA_eay_private_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
 
 err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (local_blinding)
-                BN_BLINDING_free(blinding);
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
         if (buf != NULL)
                 {
                 OPENSSL_cleanse(buf,num);
@@ -503,23 +647,56 @@ err:
         }
 
 /* signature verification */
-static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
-        BIGNUM f,ret;
+        BIGNUM *f,*ret;
         int i,num=0,r= -1;
         unsigned char *p;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
 
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
+        if(FIPS_selftest_failed())
+                {
+                FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
+                goto err;
+                }
+
+        if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+                }
+
+        if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+                return -1;
+                }
+
+        if (BN_ucmp(rsa->n, rsa->e) <= 0)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+                return -1;
+                }
 
+        /* for large moduli, enforce exponent limit */
+        if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
+                {
+                if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+                        return -1;
+                        }
+                }
+        
+        if((ctx = BN_CTX_new()) == NULL) goto err;
+        BN_CTX_start(ctx);
+        f = BN_CTX_get(ctx);
+        ret = BN_CTX_get(ctx);
         num=BN_num_bytes(rsa->n);
-        buf=(unsigned char *)OPENSSL_malloc(num);
-        if (buf == NULL)
+        buf = OPENSSL_malloc(num);
+        if(!f || !ret || !buf)
                 {
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -533,50 +710,33 @@ static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fro
                 goto err;
                 }
 
-        if (BN_bin2bn(from,flen,&f) == NULL) goto err;
+        if (BN_bin2bn(from,flen,f) == NULL) goto err;
 
-        if (BN_ucmp(&f, rsa->n) >= 0)
+        if (BN_ucmp(f, rsa->n) >= 0)
                 {
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                 goto err;
                 }
 
-        /* do the decrypt */
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                BN_MONT_CTX* bn_mont_ctx;
-                if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                        goto err;
-                if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
-                        {
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                        goto err;
-                        }
-                if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
-                        {
-                        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                        if (rsa->_method_mod_n == NULL)
-                                {
-                                rsa->_method_mod_n = bn_mont_ctx;
-                                bn_mont_ctx = NULL;
-                                }
-                        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                        }
-                if (bn_mont_ctx)
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                }
-                
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
+        MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+
+        if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
                 rsa->_method_mod_n)) goto err;
 
+        if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
+                BN_sub(ret, rsa->n, ret);
+
         p=buf;
-        i=BN_bn2bin(&ret,p);
+        i=BN_bn2bin(ret,p);
 
         switch (padding)
                 {
         case RSA_PKCS1_PADDING:
                 r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
                 break;
+        case RSA_X931_PADDING:
+                r=RSA_padding_check_X931(to,num,buf,i,num);
+                break;
         case RSA_NO_PADDING:
                 r=RSA_padding_check_none(to,num,buf,i,num);
                 break;
@@ -588,9 +748,11 @@ static int RSA_eay_public_decrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fro
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
 
 err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
+        if (ctx != NULL)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
         if (buf != NULL)
                 {
                 OPENSSL_cleanse(buf,num);
@@ -599,84 +761,109 @@ err:
         return(r);
         }
 
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         {
-        BIGNUM r1,m1,vrfy;
+        BIGNUM *r1,*m1,*vrfy;
+        BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
+        BIGNUM *dmp1,*dmq1,*c,*pr1;
+        int bn_flags;
         int ret=0;
-        BN_CTX *ctx;
 
-        BN_init(&m1);
-        BN_init(&r1);
-        BN_init(&vrfy);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        BN_CTX_start(ctx);
+        r1 = BN_CTX_get(ctx);
+        m1 = BN_CTX_get(ctx);
+        vrfy = BN_CTX_get(ctx);
+
+        /* Make sure mod_inverse in montgomerey intialization use correct 
+         * BN_FLG_CONSTTIME flag.
+         */
+        bn_flags = rsa->p->flags;
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                rsa->p->flags |= BN_FLG_CONSTTIME;
+                }
+        MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+        /* We restore bn_flags back */
+        rsa->p->flags = bn_flags;
 
-        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+        /* Make sure mod_inverse in montgomerey intialization use correct
+         * BN_FLG_CONSTTIME flag.
+         */
+        bn_flags = rsa->q->flags;
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
                 {
-                if (rsa->_method_mod_p == NULL)
-                        {
-                        BN_MONT_CTX* bn_mont_ctx;
-                        if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                                goto err;
-                        if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
-                                {
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                                goto err;
-                                }
-                        if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
-                                {
-                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                                if (rsa->_method_mod_p == NULL)
-                                        {
-                                        rsa->_method_mod_p = bn_mont_ctx;
-                                        bn_mont_ctx = NULL;
-                                        }
-                                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                                }
-                        if (bn_mont_ctx)
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                        }
+                rsa->q->flags |= BN_FLG_CONSTTIME;
+                }
+        MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+        /* We restore bn_flags back */
+        rsa->q->flags = bn_flags;       
 
-                if (rsa->_method_mod_q == NULL)
-                        {
-                        BN_MONT_CTX* bn_mont_ctx;
-                        if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                                goto err;
-                        if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
-                                {
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                                goto err;
-                                }
-                        if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
-                                {
-                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                                if (rsa->_method_mod_q == NULL)
-                                        {
-                                        rsa->_method_mod_q = bn_mont_ctx;
-                                        bn_mont_ctx = NULL;
-                                        }
-                                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                                }
-                        if (bn_mont_ctx)
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                        }
+        MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+
+        /* compute I mod q */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                c = &local_c;
+                BN_with_flags(c, I, BN_FLG_CONSTTIME);
+                if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
                 }
-                
-        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-        if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
+        else
+                {
+                if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
+                }
+
+        /* compute r1^dmq1 mod q */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                dmq1 = &local_dmq1;
+                BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+                }
+        else
+                dmq1 = rsa->dmq1;
+        if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
                 rsa->_method_mod_q)) goto err;
 
-        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-        if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
+        /* compute I mod p */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                c = &local_c;
+                BN_with_flags(c, I, BN_FLG_CONSTTIME);
+                if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
+                }
+        else
+                {
+                if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
+                }
+
+        /* compute r1^dmp1 mod p */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                dmp1 = &local_dmp1;
+                BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+                }
+        else
+                dmp1 = rsa->dmp1;
+        if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
                 rsa->_method_mod_p)) goto err;
 
-        if (!BN_sub(r0,r0,&m1)) goto err;
+        if (!BN_sub(r0,r0,m1)) goto err;
         /* This will help stop the size of r0 increasing, which does
          * affect the multiply if it optimised for a power of 2 size */
-        if (r0->neg)
+        if (BN_is_negative(r0))
                 if (!BN_add(r0,r0,rsa->p)) goto err;
 
-        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
-        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+        if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
+
+        /* Turn BN_FLG_CONSTTIME flag on before division operation */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                pr1 = &local_r1;
+                BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+                }
+        else
+                pr1 = r1;
+        if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
+
         /* If p < q it is occasionally possible for the correction of
          * adding 'p' if r0 is negative above to leave the result still
          * negative. This can break the private key operations: the following
@@ -684,39 +871,51 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
          * This will *never* happen with OpenSSL generated keys because
          * they ensure p > q [steve]
          */
-        if (r0->neg)
+        if (BN_is_negative(r0))
                 if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
-        if (!BN_add(r0,&r1,&m1)) goto err;
+        if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
+        if (!BN_add(r0,r1,m1)) goto err;
 
         if (rsa->e && rsa->n)
                 {
-                if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+                if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
                 /* If 'I' was greater than (or equal to) rsa->n, the operation
                  * will be equivalent to using 'I mod n'. However, the result of
                  * the verify will *always* be less than 'n' so we don't check
                  * for absolute equality, just congruency. */
-                if (!BN_sub(&vrfy, &vrfy, I)) goto err;
-                if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
-                if (vrfy.neg)
-                        if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
-                if (!BN_is_zero(&vrfy))
+                if (!BN_sub(vrfy, vrfy, I)) goto err;
+                if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
+                if (BN_is_negative(vrfy))
+                        if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
+                if (!BN_is_zero(vrfy))
+                        {
                         /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
                          * miscalculated CRT output, just do a raw (slower)
                          * mod_exp and return that instead. */
-                        if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+
+                        BIGNUM local_d;
+                        BIGNUM *d = NULL;
+                
+                        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                                {
+                                d = &local_d;
+                                BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                                }
+                        else
+                                d = rsa->d;
+                        if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
+                                                   rsa->_method_mod_n)) goto err;
+                        }
                 }
         ret=1;
 err:
-        BN_clear_free(&m1);
-        BN_clear_free(&r1);
-        BN_clear_free(&vrfy);
-        BN_CTX_free(ctx);
+        BN_CTX_end(ctx);
         return(ret);
         }
 
 static int RSA_eay_init(RSA *rsa)
         {
+        FIPS_selftest_check();
         rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
         return(1);
         }
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c b/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c
index 2c92112477..90aaa2f095 100644
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c
+++ b/src/lib/libssl/src/fips/rsa/fips_rsa_gen.c
@@ -56,72 +56,126 @@
  * [including the GNU Public Licence.]
  */
 
+
+/* NB: these functions have been "upgraded", the deprecated versions (which are
+ * compatibility wrappers using these functions) are in rsa_depr.c.
+ * - Geoff
+ */
+
 #include <stdio.h>
-#include <string.h>
 #include <time.h>
-#include <openssl/err.h>
+#include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
 #include <openssl/fips.h>
+#include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
 
-static int fips_check_rsa(RSA *rsa)
-    {
-    int n;
-    unsigned char ctext[256];
-    unsigned char ptext[256];
-    /* The longest we can have with OAEP padding and a 512 bit key */
-    static unsigned char original_ptext[] =
-        "\x01\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0"
-        "\x23\x45\x67\x89\xab\xcd";
-
-    /* this will fail for keys shorter than 512 bits */
-    n=RSA_public_encrypt(sizeof(original_ptext)-1,original_ptext,ctext,rsa,
-                         RSA_PKCS1_OAEP_PADDING);
-    if(n < 0)
+static int fips_rsa_pairwise_fail = 0;
+
+void FIPS_corrupt_rsa_keygen(void)
         {
-        ERR_print_errors_fp(stderr);
-        exit(1);
+        fips_rsa_pairwise_fail = 1;
         }
-    if(!memcmp(ctext,original_ptext,n))
-        {
-        FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
-        return 0;
-        }
-    n=RSA_private_decrypt(n,ctext,ptext,rsa,RSA_PKCS1_OAEP_PADDING);
-    if(n < 0)
+
+int fips_check_rsa(RSA *rsa)
         {
-        ERR_print_errors_fp(stderr);
-        exit(1);
+        const unsigned char tbs[] = "RSA Pairwise Check Data";
+        unsigned char *ctbuf = NULL, *ptbuf = NULL;
+        int len, ret = 0;
+        EVP_PKEY pk;
+        pk.type = EVP_PKEY_RSA;
+        pk.pkey.rsa = rsa;
+
+        /* Perform pairwise consistency signature test */
+        if (!fips_pkey_signature_test(&pk, tbs, -1,
+                        NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
+                || !fips_pkey_signature_test(&pk, tbs, -1,
+                        NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
+                || !fips_pkey_signature_test(&pk, tbs, -1,
+                        NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
+                goto err;
+        /* Now perform pairwise consistency encrypt/decrypt test */
+        ctbuf = OPENSSL_malloc(RSA_size(rsa));
+        if (!ctbuf)
+                goto err;
+
+        len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
+        if (len <= 0)
+                goto err;
+        /* Check ciphertext doesn't match plaintext */
+        if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
+                goto err;
+        ptbuf = OPENSSL_malloc(RSA_size(rsa));
+
+        if (!ptbuf)
+                goto err;
+        len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
+        if (len != (sizeof(tbs) - 1))
+                goto err;
+        if (memcmp(ptbuf, tbs, len))
+                goto err;
+
+        ret = 1;
+
+        if (!ptbuf)
+                goto err;
+        
+        err:
+        if (ret == 0)
+                {
+                fips_set_selftest_fail();
+                FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
+                }
+
+        if (ctbuf)
+                OPENSSL_free(ctbuf);
+        if (ptbuf)
+                OPENSSL_free(ptbuf);
+
+        return ret;
         }
-    if(n != sizeof(original_ptext)-1 || memcmp(ptext,original_ptext,n))
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
+
+/* NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
+ * that we don't introduce a new linker dependency. Eg. any application that
+ * wasn't previously linking object code related to key-generation won't have to
+ * now just because key-generation is part of RSA_METHOD. */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         {
-        FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
-        return 0;
+        if(rsa->meth->rsa_keygen)
+                return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+        return rsa_builtin_keygen(rsa, bits, e_value, cb);
         }
 
-    return 1;
-    }
-
-RSA *RSA_generate_key(FIPS_RSA_SIZE_T bits, unsigned long e_value,
-             void (*callback)(int,int,void *), void *cb_arg)
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         {
-        RSA *rsa=NULL;
         BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-        int bitsp,bitsq,ok= -1,n=0,i;
-        BN_CTX *ctx=NULL,*ctx2=NULL;
+        BIGNUM local_r0,local_d,local_p;
+        BIGNUM *pr0,*d,*p;
+        int bitsp,bitsq,ok= -1,n=0;
+        BN_CTX *ctx=NULL;
 
         if(FIPS_selftest_failed())
             {
-            FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
-            return NULL;
+            FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
+            return 0;
+            }
+
+        if (FIPS_mode() && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
+            {
+            FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
+            return 0;
             }
-            
+
         ctx=BN_CTX_new();
         if (ctx == NULL) goto err;
-        ctx2=BN_CTX_new();
-        if (ctx2 == NULL) goto err;
         BN_CTX_start(ctx);
         r0 = BN_CTX_get(ctx);
         r1 = BN_CTX_get(ctx);
@@ -131,49 +185,58 @@ RSA *RSA_generate_key(FIPS_RSA_SIZE_T bits, unsigned long e_value,
 
         bitsp=(bits+1)/2;
         bitsq=bits-bitsp;
-        rsa=RSA_new();
-        if (rsa == NULL) goto err;
 
-        /* set e */ 
-        rsa->e=BN_new();
-        if (rsa->e == NULL) goto err;
+        /* We need the RSA components non-NULL */
+        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
+        if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
+        if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
+        if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
+        if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
+        if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
+        if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
+        if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
 
-#if 1
-        /* The problem is when building with 8, 16, or 32 BN_ULONG,
-         * unsigned long can be larger */
-        for (i=0; i<sizeof(unsigned long)*8; i++)
-                {
-                if (e_value & (1UL<<i))
-                        BN_set_bit(rsa->e,i);
-                }
-#else
-        if (!BN_set_word(rsa->e,e_value)) goto err;
-#endif
+        BN_copy(rsa->e, e_value);
 
         /* generate p and q */
         for (;;)
                 {
-                rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
-                if (rsa->p == NULL) goto err;
+                if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
+                        goto err;
                 if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
                 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
                 if (BN_is_one(r1)) break;
-                if (callback != NULL) callback(2,n++,cb_arg);
-                BN_free(rsa->p);
+                if(!BN_GENCB_call(cb, 2, n++))
+                        goto err;
                 }
-        if (callback != NULL) callback(3,0,cb_arg);
+        if(!BN_GENCB_call(cb, 3, 0))
+                goto err;
         for (;;)
                 {
-                rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
-                if (rsa->q == NULL) goto err;
+                /* When generating ridiculously small keys, we can get stuck
+                 * continually regenerating the same prime values. Check for
+                 * this and bail if it happens 3 times. */
+                unsigned int degenerate = 0;
+                do
+                        {
+                        if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+                                goto err;
+                        } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
+                if(degenerate == 3)
+                        {
+                        ok = 0; /* we set our own err */
+                        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);
+                        goto err;
+                        }
                 if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
                 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-                if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
+                if (BN_is_one(r1))
                         break;
-                if (callback != NULL) callback(2,n++,cb_arg);
-                BN_free(rsa->q);
+                if(!BN_GENCB_call(cb, 2, n++))
+                        goto err;
                 }
-        if (callback != NULL) callback(3,1,cb_arg);
+        if(!BN_GENCB_call(cb, 3, 1))
+                goto err;
         if (BN_cmp(rsa->p,rsa->q) < 0)
                 {
                 tmp=rsa->p;
@@ -182,46 +245,48 @@ RSA *RSA_generate_key(FIPS_RSA_SIZE_T bits, unsigned long e_value,
                 }
 
         /* calculate n */
-        rsa->n=BN_new();
-        if (rsa->n == NULL) goto err;
         if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
 
         /* calculate d */
         if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;        /* p-1 */
         if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;        /* q-1 */
         if (!BN_mul(r0,r1,r2,ctx)) goto err;    /* (p-1)(q-1) */
-
-/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
-/*      for (;;)
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
                 {
-                if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
-                if (BN_is_one(r3)) break;
+                  pr0 = &local_r0;
+                  BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+                }
+        else
+          pr0 = r0;
+        if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err;   /* d */
 
-                if (1)
-                        {
-                        if (!BN_add_word(rsa->e,2L)) goto err;
-                        continue;
-                        }
-                RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
-                goto err;
+        /* set up d for correct BN_FLG_CONSTTIME flag */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                d = &local_d;
+                BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
                 }
-*/
-        rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);     /* d */
-        if (rsa->d == NULL) goto err;
+        else
+                d = rsa->d;
 
         /* calculate d mod (p-1) */
-        rsa->dmp1=BN_new();
-        if (rsa->dmp1 == NULL) goto err;
-        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
+        if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
 
         /* calculate d mod (q-1) */
-        rsa->dmq1=BN_new();
-        if (rsa->dmq1 == NULL) goto err;
-        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
+        if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
 
         /* calculate inverse of q mod p */
-        rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
-        if (rsa->iqmp == NULL) goto err;
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                p = &local_p;
+                BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+                }
+        else
+                p = rsa->p;
+        if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
+
+        if (fips_rsa_pairwise_fail)
+                BN_add_word(rsa->n, 1);
 
         if(!fips_check_rsa(rsa))
             goto err;
@@ -230,20 +295,16 @@ RSA *RSA_generate_key(FIPS_RSA_SIZE_T bits, unsigned long e_value,
 err:
         if (ok == -1)
                 {
-                RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
+                RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
                 ok=0;
                 }
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-        BN_CTX_free(ctx2);
-        
-        if (!ok)
+        if (ctx != NULL)
                 {
-                if (rsa != NULL) RSA_free(rsa);
-                return(NULL);
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
                 }
-        else
-                return(rsa);
+
+        return ok;
         }
 
 #endif
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_lib.c b/src/lib/libssl/src/fips/rsa/fips_rsa_lib.c
new file mode 100644
index 0000000000..a37ad3e540
--- /dev/null
+++ b/src/lib/libssl/src/fips/rsa/fips_rsa_lib.c
@@ -0,0 +1,101 @@
+/* fips_rsa_sign.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+
+/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
+ * reduce external dependencies. 
+ */
+
+RSA *FIPS_rsa_new(void)
+        {
+        RSA *ret;
+        ret = OPENSSL_malloc(sizeof(RSA));
+        if (!ret)
+                return NULL;
+        memset(ret, 0, sizeof(RSA));
+        ret->meth = RSA_PKCS1_SSLeay();
+        if (ret->meth->init)
+                ret->meth->init(ret);
+        return ret;
+        }
+
+void FIPS_rsa_free(RSA *r)
+        {
+        if (!r)
+                return;
+        if (r->meth->finish)
+                r->meth->finish(r);
+        if (r->n != NULL) BN_clear_free(r->n);
+        if (r->e != NULL) BN_clear_free(r->e);
+        if (r->d != NULL) BN_clear_free(r->d);
+        if (r->p != NULL) BN_clear_free(r->p);
+        if (r->q != NULL) BN_clear_free(r->q);
+        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+        OPENSSL_free(r);
+        }
+
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c b/src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c
index 4e3b9445fc..bead61f572 100644
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c
+++ b/src/lib/libssl/src/fips/rsa/fips_rsa_selftest.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2003-2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -51,21 +51,11 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 #include <openssl/rsa.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
 #include <openssl/opensslconf.h>
 
 #ifdef OPENSSL_FIPS
-#define SetKey \
-  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
-  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
-  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
-  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
-  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
-  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
-  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
-  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
-  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
-  return (sizeof(ctext_ex) - 1);
 
 static unsigned char n[] =
 "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
@@ -79,11 +69,11 @@ static unsigned char n[] =
 "\xCB";
 
 
-static int setrsakey(RSA *key, unsigned char *c)
+static int setrsakey(RSA *key)
     {
-    static unsigned char e[] = "\x11";
+    static const unsigned char e[] = "\x11";
 
-    static unsigned char d[] =
+    static const unsigned char d[] =
 "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
 "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
 "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
@@ -94,50 +84,48 @@ static int setrsakey(RSA *key, unsigned char *c)
 "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
 "\xC1";
 
-    static unsigned char p[] =
+    static const unsigned char p[] =
 "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
 "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
 "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
 "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
 "\x99";
 
-    static unsigned char q[] =
+    static const unsigned char q[] =
 "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
 "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
 "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
 "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
 "\x03";
 
-    static unsigned char dmp1[] =
+    static const unsigned char dmp1[] =
 "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
 "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
 "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
 "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
 
-    static unsigned char dmq1[] =
+    static const unsigned char dmq1[] =
 "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
 "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
 "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
 "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
     
-    static unsigned char iqmp[] =
+    static const unsigned char iqmp[] =
 "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
 "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
 "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
 "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
 "\xF7";
 
-    static unsigned char ctext_ex[] =
-"\x42\x4b\xc9\x51\x61\xd4\xca\xa0\x18\x6c\x4d\xca\x61\x8f\x2d\x07"
-"\x8c\x63\xc5\x6b\xa2\x4c\x32\xb1\xda\xb7\xdd\x32\xb6\x51\x68\xc3"
-"\x6e\x98\x46\xd6\xbb\x1a\xd5\x99\x05\x92\x7c\xd7\xbc\x08\x9e\xe4"
-"\xc3\x70\x4d\xe6\x99\x7e\x61\x31\x07\x7a\x19\xdb\x3e\x11\xfa\x3d"
-"\x7c\x61\xd7\x78\x14\x3f\x05\x16\xa0\xc4\xbf\xcd\xee\xca\x67\x4c"
-"\x80\x4e\xca\x43\x2f\x35\x43\x58\xa7\x50\x7e\x3e\x52\x82\xab\xac"
-"\xa6\x50\xe8\x39\x9f\xe0\x7f\x58\x1d\x1b\x90\x93\x04\xec\xb3\xf9"
-"\x24\xd3\x75\x3e\x39\xd1\x14\xc6\x33\xce\xd6\xee\x20\x47\xec\xe4";
-
-    SetKey;
+    key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
+    key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
+    key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
+    key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
+    key->q = BN_bin2bn(q, sizeof(q)-1, key->q);
+    key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1);
+    key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1);
+    key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp);
+    return 1;
     }
 
 void FIPS_corrupt_rsa()
@@ -145,107 +133,300 @@ void FIPS_corrupt_rsa()
     n[0]++;
     }
 
+/* Known Answer Test (KAT) data for the above RSA private key signing
+ * kat_tbs.
+ */
+
+static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
+
+static const unsigned char kat_RSA_PSS_SHA1[] = {
+  0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
+  0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
+  0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
+  0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
+  0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
+  0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
+  0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
+  0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
+  0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
+  0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
+  0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
+};
+
+static const unsigned char kat_RSA_PSS_SHA224[] = {
+  0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
+  0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
+  0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
+  0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
+  0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
+  0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
+  0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
+  0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
+  0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
+  0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
+  0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
+};
+
+static const unsigned char kat_RSA_PSS_SHA256[] = {
+  0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
+  0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
+  0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
+  0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
+  0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
+  0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
+  0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
+  0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
+  0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
+  0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
+  0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
+};
+
+static const unsigned char kat_RSA_PSS_SHA384[] = {
+  0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
+  0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
+  0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
+  0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
+  0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
+  0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
+  0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
+  0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
+  0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
+  0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
+  0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
+};
+
+static const unsigned char kat_RSA_PSS_SHA512[] = {
+  0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
+  0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
+  0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
+  0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
+  0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
+  0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
+  0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
+  0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
+  0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
+  0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
+  0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
+};
+
+static const unsigned char kat_RSA_SHA1[] = {
+  0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
+  0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
+  0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
+  0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
+  0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
+  0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
+  0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
+  0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
+  0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
+  0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
+  0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
+};
+
+static const unsigned char kat_RSA_SHA224[] = {
+  0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
+  0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
+  0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
+  0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
+  0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
+  0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
+  0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
+  0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
+  0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
+  0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
+  0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
+};
+
+static const unsigned char kat_RSA_SHA256[] = {
+  0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
+  0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
+  0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
+  0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
+  0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
+  0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
+  0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
+  0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
+  0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
+  0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
+  0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
+};
+
+static const unsigned char kat_RSA_SHA384[] = {
+  0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
+  0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
+  0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
+  0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
+  0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
+  0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
+  0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
+  0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
+  0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
+  0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
+  0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
+};
+
+static const unsigned char kat_RSA_SHA512[] = {
+  0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
+  0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
+  0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
+  0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
+  0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
+  0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
+  0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
+  0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
+  0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
+  0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
+  0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
+};
+
+static const unsigned char kat_RSA_X931_SHA1[] = {
+  0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
+  0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
+  0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
+  0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
+  0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
+  0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
+  0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
+  0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
+  0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
+  0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
+  0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
+};
+
+static const unsigned char kat_RSA_X931_SHA256[] = {
+  0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
+  0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
+  0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
+  0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
+  0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
+  0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
+  0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
+  0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
+  0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
+  0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
+  0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
+};
+
+static const unsigned char kat_RSA_X931_SHA384[] = {
+  0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
+  0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
+  0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
+  0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
+  0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
+  0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
+  0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
+  0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
+  0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
+  0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
+  0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
+};
+
+static const unsigned char kat_RSA_X931_SHA512[] = {
+  0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
+  0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
+  0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
+  0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
+  0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
+  0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
+  0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
+  0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
+  0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
+  0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
+  0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
+};
+
+
 int FIPS_selftest_rsa()
-    {
-    int clen;
-    RSA *key;
-    unsigned char expected_ctext[256];
-    unsigned char ctext[256];
-    unsigned char ptext[256];
-    static unsigned char original_ptext[] =
-        "\x01\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0"
-        "\x23\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12"
-        "\x45\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34"
-        "\x67\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56"
-        "\x89\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78"
-        "\xab\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a"
-        "\xcd\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc"
-        "\xef\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc\xde"
-        "\xf0\x12\x34\x56\x78\x9a\xbc\xde\xf0\x12\x34\x56\x78\x9a\xbc\xde";
-    unsigned char md[SHA_DIGEST_LENGTH];
-    unsigned char mdkat[SHA_DIGEST_LENGTH] =
-        "\x2d\x57\x1d\x6f\x5c\x37\xf9\xf0\x3b\xb4\x3c\xe8\x2c\x4c\xb3\x04"
-        "\x75\xa2\x0e\xfb";
-    unsigned char ctextkat[] =
-        "\x3e\xc5\x0a\xbe\x29\xa2\xca\x9a\x35\x14\x17\x26\xa4\x0f\xa3\x03"
-        "\x65\xb5\x37\xf5\x6a\xaa\xb\xf\x2c\x0d\x8\xc0\x73\x8\x3c\x88\x85"
-        "\x36\x68\x16\xfe\x2f\x59\x77\x7e\x2a\x76\x9a\xc7\x27\x19\x9b\x54"
-        "\x14\x87\xf3\xe0\xce\x1e\x68\x10\x40\x14\xac\xbc\xe6\x6f\x26\x1f"
-        "\x55\xd1\x15\x81\x48\x10\xf4\x89\xe5\x67\x52\x42\x87\x04\x74\x4e"
-        "\x96\x14\x7c\x53\xc9\x1e\x84\x11\x7d\x7d\x23\xbd\xff\x6c\xcb\x00"
-        "\x96\x2e\x7d\xfb\x47\xea\x78\xcd\xd8\x04\x3a\x98\x06\x13\x68\x39"
-        "\xa1\xe2\xbc\x9f\x64\xc7\x62\xf0\x74\x4d\x42\xe0\x0b\xcf\x24\x48";
-    int i;
-
-    /* Perform pairwise consistency test by: ... */
-
-    key=RSA_new();
-    clen=setrsakey(key,expected_ctext);
-    /* ...1) apply public key to plaintext, resulting ciphertext must be
-     * different
-    */
-    i=RSA_public_encrypt(128,original_ptext,ctext,key,
-                         RSA_NO_PADDING);
-    if(i != clen || memcmp(ctext,expected_ctext,i))
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
-    if(!memcmp(ctext,original_ptext,i))
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
-    /* ...2) apply private key to ciphertext and compare result to
-     *       original plaintext; results must be equal
-    */
-    i=RSA_private_decrypt(i,ctext,ptext,key,RSA_NO_PADDING);
-    if(i != 128 || memcmp(ptext,original_ptext,i))
         {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
+        int ret = 0;
+        RSA *key = NULL;
+        EVP_PKEY pk;
+        key=FIPS_rsa_new();
+        setrsakey(key);
+        pk.type = EVP_PKEY_RSA;
+        pk.pkey.rsa = key;
 
-    /* Perform sign and verify Known Answer Test by... */
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+                                EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                "RSA SHA1 PKCS#1"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
+                                EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                "RSA SHA224 PKCS#1"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
+                                EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                "RSA SHA256 PKCS#1"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
+                                EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                "RSA SHA384 PKCS#1"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
+                                EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+                                "RSA SHA512 PKCS#1"))
+                goto err;
 
-    /* ...1)  using the same RSA key to encrypt the SHA-1 hash of a
-     * plaintext value larger than the RSA key size
-    */
-    if (RSA_size(key) >= sizeof(original_ptext) - 1)
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
-    /* ...2) then generate the SHA-1 digest of plaintext, and compare the
-     * digest to the Known Answer (note here we duplicate the SHA-1 KAT)
-     */
-    SHA1(original_ptext,sizeof(original_ptext) - 1,md);
-    if(memcmp(md,mdkat,SHA_DIGEST_LENGTH))
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
-    /* ...3) then encrypt the digest, and compare the ciphertext
-     * to the Known Answer
-     */
-    i=RSA_private_encrypt(sizeof(md),md,ctext,key,RSA_PKCS1_PADDING);
-    if(i != clen || memcmp(ctextkat,ctext,i))
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
-    /* ...4) and finally decrypt the signed digest and compare with
-     * the original Known Answer
-     */
-    i=RSA_public_decrypt(i,ctext,md,key,RSA_PKCS1_PADDING);
-    if(i != sizeof(md) || memcmp(mdkat,md,i))
-        {
-        FIPSerr(FIPS_F_FIPS_SELFTEST_RSA,FIPS_R_SELFTEST_FAILED);
-        return 0;
-        }
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
+                                EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
+                                "RSA SHA1 PSS"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
+                                EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
+                                "RSA SHA224 PSS"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
+                                EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
+                                "RSA SHA256 PSS"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
+                                EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
+                                "RSA SHA384 PSS"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                                kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
+                                EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
+                                "RSA SHA512 PSS"))
+                goto err;
 
-    RSA_free(key);
-    return 1;
-    }
+
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                        kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
+                        EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
+                        "RSA SHA1 X931"))
+                goto err;
+        /* NB: SHA224 not supported in X9.31 */
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                        kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
+                        EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
+                        "RSA SHA256 X931"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                        kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
+                        EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
+                        "RSA SHA384 X931"))
+                goto err;
+        if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+                        kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
+                        EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
+                        "RSA SHA512 X931"))
+                goto err;
+
+
+        ret = 1;
+
+        err:
+        FIPS_rsa_free(key);
+        return ret;
+        }
 
