- Update to version 1.0.0 beta 3

- Use %global instead of %define - Automatically generate debuginfo subpackage - Merged various changes from the native Fedora package (up to 1.0.0-0.5.beta3) - Don't use the %{_mingw32_make} macro anymore as it's ugly and causes side-effects NOTE: Right now, this package doesn't provide versioned DLL's as the upstream defaults are used and I couldn't find the right spot in the build scripts to realize this (openssl's build system is really messy..).
2009-08-29 16:13:45 +00:00 · 2009-08-29 16:13:45 +00:00 · 1deb3708fc
commit 1deb3708fc
parent 278c82103b
23 changed files with 15807 additions and 68 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-openssl-0.9.8j-usa.tar.bz2
+openssl-1.0.0-beta3-usa.tar.bz2
--- a/11
+++ b/11
@ -4,33 +4,32 @@
 set -e
 # Clean out patent-or-otherwise-encumbered code.
-# MDC-2: 4,908,861 13/03/2007
+# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
 # IDEA:  5,214,703 25/05/2010
 # RC5:   5,724,428 03/03/2015
 # EC:    ????????? ??/??/2015
 # Remove assembler portions of IDEA, MDC2, and RC5.
-(find crypto/{idea,mdc2,rc5}/asm -type f | xargs -r rm -fv)
+(find crypto/{idea,rc5}/asm -type f | xargs -r rm -fv)
 # IDEA, MDC2, RC5, EC.
-for a in idea mdc2 rc5 ec ecdh ecdsa; do
+for a in idea rc5 ec ecdh ecdsa; do
  for c in `find crypto/$a -name "*.c" -a \! -name "*test*" -type f` ; do
 	echo Destroying $c
 	> $c
  done
 done
-for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_mdc2.c" -o -name "*_ecdsa.c"`; do
+for c in `find crypto/evp -name "*_rc5.c" -o -name "*_idea.c" -o -name "*_ecdsa.c"`; do
 	echo Destroying $c
 	> $c
 done
 for h in `find crypto ssl apps test -name "*.h"` ; do
-	echo Removing IDEA, MDC2, RC5, and EC references from $h
+	echo Removing IDEA, RC5, and EC references from $h
 	cat $h | \
 	awk    'BEGIN {ech=1;} \
 		/^#[ \t]*ifndef.*NO_IDEA/ {ech--; next;} \
 		/^#[ \t]*ifndef.*NO_MDC2/ {ech--; next;} \
 		/^#[ \t]*ifndef.*NO_RC5/ {ech--; next;} \
 		/^#[ \t]*ifndef.*NO_EC/ {ech--; next;} \
 		/^#[ \t]*ifndef.*NO_ECDH/ {ech--; next;} \
--- a/mingw32-openssl-1.0.0-beta3-linker-fix.patch
+++ b/mingw32-openssl-1.0.0-beta3-linker-fix.patch
@ -0,0 +1,44 @@
 --- util/libeay.num.orig	2009-08-29 15:41:45.207820734 +0200
 +++ util/libeay.num	2009-08-29 15:48:03.746817062 +0200
@@ -1084,7 +1084,6 @@
 PROXY_set_connect_mode                  1112	NOEXIST::FUNCTION:
 RAND_SSLeay                             1113	EXIST::FUNCTION:
 RAND_set_rand_method                    1114	EXIST::FUNCTION:
 -RSA_memory_lock                         1115	EXIST::FUNCTION:RSA
 bn_sub_words                            1116	EXIST::FUNCTION:
 bn_mul_normal                           1117	NOEXIST::FUNCTION:
 bn_mul_comba8                           1118	NOEXIST::FUNCTION:
@@ -2844,17 +2843,8 @@
 X509_check_ca                           3286	EXIST::FUNCTION:
 private_idea_set_encrypt_key            3287	NOEXIST::FUNCTION:
 HMAC_CTX_set_flags                      3288	NOEXIST::FUNCTION:
 -private_SHA_Init                        3289	NOEXIST::FUNCTION:
 -private_CAST_set_key                    3290	NOEXIST::FUNCTION:
 -private_RIPEMD160_Init                  3291	NOEXIST::FUNCTION:
 private_RC5_32_set_key                  3292	NOEXIST::FUNCTION:
 -private_MD5_Init                        3293	NOEXIST::FUNCTION:
 -private_RC4_set_key                     3294	NOEXIST::FUNCTION:
 private_MDC2_Init                       3295	NOEXIST::FUNCTION:
 -private_RC2_set_key                     3296	NOEXIST::FUNCTION:
 -private_MD4_Init                        3297	NOEXIST::FUNCTION:
 -private_BF_set_key                      3298	NOEXIST::FUNCTION:
 -private_MD2_Init                        3299	NOEXIST::FUNCTION:
 d2i_PROXY_CERT_INFO_EXTENSION           3300	EXIST::FUNCTION:
 PROXY_POLICY_it                         3301	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 PROXY_POLICY_it                         3301	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -3318,7 +3308,6 @@
 EVP_PKEY_get_attr_by_NID                3721	EXIST::FUNCTION:
 STORE_set_ex_data                       3722	NOEXIST::FUNCTION:
 ENGINE_get_ECDSA                        3723	EXIST::FUNCTION:ENGINE
 -EVP_ecdsa                               3724	EXIST::FUNCTION:SHA
 BN_BLINDING_get_flags                   3725	EXIST::FUNCTION:
 PKCS12_add_cert                         3726	EXIST::FUNCTION:
 STORE_OBJECT_new                        3727	NOEXIST::FUNCTION:
@@ -3702,7 +3691,6 @@
 FIPS_dsa_sig_encode                     4089	NOEXIST::FUNCTION:
 CRYPTO_dbg_remove_all_info              4090	NOEXIST::FUNCTION:
 OPENSSL_init                            4091	NOEXIST::FUNCTION:
 -private_Camellia_set_key                4092	NOEXIST::FUNCTION:
 CRYPTO_strdup                           4093	EXIST::FUNCTION:
