Project import
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..60102c5
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,139 @@
+#
+#    Copyright (c) 2010-2012 Nest, Inc.
+#    All rights reserved.
+#
+#    This document is the property of Nest. It is considered
+#    confidential and proprietary information.
+#
+#    This document may not be reproduced or transmitted in any form,
+#    in whole or in part, without the express written permission of
+#    Nest.
+#
+#    Description:
+#      This file is the makefile for the Open Secure Socket Layer
+#      (SSL) library.
+#
+
+.NOTPARALLEL:
+
+BuildConfigSpecialized	:= No
+
+include pre.mak
+
+PackageName		:= openssl
+
+PackageExtension	:= tar.gz
+PackageSeparator	:= -
+
+PackagePatchArgs	:= -p1
+
+PackageArchive		:= $(PackageName)$(PackageSeparator)$(PackageVersion).$(PackageExtension)
+PackageSourceDir	:= $(PackageName)$(PackageSeparator)$(PackageVersion)
+
+PackageBuildMakefile	= $(call GenerateBuildPaths,Makefile)
+
+CleanPaths		+= $(PackageLicenseFile)
+
+LinuxDir		:= sw/tps/linux
+LinuxIncDir		:= $(call GenerateResultPaths,$(LinuxDir),include)
+
+ZlibDir			:= sw/tps/zlib
+ZlibIncDir      	:= $(call GenerateResultPaths,$(ZlibDir),usr/include)
+ZlibLibDir      	:= $(call GenerateResultPaths,$(ZlibDir),usr/lib)
+
+OpenSSLPackageOptions	+= experimental-jpake $(call ToolGenerateDefineArgument,OPENSSL_EXPERIMENTAL_JPAKE)
+
+OpenSSLTargets	      = all
+OpenSSLInstallTargets = install
+
+# If the feature BUILD_FEATURE_OPENSSL_FORCE32_LONG is set, we're forcing OpenSSL to use a 32bit long
+# We typically set this when building the simulator because our PASE code expects BN_BYTES == 4
+# We force 32bit by setting the TargetConfig to gcc
+# Couple unfortunate side effects:
+# 1) Assembly is not supported
+# 2) This TargetConfig forces us to build as a static library (OpenSSL limitation)
+# 3) We have to turn off compression.  Zlib causes problems for other packages like curl 
+#    whose configure script can't seem to realize that it needs to bring in zlib as well
+#    (might be a pkgconfig issue with openssl?)
+# 4) We have to compile with -fPIC since other dylibs (curl) link openssl
+ifeq ($(BUILD_FEATURE_OPENSSL_FORCE32_LONG),1)
+OpenSSLPackageOptions += no-asm no-zlib
+OpenSSLCCFlags        = -fPIC
+OpenSSLTargetConfig   = gcc
+else
+OpenSSLPackageOptions += shared zlib
+endif
+
+all: $(PackageDefaultGoal)
+
+# Generate the package license contents.
+
+$(PackageSourceDir)/LICENSE: source
+
+$(PackageLicenseFile): $(PackageSourceDir)/LICENSE
+	$(copy-result)
+
+# Extract the source from the archive and apply patches, if any.
+
+$(PackageSourceDir): $(PackageArchive) $(PackagePatchPaths)
+	$(expand-and-patch-package)
+
+# Prepare the sources.
+
+.PHONY: source
+source: | $(PackageSourceDir)
+
+# Patch the sources, if necessary.
+
+.PHONY: patch
+patch: source
+
+$(PackageBuildMakefile): | $(PackageSourceDir) $(BuildDirectory)
+	$(Verbose)$(call create-links,$(CURDIR)/$(PackageSourceDir),$(BuildDirectory)) ; \
+	cd $(BuildDirectory) && \
+	INSTALL="$(INSTALL) $(INSTALLFLAG)" \
+	./Configure \
+	--prefix=/usr \
+	--openssldir=/usr/lib/ssl \
+	$(call ToolGenerateIncludeArgument,$(ZlibIncDir)) \
+	$(call ToolGenerateLibraryPathArgument,$(ZlibLibDir)) \
+	$(OpenSSLPackageOptions) \
+	$(OpenSSLCCFlags) \
+	$(OpenSSLTargetConfig)
+
+# Configure the source for building.
+
+.PHONY: configure
+configure: source $(PackageBuildMakefile)
+
+# Build the source.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: build
+build: configure | $(BuildDirectory)
+	$(Verbose)unset MAKEFLAGS && \
+	$(MAKE) $(JOBSFLAG) -C $(BuildDirectory) \
+	CC="$(CC)" AR="$(AR) $(ARFLAGS)" RANLIB=$(RANLIB) \
+	INSTALL_PREFIX=$(ResultDirectory) \
+	$(OpenSSLTargets)
+
+# Stage the build to a temporary installation area.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: stage
+stage: build | $(ResultDirectory)
+	$(Verbose)unset MAKEFLAGS && \
+	$(MAKE) -C $(BuildDirectory) \
+	CC="$(CC)" AR="$(AR) $(ARFLAGS)" RANLIB=$(RANLIB) \
+	INSTALL="$(INSTALL) $(INSTALLFLAGS)" \
+	INSTALL_PREFIX=$(ResultDirectory) \
+	$(OpenSSLInstallTargets)
+
+clean:
+	$(Verbose)$(RM) $(RMFLAGS) -r $(PackageSourceDir)
+	$(Verbose)$(RM) $(RMFLAGS) -r $(BuildDirectory)
+	$(Verbose)$(RM) $(RMFLAGS) -r $(ResultDirectory)
+
+include post.mak
diff --git a/openssl-1.0.1p.tar.gz b/openssl-1.0.1p.tar.gz
new file mode 100644
index 0000000..db77eba
--- /dev/null
+++ b/openssl-1.0.1p.tar.gz
Binary files differ
diff --git a/openssl.patches/openssl-50.description b/openssl.patches/openssl-50.description
new file mode 100644
index 0000000..da8e579
--- /dev/null
+++ b/openssl.patches/openssl-50.description
@@ -0,0 +1,3 @@
+This patch ensures that shared libraries are, at minimum, user writable 
+so that they may be successfully stripped when generating file system 
+and installation images.