 #endif /* def OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_sign.c b/src/lib/libssl/src/fips/rsa/fips_rsa_sign.c
new file mode 100644
index 0000000000..37364621d1
--- /dev/null
+++ b/src/lib/libssl/src/fips/rsa/fips_rsa_sign.c
@@ -0,0 +1,554 @@
+/* fips_rsa_sign.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+
+#ifdef OPENSSL_FIPS
+
+/* FIPS versions of RSA_sign() and RSA_verify().
+ * These will only have to deal with SHA* signatures and by including
+ * pregenerated encodings all ASN1 dependencies can be avoided
+ */
+
+/* Standard encodings including NULL parameter */
+
+static const unsigned char sha1_bin[] = {
+  0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+  0x00, 0x04, 0x14
+};
+
+static const unsigned char sha224_bin[] = {
+  0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
+};
+
+static const unsigned char sha256_bin[] = {
+  0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static const unsigned char sha384_bin[] = {
+  0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+
+static const unsigned char sha512_bin[] = {
+  0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+
+/* Alternate encodings with absent parameters. We don't generate signature
+ * using this format but do tolerate received signatures of this form.
+ */
+
+static unsigned char sha1_nn_bin[] = {
+  0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04,
+  0x14
+};
+
+static unsigned char sha224_nn_bin[] = {
+  0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x04, 0x04, 0x1c
+};
+
+static unsigned char sha256_nn_bin[] = {
+  0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x01, 0x04, 0x20
+};
+
+static unsigned char sha384_nn_bin[] = {
+  0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x02, 0x04, 0x30
+};
+
+static unsigned char sha512_nn_bin[] = {
+  0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+  0x04, 0x02, 0x03, 0x04, 0x40
+};
+
+
+static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
+        {
+        switch (nid)
+                {
+
+                case NID_sha1:
+                *len = sizeof(sha1_bin);
+                return sha1_bin;
+
+                case NID_sha224:
+                *len = sizeof(sha224_bin);
+                return sha224_bin;
+
+                case NID_sha256:
+                *len = sizeof(sha256_bin);
+                return sha256_bin;
+
+                case NID_sha384:
+                *len = sizeof(sha384_bin);
+                return sha384_bin;
+
+                case NID_sha512:
+                *len = sizeof(sha512_bin);
+                return sha512_bin;
+
+                default:
+                return NULL;
+
+                }
+        }
+
+static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *len)
+        {
+        switch (nid)
+                {
+
+                case NID_sha1:
+                *len = sizeof(sha1_nn_bin);
+                return sha1_nn_bin;
+
+                case NID_sha224:
+                *len = sizeof(sha224_nn_bin);
+                return sha224_nn_bin;
+
+                case NID_sha256:
+                *len = sizeof(sha256_nn_bin);
+                return sha256_nn_bin;
+
+                case NID_sha384:
+                *len = sizeof(sha384_nn_bin);
+                return sha384_nn_bin;
+
+                case NID_sha512:
+                *len = sizeof(sha512_nn_bin);
+                return sha512_nn_bin;
+
+                default:
+                return NULL;
+
+                }
+        }
+
+static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
+             unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv)
+        {
+        int i=0,j,ret=0;
+        unsigned int dlen;
+        const unsigned char *der;
+        unsigned int m_len;
+        int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
+        int rsa_pad_mode = 0;
+        RSA *rsa = sv->key;
+        /* Largest DigestInfo: 19 (max encoding) + max MD */
+        unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
+        unsigned char md[EVP_MAX_MD_SIZE + 1];
+
+        EVP_DigestFinal_ex(sv->mctx, md, &m_len);
+
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
+                {
+                ret = rsa->meth->rsa_sign(type, md, m_len,
+                        sigret, siglen, rsa);
+                goto done;
+                }
+
+        if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
+                {
+                int hash_id;
+                memcpy(tmpdinfo, md, m_len);
+                hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+                if (hash_id == -1)
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        return 0;
+                        }
+                tmpdinfo[m_len] = (unsigned char)hash_id;
+                i = m_len + 1;
+                rsa_pad_mode = RSA_X931_PADDING;
+                }
+        else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
+                {
+
+                der = fips_digestinfo_encoding(type, &dlen);
+                
+                if (!der)
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        return 0;
+                        }
+                memcpy(tmpdinfo, der, dlen);
+                memcpy(tmpdinfo + dlen, md, m_len);
+
+                i = dlen + m_len;
+                rsa_pad_mode = RSA_PKCS1_PADDING;
+
+                }
+        else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
+                {
+                unsigned char *sbuf;
+                int saltlen;
+                i = RSA_size(rsa);
+                sbuf = OPENSSL_malloc(RSA_size(rsa));
+                saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
+                if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
+                        saltlen = -1;
+                else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
+                        saltlen = -2;
+                if (!sbuf)
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_SIGN,ERR_R_MALLOC_FAILURE);
+                        goto psserr;
+                        }
+                if (!RSA_padding_add_PKCS1_PSS(rsa, sbuf, md,
+                                        M_EVP_MD_CTX_md(sv->mctx), saltlen))
+                        goto psserr;
+                j=rsa->meth->rsa_priv_enc(i,sbuf,sigret,rsa,RSA_NO_PADDING);
+                if (j > 0)
+                        {
+                        ret=1;
+                        *siglen=j;
+                        }
+                psserr:
+                OPENSSL_cleanse(md,m_len);
+                OPENSSL_cleanse(sbuf, i);
+                OPENSSL_free(sbuf);
+                return ret;
+                }
+
+        j=RSA_size(rsa);
+        if (i > (j-RSA_PKCS1_PADDING_SIZE))
+                {
+                RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+                goto done;
+                }
+        /* NB: call underlying method directly to avoid FIPS blocking */
+        j=rsa->meth->rsa_priv_enc(i,tmpdinfo,sigret,rsa,rsa_pad_mode);
+        if (j > 0)
+                {
+                ret=1;
+                *siglen=j;
+                }
+
+        done:
+        OPENSSL_cleanse(tmpdinfo,i);
+        OPENSSL_cleanse(md,m_len);
+        return ret;
+        }
+
+static int fips_rsa_verify(int dtype,
+                const unsigned char *x, unsigned int y,
+                unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
+        {
+        int i,ret=0;
+        unsigned int dlen, diglen;
+        int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
+        int rsa_pad_mode = 0;
+        unsigned char *s;
+        const unsigned char *der;
+        unsigned char dig[EVP_MAX_MD_SIZE];
+        RSA *rsa = sv->key;
+
+        if (siglen != (unsigned int)RSA_size(sv->key))
+                {
+                RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+                return(0);
+                }
+
+        EVP_DigestFinal_ex(sv->mctx, dig, &diglen);
+
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+                {
+                return rsa->meth->rsa_verify(dtype, dig, diglen,
+                        sigbuf, siglen, rsa);
+                }
+
+
+        s= OPENSSL_malloc((unsigned int)siglen);
+        if (s == NULL)
+                {
+                RSAerr(RSA_F_FIPS_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
+                rsa_pad_mode = RSA_X931_PADDING;
+        else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
+                rsa_pad_mode = RSA_PKCS1_PADDING;
+        else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
+                rsa_pad_mode = RSA_NO_PADDING;
+
+        /* NB: call underlying method directly to avoid FIPS blocking */
+        i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s, rsa, rsa_pad_mode);
+
+        if (i <= 0) goto err;
+
+        if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
+                {
+                int hash_id;
+                if (i != (int)(diglen + 1))
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
+                hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+                if (hash_id == -1)
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        goto err;
+                        }
+                if (s[diglen] != (unsigned char)hash_id)
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
+                if (memcmp(s, dig, diglen))
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
+                ret = 1;
+                }
+        else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
+                {
+
+                der = fips_digestinfo_encoding(dtype, &dlen);
+                
+                if (!der)
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        return(0);
+                        }
+
+                /* Compare, DigestInfo length, DigestInfo header and finally
+                 * digest value itself
+                 */
+
+                /* If length mismatch try alternate encoding */
+                if (i != (int)(dlen + diglen))
+                        der = fips_digestinfo_nn_encoding(dtype, &dlen);
+
+                if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen)
+                        || memcmp(s + dlen, dig, diglen))
+                        {
+                        RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                        goto err;
+                        }
+                ret = 1;
+
+                }
+        else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
+                {
+                int saltlen;
+                saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
+                if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
+                        saltlen = -1;
+                else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
+                        saltlen = -2;
+                ret = RSA_verify_PKCS1_PSS(rsa, dig, M_EVP_MD_CTX_md(sv->mctx),
+                                                s, saltlen);
+                if (ret < 0)
+                        ret = 0;
+                }
+err:
+        if (s != NULL)
+                {
+                OPENSSL_cleanse(s, siglen);
+                OPENSSL_free(s);
+                }
+        return(ret);
+        }
+
+#define EVP_PKEY_RSA_fips_method \
+                                (evp_sign_method *)fips_rsa_sign, \
+                                (evp_verify_method *)fips_rsa_verify, \
+                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+
+static int init(EVP_MD_CTX *ctx)
+        { return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD sha1_md=
+        {
+        NID_sha1,
+        NID_sha1WithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_fips_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+
+const EVP_MD *EVP_sha1(void)
+        {
+        return(&sha1_md);
+        }
+
+static int init224(EVP_MD_CTX *ctx)
+        { return SHA224_Init(ctx->md_data); }
+static int init256(EVP_MD_CTX *ctx)
+        { return SHA256_Init(ctx->md_data); }
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return SHA256_Update(ctx->md_data,data,count); }
+static int final256(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA256_Final(md,ctx->md_data); }
+
+static const EVP_MD sha224_md=
+        {
+        NID_sha224,
+        NID_sha224WithRSAEncryption,
+        SHA224_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+        init224,
+        update256,
+        final256,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_fips_method,
+        SHA256_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+        };
+
+const EVP_MD *EVP_sha224(void)
+        { return(&sha224_md); }
+
+static const EVP_MD sha256_md=
+        {
+        NID_sha256,
+        NID_sha256WithRSAEncryption,
+        SHA256_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+        init256,
+        update256,
+        final256,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_fips_method,
+        SHA256_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+        };
+
+const EVP_MD *EVP_sha256(void)
+        { return(&sha256_md); }
+
+static int init384(EVP_MD_CTX *ctx)
+        { return SHA384_Init(ctx->md_data); }
+static int init512(EVP_MD_CTX *ctx)
+        { return SHA512_Init(ctx->md_data); }
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
+        { return SHA512_Update(ctx->md_data,data,count); }
+static int final512(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA512_Final(md,ctx->md_data); }
+
+static const EVP_MD sha384_md=
+        {
+        NID_sha384,
+        NID_sha384WithRSAEncryption,
+        SHA384_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+        init384,
+        update512,
+        final512,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_fips_method,
+        SHA512_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+        };
+
+const EVP_MD *EVP_sha384(void)
+        { return(&sha384_md); }
+
+static const EVP_MD sha512_md=
+        {
+        NID_sha512,
+        NID_sha512WithRSAEncryption,
+        SHA512_DIGEST_LENGTH,
+        EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
+        init512,
+        update512,
+        final512,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_fips_method,
+        SHA512_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+        };
+
+const EVP_MD *EVP_sha512(void)
+        { return(&sha512_md); }
+
+#endif
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c b/src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c
new file mode 100644
index 0000000000..d9f9a81235
--- /dev/null
+++ b/src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c
@@ -0,0 +1,280 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+extern int fips_check_rsa(RSA *rsa);
+
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+                        const BIGNUM *e, BN_GENCB *cb)
+        {
+        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
+
+        if (!rsa) 
+                goto err;
+
+        ctx = BN_CTX_new();
+        BN_CTX_start(ctx);
+        if (!ctx) 
+                goto err;
+
+        r0 = BN_CTX_get(ctx);
+        r1 = BN_CTX_get(ctx);
+        r2 = BN_CTX_get(ctx);
+        r3 = BN_CTX_get(ctx);
+
+        if (r3 == NULL)
+                goto err;
+        if (!rsa->e)
+                {
+                rsa->e = BN_dup(e);
+                if (!rsa->e)
+                        goto err;
+                }
+        else
+                e = rsa->e;
+
+        /* If not all parameters present only calculate what we can.
+         * This allows test programs to output selective parameters.
+         */
+
+        if (Xp && !rsa->p)
+                {
+                rsa->p = BN_new();
+                if (!rsa->p)
+                        goto err;
+
+                if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                        Xp, Xp1, Xp2, e, ctx, cb))
+                        goto err;
+                }
+
+        if (Xq && !rsa->q)
+                {
+                rsa->q = BN_new();
+                if (!rsa->q)
+                        goto err;
+                if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                        Xq, Xq1, Xq2, e, ctx, cb))
+                        goto err;
+                }
+
+        if (!rsa->p || !rsa->q)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                return 2;
+                }
+
+        /* Since both primes are set we can now calculate all remaining 
+         * components.
+         */
+
+        /* calculate n */
+        rsa->n=BN_new();
+        if (rsa->n == NULL)
+                goto err;
+        if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
+                goto err;
+
+        /* calculate d */
+        if (!BN_sub(r1,rsa->p,BN_value_one()))
+                goto err;       /* p-1 */
+        if (!BN_sub(r2,rsa->q,BN_value_one()))
+                goto err;       /* q-1 */
+        if (!BN_mul(r0,r1,r2,ctx))
+                goto err;       /* (p-1)(q-1) */
+
+        if (!BN_gcd(r3, r1, r2, ctx))
+                goto err;
+
+        if (!BN_div(r0, NULL, r0, r3, ctx))
+                goto err;       /* LCM((p-1)(q-1)) */
+
+        ctx2 = BN_CTX_new();
+        if (!ctx2)
+                goto err;
+
+        rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);     /* d */
+        if (rsa->d == NULL)
+                goto err;
+
+        /* calculate d mod (p-1) */
+        rsa->dmp1=BN_new();
+        if (rsa->dmp1 == NULL)
+                goto err;
+        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
+                goto err;
+
+        /* calculate d mod (q-1) */
+        rsa->dmq1=BN_new();
+        if (rsa->dmq1 == NULL)
+                goto err;
+        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
+                goto err;
+
+        /* calculate inverse of q mod p */
+        rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
+
+        err:
+        if (ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        if (ctx2)
+                BN_CTX_free(ctx2);
+        /* If this is set all calls successful */
+        if (rsa->iqmp != NULL)
+                return 1;
+
+        return 0;
+
+        }
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
+        {
+        int ok = 0;
+        BIGNUM *Xp = NULL, *Xq = NULL;
+        BN_CTX *ctx = NULL;
+        
+        if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
+            {
+            FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
+            return 0;
+            }
+
+        if (bits & 0xff)
+            {
+            FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
+            return 0;
+            }
+
+        if(FIPS_selftest_failed())
+            {
+            FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
+            return 0;
+            }
+
+        ctx = BN_CTX_new();
+        if (!ctx)
+                goto error;
+
+        BN_CTX_start(ctx);
+        Xp = BN_CTX_get(ctx);
+        Xq = BN_CTX_get(ctx);
+        if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+                goto error;
+
+        rsa->p = BN_new();
+        rsa->q = BN_new();
+        if (!rsa->p || !rsa->q)
+                goto error;
+
+        /* Generate two primes from Xp, Xq */
+
+        if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                        e, ctx, cb))
+                goto error;
+
+        if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                        e, ctx, cb))
+                goto error;
+
+        /* Since rsa->p and rsa->q are valid this call will just derive
+         * remaining RSA components.
+         */
+
+        if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                                NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+                goto error;
+
+        if(!fips_check_rsa(rsa))
+            goto error;
+
+        ok = 1;
+
+        error:
+        if (ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+
+        if (ok)
+                return 1;
+
+        return 0;
+
+        }
+
+#endif
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsagtest.c b/src/lib/libssl/src/fips/rsa/fips_rsagtest.c
new file mode 100644
index 0000000000..33a3d7a48c
--- /dev/null
+++ b/src/lib/libssl/src/fips/rsa/fips_rsagtest.c
@@ -0,0 +1,390 @@
+/* fips_rsagtest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005,2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+int rsa_test(FILE *out, FILE *in);
+static int rsa_printkey1(FILE *out, RSA *rsa,
+                BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+                BIGNUM *e);
+static int rsa_printkey2(FILE *out, RSA *rsa,
+                BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
+
+int main(int argc, char **argv)
+        {
+        FILE *in = NULL, *out = NULL;
+
+        int ret = 1;
+
+        if(!FIPS_mode_set(1))
+                {
+                do_print_errors();
+                goto end;
+                }
+
+        if (argc == 1)
+                in = stdin;
+        else
+                in = fopen(argv[1], "r");
+
+        if (argc < 2)
+                out = stdout;
+        else
+                out = fopen(argv[2], "w");
+
+        if (!in)
+                {
+                fprintf(stderr, "FATAL input initialization error\n");
+                goto end;
+                }
+
+        if (!out)
+                {
+                fprintf(stderr, "FATAL output initialization error\n");
+                goto end;
+                }
+
+        if (!rsa_test(out, in))
+                {
+                fprintf(stderr, "FATAL RSAGTEST file processing error\n");
+                goto end;
+                }
+        else
+                ret = 0;
+
+        end:
+
+        if (ret)
+                do_print_errors();
+
+        if (in && (in != stdin))
+                fclose(in);
+        if (out && (out != stdout))
+                fclose(out);
+
+        return ret;
+
+        }
+
+#define RSA_TEST_MAXLINELEN     10240
+
+int rsa_test(FILE *out, FILE *in)
+        {
+        char *linebuf, *olinebuf, *p, *q;
+        char *keyword, *value;
+        RSA *rsa = NULL;
+        BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
+        BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
+        BIGNUM *e = NULL;
+        int ret = 0;
+        int lnum = 0;
+
+        olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+        linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+        if (!linebuf || !olinebuf)
+                goto error;
+
+        while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
+                {
+                lnum++;
+                strcpy(linebuf, olinebuf);
+                keyword = linebuf;
+                /* Skip leading space */
+                while (isspace((unsigned char)*keyword))
+                        keyword++;
+
+                /* Look for = sign */
+                p = strchr(linebuf, '=');
+
+                /* If no = or starts with [ (for [foo = bar] line) just copy */
+                if (!p || *keyword=='[')
+                        {
+                        if (fputs(olinebuf, out) < 0)
+                                goto error;
+                        continue;
+                        }
+
+                q = p - 1;
+
+                /* Remove trailing space */
+                while (isspace((unsigned char)*q))
+                        *q-- = 0;
+
+                *p = 0;
+                value = p + 1;
+
+                /* Remove leading space from value */
+                while (isspace((unsigned char)*value))
+                        value++;
+
+                /* Remove trailing space from value */
+                p = value + strlen(value) - 1;
+
+                while (*p == '\n' || isspace((unsigned char)*p))
+                        *p-- = 0;
+
+                if (!strcmp(keyword, "xp1"))
+                        {
+                        if (Xp1 || !do_hex2bn(&Xp1,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "xp2"))
+                        {
+                        if (Xp2 || !do_hex2bn(&Xp2,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Xp"))
+                        {
+                        if (Xp || !do_hex2bn(&Xp,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "xq1"))
+                        {
+                        if (Xq1 || !do_hex2bn(&Xq1,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "xq2"))
+                        {
+                        if (Xq2 || !do_hex2bn(&Xq2,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Xq"))
+                        {
+                        if (Xq || !do_hex2bn(&Xq,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "e"))
+                        {
+                        if (e || !do_hex2bn(&e,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "p1"))
+                        continue;
+                else if (!strcmp(keyword, "p2"))
+                        continue;
+                else if (!strcmp(keyword, "p"))
+                        continue;
+                else if (!strcmp(keyword, "q1"))
+                        continue;
+                else if (!strcmp(keyword, "q2"))
+                        continue;
+                else if (!strcmp(keyword, "q"))
+                        continue;
+                else if (!strcmp(keyword, "n"))
+                        continue;
+                else if (!strcmp(keyword, "d"))
+                        continue;
+                else
+                        goto parse_error;
+
+                fputs(olinebuf, out);
+
+                if (e && Xp1 && Xp2 && Xp)
+                        {
+                        rsa = FIPS_rsa_new();
+                        if (!rsa)
+                                goto error;
+                        if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
+                                goto error;
+                        BN_free(Xp1);
+                        Xp1 = NULL;
+                        BN_free(Xp2);
+                        Xp2 = NULL;
+                        BN_free(Xp);
+                        Xp = NULL;
+                        BN_free(e);
+                        e = NULL;
+                        }
+
+                if (rsa && Xq1 && Xq2 && Xq)
+                        {
+                        if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
+                                goto error;
+                        BN_free(Xq1);
+                        Xq1 = NULL;
+                        BN_free(Xq2);
+                        Xq2 = NULL;
+                        BN_free(Xq);
+                        Xq = NULL;
+                        FIPS_rsa_free(rsa);
+                        rsa = NULL;
+                        }
+                }
+
+        ret = 1;
+
+        error:
+
+        if (olinebuf)
+                OPENSSL_free(olinebuf);
+        if (linebuf)
+                OPENSSL_free(linebuf);
+
+        if (Xp1)
+                BN_free(Xp1);
+        if (Xp2)
+                BN_free(Xp2);
+        if (Xp)
+                BN_free(Xp);
+        if (Xq1)
+                BN_free(Xq1);
+        if (Xq1)
+                BN_free(Xq1);
+        if (Xq2)
+                BN_free(Xq2);
+        if (Xq)
+                BN_free(Xq);
+        if (e)
+                BN_free(e);
+        if (rsa)
+                FIPS_rsa_free(rsa);
+
+        return ret;
+
+        parse_error:
+
+        fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+        goto error;
+
+        }
+
+static int rsa_printkey1(FILE *out, RSA *rsa,
+                BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
+                BIGNUM *e)
+        {
+        int ret = 0;
+        BIGNUM *p1 = NULL, *p2 = NULL;
+        p1 = BN_new();
+        p2 = BN_new();
+        if (!p1 || !p2)
+                goto error;
+
+        if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
+                                                NULL, NULL, NULL, e, NULL))
+                goto error;
+
+        do_bn_print_name(out, "p1", p1);
+        do_bn_print_name(out, "p2", p2);
+        do_bn_print_name(out, "p", rsa->p);
+
+        ret = 1;
+
+        error:
+        if (p1)
+                BN_free(p1);
+        if (p2)
+                BN_free(p2);
+
+        return ret;
+        }
+
+static int rsa_printkey2(FILE *out, RSA *rsa,
+                BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
+        {
+        int ret = 0;
+        BIGNUM *q1 = NULL, *q2 = NULL;
+        q1 = BN_new();
+        q2 = BN_new();
+        if (!q1 || !q2)
+                goto error;
+
+        if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
+                                                Xq1, Xq2, Xq, NULL, NULL))
+                goto error;
+
+        do_bn_print_name(out, "q1", q1);
+        do_bn_print_name(out, "q2", q2);
+        do_bn_print_name(out, "q", rsa->q);
+        do_bn_print_name(out, "n", rsa->n);
+        do_bn_print_name(out, "d", rsa->d);
+
+        ret = 1;
+
+        error:
+        if (q1)
+                BN_free(q1);
+        if (q2)
+                BN_free(q2);
+
+        return ret;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsastest.c b/src/lib/libssl/src/fips/rsa/fips_rsastest.c
new file mode 100644
index 0000000000..16c174a2f8
--- /dev/null
+++ b/src/lib/libssl/src/fips/rsa/fips_rsastest.c
@@ -0,0 +1,370 @@
+/* fips_rsastest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+static int rsa_stest(FILE *out, FILE *in, int Saltlen);
+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
+                unsigned char *Msg, long Msglen, int Saltlen);
+
+int main(int argc, char **argv)
+        {
+        FILE *in = NULL, *out = NULL;
+
+        int ret = 1, Saltlen = -1;
+
+        if(!FIPS_mode_set(1))
+                {
+                do_print_errors();
+                goto end;
+                }
+
+        if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+                {
+                Saltlen = atoi(argv[2]);
+                if (Saltlen < 0)
+                        {
+                        fprintf(stderr, "FATAL: Invalid salt length\n");
+                        goto end;
+                        }
+                argc -= 2;
+                argv += 2;
+                }
+        else if ((argc > 1) && !strcmp("-x931", argv[1]))
+                {
+                Saltlen = -2;
+                argc--;
+                argv++;
+                }
+
+        if (argc == 1)
+                in = stdin;
+        else
+                in = fopen(argv[1], "r");
+
+        if (argc < 2)
+                out = stdout;
+        else
+                out = fopen(argv[2], "w");
+
+        if (!in)
+                {
+                fprintf(stderr, "FATAL input initialization error\n");
+                goto end;
+                }
+
+        if (!out)
+                {
+                fprintf(stderr, "FATAL output initialization error\n");
+                goto end;
+                }
+
+        if (!rsa_stest(out, in, Saltlen))
+                {
+                fprintf(stderr, "FATAL RSASTEST file processing error\n");
+                goto end;
+                }
+        else
+                ret = 0;
+
+        end:
+
+        if (ret)
+                do_print_errors();
+
+        if (in && (in != stdin))
+                fclose(in);
+        if (out && (out != stdout))
+                fclose(out);
+
+        return ret;
+
+        }
+
+#define RSA_TEST_MAXLINELEN     10240
+
+int rsa_stest(FILE *out, FILE *in, int Saltlen)
+        {
+        char *linebuf, *olinebuf, *p, *q;
+        char *keyword, *value;
+        RSA *rsa = NULL;
+        const EVP_MD *dgst = NULL;
+        unsigned char *Msg = NULL;
+        long Msglen = -1;
+        int keylen = -1, current_keylen = -1;
+        int ret = 0;
+        int lnum = 0;
+
+        olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+        linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+        if (!linebuf || !olinebuf)
+                goto error;
+
+        while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
+                {
+                lnum++;
+                strcpy(linebuf, olinebuf);
+                keyword = linebuf;
+                /* Skip leading space */
+                while (isspace((unsigned char)*keyword))
+                        keyword++;
+
+                /* Look for = sign */
+                p = strchr(linebuf, '=');
+
+                /* If no = just copy */
+                if (!p)
+                        {
+                        if (fputs(olinebuf, out) < 0)
+                                goto error;
+                        continue;
+                        }
+
+                q = p - 1;
+
+                /* Remove trailing space */
+                while (isspace((unsigned char)*q))
+                        *q-- = 0;
+
+                *p = 0;
+                value = p + 1;
+
+                /* Remove leading space from value */
+                while (isspace((unsigned char)*value))
+                        value++;
+
+                /* Remove trailing space from value */
+                p = value + strlen(value) - 1;
+
+                while (*p == '\n' || isspace((unsigned char)*p))
+                        *p-- = 0;
+
+                /* Look for [mod = XXX] for key length */
+
+                if (!strcmp(keyword, "[mod"))
+                        {
+                        p = value + strlen(value) - 1;
+                        if (*p != ']')
+                                goto parse_error;
+                        *p = 0;
+                        keylen = atoi(value);
+                        if (keylen < 0)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "SHAAlg"))
+                        {
+                        if (!strcmp(value, "SHA1"))
+                                dgst = EVP_sha1();
+                        else if (!strcmp(value, "SHA224"))
+                                dgst = EVP_sha224();
+                        else if (!strcmp(value, "SHA256"))
+                                dgst = EVP_sha256();
+                        else if (!strcmp(value, "SHA384"))
+                                dgst = EVP_sha384();
+                        else if (!strcmp(value, "SHA512"))
+                                dgst = EVP_sha512();
+                        else
+                                {
+                                fprintf(stderr,
+                                        "FATAL: unsupported algorithm \"%s\"\n",
+                                                                value);
+                                goto parse_error;
+                                }
+                        }
+                else if (!strcmp(keyword, "Msg"))
+                        {
+                        if (Msg)
+                                goto parse_error;
+                        if (strlen(value) & 1)
+                                *(--value) = '0';
+                        Msg = hex2bin_m(value, &Msglen);
+                        if (!Msg)
+                                goto parse_error;
+                        }
+
+                fputs(olinebuf, out);
+
+                /* If key length has changed, generate and output public
+                 * key components of new RSA private key.
+                 */
+
+                if (keylen != current_keylen)
+                        {
+                        BIGNUM *bn_e;
+                        if (rsa)
+                                FIPS_rsa_free(rsa);
+                        rsa = FIPS_rsa_new();
+                        if (!rsa)
+                                goto error;
+                        bn_e = BN_new();
+                        if (!bn_e || !BN_set_word(bn_e, 0x1001))
+                                goto error;
+                        if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
+                                goto error;
+                        BN_free(bn_e);
+                        fputs("n = ", out);
+                        do_bn_print(out, rsa->n);
+                        fputs("\ne = ", out);
+                        do_bn_print(out, rsa->e);
+                        fputs("\n", out);
+                        current_keylen = keylen;
+                        }
+
+                if (Msg && dgst)
+                        {
+                        if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
+                                                                Saltlen))
+                                goto error;
+                        OPENSSL_free(Msg);
+                        Msg = NULL;
+                        }
+
+                }
+
+        ret = 1;
+
+        error:
+
+        if (olinebuf)
+                OPENSSL_free(olinebuf);
+        if (linebuf)
+                OPENSSL_free(linebuf);
+        if (rsa)
+                FIPS_rsa_free(rsa);
+
+        return ret;
+
+        parse_error:
+
+        fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+        goto error;
+
+        }
+
+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
+                unsigned char *Msg, long Msglen, int Saltlen)
+        {
+        int ret = 0;
+        unsigned char *sigbuf = NULL;
+        int i, siglen;
+        /* EVP_PKEY structure */
+        EVP_PKEY pk;
+        EVP_MD_CTX ctx;
+        pk.type = EVP_PKEY_RSA;
+        pk.pkey.rsa = rsa;
+
+        siglen = RSA_size(rsa);
+        sigbuf = OPENSSL_malloc(siglen);
+        if (!sigbuf)
+                goto error;
+
+        EVP_MD_CTX_init(&ctx);
+
+        if (Saltlen >= 0)
+                {
+                M_EVP_MD_CTX_set_flags(&ctx,
+                        EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
+                }
+        else if (Saltlen == -2)
+                M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
+        if (!EVP_SignInit_ex(&ctx, dgst, NULL))
+                goto error;
+        if (!EVP_SignUpdate(&ctx, Msg, Msglen))
+                goto error;
+        if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
+                goto error;
+
+        EVP_MD_CTX_cleanup(&ctx);
+
+        fputs("S = ", out);
+
+        for (i = 0; i < siglen; i++)
+                fprintf(out, "%02X", sigbuf[i]);
+
+        fputs("\n", out);
+
+        ret = 1;
+
+        error:
+
+        return ret;
+        }
+#endif
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsavtest.c b/src/lib/libssl/src/fips/rsa/fips_rsavtest.c
new file mode 100644
index 0000000000..6340f190a3
--- /dev/null
+++ b/src/lib/libssl/src/fips/rsa/fips_rsavtest.c
@@ -0,0 +1,377 @@
+/* fips_rsavtest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS RSA support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+int rsa_test(FILE *out, FILE *in, int saltlen);
+static int rsa_printver(FILE *out,
+                BIGNUM *n, BIGNUM *e,
+                const EVP_MD *dgst,
+                unsigned char *Msg, long Msglen,
+                unsigned char *S, long Slen, int Saltlen);
+
+int main(int argc, char **argv)
+        {
+        FILE *in = NULL, *out = NULL;
+
+        int ret = 1;
+        int Saltlen = -1;
+
+        if(!FIPS_mode_set(1))
+                {
+                do_print_errors();
+                goto end;
+                }
+
+        if ((argc > 2) && !strcmp("-saltlen", argv[1]))
+                {
+                Saltlen = atoi(argv[2]);
+                if (Saltlen < 0)
+                        {
+                        fprintf(stderr, "FATAL: Invalid salt length\n");
+                        goto end;
+                        }
+                argc -= 2;
+                argv += 2;
+                }
+        else if ((argc > 1) && !strcmp("-x931", argv[1]))
+                {
+                Saltlen = -2;
+                argc--;
+                argv++;
+                }
+
+        if (argc == 1)
+                in = stdin;
+        else
+                in = fopen(argv[1], "r");
+
+        if (argc < 2)
+                out = stdout;
+        else
+                out = fopen(argv[2], "w");
+
+        if (!in)
+                {
+                fprintf(stderr, "FATAL input initialization error\n");
+                goto end;
+                }
+
+        if (!out)
+                {
+                fprintf(stderr, "FATAL output initialization error\n");
+                goto end;
+                }
+
+        if (!rsa_test(out, in, Saltlen))
+                {
+                fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+                goto end;
+                }
+        else
+                ret = 0;
+
+        end:
+
+        if (ret)
+                do_print_errors();
+
+        if (in && (in != stdin))
+                fclose(in);
+        if (out && (out != stdout))
+                fclose(out);
+
+        return ret;
+
+        }
+
+#define RSA_TEST_MAXLINELEN     10240
+
+int rsa_test(FILE *out, FILE *in, int Saltlen)
+        {
+        char *linebuf, *olinebuf, *p, *q;
+        char *keyword, *value;
+        const EVP_MD *dgst = NULL;
+        BIGNUM *n = NULL, *e = NULL;
+        unsigned char *Msg = NULL, *S = NULL;
+        long Msglen, Slen;
+        int ret = 0;
+        int lnum = 0;
+
+        olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+        linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+        if (!linebuf || !olinebuf)
+                goto error;
+
+        while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
+                {
+                lnum++;
+                strcpy(linebuf, olinebuf);
+                keyword = linebuf;
+                /* Skip leading space */
+                while (isspace((unsigned char)*keyword))
+                        keyword++;
+
+                /* Look for = sign */
+                p = strchr(linebuf, '=');
+
+                /* If no = or starts with [ (for [foo = bar] line) just copy */
+                if (!p || *keyword=='[')
+                        {
+                        if (fputs(olinebuf, out) < 0)
+                                goto error;
+                        continue;
+                        }
+
+                q = p - 1;
+
+                /* Remove trailing space */
+                while (isspace((unsigned char)*q))
+                        *q-- = 0;
+
+                *p = 0;
+                value = p + 1;
+
+                /* Remove leading space from value */
+                while (isspace((unsigned char)*value))
+                        value++;
+
+                /* Remove trailing space from value */
+                p = value + strlen(value) - 1;
+
+                while (*p == '\n' || isspace((unsigned char)*p))
+                        *p-- = 0;
+
+                if (!strcmp(keyword, "n"))
+                        {
+                        if (!do_hex2bn(&n,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "e"))
+                        {
+                        if (!do_hex2bn(&e,value))
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "SHAAlg"))
+                        {
+                        if (!strcmp(value, "SHA1"))
+                                dgst = EVP_sha1();
+                        else if (!strcmp(value, "SHA224"))
+                                dgst = EVP_sha224();
+                        else if (!strcmp(value, "SHA256"))
+                                dgst = EVP_sha256();
+                        else if (!strcmp(value, "SHA384"))
+                                dgst = EVP_sha384();
+                        else if (!strcmp(value, "SHA512"))
+                                dgst = EVP_sha512();
+                        else
+                                {
+                                fprintf(stderr,
+                                        "FATAL: unsupported algorithm \"%s\"\n",
+                                                                value);
+                                goto parse_error;
+                                }
+                        }
+                else if (!strcmp(keyword, "Msg"))
+                        {
+                        if (Msg)
+                                goto parse_error;
+                        if (strlen(value) & 1)
+                                *(--value) = '0';
+                        Msg = hex2bin_m(value, &Msglen);
+                        if (!Msg)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "S"))
+                        {
+                        if (S)
+                                goto parse_error;
+                        if (strlen(value) & 1)
+                                *(--value) = '0';
+                        S = hex2bin_m(value, &Slen);
+                        if (!S)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Result"))
+                        continue;
+                else
+                        goto parse_error;
+
+                fputs(olinebuf, out);
+
+                if (n && e && Msg && S && dgst)
+                        {
+                        if (!rsa_printver(out, n, e, dgst,
+                                        Msg, Msglen, S, Slen, Saltlen))
+                                goto error;
+                        OPENSSL_free(Msg);
+                        Msg = NULL;
+                        OPENSSL_free(S);
+                        S = NULL;
+                        }
+
+                }
+
+
+        ret = 1;
+
+
+        error:
+
+        if (olinebuf)
+                OPENSSL_free(olinebuf);
+        if (linebuf)
+                OPENSSL_free(linebuf);
+        if (n)
+                BN_free(n);
+        if (e)
+                BN_free(e);
+
+        return ret;
+
+        parse_error:
+
+        fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+        goto error;
+
+        }
+
+static int rsa_printver(FILE *out,
+                BIGNUM *n, BIGNUM *e,
+                const EVP_MD *dgst,
+                unsigned char *Msg, long Msglen,
+                unsigned char *S, long Slen, int Saltlen)
+        {
+        int ret = 0, r;
+        /* Setup RSA and EVP_PKEY structures */
+        RSA *rsa_pubkey = NULL;
+        EVP_PKEY pk;
+        EVP_MD_CTX ctx;
+        unsigned char *buf = NULL;
+        rsa_pubkey = FIPS_rsa_new();
+        if (!rsa_pubkey)
+                goto error;
+        rsa_pubkey->n = BN_dup(n);
+        rsa_pubkey->e = BN_dup(e);
+        if (!rsa_pubkey->n || !rsa_pubkey->e)
+                goto error;
+        pk.type = EVP_PKEY_RSA;
+        pk.pkey.rsa = rsa_pubkey;
+
+        EVP_MD_CTX_init(&ctx);
+
+        if (Saltlen >= 0)
+                {
+                M_EVP_MD_CTX_set_flags(&ctx,
+                        EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
+                }
+        else if (Saltlen == -2)
+                M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
+        if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
+                goto error;
+        if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
+                goto error;
+
+        r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
+
+
+        EVP_MD_CTX_cleanup(&ctx);
+
+        if (r < 0)
+                goto error;
+        ERR_clear_error();
+
+        if (r == 0)
+                fputs("Result = F\n", out);
+        else
+                fputs("Result = P\n", out);
+
+        ret = 1;
+
+        error:
+        if (rsa_pubkey)
+                FIPS_rsa_free(rsa_pubkey);
+        if (buf)
+                OPENSSL_free(buf);
+
+        return ret;
+        }
+#endif
diff --git a/src/lib/libssl/src/fips/sha/Makefile b/src/lib/libssl/src/fips/sha/Makefile
new file mode 100644
index 0000000000..a661640bc6
--- /dev/null
+++ b/src/lib/libssl/src/fips/sha/Makefile
@@ -0,0 +1,158 @@
+#
+# OpenSSL/fips/sha/Makefile
+#
+
+DIR=    sha
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+AR=             ar r
+EXE_EXT=
+
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_shatest.c
+APPS=
+EXE= fips_standalone_sha1$(EXE_EXT)
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_sha1_selftest.c
+LIBOBJ=fips_sha1_selftest.o
+
+SRC= $(LIBSRC) fips_standalone_sha1.c
+
+EXHEADER=
+HEADER= 
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+        (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
+
+all:    ../fips_standalone_sha1$(EXE_EXT) lib
+
+lib:    $(LIBOBJ)
+        @echo $(LIBOBJ) > lib
+
+../fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o
+        FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha1dgst.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../../crypto/sha/$$i" ; done; \
+        $(CC) -o $@ $(CFLAGS) fips_standalone_sha1.o $$FIPS_SHA_ASM
+
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+        @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+          (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+          chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done
+
+tags:
+        ctags $(SRC)
+
+tests:
+
+Q=../testvectors/sha/req
+A=../testvectors/sha/rsp
+
+VECTORS = SHA1LongMsg \
+        SHA1Monte \
+        SHA1ShortMsg \
+        SHA224LongMsg \
+        SHA224Monte \
+        SHA224ShortMsg \
+        SHA256LongMsg \
+        SHA256Monte \
+        SHA256ShortMsg \
+        SHA384LongMsg \
+        SHA384Monte \
+        SHA384ShortMsg \
+        SHA512LongMsg \
+        SHA512Monte \
+        SHA512ShortMsg
+
+fips_test:
+        -rm -rf $(A)
+        mkdir $(A)
+        for file in $(VECTORS); do \
+            if [ -f $(Q)/$$file.req ]; then \
+                $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
+            fi; \
+        done
+
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+
+clean:
+        rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_sha1_selftest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_sha1_selftest.o: ../../include/openssl/crypto.h
+fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_sha1_selftest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+fips_sha1_selftest.o: ../../include/openssl/lhash.h
+fips_sha1_selftest.o: ../../include/openssl/obj_mac.h
+fips_sha1_selftest.o: ../../include/openssl/objects.h
+fips_sha1_selftest.o: ../../include/openssl/opensslconf.h
+fips_sha1_selftest.o: ../../include/openssl/opensslv.h
+fips_sha1_selftest.o: ../../include/openssl/ossl_typ.h
+fips_sha1_selftest.o: ../../include/openssl/safestack.h
+fips_sha1_selftest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c
+fips_shatest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_shatest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+fips_shatest.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+fips_shatest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_shatest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+fips_shatest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_shatest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+fips_shatest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_shatest.o: ../../include/openssl/opensslconf.h
+fips_shatest.o: ../../include/openssl/opensslv.h
+fips_shatest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+fips_shatest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+fips_shatest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_shatest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+fips_shatest.o: ../../include/openssl/x509v3.h ../fips_utl.h fips_shatest.c
+fips_standalone_sha1.o: ../../include/openssl/asn1.h
+fips_standalone_sha1.o: ../../include/openssl/bio.h
+fips_standalone_sha1.o: ../../include/openssl/crypto.h
+fips_standalone_sha1.o: ../../include/openssl/e_os2.h
+fips_standalone_sha1.o: ../../include/openssl/evp.h
+fips_standalone_sha1.o: ../../include/openssl/fips.h
+fips_standalone_sha1.o: ../../include/openssl/hmac.h
+fips_standalone_sha1.o: ../../include/openssl/obj_mac.h
+fips_standalone_sha1.o: ../../include/openssl/objects.h
+fips_standalone_sha1.o: ../../include/openssl/opensslconf.h
+fips_standalone_sha1.o: ../../include/openssl/opensslv.h
+fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h
+fips_standalone_sha1.o: ../../include/openssl/safestack.h
+fips_standalone_sha1.o: ../../include/openssl/sha.h
+fips_standalone_sha1.o: ../../include/openssl/stack.h
+fips_standalone_sha1.o: ../../include/openssl/symhacks.h fips_standalone_sha1.c
diff --git a/src/lib/libssl/src/fips/sha/fips_sha1_selftest.c b/src/lib/libssl/src/fips/sha/fips_sha1_selftest.c
new file mode 100644
index 0000000000..ba6a29ed94
--- /dev/null
+++ b/src/lib/libssl/src/fips/sha/fips_sha1_selftest.c
@@ -0,0 +1,97 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef OPENSSL_FIPS
+static char test[][60]=
+    {
+    "",
+    "abc",
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    };
+
+static const unsigned char ret[][SHA_DIGEST_LENGTH]=
+    {
+    { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
+      0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
+    { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
+      0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
+    { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
+      0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
+    };
+
+void FIPS_corrupt_sha1()
+    {
+    test[2][0]++;
+    }
+
+int FIPS_selftest_sha1()
+    {
+    int n;
+
+    for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
+        {
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL);
+        if(memcmp(md,ret[n],sizeof md))
+            {
+            FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
+            return 0;
+            }
+        }
+    return 1;
+    }
+
+#endif
diff --git a/src/lib/libssl/src/fips/sha/fips_shatest.c b/src/lib/libssl/src/fips/sha/fips_shatest.c
new file mode 100644
index 0000000000..ae5ecdd2be
--- /dev/null
+++ b/src/lib/libssl/src/fips/sha/fips_shatest.c
@@ -0,0 +1,388 @@
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+    printf("No FIPS SHAXXX support\n");
+    return(0);
+}
+
+#else
+
+#include "fips_utl.h"
+
+static int dgst_test(FILE *out, FILE *in);
+static int print_dgst(const EVP_MD *md, FILE *out,
+                unsigned char *Msg, int Msglen);
+static int print_monte(const EVP_MD *md, FILE *out,
+                unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+        {
+        FILE *in = NULL, *out = NULL;
+
+        int ret = 1;
+
+        if(!FIPS_mode_set(1))
+                {
+                do_print_errors();
+                goto end;
+                }
+
+        if (argc == 1)
+                in = stdin;
+        else
+                in = fopen(argv[1], "r");
+
+        if (argc < 2)
+                out = stdout;
+        else
+                out = fopen(argv[2], "w");
+
+        if (!in)
+                {
+                fprintf(stderr, "FATAL input initialization error\n");
+                goto end;
+                }
+
+        if (!out)
+                {
+                fprintf(stderr, "FATAL output initialization error\n");
+                goto end;
+                }
+
+        if (!dgst_test(out, in))
+                {
+                fprintf(stderr, "FATAL digest file processing error\n");
+                goto end;
+                }
+        else
+                ret = 0;
+
+        end:
+
+        if (ret)
+                do_print_errors();
+
+        if (in && (in != stdin))
+                fclose(in);
+        if (out && (out != stdout))
+                fclose(out);
+
+        return ret;
+
+        }
+
+#define SHA_TEST_MAX_BITS       102400
+#define SHA_TEST_MAXLINELEN     (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
+
+int dgst_test(FILE *out, FILE *in)
+        {
+        const EVP_MD *md = NULL;
+        char *linebuf, *olinebuf, *p, *q;
+        char *keyword, *value;
+        unsigned char *Msg = NULL, *Seed = NULL;
+        long MsgLen = -1, Len = -1, SeedLen = -1;
+        int ret = 0;
+        int lnum = 0;
+
+        olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+        linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+        if (!linebuf || !olinebuf)
+                goto error;
+
+
+        while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
+                {
+                lnum++;
+                strcpy(linebuf, olinebuf);
+                keyword = linebuf;
+                /* Skip leading space */
+                while (isspace((unsigned char)*keyword))
+                        keyword++;
+
+                /* Look for = sign */
+                p = strchr(linebuf, '=');
+
+                /* If no = or starts with [ (for [L=20] line) just copy */
+                if (!p)
+                        {
+                        fputs(olinebuf, out);
+                        continue;
+                        }
+
+                q = p - 1;
+
+                /* Remove trailing space */
+                while (isspace((unsigned char)*q))
+                        *q-- = 0;
+
+                *p = 0;
+                value = p + 1;
+
+                /* Remove leading space from value */
+                while (isspace((unsigned char)*value))
+                        value++;
+
+                /* Remove trailing space from value */
+                p = value + strlen(value) - 1;
+                while (*p == '\n' || isspace((unsigned char)*p))
+                        *p-- = 0;
+
+                if (!strcmp(keyword,"[L") && *p==']')
+                        {
+                        switch (atoi(value))
+                                {
+                                case 20: md=EVP_sha1();   break;
+                                case 28: md=EVP_sha224(); break;
+                                case 32: md=EVP_sha256(); break;
+                                case 48: md=EVP_sha384(); break;
+                                case 64: md=EVP_sha512(); break;
+                                default: goto parse_error;
+                                }
+                        }
+                else if (!strcmp(keyword, "Len"))
+                        {
+                        if (Len != -1)
+                                goto parse_error;
+                        Len = atoi(value);
+                        if (Len < 0)
+                                goto parse_error;
+                        /* Only handle multiples of 8 bits */
+                        if (Len & 0x7)
+                                goto parse_error;
+                        if (Len > SHA_TEST_MAX_BITS)
+                                goto parse_error;
+                        MsgLen = Len >> 3;
+                        }
+
+                else if (!strcmp(keyword, "Msg"))
+                        {
+                        long tmplen;
+                        if (strlen(value) & 1)
+                                *(--value) = '0';
+                        if (Msg)
+                                goto parse_error;
+                        Msg = hex2bin_m(value, &tmplen);
+                        if (!Msg)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "Seed"))
+                        {
+                        if (strlen(value) & 1)
+                                *(--value) = '0';
+                        if (Seed)
+                                goto parse_error;
+                        Seed = hex2bin_m(value, &SeedLen);
+                        if (!Seed)
+                                goto parse_error;
+                        }
+                else if (!strcmp(keyword, "MD"))
+                        continue;
+                else
+                        goto parse_error;
+
+                fputs(olinebuf, out);
+
+                if (md && Msg && (MsgLen >= 0))
+                        {
+                        if (!print_dgst(md, out, Msg, MsgLen))
+                                goto error;
+                        OPENSSL_free(Msg);
+                        Msg = NULL;
+                        MsgLen = -1;
+                        Len = -1;
+                        }
+                else if (md && Seed && (SeedLen > 0))
+                        {
+                        if (!print_monte(md, out, Seed, SeedLen))
+                                goto error;
+                        OPENSSL_free(Seed);
+                        Seed = NULL;
+                        SeedLen = -1;
+                        }
+        
+
+                }
+
+
+        ret = 1;
+
+
+        error:
+
+        if (olinebuf)
+                OPENSSL_free(olinebuf);
+        if (linebuf)
+                OPENSSL_free(linebuf);
+        if (Msg)
+                OPENSSL_free(Msg);
+        if (Seed)
+                OPENSSL_free(Seed);
+
+        return ret;
+
+        parse_error:
+
+        fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+        goto error;
+
+        }
+
+static int print_dgst(const EVP_MD *emd, FILE *out,
+                unsigned char *Msg, int Msglen)
+        {
+        int i, mdlen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+                {
+                fputs("Error calculating HASH\n", stderr);
+                return 0;
+                }
+        fputs("MD = ", out);
+        for (i = 0; i < mdlen; i++)
+                fprintf(out, "%02x", md[i]);
+        fputs("\n", out);
+        return 1;
+        }
+
+static int print_monte(const EVP_MD *md, FILE *out,
+                unsigned char *Seed, int SeedLen)
+        {
+        unsigned int i, j, k;
+        int ret = 0;
+        EVP_MD_CTX ctx;
+        unsigned char *m1, *m2, *m3, *p;
+        unsigned int mlen, m1len, m2len, m3len;
+
+        EVP_MD_CTX_init(&ctx);
+
+        if (SeedLen > EVP_MAX_MD_SIZE)
+                mlen = SeedLen;
+        else
+                mlen = EVP_MAX_MD_SIZE;
+
+        m1 = OPENSSL_malloc(mlen);
+        m2 = OPENSSL_malloc(mlen);
+        m3 = OPENSSL_malloc(mlen);
+
+        if (!m1 || !m2 || !m3)
+                goto mc_error;
+
+        m1len = m2len = m3len = SeedLen;
+        memcpy(m1, Seed, SeedLen);
+        memcpy(m2, Seed, SeedLen);
+        memcpy(m3, Seed, SeedLen);
+
+        fputs("\n", out);
+
+        for (j = 0; j < 100; j++)
+                {
+                for (i = 0; i < 1000; i++)
+                        {
+                        EVP_DigestInit_ex(&ctx, md, NULL);
+                        EVP_DigestUpdate(&ctx, m1, m1len);
+                        EVP_DigestUpdate(&ctx, m2, m2len);
+                        EVP_DigestUpdate(&ctx, m3, m3len);
+                        p = m1;
+                        m1 = m2;
+                        m1len = m2len;
+                        m2 = m3;
+                        m2len = m3len;
+                        m3 = p;
+                        EVP_DigestFinal_ex(&ctx, m3, &m3len);
+                        }
+                fprintf(out, "COUNT = %d\n", j);
+                fputs("MD = ", out);
+                for (k = 0; k < m3len; k++)
+                        fprintf(out, "%02x", m3[k]);
+                fputs("\n\n", out);
+                memcpy(m1, m3, m3len);
+                memcpy(m2, m3, m3len);
+                m1len = m2len = m3len;
+                }
+
+        ret = 1;
+
+        mc_error:
+        if (m1)
+                OPENSSL_free(m1);
+        if (m2)
+                OPENSSL_free(m2);
+        if (m3)
+                OPENSSL_free(m3);
+
+        EVP_MD_CTX_cleanup(&ctx);
+
+        return ret;
+        }
+
+#endif
diff --git a/src/lib/libssl/src/fips/sha/fips_standalone_sha1.c b/src/lib/libssl/src/fips/sha/fips_standalone_sha1.c
new file mode 100644
index 0000000000..058b71a20f
--- /dev/null
+++ b/src/lib/libssl/src/fips/sha/fips_standalone_sha1.c
@@ -0,0 +1,173 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+
+#ifndef FIPSCANISTER_O
+int FIPS_selftest_failed() { return 0; }
+void FIPS_selftest_check() {}
+void OPENSSL_cleanse(void *p,size_t len) {}
+#endif
+
+#ifdef OPENSSL_FIPS
+
+static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+                      const char *key)
+    {
+    int len=strlen(key);
+    int i;
+    unsigned char keymd[HMAC_MAX_MD_CBLOCK];
+    unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+    if (len > SHA_CBLOCK)
+        {
+        SHA1_Init(md_ctx);
+        SHA1_Update(md_ctx,key,len);
+        SHA1_Final(keymd,md_ctx);
+        len=20;
+        }
+    else
+        memcpy(keymd,key,len);
+    memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
+
+    for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+        pad[i]=0x36^keymd[i];
+    SHA1_Init(md_ctx);
+    SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+
+    for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+        pad[i]=0x5c^keymd[i];
+    SHA1_Init(o_ctx);
+    SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+    }
+
+static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+    {
+    unsigned char buf[20];
+
+    SHA1_Final(buf,md_ctx);
+    SHA1_Update(o_ctx,buf,sizeof buf);
+    SHA1_Final(md,o_ctx);
+    }
+
+#endif
+
+int main(int argc,char **argv)
+    {
+#ifdef OPENSSL_FIPS
+    static char key[]="etaonrishdlcupfm";
+    int n,binary=0;
+
+    if(argc < 2)
+        {
+        fprintf(stderr,"%s [<file>]+\n",argv[0]);
+        exit(1);
+        }
+
+    n=1;
+    if (!strcmp(argv[n],"-binary"))
+        {
+        n++;
+        binary=1;       /* emit binary fingerprint... */
+        }
+
+    for(; n < argc ; ++n)
+        {
+        FILE *f=fopen(argv[n],"rb");
+        SHA_CTX md_ctx,o_ctx;
+        unsigned char md[20];
+        int i;
+
+        if(!f)
+            {
+            perror(argv[n]);
+            exit(2);
+            }
+
+        hmac_init(&md_ctx,&o_ctx,key);
+        for( ; ; )
+            {
+            char buf[1024];
+            int l=fread(buf,1,sizeof buf,f);
+
+            if(l == 0)
+                {
+                if(ferror(f))
+                    {
+                    perror(argv[n]);
+                    exit(3);
+                    }
+                else
+                    break;
+                }
+            SHA1_Update(&md_ctx,buf,l);
+            }
+        hmac_final(md,&md_ctx,&o_ctx);
+
+        if (binary)
+            {
+            fwrite(md,20,1,stdout);
+            break;      /* ... for single(!) file */
+            }
+
+        printf("HMAC-SHA1(%s)= ",argv[n]);
+        for(i=0 ; i < 20 ; ++i)
+            printf("%02x",md[i]);
+        printf("\n");
+        }
+#endif
+    return 0;
+    }
+
+
diff --git a/src/lib/libssl/src/ms/do_fips.bat b/src/lib/libssl/src/ms/do_fips.bat
new file mode 100644
index 0000000000..8d27eb05bd
--- /dev/null
+++ b/src/lib/libssl/src/ms/do_fips.bat
@@ -0,0 +1,204 @@
+@echo off
+
+SET ASM=%1
+
+if NOT X%PROCESSOR_ARCHITECTURE% == X goto defined 
+
+echo Processor Architecture Undefined: defaulting to X86
+
+goto X86
+
+:defined
+
+if %PROCESSOR_ARCHITECTURE% == x86 goto X86
+
+if %PROCESSOR_ARCHITECTURE% == IA64 goto IA64
+
+if %PROCESSOR_ARCHITECTURE% == AMD64 goto AMD64
+
+echo Processor Architecture Unrecognized: defaulting to X86
+
+:X86
+echo Auto Configuring for X86
+
+SET TARGET=VC-WIN32
+
+if x%ASM% == xno-asm goto compile
+echo Generating x86 for NASM assember
+SET ASM=nasm
+SET ASMOPTS=-DOPENSSL_IA32_SSE2
+
+echo Bignum
+cd crypto\bn\asm
+perl bn-586.pl win32n %ASMOPTS% > bn_win32.asm
+if ERRORLEVEL 1 goto error
+perl co-586.pl win32n %ASMOPTS% > co_win32.asm
+if ERRORLEVEL 1 goto error
+perl mo-586.pl win32n %ASMOPTS% > mt_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo AES
+cd crypto\aes\asm
+perl aes-586.pl win32n %ASMOPTS% > a_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl win32n %ASMOPTS% > d_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo "crypt(3)"
+
+cd crypto\des\asm
+perl crypt586.pl win32n %ASMOPTS% > y_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo Blowfish
+
+cd crypto\bf\asm
+perl bf-586.pl win32n %ASMOPTS% > b_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl win32n %ASMOPTS% > c_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl win32n %ASMOPTS% > r4_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl win32n %ASMOPTS% > m5_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl win32n %ASMOPTS% > s1_win32.asm
+if ERRORLEVEL 1 goto error
+perl sha512-sse2.pl win32n %ASMOPTS% > sha512-sse2.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl win32n %ASMOPTS% > rm_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl win32n %ASMOPTS% > r5_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo CPU-ID
+cd crypto
+perl x86cpuid.pl win32n %ASMOPTS% > cpu_win32.asm
+if ERRORLEVEL 1 goto error
+cd ..
+
+goto compile
+
+:IA64
+
+echo Auto Configuring for IA64
+SET TARGET=VC-WIN64I
+perl ms\uplink.pl win64i > ms\uptable.asm
+if ERRORLEVEL 1 goto error
+ias -o ms\uptable.obj ms\uptable.asm
+if ERRORLEVEL 1 goto error
+
+goto compile
+
+:AMD64
+
+echo Auto Configuring for AMD64
+SET TARGET=VC-WIN64A
+perl ms\uplink.pl win64a > ms\uptable.asm
+if ERRORLEVEL 1 goto error
+ml64 -c -Foms\uptable.obj ms\uptable.asm
+if ERRORLEVEL 1 goto error
+
+if x%ASM% == xno-asm goto compile
+echo Generating x86_64 for ML64 assember
+SET ASM=ml64
+
+echo Bignum
+cd crypto\bn\asm
+perl x86_64-mont.pl x86_64-mont.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo AES
+cd crypto\aes\asm
+perl aes-x86_64.pl aes-x86_64.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo SHA
+cd crypto\sha\asm
+perl sha1-x86_64.pl sha1-x86_64.asm
+if ERRORLEVEL 1 goto error
+perl sha512-x86_64.pl sha256-x86_64.asm
+if ERRORLEVEL 1 goto error
+perl sha512-x86_64.pl sha512-x86_64.asm
+if ERRORLEVEL 1 goto error
+cd ..\..\..
+
+echo CPU-ID
+cd crypto
+perl x86_64cpuid.pl cpuid-x86_64.asm
+if ERRORLEVEL 1 goto error
+cd ..
+
+:compile
+
+perl Configure %TARGET% fipscanisterbuild
+pause
+
+echo on
+
+perl util\mkfiles.pl >MINFO
+@if ERRORLEVEL 1 goto error
+perl util\mk1mf.pl dll %ASM% %TARGET% >ms\ntdll.mak
+@if ERRORLEVEL 1 goto error
+
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+@if ERRORLEVEL 1 goto error
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+@if ERRORLEVEL 1 goto error
+
+nmake -f ms\ntdll.mak clean
+nmake -f ms\ntdll.mak
+@if ERRORLEVEL 1 goto error
+
+@echo.
+@echo.
+@echo.
+@echo ***************************
+@echo ****FIPS BUILD SUCCESS*****
+@echo ***************************
+
+@goto end
+
+:error
+
+@echo.
+@echo.
+@echo.
+@echo ***************************
+@echo ****FIPS BUILD FAILURE*****
+@echo ***************************
+
+:end
diff --git a/src/lib/libssl/src/ms/segrenam.pl b/src/lib/libssl/src/ms/segrenam.pl
new file mode 100644
index 0000000000..2ab22a0459
--- /dev/null
+++ b/src/lib/libssl/src/ms/segrenam.pl
@@ -0,0 +1,65 @@
+#!/usr/bin/env perl
+
+my $quiet = 1;
+
+unpack("L",pack("N",1))!=1 || die "only little-endian hosts are supported";
+
+# first argument can specify custom suffix...
+$suffix=(@ARGV[0]=~/^\$/) ? shift(@ARGV) : "\$m";
+#################################################################
+# rename segments in COFF modules according to %map table below #
+%map=(  ".text" => "fipstx$suffix",                             #
+        ".text\$"=> "fipstx$suffix",                            #
+        ".rdata"=> "fipsrd$suffix",                             #
+        ".data" => "fipsda$suffix"      );                      #
+#################################################################
+
+# collect file list
+foreach (@ARGV) {
+    if (/\*/)   { push(@files,glob($_)); }
+    else        { push(@files,$_);       }
+}
+
+use Fcntl;
+use Fcntl ":seek";
+
+foreach (@files) {
+    $file=$_;
+    print "processing $file\n" unless $quiet;
+
+    sysopen(FD,$file,O_RDWR|O_BINARY) || die "sysopen($file): $!";
+
+    # read IMAGE_DOS_HEADER
+    sysread(FD,$mz,64)==64 || die "$file is too short";
+    @dos_header=unpack("a2C58I",$mz);
+    if (@dos_header[0] eq "MZ") {
+        $e_lfanew=pop(@dos_header);
+        sysseek(FD,$e_lfanew,SEEK_SET)  || die "$file is too short";
+        sysread(FD,$Magic,4)==4         || die "$file is too short";
+        unpack("I",$Magic)==0x4550      || die "$file is not COFF image";
+    } elsif ($file =~ /\.obj$/i) {
+        # .obj files have no IMAGE_DOS_HEADER
+        sysseek(FD,0,SEEK_SET)          || die "unable to rewind $file";
+    } else { next; }
+
+    # read IMAGE_FILE_HEADER
+    sysread(FD,$coff,20)==20 || die "$file is too short";
+    ($Machine,$NumberOfSections,$TimeDateStamp,
+     $PointerToSymbolTable,$NumberOfSysmbols,
+     $SizeOfOptionalHeader,$Characteristics)=unpack("SSIIISS",$coff);
+
+    # skip over IMAGE_OPTIONAL_HEADER
+    sysseek(FD,$SizeOfOptionalHeader,SEEK_CUR) || die "$file is too short";
+
+    # traverse IMAGE_SECTION_HEADER table
+    for($i=0;$i<$NumberOfSections;$i++) {
+        sysread(FD,$SectionHeader,40)==40 || die "$file is too short";
+        ($Name,@opaque)=unpack("Z8C*",$SectionHeader);
+        if ($map{$Name}) {
+            sysseek(FD,-40,SEEK_CUR) || die "unable to rewind $file";
+            syswrite(FD,pack("a8C*",$map{$Name},@opaque))==40 || die "syswrite failed: $!";
+            printf "    %-8s -> %.8s\n",$Name,$map{$Name} unless $quiet;
+        }
+    }
+    close(FD);
+}
diff --git a/src/lib/libssl/src/test/CAss.cnf b/src/lib/libssl/src/test/CAss.cnf
index 20f8f05e3d..546e660626 100644
--- a/src/lib/libssl/src/test/CAss.cnf
+++ b/src/lib/libssl/src/test/CAss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 
 ####################################################################
 [ req ]
-default_bits            = 512
+default_bits            = 1024
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no
diff --git a/src/lib/libssl/src/test/SHAmix.r b/src/lib/libssl/src/test/SHAmix.r
new file mode 100644
index 0000000000..453fce20ce
--- /dev/null
+++ b/src/lib/libssl/src/test/SHAmix.r
@@ -0,0 +1,99 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
diff --git a/src/lib/libssl/src/test/SHAmix.x b/src/lib/libssl/src/test/SHAmix.x
new file mode 100644
index 0000000000..83bcb14126
--- /dev/null
+++ b/src/lib/libssl/src/test/SHAmix.x
@@ -0,0 +1,129 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+MD = 74d78642f70ca830bec75fc60a585917e388cfa4cd1d23daab1c4d9ff1010cac3e67275df64db5a6a7c7d0fda24f1fc3eb272678a7c8becff6743ee812129078
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+MD = 6f5589ea195e745654885d50de687d7fe682affc8da1fb09e681540525f04ecb93022361a27759b9e272c883564223c5e4ecafeb0daaf1abce6caa4bd4153379
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+MD = 66a16799d606c569d2fcd70d7d8321ec90ef61711481aaf7d747744ebfd08ec2e7aead49429af7b4ceec6d8e147ed018e034efbe07982699e818db5fc4b1d71a
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+MD = 790bc4844e9aeef8938df0ccda17890556a4151817111a526a88919cfb172f0b03c216080c1b60210eb1942097f17b6d0691bf5b018b6d959198d6a694b922c9
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+MD = a86e07bcd19080d4a83e1384bd8189f60a7dd7a6998406ade0bf03f805375bd823c7656dd51cd9d63e542f8ade41f16d73794d60d0906424133778156ee54b95
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+MD = be3cfa6c965b2ee4e6fb0236665b0b95f66c8da8b338375b7393672283b0e50b96112d7cb76fffaa6db8ea4a7687fc6234dc1ee52e764d69ba8ac40c0f51beba
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+MD = 87bea682792f6bb4977fe1b92e0cc7017413dd263732c3604f0ebd63c2817ce5ddc5d78c0137f614a06e72ab1cab2f4c
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+MD = 7311a6356ab38a690c0b3a1581c3e7b6de418996c05e79849891b061c51d53dffc0fff2b8ad1c1eff165aee5ef6e18ff
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+MD = adb1778360ec659e90609e74b6af219a01a024f216b68aa944841429ed5b03b139444b8b848f73fd5f350ef02d46b6ce
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+MD = 0cbec7be7299f48f043c3d1aacf833b4258c32190a21a8ac2471666b4a51b63cc77fff6e081aaf5ef21b1b7523d65763
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+MD = 70e1259106fc7a7c6be11d95fb673bfaf0074e342fdaefb458faf4619e7f0edbd68d509b9ca7243d2e5e039d42ee3b47
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+MD = b70acba01bd715f542859a4224d035eb177fe7b34d5447e099acd1716ba6d00f515bd02021b5b3015d736b04687544de
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+MD = 7c5f9ed821a021ef1850dd4e0b179a656fbe27b104463720f467db32bbfab5a4
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+MD = 774782a9c3023dcef8b2cb83f7994324e3cca35323419b3914a9b6bc3ace5ce1
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+MD = f114f1a390bfc30f34652751f3a38e8bdc9597625e363689459b80082eb34009
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+MD = 7d00fe393c308eadb8c0a4f771d409e17c9a796e63b45fc8e84c0cb2bdb62532
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+MD = 6e5905b22cb95e48b73c5a885f5463f554d81257bd26301c4393d57fff1c8323
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+MD = d7c901f0d92a868dced7e2659e90121108611dd7781325fc57e5c336c2279510
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+MD = b7399529fe614af98f9ecd73e45790406883cb22e3bdcdf28fadd033
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+MD = d0aee5482c509540a4ea4b902bf42fc8df3af6de42fb14e903d1b2e4
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+MD = 56c22e6066cd4c4d6415c5a225257e7f888b317ba4e98eadb72b4be0
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+MD = 33a84e66cf1ce6970c35807db25e05ca05809e53d4e34cda9bfc0045
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+MD = 60700d4ef068822d0fe6df450b4aa8e206b2790d6dcf973229a59889
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+MD = 85747c796a910421ecb364b4b4f0e68b49e9217944f6586eac4993ec
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+MD = 60bdeabf39efdf21ba9c0f94af6552d2ffe699e1
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+MD = f146072f92dc4a551721a10bf0b01564cc2b43df
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+MD = b0a2d6033cf1d8ff120a605b745d736ee4aa06d2
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+MD = 395dd2989edc854746e384f339f0808c515747be
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+MD = 1adccf11e5b7ce2a3ddf71e920138c8647ad699c
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
+MD = 2cbc07b9b9c819b8fd38d8a614a8a9c3fa7e40ee
diff --git a/src/lib/libssl/src/test/Uss.cnf b/src/lib/libssl/src/test/Uss.cnf
index 0c0ebb5f67..98b2e054b7 100644
--- a/src/lib/libssl/src/test/Uss.cnf
+++ b/src/lib/libssl/src/test/Uss.cnf
@@ -7,7 +7,7 @@ RANDFILE		= ./.rnd
 