 JPAKE_STEP3A_process                    4094	EXIST::FUNCTION:JPAKE
 JPAKE_STEP1_release                     4095	EXIST::FUNCTION:JPAKE
--- a/mingw32-openssl-1.0.0-beta3-shared.patch
+++ b/mingw32-openssl-1.0.0-beta3-shared.patch
@ -0,0 +1,11 @@
 --- openssl-1.0.0-beta3/Makefile.shared.orig	2009-08-29 17:02:27.496816550 +0200
 +++ openssl-1.0.0-beta3/Makefile.shared	2009-08-29 17:04:54.897820373 +0200
@@ -250,7 +250,7 @@
 	base=-Wl,--enable-auto-image-base; \
 	deffile=; \
 	if expr $(PLATFORM) : 'mingw' > /dev/null; then \
 -		SHLIB=$(LIBNAME)eay32; base=; \
 +		SHLIB=lib$(LIBNAME); base=; \
 		if test -f $(LIBNAME)eay32.def; then \
 			deffile=$(LIBNAME)eay32.def; \
 		fi; \
--- a/mingw32-openssl.spec
+++ b/mingw32-openssl.spec
@ -1,8 +1,9 @@
-%define __strip %{_mingw32_strip}
+%global __strip %{_mingw32_strip}
-%define __objdump %{_mingw32_objdump}
+%global __objdump %{_mingw32_objdump}
-%define _use_internal_dependency_generator 0
+%global _use_internal_dependency_generator 0
-%define __find_requires %{_mingw32_findrequires}
+%global __find_requires %{_mingw32_findrequires}
-%define __find_provides %{_mingw32_findprovides}
+%global __find_provides %{_mingw32_findprovides}
 %define __debug_install_post %{_mingw32_debug_install_post}
 # For the curious:
 # 0.9.5a soversion = 0
@ -13,21 +14,24 @@
 # 0.9.7ef soversion = 5
 # 0.9.8ab soversion = 6
 # 0.9.8g soversion = 7
-# 0.9.8j + EAP-FAST soversion = 8
+# 0.9.8jk + EAP-FAST soversion = 8
-%define soversion 8
+# 1.0.0 soversion = 10
 %global soversion 10
 %global beta beta3
 # Enable the tests.
 # These only work some of the time, but fail randomly at other times
 # (although I have had them complete a few times, so I don't think
 # there is any actual problem with the binaries).
-%define run_tests 0
+%global run_tests 0
 # Number of threads to spawn when testing some threading fixes.
-%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
+%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}
 Name:           mingw32-openssl
-Version:        0.9.8j
+Version:        1.0.0
-Release:        7%{?dist}
+Release:        0.1.%{beta}%{?dist}
 Summary:        MinGW port of the OpenSSL toolkit
 License:        OpenSSL
@ -35,7 +39,7 @@ Group:          Development/Libraries
 URL:            http://www.openssl.org/
 # Use the hobble-openssl script to create the source file.
-Source0:        openssl-%{version}-usa.tar.bz2
+Source0:        openssl-%{version}-%{beta}-usa.tar.bz2
 Source1:        hobble-openssl
 Source2:        Makefile.certificate
@ -46,38 +50,38 @@ Source10:       opensslconf-new-warning.h
 # Patches from Fedora native package.
 # Build changes
-Patch0:         openssl-0.9.8j-redhat.patch
+Patch0:         openssl-1.0.0-beta3-redhat.patch
-Patch1:         openssl-0.9.8a-defaults.patch
+Patch1:         openssl-1.0.0-beta3-defaults.patch
-Patch2:         openssl-0.9.8a-link-krb5.patch
+Patch2:         openssl-1.0.0-beta3-krb5.patch
-Patch3:         openssl-0.9.8j-soversion.patch
+Patch3:         openssl-1.0.0-beta3-soversion.patch
-Patch4:         openssl-0.9.8j-enginesdir.patch
+Patch4:         openssl-1.0.0-beta3-enginesdir.patch
 Patch5:         openssl-0.9.8a-no-rpath.patch
 Patch6:         openssl-0.9.8b-test-use-localhost.patch
 Patch7:         openssl-0.9.8j-shlib-version.patch
 # Bug fixes
 Patch21:        openssl-0.9.8b-aliasing-bug.patch
-Patch22:        openssl-0.9.8b-x509-name-cmp.patch
+Patch23:        openssl-1.0.0-beta3-default-paths.patch
 Patch23:        openssl-0.9.8g-default-paths.patch
 Patch24:        openssl-0.9.8g-no-extssl.patch
 # Functionality changes
 Patch32:        openssl-0.9.8g-ia64.patch
 Patch33:        openssl-0.9.8j-ca-dir.patch
 Patch34:        openssl-0.9.6-x509.patch
 Patch35:        openssl-0.9.8j-version-add-engines.patch
-Patch38:        openssl-0.9.8a-reuse-cipher-change.patch
+Patch38:        openssl-1.0.0-beta3-cipher-change.patch
 # Disabled this because it uses getaddrinfo which is lacking on Windows.
-#Patch39:        openssl-0.9.8g-ipv6-apps.patch
+#Patch39:        openssl-1.0.0-beta3-ipv6-apps.patch
-Patch40:        openssl-0.9.8j-nocanister.patch
+Patch40:        openssl-1.0.0-beta3-fips.patch
-Patch41:        openssl-0.9.8j-use-fipscheck.patch
+Patch41:        openssl-1.0.0-beta3-fipscheck.patch
-Patch42:        openssl-0.9.8j-fipscheck-hmac.patch
+Patch43:        openssl-1.0.0-beta3-fipsmode.patch
-Patch43:        openssl-0.9.8j-evp-nonfips.patch
+Patch44:        openssl-1.0.0-beta3-fipsrng.patch
 Patch44:        openssl-0.9.8j-kernel-fipsmode.patch
 Patch45:        openssl-0.9.8j-env-nozlib.patch
 Patch46:        openssl-0.9.8j-eap-fast.patch
 Patch47:        openssl-0.9.8j-readme-warning.patch
 Patch48:        openssl-0.9.8j-bad-mime.patch
-Patch49:        openssl-0.9.8j-fips-no-pairwise.patch
+Patch49:        openssl-0.9.8k-algo-doc.patch
 Patch50:        openssl-1.0.0-beta3-curl.patch
 Patch51:        openssl-1.0.0-beta3-const.patch
 # Backported fixes including security fixes
 Patch60:        openssl-1.0.0-beta3-namingstr.patch
 Patch61:        openssl-1.0.0-beta3-namingblk.patch
 # MinGW-specific patches.
 Patch100:       mingw32-openssl-0.9.8j-header-files.patch
@ -85,12 +89,13 @@ Patch101:       mingw32-openssl-0.9.8j-configure.patch
 Patch102:       mingw32-openssl-0.9.8j-shared.patch
 Patch103:       mingw32-openssl-0.9.8g-global.patch
 Patch104:       mingw32-openssl-0.9.8g-sfx.patch
 Patch105:       mingw32-openssl-1.0.0-beta3-linker-fix.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
-BuildRequires:  mingw32-filesystem >= 49
+BuildRequires:  mingw32-filesystem >= 52
 BuildRequires:  mingw32-gcc
 BuildRequires:  mingw32-binutils
@ -139,8 +144,11 @@ Requires:       %{name} = %{version}-%{release}
 Static version of the MinGW port of the OpenSSL toolkit.
 %{_mingw32_debug_package}
 %prep
-%setup -q -n openssl-%{version}
+%setup -q -n openssl-%{version}-%{beta}
 %{SOURCE1} > /dev/null
 %patch0 -p1 -b .redhat
@ -151,12 +159,9 @@ Static version of the MinGW port of the OpenSSL toolkit.
 %patch4 -p1 -b .enginesdir
 %patch5 -p1 -b .no-rpath
 %patch6 -p1 -b .use-localhost
 %patch7 -p1 -b .shlib-version
 %patch21 -p1 -b .aliasing-bug
 %patch22 -p1 -b .name-cmp
 %patch23 -p1 -b .default-paths
 %patch24 -p1 -b .no-extssl
 %patch32 -p1 -b .ia64
 #patch33 is applied after make test
@ -164,22 +169,25 @@ Static version of the MinGW port of the OpenSSL toolkit.
 %patch35 -p1 -b .version-add-engines
 %patch38 -p1 -b .cipher-change
 #%patch39 -p1 -b .ipv6-apps
-%patch40 -p1 -b .nocanister
+%patch40 -p1 -b .fips
-%patch41 -p1 -b .use-fipscheck
+%patch41 -p1 -b .fipscheck
-%patch42 -p1 -b .fipscheck-hmac
+%patch43 -p1 -b .fipsmode
-%patch43 -p1 -b .evp-nonfips
+%patch44 -p1 -b .fipsrng
 %patch44 -p1 -b .fipsmode
 %patch45 -p1 -b .env-nozlib
 %patch46 -p1 -b .eap-fast
 %patch47 -p1 -b .warning
 %patch48 -p1 -b .bad-mime
-%patch49 -p1 -b .no-pairwise
+%patch49 -p1 -b .algo-doc
 %patch50 -p1 -b .curl
 %patch51 -p1 -b .const
 %patch60 -p1 -b .namingstr
 %patch61 -p1 -b .namingblk
-%patch100 -p1 -b .mingw-header-files
+#%patch100 -p1 -b .mingw-header-files
-%patch101 -p1 -b .mingw-configure
+#%patch101 -p1 -b .mingw-configure
-%patch102 -p1 -b .mingw-shared
+#%patch102 -p1 -b .mingw-shared
-%patch103 -p1 -b .mingw-global
+#%patch103 -p1 -b .mingw-global
-%patch104 -p1 -b .mingw-sfx
+#%patch104 -p1 -b .mingw-sfx
 %patch105 -p0 -b .mingw-linker-fix
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@ -191,22 +199,22 @@ make TABLE PERL=%{__perl}
 %build
 # NB: 'no-hw' is vital.  MinGW cannot build the hardware drivers
 # and if you don't have this you'll get an obscure link error.
-%{_mingw32_env}; \
+sed -i -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" Configure; \
 sed -i -e "s/MINGW32_CC/%{_mingw32_cc}/" -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" -e "s/MINGW32_RANLIB/%{_mingw32_ranlib}/" Configure; \
 ./Configure \
  --prefix=%{_mingw32_prefix} \
  --openssldir=%{_mingw32_sysconfdir}/pki/tls \
  zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
-  no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa no-hw shared \
+  enable-cms enable-md2 no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa \
  no-hw shared --cross-compile-prefix=%{_mingw32_target}- \
  --enginesdir=%{_mingw32_libdir}/openssl/engines \
  mingw
 #  --with-krb5-flavor=MIT
 #  -I%{_mingw32_prefix}/kerberos/include -L%{_mingw32_prefix}/kerberos/%{_lib}
-%{_mingw32_make} depend
+make depend
-%{_mingw32_make} all build-shared
+make all build-shared
 # Generate hashes for the included certs.
-%{_mingw32_make} rehash build-shared
+make rehash build-shared
 %if %{run_tests}
 #----------------------------------------------------------------------
@ -240,7 +248,7 @@ sleep 3
 DISPLAY=$display
 export DISPLAY
-%{_mingw32_make} LDCMD=%{_mingw32_cc} -C test apps tests
+make LDCMD=%{_mingw32_cc} -C test apps tests
 # Disable this thread test, because we don't have pthread on Windows.
 %{_mingw32_cc} -o openssl-thread-test \
@ -289,10 +297,6 @@ make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
 # Install the file applink.c (#499934)
 install -m644 ms/applink.c $RPM_BUILD_ROOT%{_mingw32_includedir}/openssl/applink.c
 # Install the actual DLLs.
 install libcrypto-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
 install libssl-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
 # I have no idea why it installs the manpages in /etc, but
 # we remove them anyway.
 rm -r $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/man
@ -324,8 +328,8 @@ rm -rf $RPM_BUILD_ROOT
 %doc LICENSE
 %{_mingw32_bindir}/openssl.exe
 %{_mingw32_bindir}/c_rehash
-%{_mingw32_bindir}/libcrypto-%{soversion}.dll
+%{_mingw32_bindir}/libeay32.dll
-%{_mingw32_bindir}/libssl-%{soversion}.dll
+%{_mingw32_bindir}/ssleay32.dll
 #{_mingw32_bindir}/.libcrypto*.hmac
 %{_mingw32_libdir}/libcrypto.dll.a
 %{_mingw32_libdir}/libssl.dll.a
@ -342,6 +346,13 @@ rm -rf $RPM_BUILD_ROOT
 %changelog
 * Fri Aug 28 2009 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.0.0-0.1.beta3
 - Update to version 1.0.0 beta 3
 - Use %%global instead of %%define
 - Automatically generate debuginfo subpackage
 - Merged various changes from the native Fedora package (up to 1.0.0-0.5.beta3)
 - Don't use the %%{_mingw32_make} macro anymore as it's ugly and causes side-effects
 * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8j-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--- a/openssl-0.9.8k-algo-doc.patch
+++ b/openssl-0.9.8k-algo-doc.patch
@ -0,0 +1,113 @@
 diff -up openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod
 --- openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod.algo-doc	2004-05-20 23:39:50.000000000 +0200
 +++ openssl-0.9.8k/doc/crypto/EVP_DigestInit.pod	2009-06-30 12:04:47.000000000 +0200
@@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
 EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
 -EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
 +EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224,
 +EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
 EVP digest routines
@@ -51,6 +52,10 @@ EVP digest routines
  const EVP_MD *EVP_md5(void);
  const EVP_MD *EVP_sha(void);
  const EVP_MD *EVP_sha1(void);
 + const EVP_MD *EVP_sha224(void);
 + const EVP_MD *EVP_sha256(void);
 + const EVP_MD *EVP_sha384(void);
 + const EVP_MD *EVP_sha512(void);
  const EVP_MD *EVP_dss(void);
  const EVP_MD *EVP_dss1(void);
  const EVP_MD *EVP_mdc2(void);
@@ -70,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ
 EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
 B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
 -function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
 +function. B<type> will typically be supplied by a function such as EVP_sha1().
 If B<impl> is NULL then the default implementation of digest B<type> is used.
 EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
@@ -127,9 +132,11 @@ with this digest. For example EVP_sha1()
 return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
 algorithms may not be retained in future versions of OpenSSL.
 -EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
 -return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
 -algorithms respectively. The associated signature algorithm is RSA in each case.
 +EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
 +EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160()
 +return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384,
 +SHA512, MDC2 and RIPEMD160 digest algorithms respectively. The associated
 +signature algorithm is RSA in each case.
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
 algorithms but using DSS (DSA) for the signature algorithm.
@@ -156,7 +163,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_
 EVP_MD_CTX_block_size()	and EVP_MD_block_size() return the digest or block
 size in bytes.
 -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
 +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
 +EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(),
 EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
 corresponding EVP_MD structures.
 diff -up openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod
 --- openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod.algo-doc	2005-04-15 18:01:35.000000000 +0200
 +++ openssl-0.9.8k/doc/crypto/EVP_EncryptInit.pod	2009-06-30 12:04:47.000000000 +0200
@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher 
  int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
  int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 + const EVP_CIPHER *EVP_des_ede3(void);
 + const EVP_CIPHER *EVP_des_ede3_ecb(void);
 + const EVP_CIPHER *EVP_des_ede3_cfb64(void);
 + const EVP_CIPHER *EVP_des_ede3_cfb1(void);
 + const EVP_CIPHER *EVP_des_ede3_cfb8(void);
 + const EVP_CIPHER *EVP_des_ede3_ofb(void);
 + const EVP_CIPHER *EVP_des_ede3_cbc(void);
 + const EVP_CIPHER *EVP_aes_128_ecb(void);
 + const EVP_CIPHER *EVP_aes_128_cbc(void);
 + const EVP_CIPHER *EVP_aes_128_cfb1(void);
 + const EVP_CIPHER *EVP_aes_128_cfb8(void);
 + const EVP_CIPHER *EVP_aes_128_cfb128(void);
 + const EVP_CIPHER *EVP_aes_128_ofb(void);
 + const EVP_CIPHER *EVP_aes_192_ecb(void);
 + const EVP_CIPHER *EVP_aes_192_cbc(void);
 + const EVP_CIPHER *EVP_aes_192_cfb1(void);
 + const EVP_CIPHER *EVP_aes_192_cfb8(void);
 + const EVP_CIPHER *EVP_aes_192_cfb128(void);
 + const EVP_CIPHER *EVP_aes_192_ofb(void);
 + const EVP_CIPHER *EVP_aes_256_ecb(void);
 + const EVP_CIPHER *EVP_aes_256_cbc(void);
 + const EVP_CIPHER *EVP_aes_256_cfb1(void);
 + const EVP_CIPHER *EVP_aes_256_cfb8(void);
 + const EVP_CIPHER *EVP_aes_256_cfb128(void);
 + const EVP_CIPHER *EVP_aes_256_ofb(void);
 +
 =head1 DESCRIPTION
 The EVP cipher routines are a high level interface to certain
@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an
 DESX algorithm in CBC mode.