diff --git a/openssl.patches/openssl-50.patch b/openssl.patches/openssl-50.patch
new file mode 100644
index 0000000..653d97f
--- /dev/null
+++ b/openssl.patches/openssl-50.patch
@@ -0,0 +1,11 @@
+--- a/Makefile.org	2010-01-27 08:06:36.000000000 -0800
++++ b/Makefile.org	2010-09-03 14:47:59.000000000 -0700
+@@ -527,7 +527,7 @@
+ 			(       echo installing $$i; \
+ 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
++					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ 				else \
+ 					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
diff --git a/openssl.patches/openssl-51.description b/openssl.patches/openssl-51.description
new file mode 100644
index 0000000..7988986
--- /dev/null
+++ b/openssl.patches/openssl-51.description
@@ -0,0 +1 @@
+This patch ensures that CHECKED_STACK_OF can successfully work with C++ classes that employs cast operators.
diff --git a/openssl.patches/openssl-51.patch b/openssl.patches/openssl-51.patch
new file mode 100644
index 0000000..a0c4a69
--- /dev/null
+++ b/openssl.patches/openssl-51.patch
@@ -0,0 +1,11 @@
+--- a/crypto/stack/safestack.h	2011-08-17 15:39:52.853888167 -0700
++++ b/crypto/stack/safestack.h	2011-08-17 15:40:20.181928142 -0700
+@@ -68,7 +68,7 @@
+  */
+ 
+ # define CHECKED_STACK_OF(type, p) \
+-    ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
++    ((_STACK*) (1 ? (STACK_OF(type)*)p : (STACK_OF(type)*)0))
+ 
+ # define CHECKED_SK_FREE_FUNC(type, p) \
+     ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
diff --git a/openssl.patches/openssl-52.description b/openssl.patches/openssl-52.description
new file mode 100644
index 0000000..8aba8cc
--- /dev/null
+++ b/openssl.patches/openssl-52.description
@@ -0,0 +1,3 @@
+Patch to allow parallel build of openssl.
+Gathered from https://github.com/Alexpux/Qt-builds/blob/master/patches/openssl/openssl-1.0.1-parallel-build.patch
+Licensed under BSD-3 http://www.opensource.org/licenses/BSD-3-Clause
diff --git a/openssl.patches/openssl-52.patch b/openssl.patches/openssl-52.patch
new file mode 100644
index 0000000..5289d6c
--- /dev/null
+++ b/openssl.patches/openssl-52.patch
@@ -0,0 +1,346 @@
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -277,17 +277,17 @@
+ build_libssl: build_ssl libssl.pc
+ 
+ build_crypto:
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
++	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
++	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
++	+@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
++	+@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
++	+@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
++	+@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -497,9 +497,9 @@
+ dist_pem_h:
+ 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ 
+-install: all install_docs install_sw
++install: install_docs install_sw
+ 
+-install_sw:
++install_dirs:
+ 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -508,6 +508,13 @@
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
++	@$(PERL) $(TOP)/util/mkdir-p.pl \
++		$(INSTALL_PREFIX)$(MANDIR)/man1 \
++		$(INSTALL_PREFIX)$(MANDIR)/man3 \
++		$(INSTALL_PREFIX)$(MANDIR)/man5 \
++		$(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ 	do \
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+@@ -511,7 +511,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
++	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+@@ -593,12 +600,7 @@
+ 		done; \
+ 	done
+ 
+-install_docs:
+-	@$(PERL) $(TOP)/util/mkdir-p.pl \
+-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ 	here="`pwd`"; \
+ 	filecase=; \
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -105,6 +105,7 @@ LINK_SO=	\
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +124,7 @@ SYMLINK_SO=	\
+ 			done; \
+ 		fi; \
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ 		fi; \
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@
+ 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+-	@target=files; $(RECURSIVE_MAKE)
++	+@target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+ 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:	$(LIB)
+ 	@touch lib
+-$(LIB):	$(LIBOBJ)
++$(LIB):	$(LIBOBJ) | subdirs
+ 	$(AR) $(LIB) $(LIBOBJ)
+ 	$(RANLIB) $(LIB) || echo Never mind.