 ####################################################################
 [ req ]
-default_bits            = 512
+default_bits            = 1024
 default_keyfile         = keySS.pem
 distinguished_name      = req_distinguished_name
 encrypt_rsa_key         = no
diff --git a/src/lib/libssl/src/util/arx.pl b/src/lib/libssl/src/util/arx.pl
new file mode 100644
index 0000000000..ce62625c33
--- /dev/null
+++ b/src/lib/libssl/src/util/arx.pl
@@ -0,0 +1,15 @@
+#!/bin/perl
+
+# Simple perl script to wrap round "ar" program and exclude any
+# object files in the environment variable EXCL_OBJ
+
+map { s/^.*\/([^\/]*)$/$1/ ; $EXCL{$_} = 1} split(' ', $ENV{EXCL_OBJ});
+
+#my @ks = keys %EXCL;
+#print STDERR "Excluding: @ks \n";
+
+my @ARGS = grep { !exists $EXCL{$_} } @ARGV;    
+
+system @ARGS;
+
+exit $? >> 8;
diff --git a/src/lib/libssl/src/util/fipslink.pl b/src/lib/libssl/src/util/fipslink.pl
index a893833c5c..3597bc1740 100644
--- a/src/lib/libssl/src/util/fipslink.pl
+++ b/src/lib/libssl/src/util/fipslink.pl
@@ -28,7 +28,7 @@ if (exists $ENV{"PREMAIN_DSO_EXE"})
         }
 
 check_hash($sha1_exe, "fips_premain.c");
-check_hash($sha1_exe, "fipscanister.o");
+check_hash($sha1_exe, "fipscanister.lib");
 