 +=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void)
 +
 +AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively.
 +
 +=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void)
 +
 +AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively.
 +
 +=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void)
 +
 +AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively.
 +
 =item EVP_rc4(void)
 RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
--- a/openssl-1.0.0-beta3-cipher-change.patch
+++ b/openssl-1.0.0-beta3-cipher-change.patch
@ -0,0 +1,21 @@
 diff -up openssl-1.0.0-beta3/ssl/ssl.h.cipher-change openssl-1.0.0-beta3/ssl/ssl.h
 --- openssl-1.0.0-beta3/ssl/ssl.h.cipher-change	2009-08-05 18:22:45.000000000 +0200
 +++ openssl-1.0.0-beta3/ssl/ssl.h	2009-08-05 18:27:32.000000000 +0200
@@ -511,7 +511,7 @@ typedef struct ssl_session_st
 #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
 -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L /* can break some security expectations */
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
 #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
@@ -528,7 +528,7 @@ typedef struct ssl_session_st
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
  *             This used to be 0x000FFFFFL before 0.9.7. */
 -#define SSL_OP_ALL					0x80000FFFL
 +#define SSL_OP_ALL					0x80000FF7L
 /* DTLS options */
 #define SSL_OP_NO_QUERY_MTU                 0x00001000L
--- a/openssl-1.0.0-beta3-const.patch
+++ b/openssl-1.0.0-beta3-const.patch
@ -0,0 +1,36 @@
 diff -up openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod
 --- openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod.const	2009-02-14 22:49:37.000000000 +0100
 +++ openssl-1.0.0-beta3/doc/ssl/SSL_CIPHER_get_name.pod	2009-08-22 16:15:32.000000000 +0200
@@ -11,7 +11,7 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits
  const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
  int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
  char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
 - char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
 + char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
 =head1 DESCRIPTION
 diff -up openssl-1.0.0-beta3/ssl/ssl_ciph.c.const openssl-1.0.0-beta3/ssl/ssl_ciph.c
 --- openssl-1.0.0-beta3/ssl/ssl_ciph.c.const	2009-08-22 15:56:12.000000000 +0200
 +++ openssl-1.0.0-beta3/ssl/ssl_ciph.c	2009-08-22 15:56:12.000000000 +0200
@@ -1458,7 +1458,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
 	return(cipherstack);
 	}
 -char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 +char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	{
 	int is_export,pkl,kl;
 	const char *ver,*exp_str;
 diff -up openssl-1.0.0-beta3/ssl/ssl.h.const openssl-1.0.0-beta3/ssl/ssl.h
 --- openssl-1.0.0-beta3/ssl/ssl.h.const	2009-08-22 15:56:11.000000000 +0200
 +++ openssl-1.0.0-beta3/ssl/ssl.h	2009-08-22 15:56:12.000000000 +0200
@@ -1638,7 +1638,7 @@ long SSL_get_default_timeout(const SSL *
 int SSL_library_init(void );
 -char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
 +char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 SSL *SSL_dup(SSL *ssl);
--- a/openssl-1.0.0-beta3-curl.patch
+++ b/openssl-1.0.0-beta3-curl.patch
@ -0,0 +1,27 @@
 diff -up openssl-1.0.0-beta3/apps/tsget.curl openssl-1.0.0-beta3/apps/tsget
 --- openssl-1.0.0-beta3/apps/tsget.curl	2006-02-13 00:11:21.000000000 +0100
 +++ openssl-1.0.0-beta3/apps/tsget	2009-08-21 15:37:24.000000000 +0200
@@ -7,7 +7,7 @@ use strict;
 use IO::Handle;
 use Getopt::Std;
 use File::Basename;
 -use WWW::Curl::easy;
 +use WWW::Curl::Easy;
 use vars qw(%options);
@@ -37,7 +37,7 @@ sub create_curl {
     my $url = shift;
     # Create Curl object.
 -    my $curl = WWW::Curl::easy::new();
 +    my $curl = WWW::Curl::Easy::new();
     # Error-handling related options.
     $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
@@ -192,4 +192,4 @@ REQUEST: foreach (@ARGV) {
     STDERR->printflush(", $output written.\n") if $options{v};
 }
 $curl->cleanup();
 -WWW::Curl::easy::global_cleanup();
 +WWW::Curl::Easy::global_cleanup();
--- a/openssl-1.0.0-beta3-default-paths.patch
+++ b/openssl-1.0.0-beta3-default-paths.patch
@ -0,0 +1,77 @@
 diff -up openssl-1.0.0-beta3/apps/s_client.c.default-paths openssl-1.0.0-beta3/apps/s_client.c
 --- openssl-1.0.0-beta3/apps/s_client.c.default-paths	2009-06-30 18:10:24.000000000 +0200
 +++ openssl-1.0.0-beta3/apps/s_client.c	2009-08-05 18:17:52.000000000 +0200
@@ -888,12 +888,13 @@ bad:
 	if (!set_cert_key_stuff(ctx,cert,key))
 		goto end;
 -	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 -		(!SSL_CTX_set_default_verify_paths(ctx)))
 +	if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
 +		{
 +		ERR_print_errors(bio_err);
 +		}
 +	if (!SSL_CTX_set_default_verify_paths(ctx))
 		{
 -		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 -		/* goto end; */
 		}
 #ifndef OPENSSL_NO_TLSEXT
 diff -up openssl-1.0.0-beta3/apps/s_server.c.default-paths openssl-1.0.0-beta3/apps/s_server.c
 --- openssl-1.0.0-beta3/apps/s_server.c.default-paths	2009-06-30 18:10:24.000000000 +0200
 +++ openssl-1.0.0-beta3/apps/s_server.c	2009-08-05 18:18:40.000000000 +0200
@@ -1403,12 +1403,13 @@ bad:
 		}
 #endif
 -	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 -		(!SSL_CTX_set_default_verify_paths(ctx)))
 +	if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
 +		{
 +		ERR_print_errors(bio_err);
 +		}
 +	if (!SSL_CTX_set_default_verify_paths(ctx))
 		{
 -		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
 		ERR_print_errors(bio_err);
 -		/* goto end; */
 		}
 	if (vpm)
 		SSL_CTX_set1_param(ctx, vpm);
@@ -1457,8 +1458,11 @@ bad:
 		SSL_CTX_sess_set_cache_size(ctx2,128);
 -		if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
 -			(!SSL_CTX_set_default_verify_paths(ctx2)))
 +		if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
 +			{
 +			ERR_print_errors(bio_err);
 +			}
 +		if (!SSL_CTX_set_default_verify_paths(ctx2))
 			{
 			ERR_print_errors(bio_err);
 			}
 diff -up openssl-1.0.0-beta3/apps/s_time.c.default-paths openssl-1.0.0-beta3/apps/s_time.c
 --- openssl-1.0.0-beta3/apps/s_time.c.default-paths	2006-04-17 14:22:13.000000000 +0200
 +++ openssl-1.0.0-beta3/apps/s_time.c	2009-08-05 18:00:35.000000000 +0200
@@ -373,12 +373,13 @@ int MAIN(int argc, char **argv)
 	SSL_load_error_strings();
 -	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 -		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 +	if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
 +		{
 +		ERR_print_errors(bio_err);
 +		}
 +	if (!SSL_CTX_set_default_verify_paths(tm_ctx))
 		{
 -		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 -		/* goto end; */
 		}
 	if (tm_cipher == NULL)
--- a/openssl-1.0.0-beta3-defaults.patch
+++ b/openssl-1.0.0-beta3-defaults.patch
@ -0,0 +1,44 @@
 diff -up openssl-1.0.0-beta3/apps/openssl.cnf.defaults openssl-1.0.0-beta3/apps/openssl.cnf
 --- openssl-1.0.0-beta3/apps/openssl.cnf.defaults	2009-04-04 20:09:43.000000000 +0200
 +++ openssl-1.0.0-beta3/apps/openssl.cnf	2009-08-04 22:57:16.000000000 +0200
@@ -103,7 +103,8 @@ emailAddress		= optional
 ####################################################################
 [ req ]
 -default_bits		= 1024
 +default_bits		= 2048
 +default_md		= sha1
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
@@ -126,17 +127,18 @@ string_mask = utf8only
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
 -countryName_default		= AU
 +countryName_default		= XX
 countryName_min			= 2
 countryName_max			= 2
 stateOrProvinceName		= State or Province Name (full name)
 -stateOrProvinceName_default	= Some-State
 +#stateOrProvinceName_default	= Default Province
 localityName			= Locality Name (eg, city)
 +localityName_default	= Default City
 0.organizationName		= Organization Name (eg, company)
 -0.organizationName_default	= Internet Widgits Pty Ltd
 +0.organizationName_default	= Default Company Ltd
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
@@ -145,7 +147,7 @@ localityName			= Locality Name (eg, city
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
 -commonName			= Common Name (eg, YOUR name)
 +commonName			= Common Name (eg, your name or your server\'s hostname)
 commonName_max			= 64
 emailAddress			= Email Address
--- a/openssl-1.0.0-beta3-enginesdir.patch
+++ b/openssl-1.0.0-beta3-enginesdir.patch
@ -0,0 +1,52 @@
 diff -up openssl-1.0.0-beta3/Configure.enginesdir openssl-1.0.0-beta3/Configure
 --- openssl-1.0.0-beta3/Configure.enginesdir	2009-08-10 19:46:32.000000000 +0200
 +++ openssl-1.0.0-beta3/Configure	2009-08-10 19:46:32.000000000 +0200
@@ -616,6 +616,7 @@ my $idx_multilib = $idx++;
 my $prefix="";
 my $openssldir="";
 +my $enginesdir="";
 my $exe_ext="";
 my $install_prefix="";
 my $cross_compile_prefix="";
@@ -820,6 +821,10 @@ PROCESS_ARGS:
 				{
 				$openssldir=$1;
 				}
 +			elsif (/^--enginesdir=(.*)$/)
 +				{
 +				$enginesdir=$1;
 +				}
 			elsif (/^--install.prefix=(.*)$/)
 				{
 				$install_prefix=$1;
@@ -1037,7 +1042,7 @@ chop $prefix if $prefix =~ /.\/$/;
 $openssldir=$prefix . "/ssl" if $openssldir eq "";
 $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
 -
 +$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
 print "IsMK1MF=$IsMK1MF\n";
@@ -1645,7 +1650,7 @@ while (<IN>)