+ 
+@@ -110,7 +110,7 @@
+ 	fi
+ 
+ libs:
+-	@target=lib; $(RECURSIVE_MAKE)
++	+@target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -119,7 +119,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+ 	@target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@
+ 
+ all:	lib subdirs
+ 
+-lib:	$(LIBOBJ)
++lib:	$(LIBOBJ) | subdirs
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+ 		for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+ 	echo $(EDIRS)
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+ 	ctags $(SRC)
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -131,7 +131,7 @@
+ tags:
+ 	ctags $(SRC)
+ 
+-tests:	exe apps $(TESTS)
++tests:	exe $(TESTS)
+ 
+ apps:
+ 	@(cd ..; $(MAKE) DIRS=apps all)
+@@ -394,121 +394,121 @@
+ 		link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-	@target=$(RSATEST); $(BUILD_CMD)
++	+@target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-	@target=$(BNTEST); $(BUILD_CMD)
++	+@target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-	@target=$(ECTEST); $(BUILD_CMD)
++	+@target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-	@target=$(EXPTEST); $(BUILD_CMD)
++	+@target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-	@target=$(IDEATEST); $(BUILD_CMD)
++	+@target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-	@target=$(MD2TEST); $(BUILD_CMD)
++	+@target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-	@target=$(SHATEST); $(BUILD_CMD)
++	+@target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA1TEST); $(BUILD_CMD)
++	+@target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA256TEST); $(BUILD_CMD)
++	+@target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA512TEST); $(BUILD_CMD)
++	+@target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-	@target=$(RMDTEST); $(BUILD_CMD)
++	+@target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-	@target=$(MDC2TEST); $(BUILD_CMD)
++	+@target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-	@target=$(MD4TEST); $(BUILD_CMD)
++	+@target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-	@target=$(MD5TEST); $(BUILD_CMD)
++	+@target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-	@target=$(HMACTEST); $(BUILD_CMD)
++	+@target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-	@target=$(WPTEST); $(BUILD_CMD)
++	+@target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-	@target=$(RC2TEST); $(BUILD_CMD)
++	+@target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-	@target=$(BFTEST); $(BUILD_CMD)
++	+@target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-	@target=$(CASTTEST); $(BUILD_CMD)
++	+@target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-	@target=$(RC4TEST); $(BUILD_CMD)
++	+@target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-	@target=$(RC5TEST); $(BUILD_CMD)
++	+@target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-	@target=$(DESTEST); $(BUILD_CMD)
++	+@target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-	@target=$(RANDTEST); $(BUILD_CMD)
++	+@target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-	@target=$(DHTEST); $(BUILD_CMD)
++	+@target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-	@target=$(DSATEST); $(BUILD_CMD)
++	+@target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-	@target=$(METHTEST); $(BUILD_CMD)
++	+@target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
++	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-	@target=$(ENGINETEST); $(BUILD_CMD)
++	+@target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-	@target=$(EVPTEST); $(BUILD_CMD)
++	+@target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+-	@target=$(EVPEXTRATEST); $(BUILD_CMD)
++	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-	@target=$(ECDSATEST); $(BUILD_CMD)
++	+@target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-	@target=$(ECDHTEST); $(BUILD_CMD)
++	+@target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-	@target=$(IGETEST); $(BUILD_CMD)
++	+@target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-	@target=$(JPAKETEST); $(BUILD_CMD)
++	+@target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-	@target=$(ASN1TEST); $(BUILD_CMD)
++	+@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-	@target=$(SRPTEST); $(BUILD_CMD)
++	+@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+-	@target=$(CONSTTIMETEST) $(BUILD_CMD)
++	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
+ 
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+-	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
++	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -521,7 +521,7 @@
+ #	fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-	@target=dummytest; $(BUILD_CMD)
++	+@target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 
diff --git a/openssl.patches/openssl-53.description b/openssl.patches/openssl-53.description
new file mode 100644
index 0000000..722d6f6
--- /dev/null
+++ b/openssl.patches/openssl-53.description
@@ -0,0 +1 @@
+Patch to have Openssl use /usr/bin/install
diff --git a/openssl.patches/openssl-53.patch b/openssl.patches/openssl-53.patch
new file mode 100644
index 0000000..4cf8b05
--- /dev/null
+++ b/openssl.patches/openssl-53.patch
@@ -0,0 +1,960 @@
+diff -aruN a/apps/Makefile b/apps/Makefile
+--- a/apps/Makefile	2014-04-07 09:55:44.000000000 -0700
++++ b/apps/Makefile	2014-06-11 13:39:01.206044045 -0700
+@@ -102,20 +102,14 @@
+ 	@set -e; for i in $(EXE); \
+ 	do  \
+ 	(echo installing $$i; \
+-	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+-	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+-	 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
++	 $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ 	 done;
+ 	@set -e; for i in $(SCRIPTS); \
+ 	do  \
+ 	(echo installing $$i; \
+-	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+-	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+-	 mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
++	 $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ 	 done
+-	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+-	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+-	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
++	@$(INSTALL) openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf; \
+ 
+ tags:
+ 	ctags $(SRC)
+diff -aruN a/crypto/aes/Makefile b/crypto/aes/Makefile
+--- a/crypto/aes/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/aes/Makefile	2014-06-11 13:46:43.547397933 -0700