 
 print "Integrity check OK\n";
diff --git a/src/lib/libssl/src/util/mksdef.pl b/src/lib/libssl/src/util/mksdef.pl
new file mode 100644
index 0000000000..065dc675f1
--- /dev/null
+++ b/src/lib/libssl/src/util/mksdef.pl
@@ -0,0 +1,87 @@
+
+# Perl script to split libeay32.def into two distinct DEF files for use in
+# fipdso mode. It works out symbols in each case by running "link" command and
+# parsing the output to find the list of missing symbols then splitting
+# libeay32.def based on the result.
+
+
+# Get list of unknown symbols
+
+my @deferr = `link @ARGV`;
+
+my $preamble = "";
+my @fipsdll;
+my @fipsrest;
+my %nosym;
+
+# Add symbols to a hash for easy lookup
+
+foreach (@deferr)
+        {
+        if (/^.*symbol (\S+)$/)
+                {
+                $nosym{$1} = 1;
+                }
+        }
+
+open (IN, "ms/libeay32.def") || die "Can't Open DEF file for spliting";
+
+my $started = 0;
+
+# Parse libeay32.def into two arrays depending on whether the symbol matches
+# the missing list.
+
+
+foreach (<IN>)
+        {
+        if (/^\s*(\S+)\s*(\@\S+)\s*$/)
+                {
+                $started = 1;
+                if (exists $nosym{$1})
+                        {
+                        push @fipsrest, $_;
+                        }
+                else
+                        {
+                        my $imptmp = sprintf "     %-39s %s\n",
+                                        "$1=libosslfips.$1", $2;
+                        push @fipsrest, $imptmp;
+                        push @fipsdll, "\t$1\n";
+                        }
+                }
+        $preamble .= $_ unless $started;
+        }
+
+close IN;
+
+# Hack! Add some additional exports needed for libcryptofips.dll
+#
+
+push @fipsdll, "\tOPENSSL_showfatal\n";
+push @fipsdll, "\tOPENSSL_cpuid_setup\n";
+
+# Write out DEF files for each array
+
+write_def("ms/libosslfips.def", "LIBOSSLFIPS", $preamble, \@fipsdll);
+write_def("ms/libeayfips.def", "", $preamble, \@fipsrest);
+
+
+sub write_def
+        {
+        my ($fnam, $defname, $preamble, $rdefs) = @_;
+        open (OUT, ">$fnam") || die "Can't Open DEF file $fnam for Writing\n";
+
+        if ($defname ne "")
+                {
+                $preamble =~ s/LIBEAY32/$defname/g;
+                $preamble =~ s/LIBEAY/$defname/g;
+                }
+        print OUT $preamble;
+        foreach (@$rdefs)
+                {
+                print OUT $_;
+                }
+        close OUT;
+        }
+
+
diff --git a/src/lib/libssl/test/SHAmix.r b/src/lib/libssl/test/SHAmix.r
new file mode 100644
index 0000000000..453fce20ce
--- /dev/null
+++ b/src/lib/libssl/test/SHAmix.r
@@ -0,0 +1,99 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
diff --git a/src/lib/libssl/test/SHAmix.x b/src/lib/libssl/test/SHAmix.x
new file mode 100644
index 0000000000..83bcb14126
--- /dev/null
+++ b/src/lib/libssl/test/SHAmix.x
@@ -0,0 +1,129 @@
+[L = 64]
+
+Len = 16
+Msg = 98a1
+MD = 74d78642f70ca830bec75fc60a585917e388cfa4cd1d23daab1c4d9ff1010cac3e67275df64db5a6a7c7d0fda24f1fc3eb272678a7c8becff6743ee812129078
+
+Len = 104
+Msg = 35a37a46df4ccbadd815942249
+MD = 6f5589ea195e745654885d50de687d7fe682affc8da1fb09e681540525f04ecb93022361a27759b9e272c883564223c5e4ecafeb0daaf1abce6caa4bd4153379
+
+Len = 352
+Msg = a93aed0fa5e163a82c9a934aebaab8180edf7de0b32f0fe99f9c75ec305b24609334cefa372c7c758262dc8f
+MD = 66a16799d606c569d2fcd70d7d8321ec90ef61711481aaf7d747744ebfd08ec2e7aead49429af7b4ceec6d8e147ed018e034efbe07982699e818db5fc4b1d71a
+
+Len = 1016
+Msg = 433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a
+MD = 790bc4844e9aeef8938df0ccda17890556a4151817111a526a88919cfb172f0b03c216080c1b60210eb1942097f17b6d0691bf5b018b6d959198d6a694b922c9
+
+Len = 13696
+Msg = 2c46a76a9dfbae1f5e59f085e9c3d4b600c24b2d404d062cf948e75a3d4ab5b137a31397be9eb34b2a03c78367e0b85448891b511ddee1f787cccd498b172cb7e656c044a03ffde8e42478330fbe9c34072a9e99ce31b41757cc820d98e7d564e06694b96b66f4be34c5eadd0ae4e61fe6abbe4d7ccee855104fedee8b451a7fcedb793d469b0094c0ed07c97fda00dd8c1662b44e3ee6775a5ef6368cb662d257be561a5967893433a4b63f97295036a37272176d081545df00852bc5c4162324161296cd51f76433f2df867a5840f2d0c8d5be00b4dc89443d82175bf69c3bdceb97facae2b2ed68e06ae74fef36d8bd1f75f130cba509341dd54079d45de22845cc8e77a022977c7540aa3e779cb1127f39f825d4d78e55a967ef45e7c1dfb02d9999fd15af2914ba47177177d94576f1091a0657d9e04fe81e6be7b631fc1baae66584c9c26ddbb568750d77555c927bcda1fbdc15c7cbe3e3fe88ca13ff12c59b383343c12976708c0e3dff78be0e286dd32eecf20b71a09fee50a9d0b13c85a15b320b162690f399282798aa3291fdd2f9c40ed873e829388466ddd1da42f2de16aaa9272ccf44790cf3c95382c304e25ae8cb2fc9d9869808f3ee7d42cb143bb0c3a55e03db6d1202ca1bdb744e448640c0aa60d3ebbda5c21e623bb080f4a073a48822725d764e51d415aad1d7c5a7f17433d15ac7d849f910c375ee0899f6a576dada42fd651343383f286009902bb62deeeb2514de6af7f09892c20d0b238f6021f03b62444b1e1f21beeb89acfcd7136416fe7bd8f202e76afaf5345311798be7cb25351add2bb044d2380221009c4d1cbbaba4cdc8631dc0144f2778a6aa1eb3d3c81df0b1b2142fce111af8214d049e40f536c5d462b9224a978e82cc6c420e70ecc3cdaffb726a183c793845315f730fa4dac9fe46e4180397107a6a051f7f0a58ceb9bf4df37e1a81c8e9569187228e8037df2e59c52ba815566768bedc8e09d5e7bdc9f2bff23aaaaf133bb5a3332750f6124ce185e29fda0851addfa2c3d52bb6dfb530fd4ee27dd5bfdce5dc2f41debe6740274bc651aecd4023b098a7d622e2296b50d51b79c4e3f521695a9d43f038e8f273405e26584d3db179e7c1758114a3d39970df674580bbf2884405974f0b9c4b0d8b3287a2314f3f81b6991812f354d655f62513c9551b378cc2efa4c3e08b313c56cada52217fb6112eb8299b28445aca8f72e7170a1cd8bbfee4d2145fbe8d49c6af8831c4d4fc7177a50ee55a7b484261504af946c6bd5e1d6b89092f3c487c0568fa07c356fae9b8e831b8320289039746a435b122cfbc4a0d316bf90d481d3b7d979cc50d98c1190af8dc58e0035557dd5e94f437f41fab513202643a77748f76c6b77302bf40c392cd18731da082c99bdedeb70e15cd68bff59619cabcc92adcf122753c55afde0817352bc247d1170b8ddba1ad1b0faadfe0efbfc5fe6334377fa372c3435691f53dfc2ad5e08966b2d3525b1eec2d993a5cd4ff34278bd40dd80313a0727d05e0a932156152f3e11a190d8d69726f5c57d20f811e1e8932e86409ffdac96c6251c2a2976b8757adcac5d2de94931d1cbea866ec8bcba5774f8a7fde792f6acfd0f01356fd66fdf54a416af6a9397e00f848a2e9831627cbcbb52b5a868ec174e69b4cfa1ed72cdf23f39d7eaf4bdb318c188b1f0fe75655e34ad71907cdb77a1a2b162cd7c22d93dc45321eafb17cd60282e83736267b3e1fb249c307d49509f50839942f0f493afd9ef37db053a918e3ec83d801bbdead07554a018b8ba348fe9b7dd92ea7c5fc0e65a644ba19aa1fb6c022ab768ec7cb249ba17b9dda2860bd4aaaa3dc70ec009804141ad5ebc61203658e57a0887ec0fded18d844a96e79ba7e879c4253056f23e205a80ab1471953438f85848f4ab31ab175c089e0bbb97ea0dd6a67385770356741966053735e2cc2ecdd2c8c75cc045181dd7267584b901674b553082b2c58fb8f8be0b99306194a6f069f684535423304d40a268d55784a14260fa9c9cb1306b82f91cbee3c9f43dea9e50903135cc1c6505605a100bfa28564a2057974eef0852b7b72ce264815026d0759f691db618ef760edde73ec888e181403834f7221bb27a69479ec9b28a3fb0c3f68d4467d25712fc48ad78763f9ea6e8a2e85260225ca1b1a38b720e589fafca29f07257c5467cb74ee53189b8c81b784c43e93f98abde1ed53af60b27b13df6ce45001c6e1813de3521028981086f7d88ba13f6fb1a800f312fbe2f842eebe847fd760c394668cfbfd353ec14ca0366eccd7b4cd63318116bdc42e20a632a0d2b8c5cddb37bfc0a239ebe3800a787d2ece077a7968036b3d9b31cd906f888e3ed742cd769033e2c24c5a9e3c10b6d300db5a17dd88
+MD = a86e07bcd19080d4a83e1384bd8189f60a7dd7a6998406ade0bf03f805375bd823c7656dd51cd9d63e542f8ade41f16d73794d60d0906424133778156ee54b95
+
+Len = 100816
+Msg = f8ed40e878dc68ceec52cc8e2868722310fb117ca3a52e1839eb85d308b8aa00ed0bf0b76aec8a70eba4f0d14d2d85c5a0e876ce2c8ee59cb36947def6c40a587aa07b368ca8e8a08367018e45b984de0d7f1aa46b977cc18c0cd9b7bb897cbb2814aa0ce8f8c9843e03c86c19f2ba95dd2ac4a466a93aae4b3b05055ff148517ecf43e286c57744a3e10a14d0c26e139a503e7927aa688c78609170ebe3b54104390e5f6cf538093a67922e7210e77fcb584ec9b6844e829be246a266460cb442bad52ca47255fb8cfe276108c36e02f9acbd3d191d34b93d29ec40d80496d1c1bb5ef036221641200e905598c54bc4abb3527c5a5f6258e59d4bf54a0498c108a2725428efc2047e0096b32dfdc6ec69d5d72f81301f881ca62a66c22e5dab9fd9d90084c0a36b2f3a0123cc5327a3bc7a12fd947ab57169ac533e4b6a2cb80fc65b9b527cff9fba26994c7fafb5102a0acd8f9d246a3a54178c23eaa04c0fdfd3c0cd980d1fc7a72b25d74df9b95c3dedce8ca316870c654f9ebea9b806da9767cf40605a4b0c7fb06f6b3f197bae7d8cde9daf38530e25bc51b68f9aa23ec0e95199b14bca96c91f3db15bf8432f714dc46ac87218691bc66cb3a42f6865e1c30f8394c8e68c0ddf5851ab7c5906a1994a9af6ac1c44d0d6b95ff15d9f77825ccea40fb9e516d45888f2378e045d95d936d541cea9c8ca52fe5f7d0d919b2b1c59a42d06105ea4f2943c05178e59d67351c5b2c0051c93a4045e512884fa656b772cf398af89081546d920fd3d24ebd16310506a786ab33293027394c1bcb7b1efe46b550ac28529646e8d2a5ae65c59345e24b44cd7b06673f3ed3b9008aa568a739c26682fa596b7a655842cc6b2758b583487c78d14a76bdac7033806c5c210828ef313f8efc4072681f5fded748c31a58ac933b4665c445f07d603e0905e49b84aa55146eb1c1c99196413832a05efee2e64d6732fefc629b79b37bb9390fcbed7226b412204bda523b8b8af5c4a8bdb263ef9f3f6c7b9e1de3a1dc257c1f33b3d54a9101be5b4f2a9db319993c2cd137c41e35c434ce52e859afd1a635af4d8852252dc5e28c729b2b4c96a56d57f3f3854ded59fe612b9b3a51fee3fc1c83db673b0cc7433bff2472bc74a2eeb6706605e308690fd072a7042ca6474603711d8310909e47063f46f287260a26c4f11fe492298a0f98d28c45948a4899e08fcf443a6ba36457dd8329314d53ac0fd0819fcfc3357426c5bb8d3dfd706e205a81091cf08f31cd3459854f3d07e503991ba5f067e3c406c6c5396d8257496f4ba3703cb1ba25c2fe4aa54577af782cd57e85a88a2d75c54039e8b7bb559219edd6e81e41acb6d575d6f798afb2cbf7f00abd5c9c7b0fceec79f9a0fb040ebcbb7bff3602df7b71357efacd37aa57019350bb81213508a006160acde3dae5c42f03141887eaca22d7b33d6791febfb619d11ebabb13e6c5378e9a72e852ddccd31cc53a43275966b7042ddc51485ca20e1c456dcc7020cafb5407548b044d332229911fc74d7fb97de25abff7efb431da82de2ed7e25d0dcc06ffc74e57ca93a6a9f64d76a5c39776fe2266f88d6d0229b527525fd2e22a1407e26f94c5bc6adb1e7327f3c8bb8d4c983385c579dd8f5623df8cd6da569c7de73d9210e6b9253a177653a13ece075940fc81016d8c35fa4f6542df5120c174158ff32533476f4e059e35117081a24798fbdd1eb10f82809836f8dbefe755611347f75423dd8571695960c6f66cca71f0a01e8fecbe1183bee3335eff10b4ff8104132040e2145ec3164b2448f60c730887b9d7894e5f7df3f876cb17136c99cf32db1c02fba860937378dbd093c4c5112133781f06c8ca07c527c2c085e8ba5e52b399f2909e217aef6e3035ecafe2caeb1004069dea023af7eab873deb5ebcef2313c9827821bb9f89fd3d1570a569673d3ede86a4fb13dff242eb98450a8917fd8865c56e0a9f11d72394b79808b0429f3a83cf2465161596887fa2d557b367a1de9c7753666b0cca9c30cba9f0a749c03c55cdc7a6d45852c76ce2010de3e7f75d95228efdc79949b238d90b25f983868b7f07f585f7b00e45d9e132f3c09ee84f794d899759be3dabd46a256f4cf8da71270617cc2425b24cef25d1d2f3945afa6f81abfccc858cd02e05619649b1a5347650934105c02622d538447223d136a8a0455cf3c6f61f696b32266197b5cd1d936fd3ad4288520fb4a2f59bf95e659f33210446ef18debeb679dd99de0c3c74a6eb3dd783861f5db4e94a151c42ce27519d0bbbf1f3b1163563ec06c8bfd881d94a3b896fc07352fc97ada73685588a2242da1b718f81bb1077bc70fbd58b8b52163489ae403838b533851bec30ed0ecd97d72d1af534f3703db59f1f563bdc39d690a0e90e545506463a37e84974fd7b256bbb912cb4077d3e3f5bdd4bd2bab713b696c830b1f2185734c4d2dbd49d5372fe8b813ce73f5e01c36bddbb376ef4541033f2b0355613eeda8951ebf7377e08f967902eb7e23c0fa798c6ae52401721053f1095cacb1e9496500e83c412236fc21566090b3a3eee55aa402c0b774802fd81c9e8579761cfcfdfb1aa23786b2dc35dacd5ca8d8d283369f53e4a5db18060c2c6b0c303052aeeffe169fcaf7ecc63090a9ade245045ab9c8aebf738772297caaef5f857322a597846c7370083d409df27612e47b0cb240daa3cfa51c57108612ac0dddb0f59791289ccbdb3a2cb1fa9ac31a23dd5440682fb373bf0c1f41c4fe2185ad7c53eb69552807410053b0c2d40132250e637b8c425e6a35d93333b5b7d0557927b6179c848ec455fd1ab38348c0e96c60b2da49bd15118df64b6ce4fa48fbc555a4b2874141718e731a40b85382ae6e86ead31cea77f83bf5c063bf1febf71688a832d615e09d6f14badedeaeb6ffbfe343fc7274e78cd46a2aaec0a349c5f133291ee57cdcb65c5474e46294de6bb50886bce6c6f44dcb95f2a4761ed2e6c9e7bfed51e0964afab4e0f7e0b07960f2590baae66b1ec9a63ba0fb6c0d27e81508c51487dbbdc9beb8879fd58c188dfc774b3d0ddbd77ee8bdcdfa0ed8a9387728e12b13e8b3c10cc1c132bd822c2147c5ddf9a993aedbf78ec256db1be76644ca8ca7727208bf89732657152d34e948d73c47561d156f773136684d4162d02260300020123d13a95f4f835907c344942ddeccafe2abb7dc4792c4f1e39c24748c63cba933b16be0b8853e058c47a1ae2c4dfff39ec2339b345fe3557d03c1df91a0607a711636c4416ffdb73532aeeb74f237ed8bf971388a0659e4682a46b8327e751034cbf2c87c7828da9d24baf07a742ada34d1ef38ab1e8f2b4f801192c146600709533e61bc2665dc1e9e6441bf3c4f6643bc0c102a10f9a69da5b0e3d0a0c7cb694c682493032b5853f02953b5c2fc0e1348565389762fc2dcfbb34fd305f2d9df080e859396ffcbb7da78aae0a0d72e3de76c774bc6a81c87f2872b6afe97ced5269009304a4992c4add0bbe24e57632e19ad0fe37ae910193aab0aeae32cf6d618ab33eba59f6a04fad00b1d2403396e6fa661d31b695a1b349d62f56c08fe6c6eae7a482177adf341e51d03ea511d7959c721bd20bf371860ecd7fce1d25212891850b85648db0a039e6638d9c78bc958add3e41341536b5007be63fd1f7e3308876bcebcb97dc3b05a7b2eaadd00f8fcc8dcfa7b961bbe727c9aed1626ff786d6a0ffdbd1002cae8a7d047b6181962a686c152b2341c7c58c9f1dab5af424d183ed1c7d003165a1d04ea3683ff31a0f68615af6f91c21f736e67df641ed31b998445afadf9052bbe004d5dad08f62e5d353e42fc35a92242d8414d99dc4e7e81c8c027af686baa5c185e3f99abb3855b22cfdff0a62e2f47a632b7df8e00e0317af5c24ce7c64077bbb15ec27e062070cd3eb8e549ed9112469090ad9a96eb59294b021eed81987178cb2dcff67a9a2e930f6032c753e203380f8a7c987cea393234699de03a1d09ce204f0a8b6d5cf522b6887174fdbccb08f3e7c4fe2f778254465b32766c48812a45151ac37ae354dac87419f9476baa27e24b2f322b2da4ddf579750684a5881bae2269351fb7de59b9d5a4badd8951135f2713dafc57215dc626ee170fae7f20bff98e36b864e1fe0f0f9a300c903069bf0e0b6f2f8e78423cf6063e89dde6c81efcf26ef15510563c84730f611ac879a6628e55115e1a29de6945d37fbe4f803fcf2e344712d9e0d6f6c79f8773a9f199b705235e20a7830ee3357c5dca29d7a6c29a3d2628bf2c42c8f076cc4525301d8e1860729070dc53164d9fa08bf63cc889eed01b0130a7146d860bbc09ead3865a3082db0836a45f5506c3e46e452e298764939226cedfd06700e4e33c6b4a78add601140249596831e97f960b973a4e4dc3fe2813fa34eb47f998ce57270368fb81719a09298a223f7e3931ce5cdfab3f658649533354e982c87dc9e49eacebb5bb4af9a767b4f1c03d774431168cd4fec1b2726f1aae3f9a062a825f3295557eebf3af4784487b869fb049de44d03fee71194fc200af72103b157431935b5ab9bc122773ffd313d52d7acf1078386090fc011de695e71567cfd51c06317d4ff8841ceeb74ad35f4e5f4d20921123cb88bb2079674ad39e133cdfd6478d69c9bddc7a818be5d7b254bd9e0abdb030f52846fdfeae8ff370a51a9c5f6017af3c6c3db17c5c614ea18ab0e3ca0dd5de621217dffa36e5c5318fe191040a50cc3ca620683bc34da6c142e1c50afce28a86b8b66d189adcd755561a647080d93f3ede1cf54c3afb7e863fc8a82a2576d3f79e9b2bb634e598507a3d7d017e0176b7868bff3a3dfb4474b3ce03c401f33929364e727fbf8096b77eb351435c7a113b3215cc6246dd86f1517a7e550cf828900248f7c1754e40fed62477b296a37d3e53231360d012c4908b466e49b0e620c0a5031228009f259b030956ebd70e49357c3c3ac2842b6bd6e3ca5a3e985dc03f7105681fec03b320a7ca753b782ad3b52fd9c8e3bd980b48dd6ec8901dbf756108e85015821c880416e0693e0479cb31c0743450f6d9214afabc4feadb9bcee9def460a58d3a02d9e3039970068b8e3fd0a403a6ca7f2c71ae2b46ab3c731b1e65e2104c47fcb1f69e7c8c6df8c09b33f2e1cd4192faab316a44536dcac608832019f5765cc5240eabe3c87445c980c299a5e7ae0acc2c2ed19fdc8f011515bcb00476b03633c7669db1b44f97f6cd402778e9687c740dbe5686789b79d0b13f784a2a866eb91ab2d66f064c49e8df513ec348fd7272ee548ba08e1f9f99696ffb53677550d59c67f88404f6e610455a422d9cd987493ca5c366a397dccface2bba8e3e99719dafa768956cbf6fd8defc4104b8925878716a0514f70cbf3fa2c2bc2f66fabe654eed3076257e71117665703eb88c79e4c2b94e8e856e7a6ef90ee2a358409db78b98056ce1750eb80725d70e35507fdfa5933a61496ba48fbd5555717b33b59d4ef211fe096aefd478859ffc97a41372023ef114adcae5a8d5e03c21369baf1e7f417cb40326bc6db1cdf0904651dda3c1039a2f1755e7c329f7c03bf33f324206ce6e1638711c8c9a45f153aa1f847cca2a5d3af1d24fe7a1e1094819e8e712cbe10ead1012b7371b35cbcc2bd5b10505fb63bea20ac81d25e83ed0105e7595b6c28400f4d336791ce4a584323d0b455bbed44392c5f86c9d5287593f6986d4b0b8f9974a7a4157859ba801251d3b44b2bad84f29cb87dcf1680d6d10d1bfd59f0c95fb7bd07fdb3ea2fccd6e3ee80af438956ccfe31e750972f893ea5dcaa26d077fb3f09d990c2f41c8707368bba007803621ecd76540cdb8705435d74f4300eee04710a936f241c034709e625b0dd5dae1f6e86d034426819c365a05f5be420cdf4042bbff965a666a5756f67259448ebf742b6ea189fa17a4c3bfaf651d19a8a525f09d9cff637c8fac02eaa58d3ee3f7221da1e61833c0b183cd9f47686f09597e8115b435454acef80c079eafaa22b18927d07bf8b7c5ebfdec9c42a52b7824d45decef41e6184dc2db1505ca6f94172fafc10731706e79b9856dfede353d2eadeceaf72a302e3492d7dc81e3777e4e9e1f3d33cc4402833ffedb241a75a09e9495d671f80ad3acf06823bb04a92b815edd0ca7d01dcb3318c1ae5c62d3e99c0ec37908b45b51dd65f6b45b34ede2d6f553f60a45e20fafcb34ae4dbd375f52a5db9c62650deeee78e955087c2bea75ede7c304347b171fe0c1a2a033894be6e04605271307f307b2a9cf6ae24b8c87ce033a3fa4cf2bacdfcf54fcccb1f580476c7d00c631a8529a9eea2a713610341e0e25609dc8927e51c58a0a9197a54963b5cb95877354f4b8316df02ed2bea367704a12274d96bcbe0d0d728923a368bb8ab98d5db5401894c822632308ddfd309071fb4b477d8eac0ea5dbbc3e3606d8510d9051dfb5e4b7cdcf2c57c1b76902d864c3109c901da53019ed33cea84b407490486ad9f980a8a63df3d2e3921064afea137f35179130db3351f5bc3f5e7d590a5ab08b5415efbd345f9d57b71ade7dca939efa5a12d677b9af0af14468176a43712bde10cb15787c18bf066eaef8abcdea77d3a0c61d6c74ae7b54fe90940d0233e4b874c9a141dcc740d7fff43b9fbbc012a933d890232cf74fccb7ff7eac1148e203c7381b7f1d1429b1b1152ec25cbf7562596eb402a9328e43b5dc5cae36592da5523f0b9907a6817ecd395a7c778daae85bb11372b20641a04250b77b3a0ece885d07faf9622650259b874536d6d2b92181c834dc111b6fcba483167be40ecc922fb87006f63b9e8e632879563f37a8f712db9fa68c1a20ab239c0116fe022fad1279f3288b8e74a16d447e467b6381515814dd3aecab5c2a09c400b44e9100c04c720dc7e8c6d9460002da6c52004c16999975fef8752c2f9c229cbd9e6446b226cc454bd68cd665668a17328bb30f301e92ef5c7a2197a326df5c99b422096de8af231d1d8872e6e505bcfff026d4862f28d4bb3856a66ced22c9b0587451d8da4230a38561b5b1c69b523a4701a2001382aa82fcbd60733a14696a540227db44aef346d6c0a7ae5173604d59eb828614cafc1b8cfecda054dcc7306f73925e6d1af56ed74c51c6cdb66e9fee8d7a0078254fedb0c0f5dc85a4686870709b499eafbc8451aebadf848b0598ce8f955688bd2d6032abe10d1391d67c20a049841f95d2ee0c8deae2bc1baca0c098d8718cba1ddcd968981c47cd98d247aca4f838f3bf16d092eab8be8deb1f8d504d37cc44a8c96c9f22f2698036d4ad3bb48b31f109626565c147d20a4a7dfd61fb918f81548fb4f78875c1d138e819f6822651b93a3c92ad77793fba5222d870ea671f9cac967919d18f96e92778548415b2e170d90b201215354fc48a77e62823a2c2bb354782ad052732f08beb278f751529416f37d83ea26248517ae2ef2ead28c1077908995a2d25db0deaa957bcab39715283287fd626ea7388abccba2d90e364a7ff4284c84f70da68ce1aafb5be0401cb9d45e085aab41892a49e10cbd5baf2c34f5e0ca076f2772abea6f622b66020d546f8c2f134a87f96edbeb9b08394b585f2c2f98aa792f97b43b5f3aa9c34189804a9ecc2cfaeefbd0f967d85a25bf3136fd8132dec38aa82e4af6ff677682f3b62be27a180aeb22f918c24f23bf6f5954e0722324cccd06829fc32ae4fe3aee6e5a03b3651900e13fb0a759e544d033418b6ed40d037b4549a0404792c8fddc317b7f028493c4c91d6773932f8486417544f3d007e5f9e6fc02fadff175303f77f6b0e1f709bb3d3a93b38552ccf62688a39da1a602dd5e122e6f4e9171769ada5255cc5cf938dfefcbe3ab0faca434c42dc8c357e89a3d1488fa3df35c3580b124ba3bf6d0d203d586707eb692150ed05a01bf9de5c4e67bb948088784016394d47abb853f2b6b643a066ad81bcd1735aed4e108a8c1fcd025b548de874eb60de7f3c568728959147d1219e4b830e06ca2bee1f8a035e28a54ee6958d4821a84e5d1e41139905f7ec60fe67ce5f4eccdcc2c3d1e4a753a32dd3004970a4ff3824471822fe2b5010b9b6c6b01336dbf0181a95cba2624663215468519871cc39e8a7f4a151c8bd03363b402020f2fb98069b2cb8cc1b7e930938e7540d95d1d223e47865135793f9eb573660ff79f7ed2fae503e68ba44596ee745fbd8fa562c5c666d174cc01b1961736e18b8b517161ab9c8058026e0ddd6c94aed0086a26e1b959a5e05eb9d8c1ff5b2ef518ca23b4f265db61b499a48cc46bed28d23ffc1e8d9c9e345c06079ad47c88dd4e8e286575bd7f9420ab9c2d5c6685488b8b34d4c9ac04e1427ae0994cf789b48b01d1db9c2fe75fc5187727bb11119f82d0739ce4048467a08cd635bf78cc1b6cc9c28fdc199d351064a81456f81c9e56a43aef7332973804b06b18a26caa62523a7d0acc272ba49124b17bb68800d5756afd34ddb2b7e2dd8a118aac3fcf39d9f853c4d2c4fd3ed5bd25a6604d68d57db93d15aa1160f8a97e6c24238e84f272780966867f9c644ca2775cdac4af0ece036cfa6ebb1cd9d701dd7daec5763c9a4de0385db383a5647918e79c6a6de1f4ee1f6b722c561704c8d7efa4710d78dfce8ad2df0d3d82cbb59cef0bcb001f70bdc6e17af1a720b117fe02bb1dd527b18e6bce70e9447cd0cc85cbcf431fe7c006f5e4ef878a974a93b25f492847c9ae020583c9d412f4124246164d8f080b615e2eee267a7aeb5fa0974de52cefef23cdda7b305a33a91e9b50471ceb72dae337c485d636e28d6ee31f5705983808b1567d4d4ae820ec445c56e6a404cad6b408691475397c0dd6cfad232106ba96e5104052700a653e21f9ac6d79578a9f52548f426a1e81dd45bae30acdd4d22a2dafd633564d6b2f45e7d35413503c955cb0a9784b42ae8c2a5933a6729f3922f969a158540dcd201ecb6e32f88b5b4921914a2e8f424c8b031f115ea5d23a21e6f22439ffd7e5d11b08df729f65613b4f6ad3edbc9a066a5e712ecbddfa6fa764cdf170c0485f82d924a99b7e7ad8dc44c1f93e49b6469a9af3de5691944413f1417b753bcb84d5b7a34f362c383cbc802b0c88bd23a7ac471b9287571c42081b1134bfc8ce104a550942ab1f2a074cb00a90558d6e841ff15cfde6951f03e450a1bfc90dec6c513fcb2692ddccc31d22e5274d41036656183c72fce208e44920776f196193137ac67d6d65ce9cfaae774f23a86e6ee8ff3a4e9422a4667d971906e5496a4e80278774899c882708611bad282f6c1d666bc5e7c40082b43a6e98d494a18e9b3cf7f154fdbf90d786e59e83b72ad0ab893c49aca50ed37ea5202e650fda54f5c46ca2a35c476f4b009c5e6733232275abd1341199b63d22386c484cb95c43ea90e609c407bc79ddd00609cc2eb0d82848db239b249f164b7ea384d0239fe1e64d04955b9297472cafa2ff272c5c78100aaa86cdd8120556f25652a3c12da5853338e3be8f505d93ea03cd1cae7e78e95befdc0e26b760d11e05403c348e0523fe036381408033c009a8e1f117af5100a6eb91f08307df465c20bc1dd029875ef7e49338689f602d98f2dc690a57a6f2864e57098f8bd723574944ad3688b292db6d01387a16493912722ac8f91fd12b748899bdaeabdf0479df788eda440d7bf30d1c25d78d757f00b74bb556506637fc1ab87162f05d464e63a6272db3fe56e9357275035d6b6bee32bd92c4a1dc94778551e94ee1d8854f767bfac3811bd0287672aaa01ea18c25650f05a68cbacd9158e479b508e72df778589e1e03dc543b60bb3b10399e5c50de9e728e69774fb3f5fea757ddefccd0f9da75afe4b67f9c54aaaaf646e858fb001a6deed0a8a769ecef0689c988de566b6015fb8c40aeb5f2df7ea4bee60e8e69d15c4a4aa5411dbe63fbdd6418cf025d87f37362f15e22aba83abe1a3de9857c71c2234023b969eacc0bc526363b7f30b092ca114f2a6cefb34394d146866ac86a33fc497a8cb8e2a5bac398579ff7958878421fb08fff4f8f3deb8c9641b8de392647df3017a5467f9d7b23036935ec6e188dd6dbfb544b8a9e04a4b3c7fa1e4d1d9879daf69986b8083e6eb023a4b5eff80fef17f8f65433c882a21565a919448e6091d1b61013fdaf9fc3e45bbe827c9b4ab10b05600a1961e81d31c7404f8e0d32bfcac2937eaed811db167dfdc29286b0d51bad2bcdb9dea76eaf495a31a7fe717c1c98be374a36271cdd06ed06c02ef4c3c06cb42f73b3332ed488416010e6bf2f4dc4dade6e2e61f19e9306bf941868f59fa0939005743dd647f0a04b576a7e71d4c383c479453501e18ec56d7cb79fe31ff534afbd8609ed701ef163f9de31bc58114399fa0f22b62c66c380e8a10c34b7e731df2a8d39dcf36fbf3a66d67b973e3a94bf6ee0bd96f5c76baa76492032fdd2f59ecaee403d486f543f2cd7ae7b0dabe1b5566e681cd40d384a94349e9668650a6f2d2daf86c59a7b02ba466cd03ce1d50c3f0ca4c02dc4b3d1c0e7b9a77df9eae0bfcffa32117d7e05adc7195f4278c93497401629897a58d08ad7141ea52e0163f14992d7a284e7b875ce4640b4dd48ceedad1ea17d8ab1e760773044845e0899602f1bdfff4d42ab80c0765d1a8bde2ba0a830c050923956d06c80b182264ad19ae4f7c39e43195f7d421bdcda00e3eb5ec5ef2ec91d69df691ba7fe250352acf01fa92af5e2c634b9c7c97889e9147e869acc153d88cdc18908f882f371ba9c1e13c26e9cb8e3cbd4c5e1988080ca65a67b3a4c3460cfadbec904d853fddd2f5375b6070941fca53cc106b5748480213cfbdc1c34320a0478b05f76fd0454c75eca069cb1fa7b21704dab67dc40d041c8a1040db378e76655636ad725219c049e6536982d6ee9f11dd032280e622547c7ff44a938a1f233c356a98182d22d5770fbc871e20bb37483dd5d6ea1551993b95b30774a49b50d411ebe0e8c92834094e23ec2664d822c40e96fb42b8607b62b6949e05edcaa436d0ffac6a8ff384068acfc0220c0b098d368fb8113918a4f8c9de37cece74c8695cef2427e54a6e77ad092a9b7f1d94ac9f0836deff41b905b5dafc58ad6063759b0372a634f69a639e19521825d66a282f489c3172a3659264d0132af3571e637782bb6fe5c0afd24547612166fd3409d0991392fa054ea5bd07a4cd0921a13ad7b62a0b5e6d56cd8adb7f3eaa5c99576941c38aff311c49a8c9d8c755869302a2e5e40109c8365a551cd3f859b9421be189d3a0e9ed78830d5cd6a2414e9cc4c25814d94d98f8848e5386d6dbddd65d22b96c5d20020a5dd409c7e5344065871e57e01c91a443501dc8bf619890fe231319b5480c3879dee618d319962596539e2970513fb5c0c8eac3a71ff99962779cf1d7e916566d0e29d121c5cec5d7302a18ed00be9316f3de8c669a64c2a960a588f9c8a42690f6867cda7146e8ce27aa6a7fb27606eed9df6a235a42d17ce71627446e206e879de56025a66556263f06684dedcfd6f083d6a707e5fc8f8212d716e062f0f7fd0c2fc62bea93d68581265a803c31cac3f8ac8939c5f8c464ebd19df42c7e8998494af614c8383294f3f3883f2404ac10404759e182a038c97aea04a85530ec005e203807c5bc30fa9f5339b32fb0427e64915e29a25bb25ac60b92256470e7de5298d42c6b88995f8d2fb704e49d55b66b71e237af90fcbfd71d9093e1a543da2e9911ac4102346dc4704859cb33ac5f5dce2b3331a9dc9fb506461a5436c89bf90d39afcf93cbca4cfc35da6ddb112243928246ae0d1ba269b0fce0468d3ecabbdb925c9ea3241e2dbdc6b151fb4aa724a42f98b0248171fa01fa103f116d0e7deb65dc359b09126f9a420300fd209508ec7a50be56d5b470e387d0c52a1d104625f9571ce1404d1b7af3fb00475b95f752ab96610be112d33ded48624015781e7198f4dcdf917839471fbedb43c34efabe09941fab6b342cf672a29dbb1eed0db788dbfcfcc63bcfe80f7718571f691818dd6f839e3cc282f85f03fe0400171cdf1235049fa53de7450b4c40ed398d5a486f52124c1c63de2afc950e81839f52d17e2a7d32f82788465a65da6cd763c6360763561ed2bf47749080549b6e2db87514e1ee1c85a0bbd346eb6e3cc29267cbedcad67a287fc5be65ec59ba8b6854b31c83dfc5155187d4150685c5c2c342ed68b01ac9e44b60f0c100a347a0f93074dd37d8956fe2f43110dda66e9f9e6185c23dab74cfca21f3ede4bca87687549ea02662f45dfa0ad27f9959a120cacb7c419810e1b1a50fad31c12c47d5bbc61bad77044aa541d29faa6126c60ef088b82eead17a52843307d4bf798b853d90d14c5347ff10615381d85e964331b7a123d15a77a6790d93e920052ddb4db4baaac5e2b27b66ff955e53b8308151c81da4711189ccf0eb393c5bbccfa1f6c94a8d5f4bcd266fc6a12061967ce836ca042257368f567dc42de6ce0be84449234a6163b72069f25b7ead4b2003e1a7665e87ccf211abe94175d1c11bff2c0b6bc110194d34aab96934ef59804cd26e4434ba166d9833fb091be37b139cc10748b881c93690528a96ccccd2dbe024510b8da37dceab567dc52706461c486a0463369cbb99bcca2e8a4d2e005c45401964722a4b3ed37c351c9f21685e8992c9634349379f41796deebffc2928058c8ef6ea37c6e4970dedb78d1c2a00ea9e1ff1e7708470a6c60e6a2b1e966aa872776afdb238e97f716b3df8dfd42bf0f7ceb52bf9eb33731bdba5987b8f48b4599d67b383e77413107857e951ae0625059e5616ccb41131df9a480efd5beab3a9c99615921caedc53dbad675c00ba1030577db1d22731677914fa958b44792cc9c19e2ac71ebe61a05ee67ae7116e39e1c0d103f18bbc9d531164360d901da8234d29fb0b37cd2a60c7aa2adb2a4b297ea2fb14122ad95bd4592ef86c88fdae1e37dc8e44ad03c0fcdfa3801e93796771c5a2ec1e4ab12a64b3ffe48e7442c6224661ed5cc987aada6e778399941f7b20f16f94fb346b916be87f005c9c13789741602039d38270643cce3c347565eef5ee09139330301951c15756be47994de6f1802dc5131b9b011051b1d87d744756831a71cc8528487f032fee9dbffccc751e6a1ee6d07bb218b3a7ec6bf5740ead7a47b6907d7aa95b79aecedf4a637ead8fc6fb8654c93d13ee79f5d6258dcc61993aebc65e4fc14eea7d006e31f6e9f60e3bca8ce52ec559876fd20255e507daa99b185671ce1ac11d448c30bcdf97b9617195e0ccd2d15246308dd6cda74a8071114327fe203b1adbaa780f3243105c5111636a51dce966f5652e39d4f91abbbb4576234d6cacc3ec57cef2dd4dda49a6c33d12bb7595fd5ab5bb15b40301f34ddfb831a5dbf62218f496c003227fe6282e2ac054c45e7f3fc93e51b3ee8690f08612395095a0a12729d663eded879d9ffb325c62f2cb546a48bed51ae232fa6ce28a2494c132a6e09d98c2e3d478d5d2d15dce2e2665e4a3db448931068b99899c2bd8ba87349b0cf9e3c52cffdcf58a59b4fe0089b298b42ad7553f831bd60f5cfa3e09102fe773e4c05412973a678f3b3ed420433cd664dc7f218e816a17c5c9013ecb84abf2dd073557dbc41b92a91e0339d57b8b077a9a44d56427fec5748c47c1460b2e2412094db6d0ad06dea0aa0c1368592594bf0b2f590a9d6149e44dd4adc4cb42e5d9940d59397b83b33b88604c210694e3fbd84795c80c1b09ddb3b1ec8bef6e9dfc4d7f295e551a79436007ca48aa605ef5a89571e59cb26f2766e564e39d3bb441deaa0c8664549881d90a77256c0f6c77241fd6ab74b0e2890f78ff16fd2f9271ef96ebfbd0b878ba9c703900752b7447f4efaa60bd9dc9cd5673a36b39d49f54274caf03c0cf82b95141fa20ed3ce02ebf0dd74d9eff8eb9e2dd3a2976b244b12fd33ee75c1f1c459f86a1cefbc817f42d7f43ba406098165cbeab99df4fe751ae3382efce32af252e461652c7598161e74fd8eeca474fab6b1ede039935f2fd4d7562623b90a422a78941f47a76863d95857c33653d1b42b806bbafcfeccb7bb4a0c58acebf6104b2570afc3ca88e4fdf2719cf39c964a1ea7d2ae4a7fadc938abc95adac495093f6b959b1347501606b3f960b6d739291aa8c13eb49e98b0f78d2b91400b6d8961cb6165c8b684738e4d4db2f2ac30ddaa03a5e0cde4142b625e81907f08c60d7cb5729456806c89ff0efd08397423e44738ff38f8e88684f3a099dcda455521caca37ab4f4d9ed5d37975d4fdd778b97cc93babc804864a35e3a2db04598152e67a2f1f157681c3962d46ada23ea5d9a524f9cdbdd08a07a3a85b1f6fbde11d5a35c7743b83bbefd19aedf6d92241d16aeca7f33cc51839b75f111e8edaeaed808daf2f43fdb3c6f032ea45052ac31d4870c4d0d76aa75d0b88635ce449054013f234c4a16cffc58c95ba1cb8a0a0399861eecb1039bdedfab4d05f0270c6b16f03f6b8e629f687f133ebf2662c7f930530746679aac2791f54d6a95bfab5be0c33739074ed4e7ae88dde4a8036a7d6095cf41776366b6ae3f8f4a0734f48c275e129cfffff5e0abd042f99a957bf6f0f47fc7288750f4fe30198f8cad7067b36cd87ebca08abd3f9475e7443f83cca91a1ebfc42ef3494871f51f6d52a5524b9391c687571be5327c7c94ee2a096653acb410917fd51e56a92be4f24c1db6b97b465ca84c31c04c2f61eae07e952eb6554aa4d8a380d9ee81c1c462c360fcc3cdff2867a953b655562cd06162af8b99bbe662e0c27ce4d9a1c1a907def48a3231c2110c930a2f1498e32dbbfee0e5c5869332f3024fa5dfb0327a27c663cacd4e9902de34dd93529e90eb347bafa5035f56fc578e8386c7571d1f0ba335225ecd8be026b4544ad70f3af11501a53119ee39a8558ca0ed5b3d897ffb9cf0fcab55a0942d3bf7bc6b94ea27a6b748f2cfda431f35252c44610b7e843ed91ebf7e8fe10638f04f52d6d5a7752ec62350efcb7c473f80b1f2a26805151e8346d39d23551e92fbe372df7979c3f756bbb43f6bed09bbc6b65fe6fd241ae1c2f1a0d0b805c582853b85502968f9478e9a84895f9d4ef01ec4f3f571e57cd0bda68ee1f6f7e14fb6e0f4ef8c7dff6796472a935294fc27b16216966d5021339ded059687355b42b55926854bbfbd9f974a0c26eadbfca8a6183093996cf252894e6db910c71ca3ab2e82d90d371c36b92c9409cf7937bb266ea9b29c41d774aa522e103cb30bbabfe872b57beb027623742806aa7694a859ede9bc1fd7b9e32880b064b0030fce1a0e5cdf3ce558a5feaa32e323dbfab6661c5878c9377ee52a615b7c17bf1228e328aa20f92d070c71561969e1af532e76835fb0436810c3d87b982217edfb1143bfc3405ac9f6f3a50145608dfa8658b0ab642a347255c55b59cd1c5897b2cf625a0f0706c30ca1c1321e90cec57b7c3d1bd1af455e3732db80643383c41eaa6781f63da6233360ee720cc04d171ae2445b0c071e339d547f7ac32f407d29ec7abce0a9e1ef5276544877bab2f84bd2eef47ffa66f96e7170cd54d836c9badbc59435146031502c1a3cc744a470f693636d9050c5b894d2d6047df60eb0bac16d905d46cbf017ca69d66427cb88036eca4ea9d0e579f6bfd8a4a850703a0fe49d39c107c9358e98689fb62bd0475aab4b2031446b437c7f9e373caf0270a28d7b15c71f02079dde401e26175bb6e392106a9072021f0e5c5145a1db6f595b032faed8551f6e2ce318db1ab513db876a3eb42d225014949c19543e9c5dfd2290e28c5d72c87223f0195ffbcba1c02c7d0087721efd2af6881dee7dba7565e07abc35bc3fa41c6a4d6a313222ac6dbb117c69c62db2691c68869ac5fc5e987b0ae4335f815c73ea4235da2582dde81d6fdae5911617daef847be17f2bc09edd88830eac03977f89179fe03eb2dc3b38df43803ca2d38455232549110f4580ec3cc04c0d8cfe493013d2cde47c506ef6a8dfc42d998f70378fac5ce4709345926dc477e9e339d8c87ff6287ea6e2873e14d538cdc3f2a47e0e37a2601652f5b665b616a7d1ef3537a3327a76f93990f7694e6484e7a52a10e9eea2edc92b99406abfb2b11ec86667c7af4a333dfe900bf071d1bbcf4f0ad768fae4f450c53817c507d26e926e753e3395201d3ad89061f16706d841994abad283f0db74cada25beb5fe46f48669a62e0b849cb77097e1b4578b45062af4a071b04f0cfddf87519cf2bfa10ebb4b860239ff187e6dad73806ae968e6ac0f738baa88edb3ae4883a9e59be7a6b222c5f54818f95578daff9fc7a7aba8c4a41a699923e85ddf24a32bb71c808516f64d506058a70539276d57984d75161cba7d53a4a864c51a249a6b8fcad5738dd0055ba8468b56579ba5f102642df65c598490f3a0c9b1064f4eb1962c4c38bfb7d55d496a0b0f7b3f90b42f733d112c89176aaf937eea4bada845f3ca4e9b56b3a5a06b4c90fa4c1914ea47020c2f32531e270007ed389246906ecf2c4465f7cc5d6a347583dd73341ad97199021819be81100d867d628323ef7552db945e4c0be604cf6c4a8197958bcbd6c1879387d3286dff979632c54baba2a35ea84efd7726b662b94fae61464d069e0103692599fb86fdc3a06e01c6ae3deb3de6fdb21806c716e5f82b784e4ad3f0e2de629a18e3a2309003dfde9dde8e5101b83312f76e811277afc286b56879f4eb80468e58c60bc088284d05d725ddfe3185b7c51b472a7ff7db3930839142d4a452ddab628e07d43375801d7c6a711a55b452748d770b84ede35920c1ac74b595baef963d21df9418533fcf959593ccf5afccc753e86c4ae231eafe77a158c2472143faf169db29bf2b53c3288d8b3c9added65778095f85e2cb471ab58362041f0a27d874c42bbb06385a0403ca193cba67cf70029cdb7e73c7e2267b856fa0b8dd4c706b45e7174659b0ee2891df911724324f7ca5daf07c912b9b2abff762e62a1817688757492975db7185c4695f3a90895634b8d07453b36dd95197abc31d5d153dfb0d0ec92639540e99d6590f9b394f14c93a5e829fbb33616e810f59c502be44a13b700fd3009545e34c211abf9afe1bb8ced793c6f516d40010649f83a78ddbe9b71d8596582997d0aa54192e1200db61dade30500d72a184ca7dfcbfb80e5442f489d316cc8b75005564835d4b11c482e2c4d0d160f14a8b13ae0a0fb0ba5e3b782770aaca357df0e1c4d1c3b28b776a8b3e0da1abfd4f7190673fca1e1c5a31c688d6e8ddb21300e4178d07c4e854a718ac3f672b0120d6a54c16957c9ec8c444208e47737bc4eeb0bf2d801eb2fcb72f91fe988aa75f38e6cf26e858dc2a718580ff5d281d13e8fc3e3bc30c75c0193481c39c375a5b06b962d9491f3f1fb80f1cb27067f0709e0b0730573a9b5f5bdbee1708ad84b4ceb1a9a61e4c41e90655764057bfa07b8c81cc83a315be1aed6a49715479c0fd0f53f625fe6c7f36fadd001149ab978532e4d0de3d1a38934c74265b161899843704fad16ffc6189f42a5cadec98603e0f98c6889bd4a559079e074cb40678fad4690a20d988735280a1ee8ea71275069132101b35c18ecc9d3c6eceb4cfe9b165e4b6acc17d4f113ef8283c0fb6506f5635401e916d4f7e7bc3cf49aed166587a0c72cdbe673f467d81bc2e9cd08cd8dd16d90b353481df31e89b45e8b
+MD = be3cfa6c965b2ee4e6fb0236665b0b95f66c8da8b338375b7393672283b0e50b96112d7cb76fffaa6db8ea4a7687fc6234dc1ee52e764d69ba8ac40c0f51beba
+
+[L = 48]
+
+Len = 16
+Msg = 3a35
+MD = 87bea682792f6bb4977fe1b92e0cc7017413dd263732c3604f0ebd63c2817ce5ddc5d78c0137f614a06e72ab1cab2f4c
+
+Len = 104
+Msg = 7db15b3ee240b45d4610950996
+MD = 7311a6356ab38a690c0b3a1581c3e7b6de418996c05e79849891b061c51d53dffc0fff2b8ad1c1eff165aee5ef6e18ff
+
+Len = 352
+Msg = d2a1efc725c46cd6a19760f49edf0bae823c1b4992ae2260085746cf65833bd008e56e64002383f51f960239
+MD = adb1778360ec659e90609e74b6af219a01a024f216b68aa944841429ed5b03b139444b8b848f73fd5f350ef02d46b6ce
+
+Len = 1016
+Msg = d11ad1253592c094746da7b5c88d329bc3ce1929913b8be07e82d3f6b7a536a855f31ad197376eba6f2f4534413fc4e4e7673fdff8739f774a710754b568b7c61a473059a41c98aa4e86617aa66d2601d0f0d584cd9f132afeebdc0ce3da6a8b290059e6e4aa080c195c42ae7f7e1e99865223439929b0a3a0d79b46ca6419
+MD = 0cbec7be7299f48f043c3d1aacf833b4258c32190a21a8ac2471666b4a51b63cc77fff6e081aaf5ef21b1b7523d65763
+
+Len = 13696
+Msg = 2f7a9929dffaa4a4dcfeea1fc37b18e3cf935abbaa17cf9d834b3a8d61e9fabfb7683cfc387d6f46ece3f8bf845827c7ebe86a651d6dc1e83c5772cee1a9fee4b04453af2f68430bd87835126cfd1b3f8beea4d3822fb27864570e255cb65b414197480b6bc20a39c5450adf2474da93d72f6ecf8063899722d3755b7a19f71e93e782d89593ab19ddd3ddf053c54e0bf832311fbf132e8b9e540f38e4d9bcc3cdbf69de54e40ef348a9170ba2f65def167f568ce846889c0161448342fe907718a465e451bc1b0f2e4f21f9b911f186589f43dea305811473837c063b915d849c20deb43323bab4b64e61823f1df119e71962dd975700391b411f8778980a3080ba3c14a321d32c082d416ddd2345f0eb751a516d44ee55222395cfa11e7fc4edfbe7cd49bf4ebd4d7428843a2ad5538b3cd201ccd431aeafb146a65d28a4870a6948a7cc0413b0adac7e8dff3a898aeff5f4b65d10b28ceb749bd354c061c3008ec569d5f90a4d4f5caa51d35b49dc4028e738c8ff5939fef3fa202fed9ebef6f2c7dd0ba41cdb5c0c16985f96fd93a65d134fb4a90ffc0fb6cc5396b843c2151bb7c9170f2fa4fb44292a4af28df5481de0c3c917ba1c46467a35302738158493fbf6a0422cee558d4bce3d78e14b4fefb65bb05043e2cc2a6a8ea64565ff6ce2fd2c4f43fc02926ee44ee02fe1dce25cfde0115c9396c9ea06269f17b2caf58e2332cc1c8528d9705c70da1f76f22aeb1d1b93449180640fb5c4c4a708bc4621d7d2bed5b1a752191cfdd45086d34f247ed1df0f24e7c620de32bdfc4d1f882380d2cd7467c926f48abc75cbfac8788f88cd9dc5361517a5eb36311e6b39e21a85fba2038fd47d860f776697bb19cdb5a4d6746fae507e274399c91648537d905015e58910117e5914f44ebcb00e771d38b30c1473e1232d4e222cebceb4810c48e83e0fd4c852f4fffcd643c0ef9e4fae2d0ebc6f102f3f749b02a5e3a61517d53b539cc24120df3957a633d50369d46c0c226f8924cae51dcaf54d716f61385fd8cf38c2c311a32bcd6594d6930133dc18ef36a9671ba8b179abe95f588ef74e8558ebbc974dc73c26bb6eaae78ef464181e18b71f4b0f986ecc8495a9c4dc0b0b96be9806fbd3d32952ca3b4737a06ed6561e9c9581a33a720123fbaa2a70fc3233b83e56444f5aa0cfaf70fb24be6118404f3e11e6ea004cf2d079a3e93a8ac1d4e297cf4fc43851dd26314a7ed6a5a784b386daa26e50c64692f7db28c21d82234289bb45bad5042236667e6d70a24bc9525c3adcb793a6a5725d9b10911e3bc8e3fd604db7998346e7f7dd1815c0cbb735a977bd4b32b5b976932bc92ef3b56bcadc089045ec95f241cdb0a84c67f1f76353da6cb493bb27a881d37a2106b8b3010cf935eb3601ce4dce3e449eff8331e444ab117a20809a1010db4cf3be0c488f777b6532df908112e3d11592f04a0cc16232d62340cbb8b5268a662b8278d37c03d848a04f0ab498f5af43b0a20e310197b7e1395a65299fac29f051bcc5fcd09a5605bfee370ee8ea21f5807d9748acca815a44d81796d68b0014eed3bb6a94233fc51725de3809ac6f538beaacf8cbe3d96aca21a7a763a957f8892f22c6d086d9af2e5ac9d90321e186584f17e964c90739559ddd034df076c4aa38c2b78aab6dec8ef6be9adf33bfb66f159ec4826653ee6cb483539c47a4a1d95663e6cc7a42a3bf628623a4c9500a59a50a312aa104b198ce5f3e58952bb79ff1ccfa9ddba2fd4705e91b5acaddab9d6522d7666264ac5f533b6d8ac4512d8371c69c06b6d322b046ae2a0a20aec1c3bfb05f3d91b9044cabdd873abb5f2b0e3e19740df31e39828f9ff9bbb20b73541a7a70b8174ce4e43e0d356e629cdbc6c08d29bd7acb6a4347823075683ce9d7de4ab3ddda6572b175951f30a15263355fe9641b3322df7dd52077402a884cd472e6d0b6c34cd63ab63cec8760c7ebe384f7cc31066bbdb7a3417425e039c4d340166e4bba4839076ac9457c87459c57957d0a06dced2f7a18acd22b7295785dafa435a2a8a2c3a1fa05d115fe129d19fc44c5a29bf15b4d9c2b375bc8e591f92756cfc573a39b8fccb8395cad7617b11f14a60e2dbf69b897844cbbcb70363010f6e1bc0590ea594aa924597dbb32a868b55551789f82437180b85661809089d34a168d44b4d788dba23b13542715843eee797366d9ce7793e72331735bc78cd61b13421a568ba3e66926921c04e9d00888ba7ddeb474db63813756ea4a02c1823083e36ebd2d32d5c88cdebb98d511304cc276c7799cf84a1699ccac9569b13f530c762732e6bd0f8415001b2c02d11dff36660b717054b16df49ba38425e3764a56052ffddecdfc686aff22079897376cc15591e11579fe4feeccb55f
+MD = 70e1259106fc7a7c6be11d95fb673bfaf0074e342fdaefb458faf4619e7f0edbd68d509b9ca7243d2e5e039d42ee3b47
+
+Len = 100816
+Msg = 5f464d3301c5e0871d6b41b002dcd09abc80a805de3482d97f3fd7b9838745da1c0534168f76b93c3c53bbabd904541ffe5179cae619dea77446140b7400f47d242141c7f2e9894d88f44c9e066861498e7394f206f594a419790d697f6a11187f84bc6fb288186109343eb11172bec076d041a4c7306d7978c009fc2d2d62563614ed3555ba2d21c8fcd70e8389352dbe4ec808af3231ce990452eb05b1b0dc4fbb1b4265e69235cc3561dae4148c386cd770474863a84a822b2e5f905fc255d55f90bd6a760d441dc52240ba7d8c888a5283891a2c99963d1fe680549d6267cdea92cfead167f6c49663668f2bfdc61fa647f5abf3ce5ad2c6c175dbd456ba41436aa06f5f68f5c88e6b74ea86a79934bd05b486210d3d470a0967ad6d67f7385260578088d7e63197849354f651aad07e04ed301f1fe7a6d2047d50ce5dc6bbffbb1da6b47d740898f4eb54e3c5a1fbd18ec93254cc01f705fce04e6100ced132c519674b2345547804a372b5c925bd9ee9701527db33408d37b72f8d18b882d3c4744eb58f011d21fce336d426de1fcd5e09610216248b51fe2b79b96c2bd6ca0155e05a8a516b7a24d529a9a475284735bd9c4c437ddf399864b64fc5d0d6ffc4e5a7a3dbdd476bc39ed29a0a92e1f2b6b3506c2be5452d4f896db6eb4f895b554b2af64c4cb8dc2369b91022dc50b7291404cc9605c31569c32756a64ff8c4fbb0f1bca346c7b58a5c6774b2fc7f7fd50741d34c8564d92f396b97be782923ff3c855ea9757bde419f632c8399763003b58ee9140c2d62e914c1e1fa742661a9166d42267edc40905b35a25d5c3cb3fb457376b7422896df7bb19c23e8f764416731d2e20cf2c1beb8663c07edd8f105e078e2fed05c5e5897c430017fa2160f565a75a4c5c64a15dd7d644bf355d169ae2696ae5ed1a39e8f81055cdf315e5b0c6f9235515fc4dbf30281ef17b83a6ed604f89293904bf78c7183fcb0ab236cb1f8935e59c51559217efabc000b165d819b717118a03facb61a13a99b194f8b6c7ddfe5850127d79078397a56564c7ed6716a129409680434061b2a4782c9006587de927c1ae09d6778a5f1c39fc419fe10493eb0d4ad492fbd05485eee7913c59df82fe7182af2cf06a6e8edf06676200077bd1408f5c1cec537cb8566470cb44895826d04ec20f0aba4297c501add65c75d5767ad2ab63aa81b7b66f01b32590f1d55b7e50e6df1ee077a19c8c895f5ef62d452cc336e9aee171fa997ddcedd7af86e6cc37722fb5838a46c5e58e7f700edfb7c6bf832171d9581f660752867118e9535a6118635709d6f1c1cb21b938068958e956149d9bffc67f355cb88205d4894ba97c3e3c8be9fa2d20abe79f3f93a6a2f4f56fd075bb49a4b7dc83630e58c32a29d757fdbcaa607352f65483cf2cb4208a3bf94ca7a25e2a4e05279be31c33696c10fa4971d1b64ee938dd299f483e5c098845749a3b706a787529bf2ca56693d0a7a98243e6482a43e1f5d3086ca1b00368d8ead5ed2d0fb79b1e2f537ab9340809ca3a9b5eb2900390432293008ab7086c2811d33de0648be5597ef002c7c462b5e0f4e0b1720a98b2299ad7aa55eb78f0c77c2ab4371385f280107ae40ebf814a8223dc74f31483c63d9e4ed09fc7e5a51bac34d69d97163116a66c84ea9fe4263269b71fd228555ae3cf5109c4d6ced7b9049a2b8069bd2f71834d6c07fffbd7561939188bc07dcea08086bc7182a5270427c3199bf5fb5c4549861fd32a38ec81c4ab058c777dc01864787f0275f911a17838272cd65135f66baf06d8d93bc439eeb55d50b7c5adafed8eb8140b4b05f59871dacf954f4b096c30b7857774fcd319c096750bf605db8e31fe02cd1b9294eaf8bb009d4609f2cdb3a8657f650501b8553765de8f572fb91ac77b35db35f402453e5c58f60146f2906ff56b9c6b3a5d0bb6afb9e2201110919ac9c01a7e9750dfdb2f72afbf7a8d6f64b1c68b9de17a2c9abf289eef24074eee9b1649caf3693118165503a30200993d271aa31b8b92606a10a52612dd1fab495b82f9a98cade18b9d8a723a71ceb63fd1d27372bd281f9b40aa1839b0cc2f2177a09aa8e7b159ac118d7c145e7a4f032e788d21facde2b4dbc1d5d2238f530d9bf9bd2798f611d03ed8919f0c85bc2da99750b7a8d6322d2e66ff6ab9ebaf7424e8c1c3f4fe92be61f65359106395f5ef995e925be3868ad513f561f873acdbaf18590c903d64bd275121c11ea655124d091740887868544c5348664399d3da96e2e35fff34f062fb939d656bc072096e510b40b2f75ff010af68d64fd0acc778e2e13c9667de266b1816c4ac449521b02bbb217002c604be72e73051aa9048d192e3210a68769dd2693e5d44951711aed3a751240d42f8925844131daa36c51d7d59bbaf99623fddf1649db954705fd6f3405e63894f5258c9ffecf83208c2c90cc55b1a8d2972ea6b3a049ee54942b50526b7930953986e428b2c75e47ed870bba68dbfa624dd94112f3059da0a80c583baeb570fe8314f5c66501b34116c81148dd22396fcd6479da49f7e952c8084f97d6803ff85c3787222064ca368f596a1ebb6dab20a03916b3ab071c927d87fc10ecc4e7ab4a5761e3eadaea4de1a0dee30aa39a9e4dbee047201d7d8a4df1284cf668ae3ed7dc4cb2cc4b5cae9307353fd2ae4c105c5d9f3bb021535fc3ae9bf3ff54ddda8b2e1037cd9d69822df436dc1c750a9f557d1a3a63fbe73c64261dae0c70bba6edb57519f5b957f138d1aa5fefe01b73c1851aea42938147bac2762527a492cb85da43014c876e223b05597354d7c9b328df67f354d168a84ce86dff57d8a870db034196dbeff83ebef80bbe52425a8810f2c9fea29ee688a201cce4a5f447be789a3881a9da3b6c491288e8f1091719032608b332e0410f4576597e17e0b5dde305f069be2e80d565bb979a3915488f88e3ebb90e81c264bcaddd72b8843af4a4ae31f723d50fa0995b027c334c351128913bb93e67b1b08f101f6b8dc8202b44fbc3d3dfb530f66e5a8f35e69725c86998c05ac87c561a4706e90fa095adab4a566da4fab82bff6b20076e5bdf62dbd6614245b6a6f8cb6bf60106f8d12b9c3e26f8127dc547e2181531ce980a3273f452892110cfe1ea834a30f99d66e026a9d22dc76fc3cec8fda2d7fea701deb84dd45c97dcde57a017693e90983a156f11c4d168d89c06d8a32dbfa590adadd16850854f24bba315b0bbf372f03711a20163afa0c137383b9120b26c59f5e9e7cd2ccaf0ef4e0d70d5a81748ad441ee5fe178e14317cab184fe178fb0cc0d82105d2f423467fdcda0f9871b9d84882609248356f3053a99866dad9f9b0f8c4a897a8cb8f30365a7ae5f3ca6e772d863d445e6d57c6a478e35d719d0e4e84f3a30b1816ddb55bcd79df21ea0e95da72a19cc1fe74fc576120bc108be3ed4cae3bea889fb4ddd67efe858a994237378eb623dab070d954ac780c1e6d2095383c98ba622cbdb18fb53260979fb2672c21a4600f4bf06583a112d303096d4e30e7e1060d869f386eba3cf7aec3052ca17593dcc9969fa9cd88179c262770211cf53f53f175037a5cd445d239cee48f7ed0aa1d715a22ac18a8aeecf191d415e4afd92b76c091803f4c757a9e89f696ab7b11ad6d5f24774e4a004dcb0e3f33705dd8150431f051016af37647b9e44b10bef114276d4b1055b634461c655a82a847639a038ec9f58876e84e9a2955b696e072d8054c3f81173473604d5fcc0a75b4a340dba0c375beb87b8b01a0f2de232bbb8371c3a9d27a0ce521c4c43dd3bdeebf92f42f87d88978d5b4e3e563cba0e5f59dd29c31096885b113ea5c57e66a3be015b703bc26d3fd1d51a7c14f85f65747ac909d7e30c8e800be27eebf4a62e42e538ae30b6883907cebb7fc5e150bc9da3a138f394e817df9a9e44420078f30d0d3d6981ca581791a097a5e3982c983d5cec239096c7d8cc55c87242026d769ef1d04eb96e5b5001e3358af88d417cc61f107659791a35d8b5f7a5767ae24d5b2ba7aa12230076db1f1b9b6f213dceea62949d98bc5db38743b23a59ea75dbe4231a285678f5f07facc053c2048022fcb01f15e8c100d64a877ecd56d196a6ac60ae35e0e09a517224ba409ba7b70d8f9fe65bc427b212a4e9b3cb17b0d332267cea4f3bea7c1e550f7ffe567b20e3057aa0ebb560d00d28e2f7aff718a9f2d4d044f0d20709bb9ad567c98cff7c4810e8c542370cf90a491bc1088f69998d59f344b74db6c1bdb61f284e99b517a11452ca0bb37c7bae77fca6514b341066086e600f098a32a92935380a173c9182a2513584c54ff67e580dfe16b508acf1729a3d649ff1eae286bffd688fe658612d6c8e69e6e7f7de4ba85ec54747cdc42b1f23546b7e490e31280f066e52fac117fd3b0792e4de62d5843ee98c7201529455c85b169fdb90cb05e3403cf2f737148bd20a53c73880880a14ffff37d62130e682e50bc7210ea6c1f0c27656cc1785a0d9ce93ff94dbc5b2877519d9bac4a339e98ec594a7cc76f4ddf994fee8070dd4b8e0fe0e51b93105fcf566f83d914dd862b4ce78de7e9e16f142234bd969ff8005dddc641dcd3c7cfbdd6113cd3ba34a9503a0f433899e90e158abde2ed4ed4b3711c991577c5aafeaa982bce80835f8e6d7c7975571fafb1499991646bc499ec32930367d4b1de76ff656442cab987bdecdbcc2b2bc35ce01816594bfa4b6e33080caa41dbdf8ebf2205649f98a2d3bf331fb16b9ecd1824eacbbc9f81297b115b4d36aa7496e05f7d40d4edd1886c1bac10cf3f97840a03277e6369e7a7e90d932050ab8720fce076de5c355fb