 		# $foo is to become "$prefix/lib$multilib/engines";
 		# as Makefile.org and engines/Makefile are adapted for
 		# $multilib suffix.
 -		my $foo = "$prefix/lib/engines";
 +		my $foo = "$enginesdir";
 		$foo =~ s/\\/\\\\/g;
 		print OUT "#define ENGINESDIR \"$foo\"\n";
 		}
 diff -up openssl-1.0.0-beta3/engines/Makefile.enginesdir openssl-1.0.0-beta3/engines/Makefile
 --- openssl-1.0.0-beta3/engines/Makefile.enginesdir	2009-06-14 04:37:22.000000000 +0200
 +++ openssl-1.0.0-beta3/engines/Makefile	2009-08-10 19:46:48.000000000 +0200
@@ -123,7 +123,7 @@ install:
 				sfx=".so"; \
 				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
 			  fi; \
 -			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
 +			  chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new; \
 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/$$pfx$$l$$sfx ); \
 		done; \
 	fi
--- a/openssl-1.0.0-beta3-fips.patch
+++ b/openssl-1.0.0-beta3-fips.patch
--- a/openssl-1.0.0-beta3-fipscheck.patch
+++ b/openssl-1.0.0-beta3-fipscheck.patch
@ -0,0 +1,400 @@
 diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips.c
 --- openssl-1.0.0-beta3/crypto/fips/fips.c.fipscheck	2009-08-10 20:11:59.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/fips/fips.c	2009-08-10 20:11:59.000000000 +0200
@@ -47,6 +47,7 @@
  *
  */
 +#define _GNU_SOURCE
 #include <openssl/rand.h>
 #include <openssl/fips_rand.h>
@@ -56,6 +57,9 @@
 #include <openssl/rsa.h>
 #include <string.h>
 #include <limits.h>
 +#include <dlfcn.h>
 +#include <stdio.h>
 +#include <stdlib.h>
 #include "fips_locl.h"
 #ifdef OPENSSL_FIPS
@@ -165,6 +169,204 @@ int FIPS_selftest()
 	&& FIPS_selftest_dsa();
     }
 +/* we implement what libfipscheck does ourselves */
 +
 +static int
 +get_library_path(const char *libname, const char *symbolname, char *path, size_t pathlen)
 +{
 +	Dl_info info;
 +	void *dl, *sym;
 +	int rv = -1;
 +
 +        dl = dlopen(libname, RTLD_LAZY);
 +        if (dl == NULL) {
 +	        return -1;
 +        }       
 +
 +	sym = dlsym(dl, symbolname);
 +
 +	if (sym != NULL && dladdr(sym, &info)) {
 +		strncpy(path, info.dli_fname, pathlen-1);
 +		path[pathlen-1] = '\0';
 +		rv = 0;
 +	}
 +
 +	dlclose(dl);	
 +	
 +	return rv;
 +}
 +
 +static const char conv[] = "0123456789abcdef";
 +
 +static char *
 +bin2hex(void *buf, size_t len)
 +{
 +	char *hex, *p;
 +	unsigned char *src = buf;
 +	
 +	hex = malloc(len * 2 + 1);
 +	if (hex == NULL)
 +		return NULL;
 +
 +	p = hex;
 +
 +	while (len > 0) {
 +		unsigned c;
 +
 +		c = *src;
 +		src++;
 +
 +		*p = conv[c >> 4];
 +		++p;
 +		*p = conv[c & 0x0f];
 +		++p;
 +		--len;
 +	}
 +	*p = '\0';
 +	return hex;
 +}
 +
 +#define HMAC_PREFIX "." 
 +#define HMAC_SUFFIX ".hmac" 
 +#define READ_BUFFER_LENGTH 16384
 +
 +static char *
 +make_hmac_path(const char *origpath)
 +{
 +	char *path, *p;
 +	const char *fn;
 +
 +	path = malloc(sizeof(HMAC_PREFIX) + sizeof(HMAC_SUFFIX) + strlen(origpath));
 +	if(path == NULL) {
 +		return NULL;
 +	}
 +
 +	fn = strrchr(origpath, '/');
 +	if (fn == NULL) {
 +		fn = origpath;
 +	} else {
 +		++fn;
 +	}
 +
 +	strncpy(path, origpath, fn-origpath);
 +	p = path + (fn - origpath);
 +	p = stpcpy(p, HMAC_PREFIX);
 +	p = stpcpy(p, fn);
 +	p = stpcpy(p, HMAC_SUFFIX);
 +
 +	return path;
 +}
 +
 +static const char hmackey[] = "orboDeJITITejsirpADONivirpUkvarP";
 +
 +static int
 +compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
 +{
 +	FILE *f = NULL;
 +	int rv = -1;
 +	unsigned char rbuf[READ_BUFFER_LENGTH];
 +	size_t len;
 +	unsigned int hlen;
 +	HMAC_CTX c;
 +
 +	HMAC_CTX_init(&c);
 +
 +	f = fopen(path, "r");
 +
 +	if (f == NULL) {
 +		goto end;
 +	}
 +
 +	HMAC_Init(&c, hmackey, sizeof(hmackey)-1, EVP_sha256());
 +
 +	while ((len=fread(rbuf, 1, sizeof(rbuf), f)) != 0) {
 +		HMAC_Update(&c, rbuf, len);
 +	}
 +
 +	len = sizeof(rbuf);
 +	/* reuse rbuf for hmac */
 +	HMAC_Final(&c, rbuf, &hlen);
 +
 +	*buf = malloc(hlen);
 +	if (*buf == NULL) {
 +		goto end;
 +	}
 +
 +	*hmaclen = hlen;
 +
 +	memcpy(*buf, rbuf, hlen);
 +
 +	rv = 0;
 +end:
 +	HMAC_CTX_cleanup(&c);
 +
 +	if (f)
 +		fclose(f);
 +
 +	return rv;
 +}
 +
 +static int
 +FIPSCHECK_verify(const char *libname, const char *symbolname)
 +{
 +	char path[PATH_MAX+1];
 +	int rv;
 +	FILE *hf;
 +	char *hmacpath, *p;
 +	char *hmac = NULL;
 +	size_t n;
 +	
 +	rv = get_library_path(libname, symbolname, path, sizeof(path));
 +
 +	if (rv < 0)
 +		return 0;
 +
 +	hmacpath = make_hmac_path(path);
 +
 +	hf = fopen(hmacpath, "r");
 +	if (hf == NULL) {
 +		free(hmacpath);
 +		return 0;
 +	}
 +
 +	if (getline(&hmac, &n, hf) > 0) {
 +		void *buf;
 +		size_t hmaclen;
 +		char *hex;
 +
 +		if ((p=strchr(hmac, '\n')) != NULL)
 +			*p = '\0';
 +
 +		if (compute_file_hmac(path, &buf, &hmaclen) < 0) {
 +			rv = -4;
 +			goto end;
 +		}
 +
 +		if ((hex=bin2hex(buf, hmaclen)) == NULL) {
 +			free(buf);
 +			rv = -5;
 +			goto end;
 +		}
 +
 +		if (strcmp(hex, hmac) != 0) {
 +			rv = -1;
 +		}
 +		free(buf);
 +		free(hex);
 +	}
 +
 +end:
 +	free(hmac);
 +	free(hmacpath);
 +	fclose(hf);
 +
 +	if (rv < 0)
 +		return 0;
 +
 +	/* check successful */
 +	return 1;	
 +}
 +
 int FIPS_mode_set(int onoff)
     {
     int fips_set_owning_thread();
@@ -201,6 +403,22 @@ int FIPS_mode_set(int onoff)
 	    }
 #endif
 +	if(!FIPSCHECK_verify("libcrypto.so." SHLIB_VERSION_NUMBER,"FIPS_mode_set"))
 +	    {
 +	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
 +	    fips_selftest_fail = 1;
 +	    ret = 0;
 +	    goto end;
 +	    }
 +
 +	if(!FIPSCHECK_verify("libssl.so." SHLIB_VERSION_NUMBER,"SSL_CTX_new"))
 +	    {
 +	    FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
 +	    fips_selftest_fail = 1;
 +	    ret = 0;
 +	    goto end;
 +	    }
 +
 	/* Perform RNG KAT before seeding */
 	if (!FIPS_selftest_rng())
 	    {
 diff -up openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c
 --- openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c.fipscheck	2009-08-10 20:11:59.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/fips/fips_standalone_sha1.c	2009-08-10 20:11:59.000000000 +0200
@@ -62,7 +62,7 @@ void OPENSSL_cleanse(void *p,size_t len)
 #ifdef OPENSSL_FIPS
 -static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
 +static void hmac_init(SHA256_CTX *md_ctx,SHA256_CTX *o_ctx,
 		      const char *key)
     {
     size_t len=strlen(key);
@@ -72,10 +72,10 @@ static void hmac_init(SHA_CTX *md_ctx,SH
     if (len > SHA_CBLOCK)
 	{
 -	SHA1_Init(md_ctx);
 -	SHA1_Update(md_ctx,key,len);
 -	SHA1_Final(keymd,md_ctx);
 -	len=20;
 +	SHA256_Init(md_ctx);
 +	SHA256_Update(md_ctx,key,len);
 +	SHA256_Final(keymd,md_ctx);
 +	len=SHA256_DIGEST_LENGTH;
 	}
     else
 	memcpy(keymd,key,len);
@@ -83,22 +83,22 @@ static void hmac_init(SHA_CTX *md_ctx,SH
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x36^keymd[i];
 -    SHA1_Init(md_ctx);
 -    SHA1_Update(md_ctx,pad,SHA_CBLOCK);
 +    SHA256_Init(md_ctx);
 +    SHA256_Update(md_ctx,pad,SHA256_CBLOCK);
     for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
 	pad[i]=0x5c^keymd[i];
 -    SHA1_Init(o_ctx);
 -    SHA1_Update(o_ctx,pad,SHA_CBLOCK);
 +    SHA256_Init(o_ctx);
 +    SHA256_Update(o_ctx,pad,SHA256_CBLOCK);
     }
 -static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
 +static void hmac_final(unsigned char *md,SHA256_CTX *md_ctx,SHA256_CTX *o_ctx)
     {
 -    unsigned char buf[20];
 +    unsigned char buf[SHA256_DIGEST_LENGTH];
 -    SHA1_Final(buf,md_ctx);
 -    SHA1_Update(o_ctx,buf,sizeof buf);
 -    SHA1_Final(md,o_ctx);
 +    SHA256_Final(buf,md_ctx);
 +    SHA256_Update(o_ctx,buf,sizeof buf);
 +    SHA256_Final(md,o_ctx);
     }
 #endif
@@ -106,7 +106,7 @@ static void hmac_final(unsigned char *md
 int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS
 -    static char key[]="etaonrishdlcupfm";
 +    static char key[]="orboDeJITITejsirpADONivirpUkvarP";
     int n,binary=0;
     if(argc < 2)
@@ -125,8 +125,8 @@ int main(int argc,char **argv)
     for(; n < argc ; ++n)
 	{
 	FILE *f=fopen(argv[n],"rb");
 -	SHA_CTX md_ctx,o_ctx;
 -	unsigned char md[20];
 +	SHA256_CTX md_ctx,o_ctx;
 +	unsigned char md[SHA256_DIGEST_LENGTH];
 	int i;
 	if(!f)
@@ -151,18 +151,18 @@ int main(int argc,char **argv)
 		else
 		    break;
 		}
 -	    SHA1_Update(&md_ctx,buf,l);
 +	    SHA256_Update(&md_ctx,buf,l);
 	    }
 	hmac_final(md,&md_ctx,&o_ctx);
 	if (binary)
 	    {
 -	    fwrite(md,20,1,stdout);
 +	    fwrite(md,SHA256_DIGEST_LENGTH,1,stdout);
 	    break;	/* ... for single(!) file */
 	    }
 -	printf("HMAC-SHA1(%s)= ",argv[n]);
 -	for(i=0 ; i < 20 ; ++i)
 +/*	printf("HMAC-SHA1(%s)= ",argv[n]); */
 +	for(i=0 ; i < SHA256_DIGEST_LENGTH ; ++i)
 	    printf("%02x",md[i]);
 	printf("\n");
 	}
 diff -up openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck openssl-1.0.0-beta3/crypto/fips/Makefile
 --- openssl-1.0.0-beta3/crypto/fips/Makefile.fipscheck	2009-08-10 20:11:59.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/fips/Makefile	2009-08-10 20:27:45.000000000 +0200
@@ -16,6 +16,9 @@ GENERAL=Makefile
 TEST=fips_test_suite.c fips_randtest.c
 APPS=
 +PROGRAM= fips_standalone_sha1
 +EXE= $(PROGRAM)$(EXE_EXT)
 +
 LIB=$(TOP)/libcrypto.a
 LIBSRC=fips_aes_selftest.c fips_des_selftest.c fips_hmac_selftest.c fips_rand_selftest.c \
     fips_rsa_selftest.c fips_sha1_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
@@ -25,6 +28,8 @@ LIBOBJ=fips_aes_selftest.o fips_des_self
     fips_rsa_selftest.o fips_sha1_selftest.o fips.o fips_dsa_selftest.o  fips_rand.o \
     fips_rsa_x931g.o
 +LIBCRYPTO=-L.. -lcrypto
 +
 SRC= $(LIBSRC) fips_standalone_sha1.c
 EXHEADER= fips.h fips_rand.h
@@ -35,13 +40,15 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 -all:	lib
 +all:	lib exe
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 +exe:	$(EXE)
 +
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -77,5 +84,9 @@ dclean:
 clean:
 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 +$(EXE): $(PROGRAM).o
 +	FIPS_SHA_ASM=""; for i in $(SHA1_ASM_OBJ) sha256.o ; do FIPS_SHA_ASM="$$FIPS_SHA_ASM ../sha/$$i" ; done; \