+@@ -94,8 +94,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/asn1/Makefile b/crypto/asn1/Makefile
+--- a/crypto/asn1/Makefile	2014-04-07 09:55:35.000000000 -0700
++++ b/crypto/asn1/Makefile	2014-06-11 14:04:27.899675150 -0700
+@@ -81,8 +81,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/bf/Makefile b/crypto/bf/Makefile
+--- a/crypto/bf/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/bf/Makefile	2014-06-11 13:50:59.870800614 -0700
+@@ -60,8 +60,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/bio/Makefile b/crypto/bio/Makefile
+--- a/crypto/bio/Makefile	2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/bio/Makefile	2014-06-11 13:49:31.285958273 -0700
+@@ -61,8 +61,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/bn/Makefile b/crypto/bn/Makefile
+--- a/crypto/bn/Makefile	2014-04-07 09:55:28.000000000 -0700
++++ b/crypto/bn/Makefile	2014-06-11 13:43:42.741340785 -0700
+@@ -147,8 +147,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ exptest:
+diff -aruN a/crypto/buffer/Makefile b/crypto/buffer/Makefile
+--- a/crypto/buffer/Makefile	2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/buffer/Makefile	2014-06-11 13:42:26.316781813 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/camellia/Makefile b/crypto/camellia/Makefile
+--- a/crypto/camellia/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/camellia/Makefile	2014-06-11 14:02:08.982642071 -0700
+@@ -61,8 +61,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/cast/Makefile b/crypto/cast/Makefile
+--- a/crypto/cast/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/cast/Makefile	2014-06-11 13:48:36.426856633 -0700
+@@ -57,8 +57,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/cmac/Makefile b/crypto/cmac/Makefile
+--- a/crypto/cmac/Makefile	2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/cmac/Makefile	2014-06-11 13:51:21.993551302 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/cms/Makefile b/crypto/cms/Makefile
+--- a/crypto/cms/Makefile	2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/cms/Makefile	2014-06-11 13:53:34.699854344 -0700
+@@ -55,8 +55,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/comp/Makefile b/crypto/comp/Makefile
+--- a/crypto/comp/Makefile	2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/comp/Makefile	2014-06-11 13:46:10.786827825 -0700
+@@ -52,8 +52,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/conf/Makefile b/crypto/conf/Makefile
+--- a/crypto/conf/Makefile	2014-04-07 09:55:37.000000000 -0700
++++ b/crypto/conf/Makefile	2014-06-11 13:56:14.764697941 -0700
+@@ -52,8 +52,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/des/Makefile b/crypto/des/Makefile
+--- a/crypto/des/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/des/Makefile	2014-06-11 14:06:57.431837553 -0700
+@@ -82,8 +82,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/dh/Makefile b/crypto/dh/Makefile
+--- a/crypto/dh/Makefile	2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/dh/Makefile	2014-06-11 13:47:28.927456463 -0700
+@@ -51,8 +51,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/dsa/Makefile b/crypto/dsa/Makefile
+--- a/crypto/dsa/Makefile	2014-04-07 09:55:29.000000000 -0700
++++ b/crypto/dsa/Makefile	2014-06-11 13:42:04.823299123 -0700
+@@ -51,8 +51,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/dso/Makefile b/crypto/dso/Makefile
+--- a/crypto/dso/Makefile	2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/dso/Makefile	2014-06-11 14:11:50.062940325 -0700
+@@ -51,8 +51,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/ec/Makefile b/crypto/ec/Makefile
+--- a/crypto/ec/Makefile	2014-04-07 09:55:29.000000000 -0700
++++ b/crypto/ec/Makefile	2014-06-11 13:39:44.765969069 -0700
+@@ -58,8 +58,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile
+--- a/crypto/ecdh/Makefile	2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/ecdh/Makefile	2014-06-11 13:47:06.515665143 -0700
+@@ -50,8 +50,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile
+--- a/crypto/ecdsa/Makefile	2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/ecdsa/Makefile	2014-06-11 13:58:43.793131492 -0700
+@@ -50,8 +50,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/engine/Makefile b/crypto/engine/Makefile
+--- a/crypto/engine/Makefile	2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/engine/Makefile	2014-06-11 13:40:25.650744785 -0700
+@@ -59,8 +59,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/err/Makefile b/crypto/err/Makefile
+--- a/crypto/err/Makefile	2014-04-07 09:55:32.000000000 -0700
++++ b/crypto/err/Makefile	2014-06-11 13:50:16.228708297 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/evp/Makefile b/crypto/evp/Makefile
+--- a/crypto/evp/Makefile	2014-04-07 09:55:33.000000000 -0700
++++ b/crypto/evp/Makefile	2014-06-11 14:09:00.133453079 -0700
+@@ -74,8 +74,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/hmac/Makefile b/crypto/hmac/Makefile
+--- a/crypto/hmac/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/hmac/Makefile	2014-06-11 13:55:01.044141828 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/idea/Makefile b/crypto/idea/Makefile
+--- a/crypto/idea/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/idea/Makefile	2014-06-11 14:08:09.671197576 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/jpake/Makefile b/crypto/jpake/Makefile
+--- a/crypto/jpake/Makefile	2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/jpake/Makefile	2014-06-11 13:56:54.540624511 -0700
+@@ -28,8 +28,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ depend:
+diff -aruN a/crypto/krb5/Makefile b/crypto/krb5/Makefile
+--- a/crypto/krb5/Makefile	2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/krb5/Makefile	2014-06-11 14:12:56.833039499 -0700
+@@ -50,8 +50,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/lhash/Makefile b/crypto/lhash/Makefile
+--- a/crypto/lhash/Makefile	2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/lhash/Makefile	2014-06-11 13:56:41.079261923 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/Makefile b/crypto/Makefile
+--- a/crypto/Makefile	2014-06-11 13:02:39.380535040 -0700
++++ b/crypto/Makefile	2014-06-11 13:47:53.230872775 -0700
+@@ -120,8 +120,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+ 	do \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 	+@target=install; $(RECURSIVE_MAKE)
+ 
+diff -aruN a/crypto/Makefile.orig b/crypto/Makefile.orig
+--- a/crypto/Makefile.orig	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/Makefile.orig	2014-06-11 13:39:57.026776154 -0700