17959bd75cfaeff325b0737f8f5b1160de0b0184ba04afcc30bca77a6a37e29662302d01858c0bc1d32b883011b7df5a387805296cd91bbc835a3e76152d017ee929d4cbf137eb78db89d71617dd76cb00707aacb8088ac77a1f52ed710331193edb29933a7efd8cc153e6adfc2c6637e88cd86b06036b8177847b4d086b0ff9b5dc91f3cbd1c08217023d7449253c25331594f0f16a3c5f2e122e0145c4ec94f096b45a1fd0b2dd3f1d51e58978471782a336eae49d7bc4e050d1c6a391658f71a1f752c0ec6302bc2dba9e3766359359ce34955a2db86740c90d09cc50e92dbb76e17a39955fa7108bddeaddaf860d1aff14acec8b609ac1d336270a940604209df91cf45be72edee04277d694a6f968ae6d8e065702f3d607f3baf8db4ab7637fa4c78bb0b7fe69937eb1dcb616fca564a5a521e12df71fefbc321187159bd6a47b066a3440ba634de9153a94546b63aa33aed9da2018e1f30628df37f5360ca4f2660a46ffd73e58183e8abffdea25f7bdf798a2b7cddeaa481bcc6e682a67e99143066963d96d4a928a478951dd6ec59b1be8cb23aa688e1867738aecdd9afade39c92c0b2572bdde84eb912ed990ac618834c412231216fdb84f1e01b3f8414fc6dd0f646fd0fa62bb0157b3535e1497c9272df1cc5dcd4e6ab9a8456222655c56ac73fe0d2aa8b599035daddf0986a45b1a59510abe19a11b6dba065c8bcf8a85d20a3681c2414dab7c036cc1358b1dba98d6ae62c5948c36b5b3e307a6f860c0c822ac724a5c917ed5f98ece548a7a741d366868e6c676394c3659f7f6786594196dde332543376f9ba0724b091d30f431f91d919417e5bf7ba1e9a21cb80f6c204c3a58d59d960a5788b5cba5abd7c7518f4c5170115125de97009a6c3fc4d5773e4f57fdd433eb7422c7c4dccee57a1679633ced3b5f08df763d4577983c5ca8b49bc4e08fa76f8bff36daf0fed068db47f0c87e0e45d518dffe37c129cc6e2f5f9e0430185723098e715284a42f302a6b8368a4f2dc16f534d1e5db9d0b86659fc4ba6f16c982774115d02a57684c7e5489b1f491584b0f0546e4194a6041f5e5be3bfff3852a4fc772d83491023a61a37228ef6260edc0d1cb972cba610d5ad1d92d554700771d8236ef55e983765ed8eb21e7de7c8bb51aee9368758454fee4a3f32179c1e54af1d069e0b9728cd0554351907e018146511e4d6f0450b57c8ebd21c71450116296bdfc779945da60b9192c5bb9a67b1f04d94992df4cbb3e30732dc8af2177fef17e0b7d01740b8a64db16bc29c1e589b6bdfc967edeb2ce8a649ba892bc856a929f0b837a838ca7f917a52436ea3d20e72afacc5b9d58a7fd0fefd96787c65ffa7f910d6d0ada63d64d5c4679960e7f06aeb8c70dfef954f8e39efdb629b72979be208d616071289cfaa0756a4bb5eea5c7baf8fe7a31501e7e2d67d708d461c0c93e85f03afd70bd9e16437171e01a34f475e4b5a58d13ce4e2fba72bbba93403f3f8981e0bbd6a8a6223327bf096c44b36e0ccbf7592a98c1fa67f198b628787ec80aaef848b4fea158c715799e6f458327f399e6420f0e7821f2dc4663bbea065c7bdfe830b6102e2e7193381b9dc7f2381ba808c43b8fdf3addab4b5fa81564716f7d46e0349d9b27b559710d723c7ef2f79eb55c3a9d75b99ae6fde6877b278b583f8ae3cae776b914b0cae0772397fd19b6a27676c7ca02cd07f4b4d49bbe1ec87f2ac7e39e5f7712319c31271dbbbaf4b826af8a9f4acab696c62719f7a6a032c4bcf90922a3c630647b7c1c7b78b10afbd863f07486561a0bc8d9b1ff5fc41998a7e3c604e24af1c1df2da1dd5d83eefa2e4012f7fb5959ef9339574367deff73723484b5a969c8c23dc251a3b887f34b9ea09c9a1838e8aaabb254445d7556dda257dfd5579737fe1dd6c67f3851ca68b011e7cb7b6958d588f143828f0bb24fceca31b47b77d1ce05e75ab05b55d6c9f9107f0c738f2cf8a1629f7e9b2694324e082503937ff8ca7c5098f770289af7d038dcedcf0ed77c8b82e2a9003a6f3db69e14131e144f6be7cf0bb5353ea96aebd78befbc6ceae9bdde97823cdbc5ca8ef8a993a9d9383aee9f2d6a18fc64ab92990672ea2dc9b89ed248aacf7f1a513da43fe5953335afe76d78867a066f226ae9c727c6c60671c50a50732698ef7a492d51998eb6da5368a667baf6d12b77eb36686ee0ca239dc6f3598be0bda79e47f0891fe4d8989df8c685480de11c148a2b44c8a6bea3a50b09be557c51f545a09a30e9362cf3080e6a6bee3dbad370ce24f6c5a6f8091007ca195057fa3af8f99703a601086c2a1ffe55fde4c2c4153dbff8d6601ab68743c0d50d021b0b3099535ba6c40f866ca3ff0df7c19d709a3f58b57b40ab5e43556a8c0c1938c875267bb39c0db6b45840e8ee7c22bf6b48798bd744f70e42fca343a8bdfbd7f55f275ca5d62c7288756d4861fba68d16d842c5b893c1d8171bb3c8b593387d3426f292ace5cee7753c9f9a12e6bb9af5a24192e4184f7d3d191d862d3c3dace7853eaa235b6369fd164e5a7bddd06daa3eec7fe4130e82478d36f88a0999cba1f251ffb3a7689ea2baf016073193898716a9f933448d7ba8e0968c669bdb7dd5e6e32fd84a6ce9e8632b393f9263532ec2107b4c0d2abdf3abb2de2d63511805eb58a70bc4ded040d76640af60ce7f03b9a682b8dd84ed8a47225a48e0b94ea47828f1c8974cd64e5027d8b13d43519875d2bbe4461a7f0f5b5b8d63a472765405ea9c994225806395e64dff88506f7f7f3b6368d769e6e550d4e3e81efb13771cf403e855f75312f1383ce4c2744d0b4e3735a0f1e1b99eb014fa60c0d1ca9035fbc4403330c2fefa8411fb7c3d6ede5b5c8f4736106bbe01923d483a84f031e9685a3b6a70646a2a5059ce35fa496b3f21fca6047471a5bdd33908cc9328de9fb032347c249bf7093390b750696124621dfa67fd9c7fe85d6e5a4d277ad8f8d169f8b5e8dbee280f8443518bd94abc5ca704e781e6cb1868ba2d6fbbaa850326fbfa5a20e4df6fb5f8ee2728e86a758763a8af21e1f7a8584d3f0b09a0b19fe8fcd37bc4fdf45084d7fd92b80544f29aba52496e2c9a0aa4adeb89820be321cfd2f0a53585a15d04c7fe4ec9be6eb5df419e20b71506c1f642df75c53a9e3b2414fe6102fa8af7be3f6c95de824c31fd6fe8ef9d49e26095a2674a33cb574e9e493939bdeaf5b309b4c51256ef71e95dbbcee0a11991693b533f916e1c82ce86d65d89b6d596017fae944ec364546e78abbcbe4322b83e2fcbb4c5d4ccb54d8642c7eb9e28c08598a356a5c46f8813e6b63ec2f3e3bb721b726361f85a734e0514f4e9c4732991ed3998b1ba8f618c2071d1b943eb0f8766fdb7f0492421429bd380deca3325c8d5c7b6ed16429539ae54f1eba39748f09aa44efb67d863cda304e8653ff7499cfad44dc27807779ef8e63be4b376ec403f3c84eda4e5af31c30f9807762e0980b4e5d9dc406cad4e888bfc3ec4186de8ccfcf631b0ba5831747a1c200d45ea06ac82c7952fd09aaae5dcdf5475da427cbc8c1f71ebe5132f2fcae15975ed6fa14a11b38766e1c446894f31c0496b0e5e96507d28e6e4549d6d78841e40630ef306491a1da60eaea3fb69bffcbf192610e2e07bc1124690fea61980e8ed654c5e796f67d26db5de35b4a2c67427833e360ac2a7d4fe7a5ce572144443ed62ac460c1b19402e85c79e3d80e1c143279b20a66d8dcf2bfe1cc44a0f5aa9b0d9b36c46c2cae148dd0f2ffe9a8e6e7274d1832e57aa39fb40553da6414094e838d613a20ce9307d49f97d904648d6460985b01af769800cff9a940f70729fe40e98feb64ff0a81c5b2b096b1a9d832e440c49e4e3684bd17a5169fe138d2544d9806fec027dd2a67f1856178e090f9bb2f9b314a202e7e95f2e41fa80dccf7b1810e9cbcaed2acc2445d60e26f7d63ee4b28e4299e60ea4fc659e7d6f0de91748bf1ede1fdb2acde9482bb76bf6716847eb2dd7517e0a94f0bbf20f248d2c79fa0f518b67a44d5c4c73a9bbc3816ba85ae8344b5f377649da75cf1857d6e4338a76446c48e52cc7bc7ce283d4252f8fac5e1427299edc33f84798316f77bad4a87849e91a1a23c0b7a86898046e278eaaa15ff33730a6d3f885dfe2d1dc0acda2a9e49a71cfecb7dcaa9e70eaa8fe15d4567a280e8960ba49d5289535907e9f277f96e8e652c21d89e81696dd821db5b7e1e53e160584477aa9e4c0e12160c9956df36cce6f4e724dd543827366010ed3d843cdf4319c1bf968a70e9b1b6bcd8af96c9eb0620c569716b7bc42e13251a6adf8201faa129844b5e1d699cafa1b66a674e732c7662b0410e5bca2704c5ebed7850d0ebb825cfb0627a183cc9643b709aedeac2c06700358400c389f99666ae97ccd37f265da7addeb07df9ccad6fa777d0da2fc47b6235179136bbbb409596841e921eb278142a19e6203c7f235bf8461ccadb4b47dd290d36ac27126c808b866f9531261f1e0f5c458a6bab6f064b4efc432e1c7379f9af19ac34c5c22e76e6e7651e48f9ce44eff542f018397889d896cc9001a63e8e455fbe4a9ee9a740edad894fe1af2bb21a1dd0318e28ba982c12ed69c08835ce17336ad1638af3cfe0ea892ab8e83d3f25e6bd98d5e4d36292992e2122c265a26cbb3931dd4c1b0d0ac5ee19974d0dd45777908bb416cbce52531820effcd7f28e1fb2d3d4d826e1b2673e834485a25af9f9d174f566abc3b36732ceefdd91a7c3885e1d10d51c321ff704d0883905b7539309ba5e7b7a2bfefd0494e90e9da7541ec37858ec05ea9a9ec5672b113cd5ad6ebfc5b8fe40ed7c3f17d8a73703dc89086b4d75c5eaf06b840bb2f5b4519a4fb17bfdca9605f17253f203efffc92da96fde023007d22cdad05d18aecb4bf08085c5ca5eecd21f2b611e7e8a0ef981fe7aa2014f5ac6862fab44011dfd33be8a1226943aa7ae5fee9221b0400d9ac2ce5241b09a68cde6b13c47d50bf310ecb37f25c32770a299020d8500d8a4b5d7621e4379dbd6ef34a9aceefd4055ea6144f54bbfedefb5b5b0fbd1d81c7a51a802072ec3d84f34585f22c1df84caca07849b1ef054cbef9b40848e9fd238761df5358cf55a79a53a1bc749e49ffab7c5bd9a28bf24ad5833facf43bcc3852c1e85cfe47929fc49c325c20d74588eb9833519f192243cf96625057899b70a7c93f8fdbfb60d8129d9c43c95f8782ed8293641ffd21d21d91a0b4db69d766f6d6497e9a414ceb04b65425d6ad6c8811da00639dce8d8030038f2d08330c75b0879aab81bfb3330b950e54c13780d308fceed2a103a1a8b77a923b66aba737654ba7995acd306aa7b80f632184412e2369c353c2132ae614553e626f0a3436959104ba6e0040dc597dfbc3602a49e401bf2249699375b2c722083489f54fcdc1f616a133ef6112a1754818158ff78f245b9046100b0e89407f74145fe336976af971c054f12d98002c68b3aa2bd699fbcd71bc4dc071e430bbf694595a951e01098aaa499be2f70611f248a694539ef8936b2e8b7a3c5de8662436fed1f7bc24a4e5c17a663d9a23b4692993301b08cb3bc10f518eca51081c717ec8dfbb0c2669f7987fe6aa0bd98231d8e8b58951b42537f12884a857e02d62de4fda6b88b6b754b1b27394c6a819e0f92f6b2b2473fe245678e252ed31477cc7ec6895bc361b718fcab3aa550fc9faeccfe77cdb5b151ab1db2e569b5bc923ee26f0b6113504d295112d47218140e44652a10af10a088f95c7cf2fccd040fc93980939122411ec643e26e7d69ced3178402e320fe156e774b75b5afc2f3d6b6ab828bb4993b1436faa5728cec34d66f520f59e82716ed6d1324944c3c91d04d5ffc5a921f4716c39de24768484d0096f7d8dbce35aeec22db11f899e5e7e3d57e7668f35d6c0db3542255d9262137d39ae6cf9bcde254dfccc54a6062fcf8982f781d9ffab2df4f49ec04a72eb9646d63bf9e1799bc0bec0ec7f0675ed9f8dc9b8be15d9f2175dfa1c8bc99071c70ad7bedb10a4143fa91c89f54777f84c9eae9361cf7f4c2b7ab873ee5785a5241db0af86f3c6d7f091623d6dc576d07550a42023633a09c8dfa21d7e70cce64c13f37663f75c47921c246f3f2d1d16a8283ce7697da4cb7e016971a2a1d0c59d6202bc18b7cee3828de597efdab53b33a9fb41aa7b49f1c964512901773bb396ac80e90ba1a94c408b2860065ae9aec64a41d76cf8842d299d0babf14d5840d647d075c34175e26a786f30091a24f1ce8db30137520dce1cfffb6318a0d0fdcac883eac603bf365efa2c806eb4f194cae8c16780342165222192f6ee2e103ae2a31dc08a84dfc89c64d2e9ada7ca1839dfff62ddfb7982c79684cfc821a098bc6bf09f87317209b16d14d45c6f38fc99f7bf9bb73460977bb323665d480c87c687cec052a5f08a2c6744c8e177a8a269b4a47a925b9123cd2c014313edae988f8aeaeb633ee5ba6be7f53fe36da3aa37ab2077f5fd75a82a55a0fe62af213b85e9e7694f78cc2b0e63a8c1b89db484722fc62c688678a511c474f0eff8eef1382946d26de00e5c626ec1d7079445c1b7c6f7f05073249b11fd1fb30257724a14cd7bbf451146bf366de2e826fdf1d25705587c4460040ab963e3bd504755b6aa5b18786b68efd3c8e59e8dbd172346fe7f4a18bac98164669d73984044f3c777368f965763742ab86a3720208c64801c796f6e3a1c4748b81e41ac58dcf6ecfa0453b18fad7e3473604f57f7da302e1fa81ad538d4a0280c4ad092007bb9a7a12907227a936871886c699db97d00a1966fdef64d9f3672f1b792c1edadc6781b391c91bea1bd7275f30859dbd1707b1f554e49ceb874ca06e92ab466efa7eeb6990667a27507a7ba789e24d593ea2af8eccb3862cce58daa63eaf212bdd86c01ed471cfc79b191c481ad773d20e821d18af85a7049034e5a9c660357a4c2808b9a6139f32c55c13282b8d98904f4f027d438189dc9487c96172e50dc1100ccc224e7374cf96ea6731032c43fbc9b367a4d1d0b31aa3fa8eb589672e69f1d9144114bbd508d56c2049ecdbfd7b43545375a099ad2885353d8c550d22dbb738e6fe3f104b444c89475a2cc24d7887daced8fa05006c02dfded01c00707e2ad04c41199c5decc1eae34b0c0abb5a5beee1b5253c3350e1a077682767a0b9124a4df2e8879366fd37fc04d4dbcf89883892f46a65ce3aec22123cbe6b3af6364df1f9f5f9751bc8179b6dcc5c126dd65feb7d11a85994e90ab6342834c79c5f82413e88198c73e932c66e3cb60b6e0c0cf438622e5dc5a1036c38afe9cf13559044a9e90f5fd72a3188ef6b1043f5f4e6b40ea51f6235dcb33b3099b2d8c2e02103235f0476ad51bce6d8a2934068549633e521a3ee4c62c22b042fb86c13c8da849233205a5e277aea1129678c31f5c379a71fe08b72fad9449cb923126dd465d1e0ae8a925374149b8248b3afb69f168f3ae701c00f6ea08fe07f1b5338ce6af2f3156ba6f300310114479f2f6119367c88c12c158b84be13b9c8c7b5dd7c90edb5b3ea1fa5927a25ad6d5596992dcd4877f58a134e05dcd80dde4fc2c2a680cc0ccf3084d3f4970e3603fa6bc5a180fcf1ca4241c0b8a1e7c607dc025016e297e2b0645de4ec2fc49851b9374f3ef99edd897c284a67b647ca8c96fcef935d541e9faf334043ea50b99fb8819ecce039227b624e52d8c20003b5a43808e4990da8e4398c4fc172b983351fd11a13dcd2aae5193d42d46e1b57c92e3e01d23fc968c729f3782d6c07dd5a17af2bda96735c12cc7d8023629fb0125e974425f7914690a7ed26508343ae58c8a439ebb6232049a194768d4594f5d65aca37a5686c2a86dd04bef35d74e0755937ac0ce3ebded1c00c8adabf030e5e4a5f44193b62fcf2f1bfa9dca2a25afaf2f1ec06c5d17ef3526d26d17af3e2f257ded24b177ba41c0ba64fd4fbd5042fbd5961a105e0e9f77f3db13c1b6c5bd9a9d04801a5c00a4c544218a21016c65bdff774a44b1d05256e0693e14d76605d67bd10048d3816caf31a6d10886c88c783538bd93e92bbc4484f3388b61adac4b92b911c76ebb1dd11b7b4e40be032bccff610068746f41e34a1fbfbfe5faf57c8a4331008e2c1cfd69f57e74379ac80eb6769f4ce4196795b835201ce4ec85ebcaf5eaaec242fe6695cbce1d53fde5b002e006bba8c8a1ee57da061ceed0d21bdd57ab0cab9e46bf3764d9a6c3ab19736d43b33f32eb955f9174ee4a54666e7f19cefeb49aac7a59b7370d9ae730b7bb4e08413222f0a66bfdac252fb61bcfa838f262312febfde8add8f6843f1d64ea3da42d4ef986498604d65737a44f5a099338520cdbdb65ce73b110dd4bcf8592a4adc3e0170b13404f99f0ec8f9fb225c1275a921f09369db165e9109dd5be472b9bc1901bfd882d264d9ed8d88b4c8f3b35f88b69e3e4b8ef5debb895be536a3af492d968dc1caf31879d672f70ad9869ea98335cf9e4a2760f955fd3e8099e4b2eb4269e354548f9de9921e50e49f3f5cbd63468b9db0cfdf17250c8f13535d4c0a1f21c87967cd798fe93b9b2960447401ef90db22c3adfba0f55f5585ad37040e8d6745184dd536d5a26edec365bd6edff1bcc616cdea3bfc8b9d98c0ef9a626054e361194cd05b2287612399f6d3d3be2f71555f14ad2893af6f60ab61adef663c3c2464ade671dd5ebc71935aad290573588fe6e11f48cd2b7db62e4b9932890d1b96e1b83eff70f026d199db75fb1e83197c937b672613c66ea131f485b4318e27c079b4018d4205484993bf50ce70275b244f2caf47cb47eb2a9ca59afbc78809a912eb56a4bb65cae4694f682c6329c690003a1c355f779b5857a60091b1c3685995a366cb43d753a704d3e59c5f5003c78feed877351e27334b3fdefe5907edd9eb25588a42248b9c4a93efa7cc63bad1e5900b95b70436c35eb85cc8251c4030fab9556920141cca24d6acd3122b92b7e868dc174bf071117958a4797fc90866aca685f1456fab397ae647ab9970348082bd74865bab7f248568db98ced7ed84e8360fa91afde3f23509e6b4caf948349ad9fb6a4efe0a0468302cae7a0f999195af1c19058669fc3b88b2780b9075dc180298498caeb7ba0cf8bd42eb36b1959d5ad3ca6fd1e85f76abd27ec5fb637ee38173ad7d86304d5708b6dc8817e099e77f5d43c1a70624cdb96e4e6103bb25e59eb51d894d1dc533a74005bb79cca35b66e10c61d06b5227fcb071457025d605a0862218ca252b871f8343ec231dbee15688aeb914c0f16ebabe6edb0a489b2bd10d4392c6f1863bb6a62181de7cef61997ab02f3bad0a893cc0cd8a99cd7b3f7773085f0929de36b5d124e3729140c375de9a2d0cd9a360cadf17b9e45b7f2adbdff9e75b743b62642ed67aa703b8ef33dcf51a50edc7dbab42d3d2b49badd2457a9f92847aa6a60ae2beae457a5fce1a9e485ecf907be22913893cd1350f20fc6c81c94be426eaf01864e813a03e4674491b61516bc95d8a77c15f03d0adfc4adc27f27a5ac4165ff6518eda1a5c408708f78a9e26b834179804a312148d4f75f21a77d78387139da40c0a6293c2a59d0162437d68504f189ed970c5abb9ffc6d8e1be2b0877c7f24b1dc273b1765bfc5ce6f4b8d99a96d5b1c92ee53a39f685b304313d909c1ba8130d20d51c824cec420b0315229df295f75b453a6c131afaae0c36d7c4fff70623638a4f7ded5eb7db58d95deb6249a29b171d8ce651556dee8037bf4ca74453a4a76aab7cc07ba44e55de57dbef8542c3851ea353fb8e259ee89bbecf9ce8d8bd6227afc0028afac48a7acd9b4e8cbe982eb1475917ad6be4cdca9cf6e7cddd971b2924f2bb730264801685d387485e41993c3fa0af9987e8b52c21688fd9a9595ad8d1b9f41e0457be18492aa09f69e64e2954d1ca3cc1d32b2915cd9cf6862ca79c80beb47347c4cceadf48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab44aefdda94681407008ea48d03ff21e9bbb4ae7a9aa37c855fe3537c44106e8079f18c24d2584474bd4a99367660ce6f7e6d7c294961e174366e7babc569d5f80572a21a4bd7086629363e0c9ee2599c8b8863c96613ae6c32cc67ccafc66e1cce79654567ad08e62e9abc99e44d6a79ca4d8de15b7f8a763a4741676af0e1f3bd4e002c8fa1ebfbb3bd3a65ae68a80c230422f98f6e1e9837252e045eafd585ba389958297d59aea1e8e1f665fcbc5f7ff449996aa712dc0faf582cf3caf3dbae80594f9f07fc06de63d9d672d14d7ac4662b4a54f40d4aab2de766910be2fc7f6f679b5708790b5376498d3baf0463dca2f093b51bb7e9f3e7033ba0384af0174becc3bb477bc5e86959a12a5e8924adf0bffdf5e5b9c1cf24d232881ad5c05c5c0f50318ea83d8683339ca6a583c52198c00f7c1abbda282e7fd3b179297338ecf9c923a3a87a130dfc06164e9b4c1fe11d51b382643de44b30a6831dee119241d1b6f84f2484784fdf65e41f78c38e15fb4b00e45df1edc40e3467cdcda351a4c0a0185ac4649e91024377e1c331587a8586cc0a4dfe29e14004c3536d305f5dee0eeb8c2f216c1b8d27375b239f6458e08980badd6d82e9ee9e007578c0a3b48288d9ad0ec3c934a99a8c5741149af937dc82bdb545df26428b87fc935c05f1a4964a8408539f267e23de9bc498e2a4b0083cdb7c8e27de6252bfaf680a6d5b7ec1a6dac6d7d537334a95f1553324a0739414dbdb50445a767b0f589fd4c33b35905577ef5a53b0f097191f9cee4836a908748779941de2a78fe1bde0c2efd9f48cbf232ce101d9df93d3ed40d036ae7aedc3a5ff619abd1c159ca8d2dbda7de13b4ca62576c7f925c52925eae2d7500dc969fe14c0a335ff95a7df1d276a6f242765c781208d59edb5848d412b11638b27ce5a61b8209075976c2a6aae88f6e6d8704fe9e83b425dec4defeeb3cd311b8c5a818d51f917a8a4525361791d5c4fd5d70704d4b9fa9df1ea119882f400e682753a41931712c043c120a98f0fe786a600b47befefc9d64cc5bbe8a16c191490874e258760c9e4fd215bebf848e0b4d35521f53ec5f9308644b785171fc4cc3ff886e034bd833d59dbcacebdae8f00e43c151bcb24d1d226d1cc19ecf349361530a81ba3168af3df5536fbe52b3b93621f57959df298e5b4d3c14928d2ef7b9c977c7dda54242d17f8661978a62d94d565b00abc199790b9b25fbfd4a3ffc35c95ccafe35d9a138a2c24d17f06ae2cc376e822317f16fcbcd56e23f84ec135dc935e58c61b34cfbf5a36cb00350483b6bac786030e5c5045a6b61c9aba7dfaa4f7fb21897539863ee865ae061a77c0359915de3aacb3b5dc8cfe53c4d17b393c2b6bb23652f36390407922969d510cc97b99d1df4361530aef10707d7a021b2d9576b2d49ca88b3cc83ad1baa6d88ef8c81c08f8baaf515637b21ace9d5cc8fd9fe4ca6c3aa129caea7060791d566f4de8662b90f9e5d849cdadf9bd23cf6737b07ca105142663c30de27adcea11d64d433fe1ace84b0f6917c8b655f2a421602f07e0a7127e61ae9859c5e9f652ec82416fd2566f291f417ecdf99bf3231d02864e2e5a1cf34c13f59de9aa2760d8734bbda79576c62f566b8269990e9384a41c1634271acb4c7a8b768f276685c3a8c7f20872e56b683244b1af562c3e7dcf592a9915f44f886cc2ac5f679c07d5aa1fd69cf3a460f25c722073da336a310aa551062d92c7297002060072af2f3500b9310c239bedf45c5e985c2e0d60c7dd68522376dc7b560fb34d1b5089450c32ffcbff07b35a96bb6fe01259a06868d00af697f8bbb238d03d49570a109181c9576c1ea9d2ee02000cc23e63d6c93c6cf3050bbb15b6f73b09c25da62e5abd4c2bdb1110e1f25db39f04885595cd6a388c4726c8d4cdbad87d80d42fcaeae843e2e17f44c9aed25c8f6f9736c7ba1bbd3b839126de40a930024a65aacb872936e446114e706a868444cb140e53d976816983f3dd1d57eeca01eab8211b7aa8ae99d26e35c06ea4b226e0a6e52172a40e7f0df5f67759ae2ee026749ba10b8e33694c3e01a001526f9d75f6c419cdccece3ea3f78d69014e509c741214581034bbc7e2bbaf76db8421154abb2233117a1ffe2786b21424576e295c9baef262e80fa2edb69aff800b3ea436eb827e8adb73abc48d740b86c69d557b16e874038598b25f616afeb4f4a900be7dd0d38b5b6fb4259c51a3aaf4748d7a445f518485ed72b25c7df8ed0906b74bd29bd6a5724ac3a503c990f3697a5db484821f68718470810862728a80ce34599a41fc5bd8bb46dd845a4812ae1532c457ef4211d0e41835e5a6f030247614822571c930c727ba397e723d6b3aeba9244f054e331c82e65b74c9f6504c74b4301499a1a6f6269a3352aff57f88442d4eda42a82ebcf7776c5629f97d6160bffdd8282a40ce2e6375b161e4c22ee53bce7a45f4774aa827e2da657e1a1bc07445f0bbd770b7a5a25b1b469fd58715510dbf8d97af4e1b9459a20b08a8d3fa9d92feb32db95b22d36de0bc8b1c397b09970a6826392fd8392b2d790dcc1295888f42ac81ad213c7328b2324b28be7cc1f4fb8414a7785472f1dd3e11d66017b1756d1697be92490e15f056346d7e9126a1f35fd76cb016fe2841c8996a3507c4fffe7fc45026df10b03b86fb6cf26e8418926a030b5fa62748fbb728fa19dc2f8947468c1477750771e442e4a9d25b76d359211c05df788ade5b7824f8770b5dac0819737dec916ee59b28a49666ee8b7ca81386eec8049542f18a3207e51bdbc291470eeefecac385c096a
+MD = b70acba01bd715f542859a4224d035eb177fe7b34d5447e099acd1716ba6d00f515bd02021b5b3015d736b04687544de
+
+[L = 32]
+
+Len = 16
+Msg = 43cd
+MD = 7c5f9ed821a021ef1850dd4e0b179a656fbe27b104463720f467db32bbfab5a4
+
+Len = 104
+Msg = 5f75a437ce0698a7d8151c3fe0
+MD = 774782a9c3023dcef8b2cb83f7994324e3cca35323419b3914a9b6bc3ace5ce1
+
+Len = 352
+Msg = f88bac738d1e3e10f75e46e3fe026d7e423fdcf3d7e4028b33a291bb4aabca53f780fbf99e0346d610d4a38f
+MD = f114f1a390bfc30f34652751f3a38e8bdc9597625e363689459b80082eb34009
+
+Len = 488
+Msg = 832e5b78a73a1012ee62e00621db7f4d248893007c6e5d6e0e689c6b291baeebc72df9cf10b289fe20e7fab80a2399271d0ac63766049da875eed56264
+MD = 7d00fe393c308eadb8c0a4f771d409e17c9a796e63b45fc8e84c0cb2bdb62532
+
+Len = 13976
+Msg = deab57cdeb41974037a9bef5e292894038264eb4d8993d4d1501e6ef9c68fb0f571f57b0925640925deae9a6317e3bc4d6cdd5a0833e52fb48baca16a9ba9b6c8ca469a0555763b54f04c87d4e41aa549258f30eefe5a52d2ba06657a8773b0842e094857b6d8911d6a0636280025e56356fade362b4bf4c875cc19be0c6644b447be0454dbf390eb966c03e10e9de3487b90d0825d327c12495e3c89ad09c9d591e55c91376fb14c2fde9f7461fb25450df1a65806b65f3caf4d5c81ebc6e664871fcf915b9578bb70ee6776acc62205888dce2baa4024941209e81b4b35f0eda1bdcbd9ab1d6db6140bda4c41776fe675d5c681da5852d50c246dda4ddf9fdd7c5fdfeec85ff6c883c78689c2977584406a1ddef977606c182d6c33561c39c071668a2515e5aa6f4aa1faa392aed95b82ab32b79a15e3b5a07551ab068455131b72493126470f26c30b852e4415e1d8b719b3803ecc336e4facbcc5d1908851f4f39b776bec8b6b9794d47e5965458858560eed5a0305e260240c0849d93a19787b0f8c795eb5ba32be573845256ae6d0b0a3336e42a1beac8bdde6d1b6e0b6207903d4b105f4af2ef89bd099ded870daea2f170e03bd5f6f4490e60bc222d4876e16d4c58aeea6e6c400dbb9e9f4b2b142f0fc9bdeaf4132ded38a4a8366e107cac7210945fa2df4b124be37ef76290e5b9758aa3bfe0091bb0448206323584c2f833e0edfbdc0c33075fc9647a3404ca490bfab94302a0679a1a42fe9fec6af0cd98038b09ffbecd2832b579b2294f6ae5b96328fdc0a0b9b3a32cba04fa8bae3389c3951173bdc17caaefe526aa386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f24237d8e795ebf52368218bff3e9d5b040ecd2caef4ab1e7127e53bfa2b3b4fb74829f9993ac703192aedef79dd9ad24c2c976638b4575afbce22ecacc273ba43379ed55ceeb51838b0adb80585bd1b5f2707ee16b67a7232adf7163415b24b9ff9dc94b7197fdc89e2a90d2b9eccde45e965edd064dc0d1eadabe11b8ec3aad2742b5d3323ebf913a92817749090c20758f98aef2544d4c8b48874e8936d7ee492d5585675c214deeb74fd67c4d170ac5e0aeefa607c6e37abd4f8238e776fde3921afab75cbd8f392d3e88da057903ce2e140797f4a85737bd89455e6aa27c7535687b78cd0ea59848e006c8de9c9c0cbc7a9f5e977be850adc710503ce4ba7c7bd0b042297f518abec6c8ef451c33e030251f506cbc3744228b6bb4dab86877d9e6019a0ea9f39ed37557b3b5527c171da5f013e0d3c480a038cff2c087d6e5d41b17e6c8f90c334b5e2b9ccbe9d4efd99fba1f907d00a49b71b5a08aedb644fed24bcf04e71be67b03cd20d53ccef8f854f5e9f7f28c1e98a8a53496646713bebe15a93f1ea336e6e8a4e68de5dab0fe880bf983eec75d1c5027357f6669e098411e0bc3ea2293138f5b34425f78b6508b94d4c0cc32ee9afaa409a26e5f2a1fddcd6d5ff42a89755a58b08f243957a2e208e24b055f51992ab447bc06876eba169c545fa71b88a0fc15d1e0be9d334a1dd0c86f44bd149b42c07608a9a30d0b7e13574f8d862f2ac72b2ed38904d7cab194fdb9e4dcb615f5610b24e202a36866baccac01fadb575df11dd43e00a3b92fcdd8c7702ea49d951e7dad2a56c075730b4af1ceda2bcb2310256f28312579fad40ff471336ea6a44143edfcffc297258d48bd2ea47efab8f0dc00f1e6dba1a55009ed627b7
+MD = 6e5905b22cb95e48b73c5a885f5463f554d81257bd26301c4393d57fff1c8323
+
+Len = 48824