 +	$(CC) -o $@ $(CFLAGS) $(PROGRAM).o $$FIPS_SHA_ASM
 +
 # DO NOT DELETE THIS LINE -- make depend depends on it.
--- a/openssl-1.0.0-beta3-fipsmode.patch
+++ b/openssl-1.0.0-beta3-fipsmode.patch
@ -0,0 +1,263 @@
 diff -up openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode openssl-1.0.0-beta3/crypto/engine/eng_all.c
 --- openssl-1.0.0-beta3/crypto/engine/eng_all.c.fipsmode	2009-07-01 16:55:58.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/engine/eng_all.c	2009-08-11 17:37:16.000000000 +0200
@@ -58,9 +58,23 @@
 #include "cryptlib.h"
 #include "eng_int.h"
 +#ifdef OPENSSL_FIPS
 +#include <openssl/fips.h>
 +#endif
 void ENGINE_load_builtin_engines(void)
 	{
 +#ifdef OPENSSL_FIPS
 +	OPENSSL_init_library();
 +	if (FIPS_mode()) {
 +		/* We allow loading dynamic engine as a third party
 +		   engine might be FIPS validated.
 +		   User is disallowed to load non-validated engines
 +		   by security policy. */
 +		ENGINE_load_dynamic();
 +		return;
 +	}
 +#endif
 #if 0
 	/* There's no longer any need for an "openssl" ENGINE unless, one day,
 	 * it is the *only* way for standard builtin implementations to be be
 diff -up openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_allc.c
 --- openssl-1.0.0-beta3/crypto/evp/c_allc.c.fipsmode	2007-04-24 01:48:28.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/evp/c_allc.c	2009-08-11 17:42:34.000000000 +0200
@@ -65,6 +65,11 @@
 void OpenSSL_add_all_ciphers(void)
 	{
 +#ifdef OPENSSL_FIPS
 +	OPENSSL_init_library();
 +	if(!FIPS_mode()) 
 +		{
 +#endif
 #ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cfb());
 	EVP_add_cipher(EVP_des_cfb1());
@@ -219,4 +224,61 @@ void OpenSSL_add_all_ciphers(void)
 	EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
 	EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
 #endif
 +#ifdef OPENSSL_FIPS
 +		}
 +	else
 +		{
 +#ifndef OPENSSL_NO_DES
 +	EVP_add_cipher(EVP_des_ede_cfb());
 +	EVP_add_cipher(EVP_des_ede3_cfb());
 +
 +	EVP_add_cipher(EVP_des_ede_ofb());
 +	EVP_add_cipher(EVP_des_ede3_ofb());
 +
 +	EVP_add_cipher(EVP_des_ede_cbc());
 +	EVP_add_cipher(EVP_des_ede3_cbc());
 +	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
 +	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
 +
 +	EVP_add_cipher(EVP_des_ede());
 +	EVP_add_cipher(EVP_des_ede3());
 +#endif
 +
 +#ifndef OPENSSL_NO_AES
 +	EVP_add_cipher(EVP_aes_128_ecb());
 +	EVP_add_cipher(EVP_aes_128_cbc());
 +	EVP_add_cipher(EVP_aes_128_cfb());
 +	EVP_add_cipher(EVP_aes_128_cfb1());
 +	EVP_add_cipher(EVP_aes_128_cfb8());
 +	EVP_add_cipher(EVP_aes_128_ofb());
 +#if 0
 +	EVP_add_cipher(EVP_aes_128_ctr());
 +#endif
 +	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
 +	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
 +	EVP_add_cipher(EVP_aes_192_ecb());
 +	EVP_add_cipher(EVP_aes_192_cbc());
 +	EVP_add_cipher(EVP_aes_192_cfb());
 +	EVP_add_cipher(EVP_aes_192_cfb1());
 +	EVP_add_cipher(EVP_aes_192_cfb8());
 +	EVP_add_cipher(EVP_aes_192_ofb());
 +#if 0
 +	EVP_add_cipher(EVP_aes_192_ctr());
 +#endif
 +	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
 +	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
 +	EVP_add_cipher(EVP_aes_256_ecb());
 +	EVP_add_cipher(EVP_aes_256_cbc());
 +	EVP_add_cipher(EVP_aes_256_cfb());
 +	EVP_add_cipher(EVP_aes_256_cfb1());
 +	EVP_add_cipher(EVP_aes_256_cfb8());
 +	EVP_add_cipher(EVP_aes_256_ofb());
 +#if 0
 +	EVP_add_cipher(EVP_aes_256_ctr());
 +#endif
 +	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
 +	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
 +#endif
 +		}
 +#endif
 	}
 diff -up openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode openssl-1.0.0-beta3/crypto/evp/c_alld.c
 --- openssl-1.0.0-beta3/crypto/evp/c_alld.c.fipsmode	2009-07-08 10:50:53.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/evp/c_alld.c	2009-08-11 17:54:08.000000000 +0200
@@ -64,6 +64,11 @@
 void OpenSSL_add_all_digests(void)
 	{
 +#ifdef OPENSSL_FIPS
 +	OPENSSL_init_library();
 +	if (!FIPS_mode())
 +		{
 +#endif
 #ifndef OPENSSL_NO_MD4
 	EVP_add_digest(EVP_md4());
 #endif
@@ -110,5 +115,33 @@ void OpenSSL_add_all_digests(void)
 #endif
 #ifndef OPENSSL_NO_WHIRLPOOL
 	EVP_add_digest(EVP_whirlpool());
 +#endif
 +#ifdef OPENSSL_FIPS
 +		}
 +	else
 +		{
 +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 +	EVP_add_digest(EVP_sha1());
 +	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
 +	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 +#ifndef OPENSSL_NO_DSA
 +	EVP_add_digest(EVP_dss1());
 +	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
 +	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
 +	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 +#endif
 +#ifndef OPENSSL_NO_ECDSA
 +	EVP_add_digest(EVP_ecdsa());
 +#endif
 +#endif
 +#ifndef OPENSSL_NO_SHA256
 +	EVP_add_digest(EVP_sha224());
 +	EVP_add_digest(EVP_sha256());
 +#endif
 +#ifndef OPENSSL_NO_SHA512
 +	EVP_add_digest(EVP_sha384());
 +	EVP_add_digest(EVP_sha512());
 +#endif
 +		}
 #endif
 	}
 diff -up openssl-1.0.0-beta3/crypto/o_init.c.fipsmode openssl-1.0.0-beta3/crypto/o_init.c
 --- openssl-1.0.0-beta3/crypto/o_init.c.fipsmode	2009-08-11 17:28:25.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/o_init.c	2009-08-11 17:39:06.000000000 +0200
@@ -59,6 +59,43 @@
 #include <e_os.h>
 #include <openssl/err.h>
 +#ifdef OPENSSL_FIPS
 +#include <sys/types.h>
 +#include <sys/stat.h>
 +#include <fcntl.h>
 +#include <unistd.h>
 +#include <errno.h>
 +#include <stdlib.h>
 +#include <openssl/fips.h>
 +
 +#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
 +
 +static void init_fips_mode(void)
 +	{
 +	char buf[2] = "0";
 +	int fd;
 +	
 +	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
 +		{
 +		buf[0] = '1';
 +		}
 +	else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
 +		{
 +		while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
 +		close(fd);
 +		}
 +	/* Failure reading the fips mode switch file means just not
 +	 * switching into FIPS mode. We would break too many things
 +	 * otherwise. 
 +	 */
 +	
 +	if (buf[0] == '1')
 +		{
 +		FIPS_mode_set(1);
 +		}
 +	}
 +#endif
 +
 /* Perform any essential OpenSSL initialization operations.