+@@ -120,8 +120,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+ 	do \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 	@target=install; $(RECURSIVE_MAKE)
+ 
+diff -aruN a/crypto/md2/Makefile b/crypto/md2/Makefile
+--- a/crypto/md2/Makefile	2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/md2/Makefile	2014-06-11 13:54:14.945895895 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/md4/Makefile b/crypto/md4/Makefile
+--- a/crypto/md4/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/md4/Makefile	2014-06-11 13:54:00.092521963 -0700
+@@ -50,8 +50,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/md5/Makefile b/crypto/md5/Makefile
+--- a/crypto/md5/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/md5/Makefile	2014-06-11 13:55:55.937685997 -0700
+@@ -64,8 +64,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile
+--- a/crypto/mdc2/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/mdc2/Makefile	2014-06-11 14:12:34.196368264 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/modes/Makefile b/crypto/modes/Makefile
+--- a/crypto/modes/Makefile	2014-04-07 09:55:28.000000000 -0700
++++ b/crypto/modes/Makefile	2014-06-11 13:52:08.997894428 -0700
+@@ -77,8 +77,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/objects/Makefile b/crypto/objects/Makefile
+--- a/crypto/objects/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/objects/Makefile	2014-06-11 13:55:28.402856592 -0700
+@@ -62,8 +62,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile
+--- a/crypto/ocsp/Makefile	2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/ocsp/Makefile	2014-06-11 13:48:15.287102311 -0700
+@@ -52,8 +52,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/pem/Makefile b/crypto/pem/Makefile
+--- a/crypto/pem/Makefile	2014-04-07 09:55:35.000000000 -0700
++++ b/crypto/pem/Makefile	2014-06-11 13:41:41.493726266 -0700
+@@ -52,8 +52,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile
+--- a/crypto/pkcs12/Makefile	2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/pkcs12/Makefile	2014-06-11 13:41:19.128249482 -0700
+@@ -55,8 +55,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile
+--- a/crypto/pkcs7/Makefile	2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/pkcs7/Makefile	2014-06-11 13:54:39.150252800 -0700
+@@ -70,8 +70,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile
+--- a/crypto/pqueue/Makefile	2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/pqueue/Makefile	2014-06-11 13:43:08.489534434 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/rand/Makefile b/crypto/rand/Makefile
+--- a/crypto/rand/Makefile	2014-04-07 09:55:32.000000000 -0700
++++ b/crypto/rand/Makefile	2014-06-11 13:49:06.071946738 -0700
+@@ -51,8 +51,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/rc2/Makefile b/crypto/rc2/Makefile
+--- a/crypto/rc2/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/rc2/Makefile	2014-06-11 13:51:45.103805991 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/rc4/Makefile b/crypto/rc4/Makefile
+--- a/crypto/rc4/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/rc4/Makefile	2014-06-11 14:09:50.071968921 -0700
+@@ -77,8 +77,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/rc5/Makefile b/crypto/rc5/Makefile
+--- a/crypto/rc5/Makefile	2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/rc5/Makefile	2014-06-11 14:10:23.714735068 -0700
+@@ -57,8 +57,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile
+--- a/crypto/ripemd/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/ripemd/Makefile	2014-06-11 14:11:30.676651703 -0700
+@@ -57,8 +57,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/rsa/Makefile b/crypto/rsa/Makefile
+--- a/crypto/rsa/Makefile	2014-04-07 09:55:29.000000000 -0700
++++ b/crypto/rsa/Makefile	2014-06-11 14:01:44.289334721 -0700
+@@ -55,8 +55,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/seed/Makefile b/crypto/seed/Makefile
+--- a/crypto/seed/Makefile	2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/seed/Makefile	2014-06-11 14:12:15.094418677 -0700
+@@ -50,8 +50,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/sha/Makefile b/crypto/sha/Makefile
+--- a/crypto/sha/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/sha/Makefile	2014-06-11 14:09:22.645821412 -0700
+@@ -105,8 +105,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/srp/Makefile b/crypto/srp/Makefile
+--- a/crypto/srp/Makefile	2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/srp/Makefile	2014-06-11 14:05:00.823176148 -0700
+@@ -46,8 +46,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/stack/Makefile b/crypto/stack/Makefile
+--- a/crypto/stack/Makefile	2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/stack/Makefile	2014-06-11 13:42:49.561969066 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/store/Makefile b/crypto/store/Makefile
+--- a/crypto/store/Makefile	2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/store/Makefile	2014-06-11 13:43:17.929014163 -0700
+@@ -51,8 +51,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/ts/Makefile b/crypto/ts/Makefile
+--- a/crypto/ts/Makefile	2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/ts/Makefile	2014-06-11 13:59:56.784110542 -0700
+@@ -63,8 +63,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile
+--- a/crypto/txt_db/Makefile	2014-04-07 09:55:37.000000000 -0700
++++ b/crypto/txt_db/Makefile	2014-06-11 13:49:53.869284854 -0700
+@@ -49,8 +49,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/ui/Makefile b/crypto/ui/Makefile
+--- a/crypto/ui/Makefile	2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/ui/Makefile	2014-06-11 13:44:10.289357761 -0700
+@@ -53,8 +53,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/whrlpool/Makefile b/crypto/whrlpool/Makefile
+--- a/crypto/whrlpool/Makefile	2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/whrlpool/Makefile	2014-06-11 14:07:47.522277623 -0700
+@@ -62,8 +62,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/x509/Makefile b/crypto/x509/Makefile
+--- a/crypto/x509/Makefile	2014-04-07 09:55:36.000000000 -0700
++++ b/crypto/x509/Makefile	2014-06-11 14:10:12.300848773 -0700
+@@ -59,8 +59,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile
+--- a/crypto/x509v3/Makefile	2014-04-07 09:55:37.000000000 -0700
++++ b/crypto/x509v3/Makefile	2014-06-11 13:40:46.808848902 -0700
+@@ -59,8 +59,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/engines/ccgost/Makefile b/engines/ccgost/Makefile
+--- a/engines/ccgost/Makefile	2014-04-07 09:55:42.000000000 -0700