+Msg = 5223e2fece634a95e1e7c83ad4a11a0478f4a41572bd66c2d7902cf4f94404cd80b1f58fbcb8eeba3984fd759410c12f8ee922865f363f684df5a8787c87ceb3086fb8535157f7f39653dbf5c66ae7219253838ec77cf1c6db518225c5ba0a8212e5911236474b8820ddcb8111b87320adb82ff553986324aa2a21c37ce4a083c89ce9931290d4c1fea933e31d014d7507a28e83aa917ccae10bed1a490e77fe501b299f8e3b78e659407ce1934d5d68c7980800746f26ffa9794ef1d23f793bd2eab7fe524e213e58280f441ba48b40162305335b3a480c2afeac11c27f8d817792fd7805d4b61224eb52d35c0fbf471bcaede505fbc9398b216f43bfd69b1a669a61d44fd21faae410af58ff95e1c3ff1528de1aba93cef56bff4d714d8c4cc88a4ddcda52444ec1208d99ab3fd9fde98c1ee6437d8d138f62c5f782eb4660c5eb28564b5b0d46e3a2546009148f3d02b837c5284e9f508290270b97b9b29e84445a0b4df662d9711e6b73c11cebcb7120dc427034b1ccf57d8e4f5bbdb84d2e1d4bc3862a2b51931d3c9a7a5fd6ee5f4c7327c338abd011af638d730141b6eafe63469eff50f473262e9fdce636eff4c5663acb6075a4fdb00c8b8a8d3322e1700a5b3e7db90b36c1a94991b8f51657121b442db6f890e208f312466778d73bfaa8cc0ead4edd0776155f3eddf9abb1bbfc0c94421adce83d7ee94f99f61e1f25a55fb596f8b40ccedbaa8e5e2cf629496f5ca60bc4cf36d917da4e2b973eb57869dddc409dd66d5061f22642743fe843defa0b19dfb2f56425abeb234181267b5c0d2ab4268c538510feb191bbcd1631b0af6c7451cd4c641025cd8bde2d9ab6e6b948f97c1ee6f35098d553e8e9da9b4d437125046864633f109d6a558b38b270a7dd1785d44d248a863a91e3db5c0a1d7ec133decb65e81c3402c98ee329f660a092172bf6b1a02491895394ebc506882805a6c93e767c0e58a5af717d950a206c0f0055cb39ed88816a9fe3613d15f608e486ac08bfa67d462d24e6a0a37716d3fbdaeb9c0e951c1e847fb884ebc1cfe707dc6e7269eed1c44331d5957bc4ac9dfeaed4b157204a3080fafb9df8917b8d15aff9c49cdc739b8fdc26a546794991c183fa523d14797e051894f48b0d62c2b70834467ff9c993b82fc1152c1f5479ec6144c7e8fb10d1bce26bd1cdbeec4e95ee073f3bcc3c7367328e30543d371b27509a577f5c79f14d5f687ce62b82f856695af9f7dd350543ec763de75b593f1859e44c2ac01ba65f98743cfddd8a89a38115badcb51a0ff5655f830c0122af6a830aec13ae5eb89a93755b3a5a6eca233f21cb12db545a24a5334becb8fa32c3d7f5805faeaaeea85a551fc62c94807faa6474c0d74cae79b5d8ddae07498fcc5b8b4f394867112ef5fad1c9da66765ecbc7fc0f3269d29c9c38817c77778f2c19b5a3c705fde9d76a4eb86aed4a7369a832ad267312903462397f7b8fecfa8b195cc2316cd53e48c3371ed2ecaa3e484b8ecd2e22b1aee910c51ed5d71198936266f5a00655d82c089f49295feda0a2bcc1a54ec8adf565acc3a8b2d74c30eafbbd843c59e67f293f6d8296cf7b611f01b57dafec6e2d4d411a633918068c38ef47b72ceff1fae772891141c3bc496824509d78165c1e4cd4b4989321a8722643eed69950dc120fa8da3e53c3181f252d7c4cd2cedf8f086f788ee77a98ab5b019828aa02108f49ea4a51f457f7adfd2220d3e59d5f4a29194e8f5eac40ff80312ff6888ff6393c3fc0914b08c1b9990d247ad80a441558db1ee1203e07353dd99a885a7ff5d791af2548815dde0ca1f56f89d39ef6b93dbcd0cd54b854173903c12649587433f0425fbcbddfb66ebce3eb4800dfddfe7fc44d9b23a3916b1db68c187da4dd13ff0157352814b1a792de7fff855761abc6fb7b93b48525fa90fbe3a51dea974069f3f5fdea86387eccee13f58a8eeb8abc6a43fd30e9788c3bd9ae1751b30a82d420225b2abdb1bc121b9073380be16107188d20be54f2e9c658d5b443869ea0e991c496104086290b6edcc1b656adf94f0d42458750fbd8d88040c518ebbb644f4dc4f7c6971d8d60eee0272df7b51a3d5248b4b264fb22195ad891fb6ac994ae5c0bc6714ae0b0b9a484edc576638b78ee89b568195a8f33ed8362128c30f9b0c7804b3ce1355abc96b15aa55c1e16a9e9ec90d1f580e7cb412a7e85d8585bfb950acd4de5865214ce4db7f6314d81784c588c1482d5f28c5fb62e7dd7aa8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda788eb2015680ac5610fb1380b4e7d7a9cda6178dca98690449f5551b66ad2826cab2b662f56903fc95b4611bc86f7a834a34ddc3be7bf142c8baa096abaa3cd51ad0c0b6d15e590eab9e50a4c60c91061f1ed6373d91974c1ad9d263110a0d43fd8b596396cafc0ae70b7ac24a59bba090a6994ec483db7ed4c572f723670a11c724e8ffa2497d8fccae37eaa1d14ac1537eaf80efbd2e597b2ffac97f2bc3cd2c4017f170544dfbb0d9109478fddf06ec0981542bc8107a725be25070d2cab4716f4edfad75fddd582ebd363c49e8efaed9a76ee51f22304eebc232a4f67f865b04f610a628fdb317116666785fe8ca30619a07c83cc449855202d687f162b12d93b63af6e7ddfb7223d4ab998a5f450523c1d521ab76f4aa113cc2967e04a38dae07c51c2d0f44fdc8605c3c53ccee91a2c73dade5dae021cbc87d5cd6e5fbefb65335827311fe1e91921ecd66b2055a6102d7a976308a80c44e6d47a67718c84f2112d65486a558f1f269b91d9f47e3e11d09c0c748625bad2718e3674898abdb19d3644bcdc9317c09a3ac02f514b2a57e6a706362e5f6e8fb16cc83daea0eec85fdc8c367d84c9230730291440a4b109f7034d510a3f70a22dd4fa69e8b65e5fdf87045d560eec71f4e59531c7711d4f8917a96e22ad07346d2f92a13fb4569fa6a075da6e1acad1eac1cb2ef19ab452264de2357c927c6dfae6598cbc821eaf3b8da754ce91a96c702c95b2c308bf3a550cbf4d22d417745b5f17d36608feb826b862747c59d26a0e8eb96547a1852f9fbd095f1c5d20721804941d462f3ee2f0876ee2825c8df24c4f00f0844e50588ac688127013df8eba3c971362dd255420649245e880212cb3d732fb82f866dda090040f28e09cf1c86eea5dc4fbfc373eb69745b4afd841ca8e172d4a8510e7698345fd4cab9ec2ca0453a274720bb2d2e5468bf0d0f85919dd762fe3df969e6c071285e25c2e2a49659b8a78289aee655965bfa3cbca9b292a19a855ec40293185354ff4da9451ccf98abfda07f1137e79bc89d688963081dec641a99656b040637402890f185edb28e7e6a2f65848a6af158f90eea440aa6246a2e6c31f5d220b9846aae2027afe5a7caad6dc16b56463367cd9e73bf22a1d6172145de4565ee369c55e3b99ccbef70fb080a3748340fbe8f6b95ba46e8b76de5a3c4bedc37c55ae24ad02267da26769a3a732badac2e0f3a5393028dd54d78701647582cd04c8310e9f1ff1b433125229547130e1737a1f33604f0d670ea7221097c3eb9c7fa4b8293d7b429af76191ea8e481dc1da31344537a09b33404d782eda1d6f5775500c1d8efc615778baf0905d9fcba1806ef986c40b1c6a72335104376b58266c36f5939a8b95123e8635c0c95e80aaeb97379b1179d6332dc07539b595ec32eebd3a336a1128f3cf2e2924db6d8504a516b62f26d012b7f75cab765c8374a3824da5a405746023b51894649ab422d636513ee809fa181d5b6fbc63351e37a1b14efc8f739e86ca78ae3e280f1c9e4824b2976ec4dd308ede6171a7474c7f530128089bbd75e10f9e57ee17408b4384f99f886a5f63a2320a9b90eb9bf692e1fc449171eae3bb1bb17a6ed937ea57af3c82db84e073b5306683e1d63705b9742a085fb802cf5a1639818417fc2223f476c2566351f4b3b17a822e11255f3c3412dd39190e200727bcd3f9799519ef792ec7c2b0b9d0e2dccf013d436dee63483c2ce83c15c00a76c4d894a60cb90366ecf9e61221ee8bdaec66d715159876d8305b35c81f96ab2cd8f81f4769e9a6e439c08c329036f5d2591ac42f2747bc0e77d4e566358a3271819b6003b290211b9b847ab70e906aed9f86cc38aae27e1098fdc3bd5d84e66c45292183f198bc329cad794aa4e430534511b7d9a75104061b409676a16c1146af0a286e2de8bf51c4a35193581a902bd3224cb9257c961989042538092af92644a63d6d6f6872a29aceca39341ad29dd22354812c4b7c7068b039ac9ca7e6358e662a28be001d4aa697ace540cc3ed3c97b98d8c5a6fd3543ae9a7962c9229b14b0b646229807747064be3e83191cf24092dd67f675638d9f6510486379f47f5eeda870a3187946819ec9ed05e7b325bfd0eed5c9a0f4a2063d63c1a8a0a309f586c94d4a68bbe860ae9599ce204c92cf9d92cb460ff99cff9e5a8b3824786360e1e1861e71158395faeaebe7aa2f61f76190f174aab9a313f0bf4f1befbbb22768b8c22719cf3fa9ec908b576fa4bbc084b1ee5b5a7eddc89b58b45ae7b421d38215aa6e49304323eb4e202655f3c8b16ebd6b03058e75a907ee63fcf6aad5eb96c1e5faea81b88b5eee525c4663af52877c0f759432913b9d48030903e7f9f70e851cd4e20bc56aaf36cb02293d992b38b583b8f0b25a08c3303d8af5b1b37f5127f7021b13934645ef3020e5caadc5e7326ed4ff56f797e26cb986b6512b0cc76f1d8e7be44aaa88e12cbc644f14a7feb979d2ab66907063c51e052d0f8b25d827377fecc5111be0d365e08d17f559e3134cb9db294f1cac03150f4232f853ec15ecde55fd1023b58e83934869796400088e9177e85a2227ee45addd049c1d6b03e5b29dd570496fdb2fde7d8cc74fbb5fe76266ebd90a3b4d57e6e6cb9f0bbdb7ca03ae955915768011c714c909a27ee20135927af55d4feaf2c345d029a54af942da6f85f2103345d059f66864e6b0578111e2ddd5a1cd8bbf4ae35b60747b93f53ec8ec64c10cf4149909b102a2b88712ff3e5ba3611cf96585a6b36fffb64b8c37a114d6b16a53879136eb0b5e003a5a068e3e8422a4fc8d7c77227cce64ebafcde2437166b62ccf486660a7a2ef37012ebacca26ecd5bdf363feeb06aee39050974c25d6a564594c67f56fcf7ed48b07fab4e25ccffe002bbe460325abafe37f23dd9c145b4667f146a1635e462330f02470b35c5a2519f1350c02b263201ec9026cfc57d3659373910e878f2b6c1c5be774df8e01e775d476956c257bd0ccdec17ee939c46e5653d5813eda752ba7bbb245a99a5db1ae55d19692074c2e5820df97c502a4bd1b12929e1be8e9ce6d802347c3e9c4202de6046436c05ab55b2fcb2c227adade6c2046d98102cfd0d859a91f8104eb9f6f155da2acf93df2405bf2c083eafd3ec41d60b810e0bdef6298b21193642a9c0c646bc6771a5c61a25604d96bdb727abd5a7ebe4ddb2a56a6ddece26d8007b26043ad44279c3c8ffb7e6ffb3cd4e10ea2780f509a8a9bc31f99a7e66201195f1543a0a020f754d9a665a29a896faf673df6811379579891374c71b2234fc61e95d4d46f15d44bdb4d7c3b3be3f46410ca46827b8cca976d8866e8ca33c4945d5c87b705588b78015b529843af0b75a7e1e871fd276c1e947d896b92e6181ab7e3ccc7077bb57fe85a6958667d3d7a790f6cde1cebb494c2912478a0eca2bfaad62492e9f1caaa0cc520da08c0d2d910cd44255f4c2ca0646dc89e789a1cf9a28e2f99315d33accb1639cbaf0c94181b85fef648bb4cc7f66dc65b8e90bf5f3b763e58520098febfe7e47bddc2d9cdd5e40dbf4ddb8d51f51bde2e57432266d248d13ed09e62f66794d188f9861c50ec41f0eee30f76f4ece250956733ee97036098db41991a4a3eb7816196c8e447db3a2913bcd992174a7bde1f42d57c764b47f5bc09533760c1ba74943a0dca291f2746bc1fcc573f9a22c72a5eca347b1679683fbc8f32b08d381baf67b7266b14b3ba46a04a3ee45881ac452f64df1bf17f70f4cf9fa4dfed9ae70184679184784a0451d2f5c19c02031e0e4957b4df68b4a069a6f6f6458f6d773924a1841ba664a55c2c3187dd33416cd410e56e4bf8d3671cf737bf67df2a4cc4dcc786872b9e2dc4009fea0e48a749353ac053d80e36357d24d468dd595bc823017c015d7450fe38149370c5decf13b00b6b0e0a2567ac08b45f7b0c8a7c89d227219d051d17a706ccbea49a42035cb327381568eae23b5e2a3b7e8beef6f260d24ab224827ca8ee9d640dd23eee94ed02c9e26abb3053cbfaeadbb1f365a24d8769d92240da842e0b361524020b5c9c22a2fd8602dc9600aaf02b35344309f6bb018a94d4cbc9639ab7430657c4046f0b25df517e31626abeedd58c2e19aa0ae1a43ed2bacad91dc04a2fdf9cc33cc420f4f04379e95988ab36731d5d5402d89fb47e826f4243bb206124364d63564a0872f8d2826eebd9046c7c6f2e7c951e49d4b22a7eec89da1fbed890d63ef15f26422185143c89da3ee269f83e1de11a7467822146042be92295a585e3a09e720ec522e1cbdcb41acf5ac45ee892677ba3ff670d71339a76ed98237be252ae21268e756f05ba0b094a1803f9da84a8a05d0ec9456cf565e1b548cae95eafa0fb01f091935e6eff2413bcb15f605f15270408216fb5b41ed83dfa1454c522375e35bdefe54275f109d0ab450636ac4d8e4d9e27f2d81a15b8cc5e98549254a1c9162918db3e399118f5864774a9d6a2347e1315753071eb1204c8bf5f52b1a0da37e484ebbe545fdfe6b031215678c3b83a19a24d7b661f626beb01eb82b384f02f42bcad4f40addd48db8a92b90d2297e6143702056123286617f86fbef4fea940f648867d790b8f803abc5f4e0e3f4226954c296afd96e287e21b7243d05e743161810da578096521805edd81f68a45500f6a3a1885cb1f45cbd399dde024df65072eb973c827fca13eeaa3f140842016f509aa9ab4603d2457c92cc9aef24950697a0044e3d7c483b8d8391886cd50dff8c2f16de3d6caa7f864c1b3874750781b2b78b545a94b4da0b0036433c6561f5cfea50eae9f5645302eef18238473606e9b9931880d0f6368fa9970d1ffbe59c4454bf97f4a5e8091801b53ee4a209e0642d83605836f69742071aaebd9d813b10f4ccac03851ee9f20cd1351f8e68554c9bc5f58ad19d474ca128edbf561d195e52ddf3c19bee3bb597ac2f92143bafc98bc09fbda6d18dd4ff2a93cd2ba17f54f75c32d3f141468c2baef4e53b6a340286dc2599bf7bb002aa86688e26f5b51a6aaf32e48ffd539d4f3f4bbf0cde2d20138151c82384f9ff29a634ab4e0103d93340bb9a7b0caa108bc7fdc88d7de14abb17e9efdad2b0f304f0bfcbabaeb1b9db75959dbf54930e67aed3a9c8309aa90506b6b9ed4f1d06c4ced19746e206e1e9b8879663bf56bf6c5c920ac5e09e6579b780cb63e1875ef0a731b726864b7ae5705a2d6d343a4a213a05928b7337a59f900fd04472382610e2a8d25383c9ab5804d609e79a88d70eaef3ea22d3aa9100fa2a6e98e97684ade9fe90d6bfc59dc9dec3d3d8db8990bc2123ba92e64253235e9b4d682e8aa04e23fb9bb6248a77c065e93249de829bb2fc5ea9e396461090222816bb29bca37bf86698fb995f62c50110cf418bbe2078a56c5f1ec9fdf3d0b09a719ac253b5bcd00932ae058b86611aff51c8ca8448978615854b69b0216a6eb8050ce199fd9a13aa0fd652570a1b187f61e6831b3a960521c3705da8c5e6c64c7b196ed4a49c2912d77b670b177c6458a7a49ecc1ffd8c57c0978d2a05cd1f1c7ac9514dd14b7b0933a52cefd40b6452ca0903df1f55828025c7e18109a6e0f2ab25724cad2d6f57cb5d894a6a508134731e9b9c61254f64990941f4faf97394b634b91860cc6ec346aa666600d323c849ea4c4a0ef55acbc56495ca004f3fca42ff0ffb11b0e1164c95ab89bf1db3d4f575ff334d4e0d7d50e0c54c422eac5ef78c5a3be95f2e18872540fccfb597211ec79d9d47b6cf41e385b9c2e92122167fe584210f63bf919c620d
+MD = d7c901f0d92a868dced7e2659e90121108611dd7781325fc57e5c336c2279510
+
+[L = 28]
+
+Len = 16
+Msg = 3dd2
+MD = b7399529fe614af98f9ecd73e45790406883cb22e3bdcdf28fadd033
+
+Len = 104
+Msg = 3d232201038fe7d846ac1bd4c6
+MD = d0aee5482c509540a4ea4b902bf42fc8df3af6de42fb14e903d1b2e4
+
+Len = 352
+Msg = 44c98cfc71f82215dadf494d68d1d6b92bb4eb81fa0fbf945a659d9aa2c2302b5c93fd3eedba31e479e29d36
+MD = 56c22e6066cd4c4d6415c5a225257e7f888b317ba4e98eadb72b4be0
+
+Len = 504
+Msg = 02a5c7b1b749d6d49bed302d9439f23ab83020bd4d573906f4190e74216ad33aceab775f71cd31092bba5cfa42f0845bd16fc1b8bed6434dedc92f80b395aa
+MD = 33a84e66cf1ce6970c35807db25e05ca05809e53d4e34cda9bfc0045
+
+Len = 13976
+Msg = bd70deb2cafa75918308d703a6783fe9dc5e3d21de9bfeb6dbb1cd531ed5dafeec463a02abde302d4ae6ab3cdc2f0f94865e38339c88bde507ff71bbea6b30b9851cd8cf599e950b8c8e620c90adccba0033f934ca66ea0a936afdad575bb6235099beff1a632c9114a8045a0919fdc21083880eb05c0d8c489c7810aecef4a41766f67c37557e28a9db9a0d909c2b167ff7eba79693afd3ee3aeace38eb73a5a02a882cf89b123812cf2a0f6d5edd1d14362ce9c43257474def5cce3adbba8cb48e7af9a45e702a182dbf47e8869b3f99e953ba81628e502c60d4f8ffc551c31b3ad6ca85c52164839d5e9d493deee4d4b76604174bdb5655385d34ced2c1b09dd5a486e1f9ac501bc611f9d7aa5c748f496faecc14c6c18e1dfc6aee2991bd0207ea1701219955a751df43dbf66f57904675a0e9e6d7f9a0b8bb82a8f44951117ab2642d6671daf1e5d1639d48aff6a05781c2b5e8976653b0a164445872d393d30355acf0bb49bf2bed4265c9a3b786249afc7a438d706eadb6f90a7f93ad51bde6d2c8e6ff09dacb3dc67ba0d3030c54c8367e1e4280bb5903274191344610de61c3c770c6820a6cc9d826f7c743f88f13580ba23cfc00598fd733b5dd069bde7f10f2b8961c16b69761b0f308dd137f844a67f6054e065863f226141755b96645a291e3fa3fc853b2475fbe1d3b25ca22f4da4425dc95fc855e63d6699b311ebd5fec1c7753e6e81f747c808ec3f618f63eaeb1221075edff0532225c40ccadee304a8997c03920e7ce4e60e4df4d120611296786516dd4d9cdda2077ac52bce0fdf552e1ee89a0133f1f87a6f6f35f5c53958ed806465919a0a5fa42488bf29caf33a0dd469e13abae351d5c6fb1a800ee384da199c823c965d9d5457a3ef8292c4d9b142e3f1fb502da498eb44d95f8c85bcd6871bbdbf004bfdc09ab35758f5e8b6a0d0f366c3b255333c52c8fcd4ecb4536b5f6e72897649f3415443612d72c3436505249a344feeb04883f41f90ade40af119014b3c56fc108f1ab0a77087d9226665d416cd975e9e4605529c032e8926002a70924820c6c7e264a794b2a3beb63d69ae56e017294fad4d611cbd0d3847212a38f22d623eabe3b884a36464d8814286fff52c4dd366f6c2abfc2eb865e0dc9ec6e55ca9d81f1b8cc47e2629bb162e54655bf2a9e156ab0bafb4b8ce96858aeea6e6665607a3f268036f4890dad759486b15e3c9e791429ec8f11bae4ea7c490656fdb0551dcf0b0be017c08bc674bd97d9d701c3ac955e2941ba7d5f2ba122a6f0c1b164b1caf2d50df111fd4287e9e195d181f6f514d7dadbefdd4274edc234025b727680576046842a834b6ad89eccaff5c5209bb91d652357e3750d8bb0165572fb71d09fdfc60f6b1e5d868c67c0edead427e7aeb734e29b96e03ea174b6b1af523feacaf6bd745ceb1bdecec9251958b7f521182daddf62ff6c4f58977adeba81c616ff2e937ca4f16eb9c44e63f9e974709122083ae45524ff87d7a0cca33a90f09b660db0efeb393c61967de2564315827ef1cf42b71c0f822f471713c9d885a3c3281d7c95dbc96f1c6dde0af70ea11232b00a2d215ec8de8fcf84b6193b6ac9d46de660361aabed3371fa44a6f32107f3854262eac355f9ef98701f580b4649175cefc29950e7a0eec958f629999c4b0a98fd4bdaf5c0bd97c963b551f2220bd41ec00b8726836e949e818a49aa1ac5bf12c64fb9991111ce8be3e0cb9605f753dae1a4c84389416f17fb66cecba45d591b22d64e5a4edcde067a088d9ff7f5dbb9dbf324510000c55d50f480a640fb22da9b4862dd81080d61af9560b601edb5e3346263f5f193df97079a27e3f9876078b80ebdcdb17ca4c50aef0c8329c72a7f77584cd963e105eea9c28a2ad4e95c1d018e27d0e720ea59147f59ad796b80b6293da8a55ed47e8abdd37221db0a5eefff31688e2adc294654ab0fddf9c1ffafd4783f01eb539492cb35a77315d0ad19395f47b18298a7b353dcf5bab0b2f193ff73d99310478d2e5c4ff1c68a2493c138818edef73caec9977bd4eda6249c8933953e06d796b288f78b18c343ef561082fd03bf92b084afaaee741de3004abaf746350048294bc52450e31147173f2da13d6ffc5adc718e149f9df3702f414dd3ee88296ae8a0106b071b589e8696401da7993d58a9bf8e5bf417165498c96b4ff5fd2b45bbf88f551688425122a3737ca54b2992fdb4d60957a93097222c3cf4c45dabe18b9d6a69e6f27567d5adec489e4b6812c29a8fa52f1de642b7b0e749c16f54473ed5ca2fdf2199e885fed308fa62a3e0deb7e0b8e439e25b3e9f95d755fdcb7ebee9d73069dd57dd1cdc5145205882023b54f2c9dec6cced9e3f6d24e8cdbb8ef121b8f3eded574d81908e867af5ac82bfb8ed60848b4bfdc1d998bae3a9ca80c1c49601d11a40409c62b1536f01ca67
+MD = 60700d4ef068822d0fe6df450b4aa8e206b2790d6dcf973229a59889
+
+Len = 48824
+Msg = 5fd54472a44e4476d254c0940071ad42dc723354f76ba61f63fbb9df80d1ee56136f51b6982e66c1da83602fc08093506a9e2cf27cb92085ba5c627dd63f59f8850e91a1d86cb1d4ca38ad03160f3c584b128d9b21e935570e086d3815307ab8df396cfa0c100bf6cbfc0fd7a8258fa1a656bc178e02cfdc868540d8e5ad39dd46794a8bdc205e710555ee7421ca7475a4f3232e6a0cd55d4b5d4525f0bd7eb1e455931aeea6918b9fceb2a32706d31a6d7028a85e102f228417e2e7db68317ae155af70eda98c8dc1ecc32a62e294d92855354c1114c5735a3c81e551b63a81650107557f3237bf953989d17c65a0fafd2bb1e32c237f98f55389e8f8b0810e97e201914c487a68403c6d621a98ddc515780435564245d87ce462b8785def699f7f06ebfdf33dd1ed7dd5a3e781348298c7950a387bff7d1878731d7ac66ad9a6607f2c3a3b6843c2852a5e882a8d78ae9dce2a79d595cdf09626dfa6f1dba7d40ed21caa29e304e7dbd559a89bd1f07d84165dc259ef112dc6e2c5a3e82b1c50106983f6c4965c85073c5deddbe6323003d56abb0df590f69010981ab3407e43eeaa29c6156995c492c931fff1b686eda3741a0bfb9094747d1620b2580415d431ffd6c02245f6cb03e39f87e82834dcea59355b2ba663ce145d2514e15e2b2c60cf518ff510c6c3e2f16d2dc523832762ed8352a320462ddd4d6fe755350672038163d996b44ed3b85d64989291bdf39398cb996de785b9614ec5d4bd73efcfa37fd4470b17d6240b8e4c715759286b04c3d7d791e2689927c9f18320ff2e6bc7306c805e23a5de66eced5f1a630cb43dd46db515f837f6b824b99b86c10b6df7fcf22d97be05284edf0e0be597b3f9c63556db031339f79ac9e6c5f8a1cefdbb4b30f5bcd23c2a4dcf791cbfdd6460284c5af0621ab7c5571e40a87c87be459c85ec81d746930dea24f43bb11d6611ea83409d3bf4f987778d8eed1d5b246a2112ef78ef0252f9ae464810c13f02359441d289958b4766807d9a3be0054897d35b01830deec1151f9e3d42f92b80f4aeedd65c78c6e98afc562a3bcf6d72f238c6e94a38f2288ac7929a7a61c92875c1f115c0ed8d261a727f0794f17ceaa3dabc717478f6ce7f2e8b295f000241e154b4575bfac8483f6b62f9ef4e18f7d341a65faad5e2fc1ddaf2b09adebc155ff09e63d5aa5f95206e66c7f4ef2ae3aaf3ea7c93589efa8c552df8d203e0ea181c1703d7023b56e603f33b4adb9bf44f7af290d8081210f327a6c9b0785709346087fd090c42d2b8b2711b9a1a5173eb5e246320ee27867ad6c3eadc4407bada44561a12cf5d53bf0448308bb536a8a525eabc1410c3a34becee25fd6fda453251ec229b53751f2280e142c6b331daa659ab655b78cfb08bf18e40bb02b7f1650eb2dd4ba1707f0aafa219f21c29521581ce249e2e34f5656b0a04c00485079b040e13cbc038bb9f17f47cb8f908591b26bdc28538d8baffe4cc39b17d2ecffbb9698bc2b8b31b08424034c051b535e0cfdf07b7a0a54781e33ba739759991aeb72c0ed992cbe76eb8ec0ab12c182e8b049cbadd6e82e314f1bf15fef5ae95dc86bd64b8556766f8ff62c33492198e454e5ca59ea856d8e095c04da8045522abac865506096ee1cfa1082af08ca09b3533878ea3580b6c0c57a615e0ab768246b3eda96bb6caa01a2648068e21959f843d853e948588e8c0bfda364ef1f9fbd3235c27916562eb0214891eb55ae0e059f4bf7d1838b5942656c27899dec6d67b823a981d1e1e0aaff5323b0e3d69a7dddf9b12d7787ab763a3c7a2697ac65b655aefc4bae7e6444850ad2540d5193b378682c77a4dbf9aa22e517e68cedfd1ba32e3730ecaa2e3f6ae61a4f427d6e69071dd62a9bf6c860980c9d23ce1fa82a1937e6dc1ce3a2de096b680d23d89ee102912ac0bd769c1c02095678dbb00b4430428797cfb966b2f901480811e1b9cde358b6d499c9e93f0961f050465d7b0c70d4961e75a9fe40a24e36eaad27238231dae6d0a17f446c16bce7348e669be563649eba9f23be29adb8b10f462780a066ae573f74e51215a26097b02469c25180890e06acc53ab063c742e08d51359b0a39749b84b9f6be44f3ae3da8e5a2f340a8607d4eed08877d007928d332d6f49502bb5f416c46d866fc87477c58a22d3c5932a8d6298c1151daa032c84ad92f8f90b8053b5aa6f690d1bf682f314471cbf200f3d30959e07adc6488dd17b0be5279e727f3237b8b4b19b31a220dfe63882937f8d5ead677608c42a57217f2239614c521d94559290e3b0ed8055d5474e96564224f6ca6389b40a71337da11e1c307dead8e4eb43252cc2f1c49addb18781cf20acffd3db693b02e5c8ecc949b51b99005529e0149a13390615f5df6e0bcd68e1ca82b0173d25134dbf76dfe92daa085d3f6b1e4d18217df41b70c4c40101884c2886495f2ef8a473bf23cb47ab6533c93cb38c36c6dcf6837f1272fc91a6962b6e1386fb643e1f1d71fc75ab58d5800bf4081217cdce0c7ae9e3d25de543fc4444314f32067eeb147c08c55c5c8158ed11729837547f28a300eccc312260215f50e98c4e3d4170208a50a4a4def1243538f906df8476b0c46d3449be73866d463d422595300e160840daf8c906ae4aac13a64457853b0ea6d8c32f4efe3b48c0b1450250086d459648b0ab14fd3f341a4a803be77e56a811e7a26827eb0a1a9454f90bc6ece665904adaa3cdeb2c4847858fd1d79750e8cd45d8da9163784b8bd06629410502debfed5eca3cf8fef0fa6bdcef6efaaf35a1986d6fd68e0f436dca9442077a4818ebda4606a94a3c93fda46e7ef5ccfef656896a0d3d93566b02ed8c3f6174417cdcb99a415b0c6e9816d94e64b438c295b4bfd69e0d9ad52911de5509971b7370593160629b641d690eb2828bf363857983e3b9098fcd15e66448f786f196685d2ceaa251b17ad06dacd614d9fa78ce0a8b9c1c360b529d0bc1d17ba0b70ea8ac1b8d67f6e5770f0cbaee0b38109d26b09493060dc851f5fef121e83e30aab9c3efc2b8397e8362aefea1708f7ffa14d3656f7f7610f3a629bce14648a593250c6f309c02c6c552bb42984ac58db920dbc7d98f59295f37f3e9b99da55ef074ed65801b390366669b4c7aa1c483ffd23082793f9e5cbe30c34250f63fa3ea2cd097593dc67e8d27b7e4f07e73a9f7b33a5ef6962df1381a038d4f58fdbca9d71ccf640b917f631b75d4a2e8ba46c64a6223f99cee30f47c1a935dccc7f054fc39d3498c824e10cc3ee337e781a3971f0e98295aca611bde701c2359858914248f6bafc88232bbc27bd85883b00990bba7862fd7a7cbd4c86df049071fcd10d686613ec877758d83927cacc530bed9a596b5b21c6fb748c379d676de7e05719a867c9f934b5dad99ed97dcb4e70a9b6542ed5b2f086d9f56fc9752e788785ef8f7837a31e433438cf2f18f58be37fe8412f6d21a5c35000a5efb862926700079413f76ab2c3e79e20b516eba9d8c29897097bee55157936607cabaac41337ea4cc783c0809c875259f8020e16d5045fcc39ac796d11a82f25fcc9579bf0a010200f5745065175fdc15474ed514cc796672c59637c3c8f236cfc9c0978a3db1194680c58c27746090d76ca09f7c48ee4ee7e1d3cf0ea70dbbbd88e30e8814b57404dfd7c33727a0c84cb7bd468b0bcb3c89b526679c00fb0892d2a5e7a3d73698a3db53fd7d78460cdcf24ed22b5f39b8c00b3506541ae4a5b76fae29c1cd5b0f8c3ce142e0af7ae4efe3fa4c438a604bf4a9abb41e3fef1b9227a7dccc3f4d6026ca289b4b1366d9ed546abbbbd5677c8d582e79e2b544f18dc23809ab753313d84dd10fa3ed2f723f0b46277b8877d4f3e0665e88c50caf0f0708b746b736b00c8c83a7d18500384bd035996aebb7da8f09fd6af9b76fde7fbfc0ee854d7ec02950e76abd23ffb27a6ddf1772465016c79b98a61bd3940547b207b6507e32cb9761a5604f0f546834a8edac7ae06910045de218d761a4accea886188f947b57bd876491709028e2e24b075d6b022b51af1880ca16a8c65b7c69e51b2ad580ee058acc0606f0a3a9ea1cd4342bf4be602e941dc4bef1239bb9bccbc8098a6a17d63186c6fa75ec44b6e4fd38a3fe49c5eb995f0cb884e2f3ed6be02515fa605b98453ad935682c3bac6a2971bb68f4094cefeeaceda92dec803ccd3d346f8b40b48f8f489e118a17367801e85c79e9b3bb5d73ac44a8290cdbf83a154f2f125090d42e1a1cb72f5ebbd42da46c7a4d4b9fad9612a4c800de6467ceb74f831e1395dfbf5799a3429ba34754add4b34b5960a5fee8f752dae78450322a1ab3d7102b77e907fc1eec5355991e0c7d6c0866660e5436248edeb1a37c0e769a0764cfbb6354332d6e55103b9235c84eedaff918af3f0213c435c32ab409a4b5c7eed8ab6ca9e313dba459bcfa3ee92e7d669be0526856ac3c06a57fbecbba553a9cb4655a901d98af02b74098e478076655d325bd7639d73d7ae00c62fdc361a997ea4ff5b0eba33096b12f35cc7cc0eea62950b912b47c11b9fb386a47c4c15c0602d304b2541da889cff299a1fd415e7e25c70ee4cd83feea7e6a9c50c75d9b128458513d61ec5d0299ef8c090472fe0850f384938