  * Currently only sets FIPS callbacks
  */
@@ -72,6 +109,7 @@ void OPENSSL_init_library(void)
 #ifdef CRYPTO_MDEBUG
 		CRYPTO_malloc_debug_init();
 #endif
 +		init_fips_mode();
 		done = 1;
 		}
 #endif
 diff -up openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode openssl-1.0.0-beta3/ssl/ssl_algs.c
 --- openssl-1.0.0-beta3/ssl/ssl_algs.c.fipsmode	2009-07-08 10:50:53.000000000 +0200
 +++ openssl-1.0.0-beta3/ssl/ssl_algs.c	2009-08-11 18:01:13.000000000 +0200
@@ -64,6 +64,12 @@
 int SSL_library_init(void)
 	{
 +#ifdef OPENSSL_FIPS
 +	OPENSSL_init_library();
 +	if (!FIPS_mode())
 +		{
 +#endif
 +
 #ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cbc());
 	EVP_add_cipher(EVP_des_ede3_cbc());
@@ -115,6 +121,38 @@ int SSL_library_init(void)
 	EVP_add_digest(EVP_sha());
 	EVP_add_digest(EVP_dss());
 #endif
 +#ifdef OPENSSL_FIPS
 +		}
 +	else
 +		{
 +#ifndef OPENSSL_NO_DES
 +	EVP_add_cipher(EVP_des_ede3_cbc());
 +#endif
 +#ifndef OPENSSL_NO_AES
 +	EVP_add_cipher(EVP_aes_128_cbc());
 +	EVP_add_cipher(EVP_aes_192_cbc());
 +	EVP_add_cipher(EVP_aes_256_cbc());
 +#endif
 +#ifndef OPENSSL_NO_MD5
 +	/* needed even in the FIPS mode for TLS MAC */
 +	EVP_add_digest(EVP_md5());
 +#endif
 +#ifndef OPENSSL_NO_SHA
 +	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
 +	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
 +	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 +#endif
 +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
 +	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
 +	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
 +	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
 +	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
 +#endif
 +#ifndef OPENSSL_NO_ECDSA
 +	EVP_add_digest(EVP_ecdsa());
 +#endif
 +		}
 +#endif
 #ifndef OPENSSL_NO_COMP
 	/* This will initialise the built-in compression algorithms.
 	   The value returned is a STACK_OF(SSL_COMP), but that can
--- a/openssl-1.0.0-beta3-fipsrng.patch
+++ b/openssl-1.0.0-beta3-fipsrng.patch
@ -0,0 +1,79 @@
 diff -up openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips.c
 --- openssl-1.0.0-beta3/crypto/fips/fips.c.fipsrng	2009-08-11 18:12:14.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/fips/fips.c	2009-08-11 18:14:36.000000000 +0200
@@ -427,22 +427,22 @@ int FIPS_mode_set(int onoff)
 	    goto end;
 	    }
 +	/* now switch the RNG into FIPS mode */
 +	fips_set_rand_check(FIPS_rand_method());
 +	RAND_set_rand_method(FIPS_rand_method());
 +
 	/* automagically seed PRNG if not already seeded */
 	if(!FIPS_rand_status())
 	    {
 -	    if(RAND_bytes(buf,sizeof buf) <= 0)
 +	    RAND_poll();
 +	    if (!FIPS_rand_status())
 		{
 		fips_selftest_fail = 1;
 		ret = 0;
 		goto end;
 		}
 -	    FIPS_rand_set_key(buf,32);
 -	    FIPS_rand_seed(buf+32,16);
 	    }
 -	/* now switch into FIPS mode */
 -	fips_set_rand_check(FIPS_rand_method());
 -	RAND_set_rand_method(FIPS_rand_method());
 	if(FIPS_selftest())
 	    fips_set_mode(1);
 	else
 diff -up openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng openssl-1.0.0-beta3/crypto/fips/fips_rand.c
 --- openssl-1.0.0-beta3/crypto/fips/fips_rand.c.fipsrng	2009-08-11 18:12:14.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/fips/fips_rand.c	2009-08-11 18:16:48.000000000 +0200
@@ -155,7 +155,18 @@ static int fips_set_prng_seed(FIPS_PRNG_
 	{
 	int i;
 	if (!ctx->keyed)
 -		return 0;
 +		{
 +		FIPS_RAND_SIZE_T keylen = 16;
 +
 +		if (seedlen - keylen < AES_BLOCK_LENGTH)
 +			return 0;
 +		if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
 +			keylen += 8;
 +		if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
 +			keylen += 8;
 +		seedlen -= keylen;
 +		fips_set_prng_key(ctx, seed+seedlen, keylen);
 +		}
 	/* In test mode seed is just supplied data */
 	if (ctx->test_mode)
 		{
@@ -276,6 +287,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
 	unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
 	unsigned char tmp[AES_BLOCK_LENGTH];
 	int i;
 +	FIPS_selftest_check();
 	if (ctx->error)
 		{
 		RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
 diff -up openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng openssl-1.0.0-beta3/crypto/rand/rand_lcl.h
 --- openssl-1.0.0-beta3/crypto/rand/rand_lcl.h.fipsrng	2009-08-11 18:12:13.000000000 +0200
 +++ openssl-1.0.0-beta3/crypto/rand/rand_lcl.h	2009-08-11 18:18:13.000000000 +0200
@@ -112,8 +112,11 @@
 #ifndef HEADER_RAND_LCL_H
 #define HEADER_RAND_LCL_H
 +#ifndef OPENSSL_FIPS
 #define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
 -
 +#else
 +#define ENTROPY_NEEDED 48  /* we need 48 bytes of randomness for FIPS rng */
 +#endif
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
--- a/openssl-1.0.0-beta3-ipv6-apps.patch
+++ b/openssl-1.0.0-beta3-ipv6-apps.patch
@ -0,0 +1,506 @@
 diff -up openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps openssl-1.0.0-beta3/apps/s_apps.h
 --- openssl-1.0.0-beta3/apps/s_apps.h.ipv6-apps	2009-08-05 21:29:58.000000000 +0200
 +++ openssl-1.0.0-beta3/apps/s_apps.h	2009-08-05 21:29:58.000000000 +0200
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 -int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
 +int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok, 
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 #endif
 -int init_client(int *sock, char *server, int port, int type);
 +int init_client(int *sock, char *server, char *port, int type);
 int should_retry(int i);
 -int extract_port(char *str, short *port_ptr);
 -int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
 +int extract_host_port(char *str,char **host_ptr,char **port_ptr);
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 				   int argi, long argl, long ret);
 diff -up openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps openssl-1.0.0-beta3/apps/s_client.c
 --- openssl-1.0.0-beta3/apps/s_client.c.ipv6-apps	2009-08-05 21:29:58.000000000 +0200
 +++ openssl-1.0.0-beta3/apps/s_client.c	2009-08-05 22:33:44.000000000 +0200
@@ -388,7 +388,7 @@ int MAIN(int argc, char **argv)
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
 	fd_set readfds,writefds;
 -	short port=PORT;
 +	char *port_str = PORT_STR;
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
 	char *cert_file=NULL,*key_file=NULL;
@@ -486,13 +486,12 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-port") == 0)
 			{
 			if (--argc < 1) goto bad;
 -			port=atoi(*(++argv));
 -			if (port == 0) goto bad;
 +			port_str= *(++argv);
 			}
 		else if (strcmp(*argv,"-connect") == 0)
 			{
 			if (--argc < 1) goto bad;
 -			if (!extract_host_port(*(++argv),&host,NULL,&port))
 +			if (!extract_host_port(*(++argv),&host,&port_str))
 				goto bad;
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
@@ -956,7 +955,7 @@ bad:
 re_start:
 -	if (init_client(&s,host,port,socket_type) == 0)
 +	if (init_client(&s,host,port_str,socket_type) == 0)
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
 diff -up openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps openssl-1.0.0-beta3/apps/s_server.c
 --- openssl-1.0.0-beta3/apps/s_server.c.ipv6-apps	2009-08-05 21:29:58.000000000 +0200
 +++ openssl-1.0.0-beta3/apps/s_server.c	2009-08-05 21:29:58.000000000 +0200
@@ -837,7 +837,7 @@ int MAIN(int argc, char *argv[])
 	{
 	X509_VERIFY_PARAM *vpm = NULL;
 	int badarg = 0;
 -	short port=PORT;
 +	char *port_str = PORT_STR;
 	char *CApath=NULL,*CAfile=NULL;
 	unsigned char *context = NULL;
 	char *dhfile = NULL;
@@ -907,8 +907,7 @@ int MAIN(int argc, char *argv[])
 			 (strcmp(*argv,"-accept") == 0))
 			{
 			if (--argc < 1) goto bad;
 -			if (!extract_port(*(++argv),&port))
 -				goto bad;
 +			port_str= *(++argv);
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
@@ -1685,9 +1684,9 @@ bad:
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	(void)BIO_flush(bio_s_out);
 	if (www)
 -		do_server(port,socket_type,&accept_socket,www_body, context);
 +		do_server(port_str,socket_type,&accept_socket,www_body, context);
 	else
 -		do_server(port,socket_type,&accept_socket,sv_body, context);
 +		do_server(port_str,socket_type,&accept_socket,sv_body, context);
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
 diff -up openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps openssl-1.0.0-beta3/apps/s_socket.c
 --- openssl-1.0.0-beta3/apps/s_socket.c.ipv6-apps	2008-11-12 04:57:47.000000000 +0100
 +++ openssl-1.0.0-beta3/apps/s_socket.c	2009-08-05 21:29:58.000000000 +0200
@@ -96,9 +96,7 @@ static struct hostent *GetHostByName(cha
 static void ssl_sock_cleanup(void);
 #endif
 static int ssl_sock_init(void);
 -static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
 -static int init_server(int *sock, int port, int type);
 -static int init_server_long(int *sock, int port,char *ip, int type);
 +static int init_server(int *sock, char *port, int type);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);
@@ -228,58 +226,70 @@ static int ssl_sock_init(void)
 	return(1);
 	}
 -int init_client(int *sock, char *host, int port, int type)
 +int init_client(int *sock, char *host, char *port, int type)
 	{
 -	unsigned char ip[4];
 -
 -	if (!host_ip(host,&(ip[0])))
 -		{
 -		return(0);
 -		}
 -	return(init_client_ip(sock,ip,port,type));
 -	}
 -
 -static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 -	{
 -	unsigned long addr;
 -	struct sockaddr_in them;
 -	int s,i;
 +	struct addrinfo *res, *res0, hints;
 +	char * failed_call = NULL;
 +	int s;
 +	int e;
 	if (!ssl_sock_init()) return(0);
 -	memset((char *)&them,0,sizeof(them));
 -	them.sin_family=AF_INET;
 -	them.sin_port=htons((unsigned short)port);
 -	addr=(unsigned long)
 -		((unsigned long)ip[0]<<24L)|
 -		((unsigned long)ip[1]<<16L)|
 -		((unsigned long)ip[2]<< 8L)|
 -		((unsigned long)ip[3]);
 -	them.sin_addr.s_addr=htonl(addr);
 -
 -	if (type == SOCK_STREAM)
 -		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 -	else /* ( type == SOCK_DGRAM) */
 -		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
 -			
 -	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 +	memset(&hints, '\0', sizeof(hints));
 +	hints.ai_socktype = type;
 +	hints.ai_flags = AI_ADDRCONFIG;
 +
 +	e = getaddrinfo(host, port, &hints, &res);
 +	if (e)
 +	{
 +		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
 +		if (e == EAI_SYSTEM)
 +			perror("getaddrinfo");
 +		return (0);
 +		}
 +	res0 = res;
 +	while (res)
 +		{