++++ b/engines/ccgost/Makefile	2014-06-11 13:03:28.527470520 -0700
+@@ -53,13 +53,11 @@
+ 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ 			*) sfx=".bad";; \
+ 			esac; \
+-			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++			$(INSTALL) -m 555 $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+ 		else \
+ 			sfx=".so"; \
+-			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++			$(INSTALL) -m 555 cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+ 		fi; \
+-		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+-		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+ 	fi
+ 
+ links:
+diff -aruN a/engines/Makefile b/engines/Makefile
+--- a/engines/Makefile	2014-06-11 13:02:39.380535040 -0700
++++ b/engines/Makefile	2014-06-11 13:03:28.527470520 -0700
+@@ -119,13 +119,12 @@
+ 				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
+ 				*)		sfx=".bad";;	\
+ 				esac; \
+-				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++				$(INSTALL) -m 555 $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx; \
+ 			  else \
+ 				sfx=".so"; \
+-				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++				$(INSTALL) -m 555 cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx; \
+ 			  fi; \
+-			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+-			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++			  ); \
+ 		done; \
+ 	fi
+ 	+@target=install; $(RECURSIVE_MAKE)
+diff -aruN a/Makefile b/Makefile
+--- a/Makefile	2014-04-07 09:55:45.000000000 -0700
++++ b/Makefile	2014-06-11 14:50:49.899378498 -0700
+@@ -553,18 +553,14 @@
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ 	do \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+ 		(       echo installing $$i; \
+-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
++			$(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ 		fi; \
+ 	done;
+ 	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+@@ -574,9 +570,7 @@
+ 			if [ -f "$$i" -o -f "$$i.a" ]; then \
+ 			(       echo installing $$i; \
+ 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
++					$(INSTALL) -m 555 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ 				else \
+ 					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+@@ -608,12 +602,9 @@
+ 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ 		fi; \
+ 	fi
+-	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+-	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
++	$(INSTALL) -m 644 libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++	$(INSTALL) -m 644 libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++	$(INSTALL) -m 644 openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ 
+ install_html_docs:
+ 	here="`pwd`"; \
+diff -aruN a/Makefile.org b/Makefile.org
+--- a/Makefile.org	2014-06-11 13:02:39.376537077 -0700
++++ b/Makefile.org	2014-06-11 13:24:59.134799293 -0700
+@@ -538,7 +538,7 @@
+ dist_pem_h:
+ 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ 
+-install: install_docs install_sw
++install: install_sw
+ 
+ install_dirs:
+ 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+@@ -558,18 +558,14 @@
+ install_sw: install_dirs
+ 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ 	do \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+ 		(       echo installing $$i; \
+-			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
++			$(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ 		fi; \
+ 	done;
+ 	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+@@ -579,9 +575,7 @@
+ 			if [ -f "$$i" -o -f "$$i.a" ]; then \
+ 			(       echo installing $$i; \
+ 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
++					$(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ 				else \
+ 					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+@@ -613,12 +607,9 @@
+ 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ 		fi; \
+ 	fi
+-	cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+-	cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+-	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
++	$(INSTALL) -m 644 libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++	$(INSTALL) -m 644 libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++	$(INSTALL) -m 644 openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ 
+ install_html_docs:
+ 	here="`pwd`"; \
+diff -aruN a/ssl/Makefile b/ssl/Makefile
+--- a/ssl/Makefile	2014-04-07 09:55:41.000000000 -0700
++++ b/ssl/Makefile	2014-06-11 13:26:18.056426238 -0700
+@@ -77,8 +77,7 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+ 
+ tags:
+diff -aruN a/tools/Makefile b/tools/Makefile
+--- a/tools/Makefile	2014-03-17 09:14:20.000000000 -0700
++++ b/tools/Makefile	2014-06-11 14:29:33.165313421 -0700
+@@ -8,6 +8,7 @@
+ INCLUDES= -I$(TOP) -I../../include
+ CFLAG=-g
+ MAKEFILE=	Makefile
++INSTALL=/usr/bin/install -c -C
+ 
+ CFLAGS= $(INCLUDES) $(CFLAG)
+ 
+@@ -22,15 +23,11 @@
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ 	@for i in $(APPS) ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+-	chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+-	mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
++	($(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ 	done;
+ 	@for i in $(MISC_APPS) ; \
+ 	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+-	chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+-	mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
++	($(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ 	done;
+ 
+ files:
diff --git a/openssl.patches/openssl-54.description b/openssl.patches/openssl-54.description
new file mode 100644
index 0000000..964c33a
--- /dev/null
+++ b/openssl.patches/openssl-54.description
@@ -0,0 +1,2 @@
+Fix openssl parallel build problem.  Applying the fix provided here:
+http://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
diff --git a/openssl.patches/openssl-54.patch b/openssl.patches/openssl-54.patch
new file mode 100644
index 0000000..660d504
--- /dev/null
+++ b/openssl.patches/openssl-54.patch
@@ -0,0 +1,15 @@
+diff -Naur a/Makefile.org b/Makefile.org
+--- a/Makefile.org	2015-04-17 16:31:06.448921145 -0700
++++ b/Makefile.org	2015-04-20 13:48:08.654093777 -0700
+@@ -340,7 +340,10 @@
+ 		libs="$$libs -l$$i"; \
+ 	done
+ 
+-build-shared: do_$(SHLIB_TARGET) link-shared
++# The link target in Makefile.shared will create the symlink for us, so no need
++# to call link-shared directly. Doing so will cause races with two processes
++# trying to symlink the lib.