ed44d36f10cc2c1d31daee3f946a2fa18f9982a988fd6ac973b1569313ce3c8ff5746c4dd85a241f1e9dca0e904c091832ca028533a3e34c184edcc510bf22a27f530bdca3d057928a96f72dafc73a9aa6dbf2552598e468735cc5736c67a620e9455483e9cb2108045ad80569582ea93a53b491e528c8df336fb326ad74317bc1dfb8ec30a73af01a5dff3e437b7fe48ba5dbb3e8f01ae0c6fc28675a415f23a796bb6e0ef0efeb4b14cf20d4ad88ad1966da43a76b454dac8687bdd97b89b8f8eede91eb34ca4a0523ea65736ae39341fb32b9b716f25662a37382c16f3b9c346c84f03bef54acd6efb364c6401b07b3f7679e8e7f8c9b77b75e6e98b90f4df88460f1978d19744eecccb743a999aaedd00b5a94018e9d5a56bac9d5d55f6e93bad52e84aa7340cbbf98d56213d9dd3e1970867e3972dc98e61b3cff40b64ec49463ff79a41c82dbbcaa37a82b761f432849aa83a3d3c9a209e2207b87ae9ed9959ffced165fcb0d8873668c3cd8f18ba0f92f7acd2bf50416c22ce11692bf6132eb9f558dc789cf9776da94e48cf48607f19d9a11d5df4db11dbaa67a1d20e9f0c96f5956ee3f906e371c489efc88b0c1e56d881e7bf8dd5d6742622eb873e253dbe54f2e2e6d0e6136941de8c23e9a632727bb5f88c23170316c7aa0df28d8d07589dd6022828834f7ea9b4e5876a1704944aa3186dbf89e0e81767cfba03bfb38c55a9945209c4dfd88272c49d1745dce5ceb40f0a6713b5139dc2fb87a8a4888406d2610b7b910a9e5782ef0df719028d8e50a40a269dc9bee12157038522d06537bb31fc87d21af9ad4b2e7e127bbdb313e0a116010f65126cedadd4a122d15a71cbcccc346f55100e354b997154567fe3caccd50251d137c58fc3a2048dd5883b6af9248b51040c01a80c051b8a151a8878edf0304b5554746d6116b749221a1d0082ac925e6e140f0c3b6a180742ac8a50ce0e93e6399102f151d7c14000369ff52d0b537fdd51bec99e7271b1255c6fbc36d83408c417f6825a8e2a58b9054ab2c3ead69d97ea9947fec32d720653c123ecf51a9a3f0ed88743e3fb7b94aea59d0bf0219ee50825ef220554312cb907edb90e4d85f29e316ad57d3b90d859391fcfc63e6c0fd3ec27d4e1efd6e0b5ca8165cbd6af25ed8792d805f27fce308ca1d51335ed5d727558dafe05486a6f9149b8d3bc022026656714222830be582889e6800c0b170e48ebfd069e711210e4ac7acf07652a6f5051507de68aeffc9540cab5cdac84ceee46059ec23820c04b127266c0bf8df0d2b856be3377ab42592f495980baeddbeed3ba707a85dba64fe36941eefa8fd37204ec8c18df3852febd2b142b1c9a5cd0f9e424cd408ceb7788270899fd793db99ddb8f9ca8df550c513790d8bad37a1d1f4a62c4527bb64c677462c9b093582decea70c7bbe873095536728e7ce05d5cafb5d166a1f03055e918f787fb244c5857e3d7a1009bd37f30f165564a082c1510ed19bb1633811a76da70dac67641c2478c6b335f409ef54a2d0f370c9510d0aabae3cb998bd023778375cbf9cf5ef125afd584c11efbf40bb51839aacd3016e5e4d79f134245f952dbad617c78cb6f5712bd9c0c7e1303db5029640cf9b56e29329c3e6a9e0a2371aac1a437b9b1c4477ec9842aa80eaa22c5eac11b60c661de6ddbb088e844293ab8589c13d938765bbaa44301e4137148dd0257bd4c8c766c5d3bfe53671e9417cd1b52f622870ffd90f4e17b7a4ae1b5601a2edb032e353bca652fb565beea6fb0b2cdcadac71794c662677fb1dc81d116d94f5eced526b37c004b95284cb6aa2ac415754a1f14882595dcf4d3f1d905c6e8c12cf5a9d23d3ab55bdaf9f17d2f03f933e1bab89040753648c426b072b73aee8c2fc0d1c03fce2c656e20d4c96803fb2ef471b912267eecb4d6f342d3513894b94d77767823fe0c7438e51f21bcf16f0e98b94b23a10760271281cf843989824f7061bf834f93fd8d2090f70e939700dcb4d8964a19da39a9601a7e0ed9f55f567fc7d5682d55a9ba0e68861756bb549f2f17c10ff6bd2042a80477f89743d3d762f1dfaf230bb502eab6f4c46b26135ff3bef5faa179bdfbd288e3cadd3d88d8012706e19b7fcc6e9cc2699d3ba0e624e715599480d6b7dbc6eeea0d12a9236444b17285fc7794040dd40c2b2ef175f7f3641664fc9bb7ea6d7eb3489d504f8013d64a23aebcb5ce233405f5ade067dffff253f27e926431ad806703e8fab23656e0b7431916d8d4c72a7d831e3664e5f30839c76c8167b76f3b2dc75a6ef48df515e06ea54ca51de2fd9c5eeabb1610b7eef06a2f3167859cf82e1a5b76be8ed8beee2bba28c3b15af6890d7a37226834ec9f63306a0da11aff918753d8b83fe7220803c070db98195d6d18357233f5504a6e3bd6f30115d3987f93aa5d89aa0b8b577d1fed94da057a6f088233efc0f44f86798896eae9ad0b20c8c9cdd9d72a3f02213f6797800894b864cb44fed009440fa5b0197023929f9bad16f052cc2d87327788a68b9209f46fb4776b092d75713048b5453ccd699d19cafa8e9a93fdab0f0863711916efe3bd81ee71b8e0221e12e9ffe2f6ee1a4dc1a8de6e593480f3c05b3691e916a4a7ca51971eb2f0f693dd10f6b8468f8cf7bcce285938b5a0a76ef86acfa2990f88bdafdc39a065db17b845028ed2b7a9e331c44217de20440e406868f1eca818d0be20248c2948b8f4cb118b2e456e585949139270f57c54715f3297bf714aa7c5f72ed8ddf6a074703ffbf95e45bc81a02c42822c22d2b718f2de5e03d687a4b18d605ef5ae75f9d43c8cb4e77aaa0c0101d978120f29574b22f52783c667f7daab3e1f9cfacf2e68e94a24918e3fe2c4f061deeb64891b5217fe5908e7f389897751839982b7fb736fbfb1232684e93123611b7fc8fbeb74f8815b5ae13240051920f3b6ed34483ff673c467ed7f0a8fbf619796e485affbed0697415d2d0598ba34d5b9e44ffd12a5edc323883a2e28efe9baf860324f2d2016748503eac1888213926b0e0f0335a4b51820a2bd3b42d982ec6ce307b453b6385aed7a735a1e98479394147c40f01c532926e10e1b26a5b395bc150ec4b4daf5b1436bd0baa225583ffc9d9e9d8a354f60fded37b41c7c051daea04e689ab2d4e24d7d07c75c50ccfd6a527e024d1632246c6f40f06b86ffec0b29cf894b665d53d459226b93422d37a8da23587fe884dc3c0f2fb55dea296a9a5b9a0d101f186d9fa6288c912202547cdf958569d2cbf235740eed38d10b0025dbb6de31058e98780d22149c19d4bcaf06dd7353fd91cd1f47e47f45622e1472542be2f63f463d253617eafd4f2ad609f9020884905dd5c22fba53ccc619104b6c0203a7f6c8c26fc80ff6fceb8c0c51600c2e46b4b872e6d597511524545a76cb42278b519d911e6c1320e01682c551e204ccdf91290c52e0836167a5685cbb1af338eb794c10fac92950f3f7956acf28f1ca984e380bcff9876b0c71dc7ce4011d1d0f955da9ca885c6e7bb74c6194dadb0fb9146dd725c8a9574aaf3824b727c9be3fce59c35850b162c17d3013689fca858a0a51d81cf4f30d6a8705bbfe35ff03c34cc7c56aca32140d72c8e8121fc71353596b777b266d75b322c9a97fd2c5d4e2362f19c99de66da7bd9c495c03d9a15b28431a0c051e786fa80f5503a72519e6b419263d72d553d688349c0cf30918eba0622b953a0efce4415c29515c26ba15f00e548ef108afe3f8194aeb965e5e4be94f10df6c45ea5c133a8c3398d09fb80f950b83c1866a1637d2bcc195e05cc32a9233b244cc2b1d4930e66f032cb1163c37b3e58b576ab76de759569797fa9b8bb4fad66aaaa56f09c7a0ce4641d6799d7bb47cf684990ec1e08871458c211a353ccf1285e7429c7b8520180918f7
+MD = 85747c796a910421ecb364b4b4f0e68b49e9217944f6586eac4993ec
+
+[L = 20]
+
+Len = 16
+Msg = 8a61
+MD = 60bdeabf39efdf21ba9c0f94af6552d2ffe699e1
+
+Len = 104
+Msg = 37487aa02b03bdbc6bc62e7e26
+MD = f146072f92dc4a551721a10bf0b01564cc2b43df
+
+Len = 352
+Msg = 6ecd002568bae3bf1873993041bfa292eb94e9ad092d8eb3585be82e8a20cb36a47a06e7a57d301268a4a533
+MD = b0a2d6033cf1d8ff120a605b745d736ee4aa06d2
+
+Len = 504
+Msg = f6dc1d2f6b8e126d99939664693d8709513f97d730074ec2794e536d94ede79c81f2b2ecbff3c2c26ca2d181ada2c60050997f3bb087ce48d956c18dedb227
+MD = 395dd2989edc854746e384f339f0808c515747be
+
+Len = 13976
+Msg = 07a6372c863c7d7c6764e4f05addbbe161762735dfd2d23bf268e2d603cd28de9c369ac379390473e1d3fa7e37af1178cca54fa0f782dfbe68070952b93462ea46c640d43ffe71f5fba42df98f4c48ada0d8aca8753e0731508bc15dff283178ae5c10a6ff132eca5dde63a78d3ac94685152897828eb25a55fdf140fd33fd4e7b03f283e201a1baae8986d25603fb0b2566aab345fb48031d648144dddc2e3556c0ceb1104f348d96ae7dc0152e45c625d21b46e70c31f250c858aec4ab2cf5e79d8c79b0854e0abf5330b9f044113d306161968f4ad6f0973160c9dc296056d5a11523ea2b56fbce8387070fccc639ec1c65ec663b9dc49aa880dc4ddd3020c9d44ff7e8cab6266e436af19b4ecb82010a0f8f9469ef380034a02e3f50051a6a3f233dcfe9d553459dc1bebc538ae0183448c9405c351271dea808d908480e61e9793cca111b4cfb9874b799626a1bd9a0f6e0929ad51b97ad81b2438f5fc255db3a3dfec9f0d8393c6b245b03d3faeb58021db3ad391b17a91174a66db4feef1b4c889699bcbea7928f4d29be2d47f76455c8cb1dc7da9cda41962a28ad8cd7b39965b809e7c7eca1c6792c1ce1c8a4cad6290170e91fcc49fa5ff64ab433b4aa081c8da2d9bbb072f9f18ca455469b946c877e3006b34ffd2219335b30ba2e0980f43cebfb629d0b11fe70dff28883ca012c6ae4855fcefea20a08e189eaeed7eb36ed6db3835976f4e60053205805727c5eec15d0e9f155637a9e66268b9c1c302bcaae6ae88cbb8cf1668a487cc996c4662c4a4e195f094cb31c717165e0e13718f8388957dfe0bf69c70cd0bd763dc38c530b67b9c12244fcab8bd13f602de848a2937699f9ef77944e5f22e3b470601789e1838fbea9359c733aaee2c7082b02ee459b7684ef9bbc200da4b62d368351f5520a65ffa506dc9b097117bb7ae88d04d85fb525e91327689ec0fe86971480c0e864012b1e9f044c7d80a4e48c07320dd4292086e4c71d4c98dd826a9bfced112bfa2beb1ce85cad204451ec45703931bf637d4fe89fe8f485620b7f4b21e011a232ade7a8c92be77925e878ae0bea9723749528fe83cf89ecb9616dae6ca0e8d5754ec6c92abb21108c2f33cdc18c6887c430b72c5b193356494cddccc577bd4c2cd53188f352846edff0c2ac7869cb74bb16a77c0f0f194a7a9477ae15abb890bd0bcfeb0c39381a87f1d05319c7e971c10e9ef687f96450b400e25b4285032892b849fd5db8649cedfb03c88defea063ee144a1ab1f3bf05f59c7db364dc39c11a446c3ce16307d78d50315ba29f5bb9a57438564c8c7b3e367cd37d74b2375a4966f47489dc5448f4979428abd32193d3840aa983d3020a9f29d760fc7493ab2576c90b1934b799c1d0d55e4f2caa78f4ce61930c79dc017c2dea0c5085d73a3b0e4a6f341e9a5061a6658af11e5edf95bdad915ac3619969e39bee15788a8de667f92f4efc84f35082d52d562aa74e12cc7f22d3425b58f5056d74afcf162cd44e65b9ee510ff91af094c3d2d42c3b088536d62a98f1c689edcf3ea3fc228d711c109d76ae83d82d6a34dcfbad563cf3726519b519fd48b51741aa86720836494b7a589c778927047a25d73508adaa401e9a6c0767a675e31c5556cbe35fadc9671359b45e985c3c8af84113989b299ae4474b85e4b5d4b0578ab1e8a2915a8df97c4f52a639fe32272cb91bbfb721505dec46d51383cb8973425a714245c2e37d0577fbe0d66381d9239db1f08a380cf609dc699698e0fada2caeda44d58d766c4f8214b10642b80b8d7d8add7cc41d47108ab7d07dab71069a2d982cc900b331caec317942122158bac6eac9175c2dcba0c04443aa9188832b553f5ca8c336880824d6bc02486a2b4c086665d276aafe3b1b93729829adca50c44466fd5b5cb977aa78fbcf5c0f0da1b09216468a11493ffb39efdeda5d669ae92bee2f2fb250aa1b9cbb11c36c7a6c6dd26cdc3cfd572ffd8c1dd72a13c27a327a34c6b6b3d80fc6c67c72152eec0c8ecbdc1bd5cb829b811e7f29af6d786f4e93dd4c96fdda295a6aa258d7b2fcf291c2d68e0b1866032475964ec0c6f2fa8c2d6a3936ecb187350def4e818507bf157c0e9b33406be7660605af14cccc9c799b4e051d0d0899e53495bb8931a6e2984bc6dbe4e02ec8b4642fc2f1cb5fd5a5520b48cfcb49e1f9533838753554dd98b6a1b8a67409279df477330e5f37367e06247ca5c3ffefd00e693dcc0c9c30754121c9ee88a574915b9e77c104fd2f921c2c096573951407ba9b440423d76bdc6fc978237a6e302cede7f99038ec31500884775556941f1edc30e3a417b0e02cb6fb5bfbe5cdfacf4006411287bedc565fb06f1be987416407dc852254934df4ab59edce476f3506e65be6ce6ddf91038642291fb8e92ba5b1f0b105670905a2c14796110bac6f52455b430a47b8eff61
+MD = 1adccf11e5b7ce2a3ddf71e920138c8647ad699c
+
+Len = 48824
+Msg = cd8490c93613bdf1f284b94b330f6d6f45a39c651d2a160b340e2eb696fc6d1c35e88872845190d141c669de92a97daa5433b1d7b0b899fdef2ce74b8fe72a7296a5b5be26d1dc86520367c730c7400c2fa06f91ab4c48a7bf4ae35a5b9acd5296c4fdf7451b0ad9cc439b4e34f11e5d7ef2bdda376f8dd34d6f092b219dc085dd4c4a6308b8808f588eedbbc7af7f64e83182fc7ca7cf4741a341060a7969d31445834c982fa8739ded4555108acbea1666a83da17f77cc42ee73323eb53203e3b790f81c08e94c44678b6538096ab7b09916e6cf7ceb2af85987f8e4d982dff1ab59b0bdccaae1f405a73366b5c5935dd0b43e2d2894290ceb66a0246dc02de728c5bba30255fb56ce8107c3144246c5156a8fe40ada9126adf67227fa56b66c37be63f532516211ca012977b04a97916f201f1baa2629eda520b51508ab4229df2ceedce406dece0110e0a911464f69e7be38fb91deba0addcdb3161d2799c628f5a57fa1dc37357c947681bd9c36f4832c20ac466c0c245de3b250c33282ea1a02d007f03b34ed427631283eb614db4d521f555136e7e42b4cfbee8134c63dbe3bb79b5a8b9f9f5b9f5ac61cfab1c54d197f1e3ba613f251eed616df952d691b88a16466343ef2d0f63882ddd2d55b8a6786308b2257f5d7b38af166bd7f1339d2d8899c9eda8fa86215850ba547450c267eb3c9147d96c38161a69d1584e521ffa23384313a1debcd37f72ddad02adb3cadce7ee34b7c1f42a15d0d030487daf9488aa7562845a11ee7ffccdb38b300935caa31f78a4ff3dd93403cf0c6a16ca611b58c736aafd33d6dc56f0f47878211d26f6ab801b9453a7f74b44593dae0f047ddbbf2c902891111729edec44f69a05944b18e7a601f41ad24fd6833da3dbe3029bd390de7c9841b2ee2b079b2bd2737518fe1bbec88da64769dc36e4a8bf716c219b2fe059d7dd220c1ed2c59878db5bf8b198e0689edee921ebc0cd2d3853fcf57c363050ce58071c5fda6ebcfbc1bb62e9eb956286291a108bdd4191c4ff47900d6068e1ea26b487649af119b9bb15dfed804836f2196cbe12d8fc86e3d7ce89b52ad49dc9ddbce5b370f73f512bedd853039366612453733740586d1372143b09f21dd4dbe1a2bfc308db8e4098c5e4b0c1e16141ee50e85fafefc4e2529b3c7252af37aee6f86e19df28871686107d7d57dcc812bc077602642d2ecefdd5f694b8f336913210793e4068da2178600b1f41cffb5221c9b4b6298afb47e85701d7b1a44241679d8996f916c81ff437261cfc358b9ec42a2ce16ca3bacb8690d6c1d91cfb3e0bf1e7ba45bd01606df856fd03c7e946f7ab371a89e1fde86d05fdd97bd7b1c583b04c2ed2b5f6815a460645e4e1b4e950bf6bd81dd0352d1048df85266f1696534aff5b1cbc17f15d82cc8e0c0d4f0453f9439094f8e0f7f4bc045b654d9a2f1f44a9c57019f63ecc41021c05b5380675cb56ea8bb691d79ee204d2c4edacde3c1fb3f4996a11d84b035f965e74009e2ab80e2c7ea3c84a834d4971a1e9cf423e4ea67ee526eb3c3e4c2d7372c4290a0741e1fcca5ae4cf36705abe98ac81e98a5419baefcaf3093a7e0449ef1021f88ffb7ad21b2677e41cdda12025b06542c4b2564f15e0b99db43b7c7020028bd829372122cd910227cb07c53cb58fd9dc620c0491f3e2bf883fe6ee8cb1f5b73767977d857e4513e8b5612f6ae4b56014e6a3ad2a065b65472212e2f611743484cfaef860999d1dc5608c58412fab888ad72bb87dd9b55b692f31e252daf8944ec5c02a5a9c23903c50dbd845f2fcc3bc9806af13ca7b025cabe675195b1d56f3fe7d7bca12530bcc0af217efcb03a218bdb6f9726536ea902c8303b02e3ced22be59753588b5f0e2f3419fa5345a942dbcdf3010465384a225ba26cdd0f1d74999c69f336bb6d01fae5cf81cbb8c1a7a29c1eb83ca6b51113bde56b8cfb6a5d72557622a37f039d090a689accd02b57c691174338de8e05bb3620c079705c969c58e56b079dc9eb44eb0fcebe548f5a31f4072a5ed56a2f03107bf40a359b2601eddf53cade66f294cfeaa40a0d94b9c90d15f61852f295d3911f8ea914d015885c8c64540a83badf0021a416c3e37b78236a2ecd1fce4114033416bdd3a36c18ec13250ee9c74c0fc4dd564b3d24a825802d5ae402a53bacace115ae3bbb329be79d1e5e42dbaf0a6446431145fe49b86a8703c7c41f8985d54f12e314c16ff89351d8addf66ebba2783f2d1a11965182aa0b0dd2de53586c5a695c6265c2b173958da648611090557bdebf11a1e042f089fe98e049f4796c60d26be38356fe020d9ace9008410d53a1bb7db78b52ee44bac364213f5c59f1eac4e3314f3423b92fdd7a6156608111ac6ddf58385ec1f3df12061208db98816ac948d803fad10d5ece2018c60faa13de5e5a9033745c824932e53f4122a39f635813545c1b74732cd55642f19ed6deca1585ebf7242c849bde981572a2199066e9c912b2068c8f1c8b936c43ae95c6e22bd7b80dfea05f495d751107da5928e806d0af905c87b5a0795df146af6580d8f9c6a0e2645686d43822ce9b4be0bd5937c097917e048b5af71c7e7521d490f107e9231ee5bd9fbf0727ba87774ed24cd52f471ffb71849ebd55605996515bdcfe95bb1df3541e7c42da4166dd01ec3597634aa6455d15fe14af435e8d7a55ff1682d55a2da867ae63d11fb3fd987fa5d7032ecefc35d3fb9570940e779e13da18070e6df5292f97f2a281f9598101102c955fe4808a2319c85fdef3d55b19e05bb8c2d3da64bafb67a53491513a24f6f0804aa162c8a7db25b38089373fecc45a0eaef65dd9be3b4b7f9436a5423fdcdb5a9b60138fc6a2261225390d9ae0d8ab7f0f7ffff69dca06881d33a637d634358abebb333df41151f239add91abaafc89070cb2159ce3a31655c22e4696c9fa7a7211d1251d4bb21ea4a321a3dbebc29d97f526251e40e548dcd7ed07587719a266f006179dcd22e50b3705152817057b097b043ad63b8d867edc20aea9b4c959ef4ff70f47128cfcc21e31f17978ecacc366f459ac1cc459a3976e4173ca322675f84f18036119ec2f204c3fb554a0b72f7e9d8c882ab147b3d280ca9dff7b9160b1b437b901f03cbc05fe05c6f44824b48aa8da52ae7dda1653fd500f9ccd221843cf76513b3b74d094f14d93a00d7cb954bc4cf2f04f9a35e38edcb1e84f62057647dcb3571f1dd296ca1e049f1746a8a282e85138500e7649db756b2d2ad88f11c471c89dc6be2cd43481013b8d0ae83da2b855cea7be424f8b2325b1850d1fdef03e765458df4513d57c72ba9751e1edc3c4e7f97e3202bb46eec7be89871ba3704aa6c6fc08851e551a3f655fa1fb798d12f003faf31c56b6df399a5dd0ed29ef9e4139dbc254bc5d6051840a859eabaaad56324588fae881fd638d2b70fb3813402df61d941ab495588e5fc3823249bf9a03cf877902394f512de118edaf98843a5445e9073fcfa409df3db0221f1c77e2dd21e74f9e10c9e180dc4ed17010eb949c6d67a22bd5337b2c68f9eccdec778ece728e91353696b742c8f5a3a569f054efb8c1ed478ee9b75e26c768a5816aa6bd08a4c72e745fdb5deb34ecb86b3a84346c1c70f9c16fc45bc0421f0da2f630912d5079f390cc53b78e343310de722b53d2a3b4aa386caa0d7e91986e19c3363426ba30eb5284293af81d00158a3f5233327b40c3b989725ba7dd5b31ac7abf8d3e0b737e843065cd7316dc2f374a00bed4cf9caa0d6e232c854df1bc24c3d484bc6bcb14ec770d5745474dc6ac3b3ddbffc551c9fcc2c56a5e0ae17948457c01e701bf1554022bc2b7d9dd42b2b91172fd85e6874d2d61fc7b3bb3cee2a9bfec09f6d7e98279c6f511f4140b116c856c1438e34bca59fdca2409f025b896a52d68719bf93e82e7d89bbf798991fda0af8d06d17f39eba4bca09c1fe594b537ad4c9b94ab52c895539d639425f9146b24b016368a638e5bba391bc8763cae7c52ff9c496884f1d84e5e08ed451358ecb3c4919dd410e82cac35ae744078287c05c89b42999ea6b8b127d40d53a5722d45139e8bc507a11e7add7fa9ab12cc40afeec008a4668e3e6440f27bb5780936c0e3668ac51262390c79b3f21fd041cf36ba3522f3a552714ff188bfd554c60d0e7d11213cf7d3864a5175d4047c2f3284741f18ec22995a5b82bf62190151bc1529c6d9927f9b0c1dacebd9c2dc406f7f64a973f9a70cff6e3abeebeb46514bbf2ead382f7262d46bd43d88c1b91a9011d1f8ba81fa536a7162aee2b2ec6fc0f2d6efc87b98d2e41e0f946969da659c21053775ece415a34d42b6cfd5bc52259867b411dfb991461ca618052309ca9c96468c2da12dfab0e822ff3bbe7ba281982a239ac19c47024fe1f0e3550cf0975add1f680a9dac9b2c4ab0aed4f409ddda6765eb8a0a9d1e9d07458c69ac8195541219b18efcd06c0001f2ae7fee2d404666a18ca3cb3aa4f0623e86c5b1229f6c2ca28d951111294b91edc52730b6b2c46e000672a7c89b2f38045bd3e37dbb8a75e18687a514dcf740c87a34834d3c3cc8aadf6166ec0c42d2be92f90a3af49633ff23cd80848ceb57ac550eaf9ae496bdc6a2d7cf50fe107895b4a1ed014f78af24eccd6a07420f1dc0df1e7c44b4ba937dd43cab9c798371b148325578d61931766af02b45054bdc2d9fcab2f4b49092f6fff7c27886820739d6140a4a905f0020249e8ae8dd87da1a1e7b1851eb01045aaa72dc8a2bf68055e7aed41d85336648a3405195d2ab61b0e29a770461f32fd05e14c17d72c5252f026a7b9abe7ea9176d3c46f6ed9fb716758d97b41e4f5d81a24538f763d83eecafafc668422612b40cfc32b3354b24755fbe400a2bfed494fe6d0ba0051713b776e67e2f1915e94708e6dc74b398f2f526933aad8fe7dc32faf40022606aebb6e0756b994c3176fae7640ee06d6c67bd54764c4752f1bf831f43e0227cba101174c5554ce26400f333dd8e9f6db1cdf670ce407d7d06c3aef4c0724b62edc8f1ba3e04f0e394d15a73b9255abb4d6ac70303dcf9160d32dc02d4804219ed5c7e3b48402e58ab2f58305f9bb95d2a8759947de96328ed5234cfe7d0b2a9a014df7e4cd0ae48906315f139b8635d2e6bd4aba32e62b8906cdfe5622c411bf0373d0cb07d17bb2bb5b83eae4401c243605fd1df759fd0ddc704ccab5a9776c40fbf6bde0f11b9646c699f26063a9550ac228c9884c277bcadcc0a2c225dc203e28e253c4e464b23d2529d09c7b7dd3c984667372472b615645f294c4e3b0797f9d1c234015b78502d98bfc04f1fa2f16cf3e7221d5794d035e4b172a4d84e679cb1c82df2fb49d3c6668eb1661bed56705096c2371a19d668832808eedd9e5b1256c18fe7ccc494e5e29145d453c553ec86fb7f3a634d0d45661875f2f1005ba5e734c1a976f37cd23450e4606e32d027bc9ec2edd9395e14b2082179bd7b4f9b8caa2d00a2de71d48553f7d4153cb56a1b08f11925e4b11c9281744ae9171f3d6faa3ab3f88c5c34fd23e4f6efeceafdcbc07686ef56efa62c0ad62f1cdcb4d3b5bc508c1f05263bc347158fa5495828f34eb7fcde98fefaa82bafeefed3f4a58968d751c051b52e0047f066de5be533bc3b1e439ab1c8602f6c67503803c8fa113737cb8279f358dbacdf45432b7a654d0e1122cca93420e956661d7275181c75b0d9c20e84c7007dfc49f27bc00007cf4ffa631c892981fd70141d532fcd51de5c23fe0b7a186d0dc296362f235d61698740cc315891cc9342da17843bcde274c17e462263d0e8b4832dd9075a7bbb443d4b26b41e534ad5551ed5ada102175e695363fb48d6b99ac978a3aa6f405d87f983384ce35740e930491d75675337c5dc081e3d301228e61bde5cc169968e5b4350cca2b085f9f75cc4b88497a78cd0a0073d90246c7dc102c7cbf3516498e8a41aa85d8cc5bc285ff66e8338e85ca83fb6889e2bccff52059bb9e92e92c155a349952680ffd0a3c346061a53fdf074417fc90c4d1af7c2acc3ee4b080752cbc9455ba5931b7e910f1e4af0efce905d2cc9c685923ead387fa532c0e8ad92719c76c281cd010e1acce500ae1443838b8afb48af032069dd07aa4df0d56bcb70a64592633699c8658102f1fbca441325e27f1732a7a973d8cb3a0684d72943ef6f1892f2d7ccf39bb6dfe5801ab98653bdbcfbb787bf125253be2624f6cf44177d588bd7b780d9e3f4e3a4e50b8a253fa21abce6a94b9073289c76773b46140f5a6e46b9de9ec066c176f5d1a69f380e1901216617363362d13ebb26ad74fb008ec08841550ff14ca800a1ecf2e007ebaad9f4e0d9664448d60ac0d8544243129fb81c1723b9b4bc2ee971dff736d9fcde0afbfbf5c50a4cc06a4c363998326c17bdc9e2508651dedd9a2a52bd87f8693cfcff60753acf9716c526e8635f12377e36564ae55d0fdb3c7997ec4dbdaa5b4d18c7b660acd95060831795da7d299a5a8d8cf9e92537dbd3ef7f56aebe38fa97c41da6bf0572a0270be7e5a7dcc0be3529339464c811052b65a938e874ea6da469c7d8992ce0aff1c75e82d1621ecb967213c65f2de582cb41de3804c507ddfc708ef3f6096ba4491e431160f98de806d0f334e03cfb7a3bece601099bd971253f3aa0df845da8b478603d5d88533d0cab9c89f2dd9a1404cf8939ffdda652a94093865a85fce2bc3d7babcff7b9f3306bd76b9af80c78ad518f89ee73b7a710da604e72f4927be8d65d06be2e0732fa786a83e27597cfbed9bf98df445499e0746b9f2cb9659ac0a9cef433148521f33b1d78d13c8441c0d1e20fd93ac450a3787a2292bcbd68cd1f961d34937be9a21abaf26f361bf53aa0c095e53c51f3e04d567eabe6e40d96a17c2bcc9230b18f7e079bc549a314b4ae21d30a3341aa205bc75c7f1d21b0a49549c300faeda243d0ce18da5e66c5b663cd705005dd9fea0a9564174abb797d64c58fdab1fae44576d514b75eaa31c9278b15bf9b6df7c6c2873d7a56fb91ab77b83761a09f9e1ddae535622fb87f7462256a60dd39dd3ceb6690b0272920b635ea639daf24f95462c523e5bbd8d8407c61163ab38877d5edfa04c2a78d4d240523ba97c7d01c71783f8748e85164b4dd08c25506a4ed18300b42b7bc6e417f512ae456ceec2ffc83190991a06d4a58ede215babcd3688e1d61f1975016244e80c88ae2aec05c7eeb1c50caca72b3b415b6b870bf5e10bd1ac3ba6b4acb1d1afac554444d94c97e171005fa4ea9c651bb4e527ff58d0c2f90fb453a92d6546a26e9e98395b09e8471bdcf2a145aacb649708cf048a7856ce8cf390c107ff2c66efbf2a76c5b041860ea576103cd8c6b25e50eca9ff6a2fa88083fe9ac0d1fb639c516b9bcdf23c34c6145a705498ff9b9747f15e1c08c63da6efeda4eca02c3f00dfec06c82220c9de840040118dde76be788daf84e6a2f44c81fe6defcc474f99c51c4648d297cbc48f081e0809dbda505d020cbe865e430e0491644ec8c52bd3ab8ce8c4862990f49fe2588caf804ce9500ef42d5a50c057c257168e283e4a4aedbe4ccfaf3eeffb212f9e23d15434d60bf4f455f512e2b655aff3225d1b217c261110cec0400f54dd303d6231d028c2eb649bccc91d30a6391c88bff9d447c3cf35a3467be5957e0ea4d4dc237c9f2c68ce48f658f820a3d72d559b60f233ce538c92cb148808e34fedf2d648c21e7f2ea29a77270c393bda42d869351d6c085d965dc12cbfd0311b8bf604f4391d378781eea3b5f1e0da9d0d8f8de88e56fe47d362cd46f591d3ec0f7cccb85a21f21ddcd4107821ce0ca9ddf99dfdfd9b0c9cd45053e5b1b4385bd8f5b227ada31b5c23e9420014474e8b4494fde7c38edfe70994d97b8cbdfac588df49a49c472fcce78cccc051f31cbbc1e0422878d8d490f3aee28adf1587c38fb7e7d1be54abeaa83cf54b633803a5e669ff4295df8735231ce39631616bd05e0e31117c722c2fd6787003b0bc7fe422a089c89329544e085d71102c1813769450a9f66f160d1702cdb17bd2c6fdf0f722762d193ce83623eeffab17b01b10a31db6e2feb6eb3abdbb2e36320e1a56e44e48d26090afa7f65003a98cbfef590ac3ec89b3eb230557cf6aa566e841806aa2767b21bb26fe001f11ae039e0c9a4bf1bf3d271960f16158eb5bd9ebf0080abd8369d512cab2d1aaae2b14d0ff6ee705a38fb0c801a98b0624cc138fc24834fdf430f33e1760db913da3290f34415c9e3df3e97da1780545ab68ac5a24db89f24d62f4a399728e4144a8c89f47ac2d29e30c49b0bcf790a5e3d3fcd1943c6a28f37251d9dd827a69579e6c17b629c927473b5a07b0a29d9562708d6c8ce576109ad1a3473ffb2047eb069beeec24c114bef392c929038c92abd0e6a19b610e27881361824d57008b7373d0ab76379570ded76c9b8284fe2c247791073c29b2fc6fca05019220ab92856892d3c0dcc6da0b597fe559c162d060d71513ebca050d9638164b9ae271fba5575ade787ec5aee8fc253d1b234b1df561db3e36ac64b9b0100dd6b407043537b2b141f
+MD = 2cbc07b9b9c819b8fd38d8a614a8a9c3fa7e40ee