 +		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
 +		if (s == INVALID_SOCKET)
 +			{
 +			failed_call = "socket";
 +			goto nextres;
 +			}
 #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
 	if (type == SOCK_STREAM)
 		{
 -		i=0;
 -		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 -		if (i < 0) { perror("keepalive"); return(0); }
 +			int i=0;
 +			i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
 +				(char *)&i,sizeof(i));
 +			if (i < 0) {
 +				failed_call = "keepalive";
 +				goto nextres;
 +				}
 		}
 #endif
 -
 -	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 -		{ closesocket(s); perror("connect"); return(0); }
 +		if (connect(s,(struct sockaddr *)res->ai_addr,
 +			res->ai_addrlen) == 0)
 +			{
 +			freeaddrinfo(res0);
 	*sock=s;
 	return(1);
 	}
 -int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
 +		failed_call = "socket";
 +nextres:
 +		if (s != INVALID_SOCKET)
 +			close(s);
 +		res = res->ai_next;
 +		}
 +	freeaddrinfo(res0);
 +
 +	perror(failed_call);
 +	return(0);
 +	}
 +
 +int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
 	{
 	int sock;
 	char *name = NULL;
@@ -317,33 +327,38 @@ int do_server(int port, int type, int *r
 		}
 	}
 -static int init_server_long(int *sock, int port, char *ip, int type)
 +static int init_server(int *sock, char *port, int type)
 	{
 -	int ret=0;
 -	struct sockaddr_in server;
 -	int s= -1,i;
 +	struct addrinfo *res, *res0, hints;
 +	char * failed_call = NULL;
 +	char port_name[8];
 +	int s;
 +	int e;
 	if (!ssl_sock_init()) return(0);
 -	memset((char *)&server,0,sizeof(server));
 -	server.sin_family=AF_INET;
 -	server.sin_port=htons((unsigned short)port);
 -	if (ip == NULL)
 -		server.sin_addr.s_addr=INADDR_ANY;
 -	else
 -/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
 -#ifndef BIT_FIELD_LIMITS
 -		memcpy(&server.sin_addr.s_addr,ip,4);
 -#else
 -		memcpy(&server.sin_addr,ip,4);
 -#endif
 +	memset(&hints, '\0', sizeof(hints));
 +	hints.ai_socktype = type;
 +	hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
 -		if (type == SOCK_STREAM)
 -			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 -		else /* type == SOCK_DGRAM */
 -			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
 +	e = getaddrinfo(NULL, port, &hints, &res);
 +	if (e)
 +		{
 +		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
 +		if (e == EAI_SYSTEM)
 +			perror("getaddrinfo");
 +		return (0);
 +		}
 -	if (s == INVALID_SOCKET) goto err;
 +	res0 = res;
 +	while (res)
 +		{
 +		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
 +		if (s == INVALID_SOCKET)
 +			{
 +			failed_call = "socket";
 +			goto nextres;
 +			}
 #if defined SOL_SOCKET && defined SO_REUSEADDR
 		{
 		int j = 1;
@@ -351,36 +366,39 @@ static int init_server_long(int *sock, i
 			   (void *) &j, sizeof j);
 		}
 #endif
 -	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 +
 +		if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
 		{
 -#ifndef OPENSSL_SYS_WINDOWS
 -		perror("bind");
 -#endif
 -		goto err;
 +			failed_call = "bind";
 +			goto nextres;
 		}
 -	/* Make it 128 for linux */
 -	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
 -	i=0;
 -	*sock=s;
 -	ret=1;
 -err:
 -	if ((ret == 0) && (s != -1))
 +		if (type==SOCK_STREAM && listen(s,128) == -1)
 		{
 -		SHUTDOWN(s);
 +			failed_call = "listen";
 +			goto nextres;
 		}
 -	return(ret);
 +
 +		*sock=s;
 +		return(1);
 +
 +nextres:
 +		if (s != INVALID_SOCKET)
 +			close(s);
 +		res = res->ai_next;
 	}
 +	freeaddrinfo(res0);
 -static int init_server(int *sock, int port, int type)
 -	{
 -	return(init_server_long(sock, port, NULL, type));
 +	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 +
 +	perror(failed_call);
 +	return(0);
 	}
 static int do_accept(int acc_sock, int *sock, char **host)
 	{
 -	int ret,i;
 -	struct hostent *h1,*h2;
 -	static struct sockaddr_in from;
 +	static struct sockaddr_storage from;
 +	char buffer[NI_MAXHOST];
 +	int ret;
 	int len;
 /*	struct linger ling; */
@@ -425,137 +443,62 @@ redoit:
 	if (i < 0) { perror("keepalive"); return(0); }
 */
 -	if (host == NULL) goto end;
 -#ifndef BIT_FIELD_LIMITS
 -	/* I should use WSAAsyncGetHostByName() under windows */
 -	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
 -		sizeof(from.sin_addr.s_addr),AF_INET);
 -#else
 -	h1=gethostbyaddr((char *)&from.sin_addr,
 -		sizeof(struct in_addr),AF_INET);
 -#endif
 -	if (h1 == NULL)
 +	if (host == NULL)
 		{
 -		BIO_printf(bio_err,"bad gethostbyaddr\n");
 -		*host=NULL;
 -		/* return(0); */
 -		}
 -	else
 -		{
 -		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
 -			{
 -			perror("OPENSSL_malloc");
 +		*sock=ret;
 			return(0);
 			}
 -		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
 -		h2=GetHostByName(*host);
 -		if (h2 == NULL)
 +	if (getnameinfo((struct sockaddr *)&from, sizeof(from),
 +		buffer, sizeof(buffer),
 +		NULL, 0, 0))
 			{
 -			BIO_printf(bio_err,"gethostbyname failure\n");
 +		BIO_printf(bio_err,"getnameinfo failed\n");
 +		*host=NULL;
 			return(0);
 			}
 -		i=0;
 -		if (h2->h_addrtype != AF_INET)
 +	else
 			{
 -			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 +		if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
 +			{
 +			perror("OPENSSL_malloc");
 			return(0);
 			}
 -		}
 -end:
 +		strcpy(*host, buffer);
 	*sock=ret;
 	return(1);
 	}
 +	}
 -int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
 -	     short *port_ptr)
 +int extract_host_port(char *str, char **host_ptr, 
 +	     char **port_ptr)
 	{
 -	char *h,*p;
 +	char *h,*p,*x;
 -	h=str;
 -	p=strchr(str,':');
 +	x=h=str;
 +	if (*h == '[')
 +		{
 +		h++;
 +		p=strchr(h,']');
 	if (p == NULL)
 		{
 -		BIO_printf(bio_err,"no port defined\n");
 +			BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
 		return(0);
 		}
 	*(p++)='\0';
 -
 -	if ((ip != NULL) && !host_ip(str,ip))
 -		goto err;
 -	if (host_ptr != NULL) *host_ptr=h;
 -
 -	if (!extract_port(p,port_ptr))
 -		goto err;
 -	return(1);
 -err:
 -	return(0);
 +		x = p;
 	}
 -
 -static int host_ip(char *str, unsigned char ip[4])
 -	{
 -	unsigned int in[4]; 
 -	int i;
 -
 -	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
 -		{
 -		for (i=0; i<4; i++)
 -			if (in[i] > 255)
 -				{
 -				BIO_printf(bio_err,"invalid IP address\n");
 -				goto err;
 -				}
 -		ip[0]=in[0];
 -		ip[1]=in[1];
 -		ip[2]=in[2];
 -		ip[3]=in[3];
 -		}
 -	else
 -		{ /* do a gethostbyname */
 -		struct hostent *he;
 -
 -		if (!ssl_sock_init()) return(0);
 -
 -		he=GetHostByName(str);
 -		if (he == NULL)
 -			{
 -			BIO_printf(bio_err,"gethostbyname failure\n");
 -			goto err;
 -			}
 -		/* cast to short because of win16 winsock definition */
 -		if ((short)he->h_addrtype != AF_INET)
 +	p=strchr(x,':');
 +	if (p == NULL)
 			{
 -			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 -			return(0);
 -			}
 -		ip[0]=he->h_addr_list[0][0];
 -		ip[1]=he->h_addr_list[0][1];
 -		ip[2]=he->h_addr_list[0][2];
 -		ip[3]=he->h_addr_list[0][3];
 -		}
 -	return(1);
 -err:
 +		BIO_printf(bio_err,"no port defined\n");
 	return(0);
 	}
 +	*(p++)='\0';
 -int extract_port(char *str, short *port_ptr)
 -	{
 -	int i;
 -	struct servent *s;
 +	if (host_ptr != NULL) *host_ptr=h;
 +	if (port_ptr != NULL) *port_ptr=p;
 -	i=atoi(str);
 -	if (i != 0)
 -		*port_ptr=(unsigned short)i;
 -	else
 -		{
 -		s=getservbyname(str,"tcp");
 -		if (s == NULL)
 -			{
 -			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
 -			return(0);
 -			}
 -		*port_ptr=ntohs((unsigned short)s->s_port);
 -		}
 	return(1);
 	}
--- a/openssl-1.0.0-beta3-krb5.patch
+++ b/openssl-1.0.0-beta3-krb5.patch
@ -0,0 +1,12 @@
 diff -up openssl-1.0.0-beta3/Makefile.org.krb5 openssl-1.0.0-beta3/Makefile.org
 --- openssl-1.0.0-beta3/Makefile.org.krb5	2009-04-23 18:12:09.000000000 +0200
 +++ openssl-1.0.0-beta3/Makefile.org	2009-08-04 23:01:16.000000000 +0200
@@ -299,7 +299,7 @@ build-shared: do_$(SHLIB_TARGET) link-sh
 do_$(SHLIB_TARGET):
 	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
 -		if [ "$(SHLIBDIRS)" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 +		if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
--- a/openssl-1.0.0-beta3-namingblk.patch
+++ b/openssl-1.0.0-beta3-namingblk.patch
@ -0,0 +1,253 @@
 Index: openssl/crypto/asn1/a_set.c
 RCS File: /v/openssl/cvs/openssl/crypto/asn1/a_set.c,v
 rcsdiff -q -kk '-r1.20' '-r1.20.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/a_set.c,v' 2>/dev/null
 --- openssl/crypto/asn1/a_set.c 2009/01/01 18:30:50 1.20
 +++ openssl/crypto/asn1/a_set.c 2009/07/27 21:21:25 1.20.2.1
@@ -85,7 +85,7 @@
     }
 /* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
 -int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
 +int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
 		 i2d_of_void *i2d, int ex_tag, int ex_class,
 		 int is_set)
 	{
@@ -97,8 +97,8 @@
         int totSize;
 	if (a == NULL) return(0);
 -	for (i=sk_BLOCK_num(a)-1; i>=0; i--)
 -		ret+=i2d(sk_BLOCK_value(a,i),NULL);
 +	for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
 +		ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
 	r=ASN1_object_size(1,ret,ex_tag);
 	if (pp == NULL) return(r);
@@ -109,10 +109,10 @@
 	/* And then again by Ben */
 	/* And again by Steve */
 -	if(!is_set || (sk_BLOCK_num(a) < 2))
 +	if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
 		{
 -		for (i=0; i<sk_BLOCK_num(a); i++)
 -                	i2d(sk_BLOCK_value(a,i),&p);
 +		for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
 +                	i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
 		*pp=p;
 		return(r);
@@ -120,17 +120,17 @@
         pStart  = p; /* Catch the beg of Setblobs*/
 		/* In this array we will store the SET blobs */
 -		rgSetBlob = OPENSSL_malloc(sk_BLOCK_num(a) * sizeof(MYBLOB));
 +		rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
 		if (rgSetBlob == NULL)
 			{
 			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
 			return(0);
 			}
 -        for (i=0; i<sk_BLOCK_num(a); i++)
 +        for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
 	        {
                 rgSetBlob[i].pbData = p;  /* catch each set encode blob */
 -                i2d(sk_BLOCK_value(a,i),&p);
 +                i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
                 rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
 SetBlob
 */
@@ -140,7 +140,7 @@
  /* Now we have to sort the blobs. I am using a simple algo.