++build-shared: do_$(SHLIB_TARGET)
+ 
+ do_$(SHLIB_TARGET):
+ 	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
diff --git a/openssl.patches/openssl-55.description b/openssl.patches/openssl-55.description
new file mode 100644
index 0000000..92bfe6a
--- /dev/null
+++ b/openssl.patches/openssl-55.description
@@ -0,0 +1,2 @@
+An implementation of the J-PAKE cryptographic protocol based on elliptic curves.
+This protocol is implemented by Nest Labs.
diff --git a/openssl.patches/openssl-55.patch b/openssl.patches/openssl-55.patch
new file mode 100644
index 0000000..2fb25ed
--- /dev/null
+++ b/openssl.patches/openssl-55.patch
@@ -0,0 +1,1702 @@
+diff -ruaN --no-dereference openssl-1.0.1m/Configure openssl/Configure
+--- openssl-1.0.1m/Configure	2015-08-17 15:44:12.275201194 -0700
++++ openssl/Configure	2015-08-17 15:44:34.818599289 -0700
+@@ -718,6 +718,7 @@
+ 		 "ec_nistp_64_gcc_128" => "default",
+ 		 "gmp"		  => "default",
+ 		 "jpake"          => "experimental",
++		 "ecjpake"        => "experimental",
+ 		 "md2"            => "default",
+ 		 "rc5"            => "default",
+ 		 "rfc3779"	  => "default",
+@@ -732,7 +733,7 @@
+ 
+ # This is what $depflags will look like with the above defaults
+ # (we need this to see if we should advise the user to run "make depend"):
+-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
++my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_ECJPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+ 
+ # Explicit "no-..." options will be collected in %disabled along with the defaults.
+ # To remove something from %disabled, use "enable-foo" (unless it's experimental).
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake.c openssl/crypto/ecjpake/ecjpake.c
+--- openssl-1.0.1m/crypto/ecjpake/ecjpake.c	1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpake.c	2015-08-17 16:31:00.241703253 -0700
+@@ -0,0 +1,792 @@
++/* ecjpake.c */
++/*
++ * Written by Evgeny Margolis (emargolis@nestlabs.com) for the OpenSSL project
++ * 2015.
++ */
++
++#include "ecjpake.h"
++
++#include <openssl/crypto.h>
++#include <openssl/err.h>
++#include <memory.h>
++
++/*
++ * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
++ * Bob's (x3, x4, x1, x2).
++ */
++
++typedef struct {
++    unsigned char *num;        /* Must be unique */
++    size_t len;
++} ECJPAKE_ID;
++
++struct ECJPAKE_CTX {
++    /* public values */
++    ECJPAKE_ID local_id;
++    ECJPAKE_ID peer_id;
++    const EC_GROUP *group;     /* Elliptic Curve Group */
++    EC_POINT *Gxc;             /* Alice's G*x3 or Bob's G*x1 */
++    EC_POINT *Gxd;             /* Alice's G*x4 or Bob's G*x2 */
++    /* secret values - should not be revealed publicly and
++                       should be cleared when released */
++    BIGNUM *secret;            /* The shared secret */
++    BN_CTX *ctx;
++    BIGNUM *xa;                /* Alice's x1 or Bob's x3 */
++    BIGNUM *xb;                /* Alice's x2 or Bob's x4 */
++    unsigned char key[SHA256_DIGEST_LENGTH]; /* The calculated (shared) key */
++};
++
++static int zkp_init(ECJPAKE_ZKP *zkp, const EC_GROUP *group)
++{
++    zkp->Gr = EC_POINT_new(group);
++    if (zkp->Gr == NULL)
++        return 0;
++    zkp->b = BN_new();
++    if (zkp->b == NULL)
++        return 0;
++    return 1;
++}
++
++static void zkp_release(ECJPAKE_ZKP *zkp)
++{
++    if (zkp->b != NULL)
++        BN_free(zkp->b);
++    if (zkp->Gr != NULL)
++        EC_POINT_free(zkp->Gr);
++}
++
++#define step_part_init       ECJPAKE_STEP2_init
++#define step_part_release    ECJPAKE_STEP2_release
++
++int step_part_init(ECJPAKE_STEP_PART *p, const ECJPAKE_CTX *ctx)
++{
++    memset(p, 0, sizeof(*p));
++    p->Gx = EC_POINT_new(ctx->group);
++    if (p->Gx == NULL)
++        goto err;
++    if (!zkp_init(&p->zkpx, ctx->group))
++        goto err;
++    return 1;
++
++err:
++    ECJPAKEerr(ECJPAKE_F_STEP_PART_INIT, ERR_R_MALLOC_FAILURE);
++    step_part_release(p);
++    return 0;
++}
++
++void step_part_release(ECJPAKE_STEP_PART *p)