     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
 -        qsort( rgSetBlob, sk_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
 +        qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
 		if (!(pTempMem = OPENSSL_malloc(totSize)))
 			{
 			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -149,7 +149,7 @@
 /* Copy to temp mem */
         p = pTempMem;
 -        for(i=0; i<sk_BLOCK_num(a); ++i)
 +        for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
 		{
                 memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
                 p += rgSetBlob[i].cbData;
@@ -163,17 +163,18 @@
         return(r);
         }
 -STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
 +STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
 +			      const unsigned char **pp,
 			      long length, d2i_of_void *d2i,
 -			      void (*free_func)(BLOCK), int ex_tag,
 +			      void (*free_func)(OPENSSL_BLOCK), int ex_tag,
 			      int ex_class)
 	{
 	ASN1_const_CTX c;
 -	STACK_OF(BLOCK) *ret=NULL;
 +	STACK_OF(OPENSSL_BLOCK) *ret=NULL;
 	if ((a == NULL) || ((*a) == NULL))
 		{
 -		if ((ret=sk_BLOCK_new_null()) == NULL)
 +		if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -221,7 +222,7 @@
 			asn1_add_error(*pp,(int)(c.p- *pp));
 			goto err;
 			}
 -		if (!sk_BLOCK_push(ret,s)) goto err;
 +		if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
 		}
 	if (a != NULL) (*a)=ret;
 	*pp=c.p;
@@ -230,9 +231,9 @@
 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
 		{
 		if (free_func != NULL)
 -			sk_BLOCK_pop_free(ret,free_func);
 +			sk_OPENSSL_BLOCK_pop_free(ret,free_func);
 		else
 -			sk_BLOCK_free(ret);
 +			sk_OPENSSL_BLOCK_free(ret);
 		}
 	return(NULL);
 	}
 Index: openssl/crypto/asn1/asn1.h
 RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn1.h,v
 rcsdiff -q -kk '-r1.166.2.3' '-r1.166.2.4' -u '/v/openssl/cvs/openssl/crypto/asn1/asn1.h,v' 2>/dev/null
 --- openssl/crypto/asn1/asn1.h 2009/07/24 11:15:55 1.166.2.3
 +++ openssl/crypto/asn1/asn1.h 2009/07/27 21:21:25 1.166.2.4
@@ -887,12 +887,13 @@
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 -int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
 +int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
 		 i2d_of_void *i2d, int ex_tag, int ex_class,
 		 int is_set);
 -STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
 +STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
 +			      const unsigned char **pp,
 			      long length, d2i_of_void *d2i,
 -			      void (*free_func)(BLOCK), int ex_tag,
 +			      void (*free_func)(OPENSSL_BLOCK), int ex_tag,
 			      int ex_class);
 #ifndef OPENSSL_NO_BIO
@@ -1045,9 +1046,9 @@
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
 	unsigned char *data, int max_len);
 -STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
 -				 d2i_of_void *d2i, void (*free_func)(BLOCK));
 -unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
 +STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
 +				 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
 +unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
 			     unsigned char **buf, int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
 Index: openssl/crypto/asn1/asn_pack.c
 RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v
 rcsdiff -q -kk '-r1.19' '-r1.19.2.1' -u '/v/openssl/cvs/openssl/crypto/asn1/asn_pack.c,v' 2>/dev/null
 --- openssl/crypto/asn1/asn_pack.c 2008/11/12 03:57:49 1.19
 +++ openssl/crypto/asn1/asn_pack.c 2009/07/27 21:21:25 1.19.2.1
@@ -66,10 +66,10 @@
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
 -STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
 -				 d2i_of_void *d2i, void (*free_func)(BLOCK))
 +STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
 +			 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
 {
 -    STACK_OF(BLOCK) *sk;
 +    STACK_OF(OPENSSL_BLOCK) *sk;
     const unsigned char *pbuf;
     pbuf =  buf;
     if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@
  * OPENSSL_malloc'ed buffer
  */
 -unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
 +unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
 			     unsigned char **buf, int *len)
 {
 	int safelen;
 Index: openssl/crypto/stack/safestack.h
 RCS File: /v/openssl/cvs/openssl/crypto/stack/safestack.h,v
 rcsdiff -q -kk '-r1.72.2.4' '-r1.72.2.5' -u '/v/openssl/cvs/openssl/crypto/stack/safestack.h,v' 2>/dev/null
 --- openssl/crypto/stack/safestack.h 2009/07/27 21:08:50 1.72.2.4
 +++ openssl/crypto/stack/safestack.h 2009/07/27 21:21:25 1.72.2.5
@@ -128,8 +128,8 @@
  * nul-terminated. These should also be distinguished from "normal"
  * stacks. */
 -typedef void *BLOCK;
 -DECLARE_SPECIAL_STACK_OF(BLOCK, void)
 +typedef void *OPENSSL_BLOCK;
 +DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 /* SKM_sk_... stack macros are internal to safestack.h:
  * never use them directly, use sk_<type>_... instead */
@@ -2055,29 +2055,29 @@
 #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 -#define sk_BLOCK_new(cmp) ((STACK_OF(BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
 -#define sk_BLOCK_new_null() ((STACK_OF(BLOCK) *)sk_new_null())
 -#define sk_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
 -#define sk_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
 -#define sk_BLOCK_value(st, i) ((BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(BLOCK), st), i))
 -#define sk_BLOCK_num(st) SKM_sk_num(BLOCK, st)
 -#define sk_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_FREE_FUNC2(BLOCK, free_func))
 -#define sk_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val), i)
 -#define sk_BLOCK_free(st) SKM_sk_free(BLOCK, st)
 -#define sk_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), i, CHECKED_PTR_OF(void, val))
 -#define sk_BLOCK_zero(st) SKM_sk_zero(BLOCK, (st))
 -#define sk_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, val))
 -#define sk_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
 -#define sk_BLOCK_delete(st, i) SKM_sk_delete(BLOCK, (st), (i))
 -#define sk_BLOCK_delete_ptr(st, ptr) (BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_PTR_OF(void, ptr))
 -#define sk_BLOCK_set_cmp_func(st, cmp)  \
 +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
 +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
 +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
 +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
 +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i))
 +#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
 +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
 +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i)
 +#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
 +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val))
 +#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
 +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
 +#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
 +#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
 +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr))
 +#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
 	((int (*)(const void * const *,const void * const *)) \
 -	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
 -#define sk_BLOCK_dup(st) SKM_sk_dup(BLOCK, st)
 -#define sk_BLOCK_shift(st) SKM_sk_shift(BLOCK, (st))
 -#define sk_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(BLOCK), st))
 -#define sk_BLOCK_sort(st) SKM_sk_sort(BLOCK, (st))
 -#define sk_BLOCK_is_sorted(st) SKM_sk_is_sorted(BLOCK, (st))
 +	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp)))
 +#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
 +#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
 +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st))
 +#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
 +#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
 #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
--- a/openssl-1.0.0-beta3-namingstr.patch
+++ b/openssl-1.0.0-beta3-namingstr.patch
--- a/openssl-1.0.0-beta3-redhat.patch
+++ b/openssl-1.0.0-beta3-redhat.patch
@ -0,0 +1,59 @@
 diff -up openssl-1.0.0-beta3/Configure.redhat openssl-1.0.0-beta3/Configure
 --- openssl-1.0.0-beta3/Configure.redhat	2009-07-08 10:50:52.000000000 +0200
 +++ openssl-1.0.0-beta3/Configure	2009-08-04 22:46:59.000000000 +0200
@@ -331,32 +331,32 @@ my %table=(
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
 -"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 +"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 # It's believed that majority of ARM toolchains predefine appropriate -march.
 # If you compiler does not, do complement config command line with one!
 -"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-armv4",	"gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 #### IA-32 targets...
 "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
 -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 -"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):\$(SHLIB_SONAMEVER)",
 +"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
 +"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 -"linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 +"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
 +"linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
 -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
 -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 # GCC 3.1 is a requirement
 -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 +"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -370,8 +370,8 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
 -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 +"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
--- a/openssl-1.0.0-beta3-soversion.patch
+++ b/openssl-1.0.0-beta3-soversion.patch
@ -0,0 +1,44 @@
 diff -up openssl-1.0.0-beta3/Configure.soversion openssl-1.0.0-beta3/Configure
 --- openssl-1.0.0-beta3/Configure.soversion	2009-08-04 23:06:52.000000000 +0200
 +++ openssl-1.0.0-beta3/Configure	2009-08-04 23:06:52.000000000 +0200
@@ -1514,7 +1514,7 @@ while (<IN>)
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
 		{
 		my $sotmp = $1;
 -		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
 +		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
 		}
 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
 		{
 diff -up openssl-1.0.0-beta3/Makefile.org.soversion openssl-1.0.0-beta3/Makefile.org
 --- openssl-1.0.0-beta3/Makefile.org.soversion	2009-08-04 23:06:52.000000000 +0200
 +++ openssl-1.0.0-beta3/Makefile.org	2009-08-04 23:11:01.000000000 +0200
@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=
 SHLIB_MINOR=
 SHLIB_EXT=
 +SHLIB_SONAMEVER=10
 PLATFORM=dist
 OPTIONS=
 CONFIGURE_ARGS=
@@ -289,10 +290,9 @@ clean-shared:
 link-shared:
 	@ set -e; for i in $(SHLIBDIRS); do \
 		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
 -			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
 +			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
 			symlink.$(SHLIB_TARGET); \
 -		libs="$$libs -l$$i"; \
 	done
 build-shared: do_$(SHLIB_TARGET) link-shared
@@ -303,7 +303,7 @@ do_$(SHLIB_TARGET):
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
 -			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
 +			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
 			LIBDEPS="$$libs $(EX_LIBS)" \
 			link_a.$(SHLIB_TARGET); \
--- a/2
+++ b/2
@ -1 +1 @@
-573353d8cb4330b71e9985cea4785d61  openssl-0.9.8j-usa.tar.bz2
+9926dcf78e797a12d8e3ffd7a018824b  openssl-1.0.0-beta3-usa.tar.bz2
`@ -1 +1 @@`
	`openssl-0.9.8j-usa.tar.bz2`	`openssl-1.0.0-beta3-usa.tar.bz2`
`@ -1 +1 @@`
	`573353d8cb4330b71e9985cea4785d61 openssl-0.9.8j-usa.tar.bz2`	`9926dcf78e797a12d8e3ffd7a018824b openssl-1.0.0-beta3-usa.tar.bz2`