++{
++    zkp_release(&p->zkpx);
++    if (p->Gx != NULL)
++        EC_POINT_free(p->Gx);
++}
++
++int ECJPAKE_STEP1_init(ECJPAKE_STEP1 *s1, const ECJPAKE_CTX *ctx)
++{
++    if (!step_part_init(&s1->p1, ctx))
++        return 0;
++    if (!step_part_init(&s1->p2, ctx))
++        return 0;
++    return 1;
++}
++
++void ECJPAKE_STEP1_release(ECJPAKE_STEP1 *s1)
++{
++    step_part_release(&s1->p2);
++    step_part_release(&s1->p1);
++}
++
++ECJPAKE_CTX *ECJPAKE_CTX_new(const EC_GROUP *group, const BIGNUM *secret,
++                             const unsigned char *local_id_num,
++                             const size_t local_id_len,
++                             const unsigned char *peer_id_num,
++                             const size_t peer_id_len)
++{
++    ECJPAKE_CTX *ctx = NULL;
++
++    /* init ecjpake context */
++    ctx = OPENSSL_malloc(sizeof(*ctx));
++    if (ctx == NULL)
++        goto err;
++    memset(ctx, 0, sizeof(*ctx));
++
++    /* init elliptic curve group */
++    if (group == NULL)
++        goto err;
++    ctx->group = group;
++
++    /* init local id */
++    ctx->local_id.num = (unsigned char *)OPENSSL_malloc(local_id_len);
++    if (ctx->local_id.num == NULL)
++        goto err;
++    memcpy(ctx->local_id.num, local_id_num, local_id_len);
++    ctx->local_id.len = local_id_len;
++
++    /* init peer id */
++    ctx->peer_id.num = (unsigned char *)OPENSSL_malloc(peer_id_len);
++    if (ctx->peer_id.num == NULL)
++        goto err;
++    memcpy(ctx->peer_id.num, peer_id_num, peer_id_len);
++    ctx->peer_id.len = peer_id_len;
++
++    /* init secret */
++    ctx->secret = BN_dup(secret);
++    if (ctx->secret == NULL)
++        goto err;
++
++    /* init remaining ecjpake context fields */
++    ctx->Gxc = EC_POINT_new(ctx->group);
++    if (ctx->Gxc == NULL)
++        goto err;
++    ctx->Gxd = EC_POINT_new(ctx->group);
++    if (ctx->Gxd == NULL)
++        goto err;
++    ctx->xa = BN_new();
++    if (ctx->xa == NULL)
++        goto err;
++    ctx->xb = BN_new();
++    if (ctx->xb == NULL)
++        goto err;
++    ctx->ctx = BN_CTX_new();
++    if (ctx->ctx == NULL)
++        goto err;
++
++    return ctx;
++
++err:
++    ECJPAKEerr(ECJPAKE_F_ECJPAKE_CTX_NEW, ERR_R_MALLOC_FAILURE);
++    ECJPAKE_CTX_free(ctx);
++    return NULL;
++}
++
++void ECJPAKE_CTX_free(ECJPAKE_CTX *ctx)
++{
++    if (ctx != NULL) {
++        if (ctx->ctx != NULL)
++            BN_CTX_free(ctx->ctx);
++        if (ctx->xb != NULL)
++            BN_clear_free(ctx->xb);
++        if (ctx->xa != NULL)
++            BN_clear_free(ctx->xa);
++        if (ctx->Gxd != NULL)
++            EC_POINT_free(ctx->Gxd);
++        if (ctx->Gxc != NULL)
++            EC_POINT_free(ctx->Gxc);
++        if (ctx->secret != NULL)
++            BN_clear_free(ctx->secret);
++        if (ctx->peer_id.num != NULL)
++            OPENSSL_free(ctx->peer_id.num);
++        if (ctx->local_id.num != NULL)
++            OPENSSL_free(ctx->local_id.num);
++        OPENSSL_free(ctx);
++    }
++}
++
++static void hashlength(SHA256_CTX *sha, size_t l)
++{
++    unsigned char b[2];
++
++    OPENSSL_assert(l <= 0xffff);
++    b[0] = l >> 8;
++    b[1] = l & 0xff;
++    SHA256_Update(sha, b, 2);
++}
++
++static int hashpoint_default(ECJPAKE_CTX *ctx, SHA256_CTX *sha,
++                             const EC_POINT *point)
++{
++    size_t point_len;
++    unsigned char *point_oct = NULL;
++    int ret = 0;
++
++    point_len = EC_POINT_point2oct(ctx->group, point,
++                                   POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
++    if (point_len == 0)
++        goto err;
++
++    point_oct = (unsigned char *)OPENSSL_malloc(point_len);
++    if (point_oct == NULL)
++        goto err;
++
++    point_len = EC_POINT_point2oct(ctx->group, point,
++                                   POINT_CONVERSION_UNCOMPRESSED, point_oct,
++                                   point_len, ctx->ctx);
++    if (point_len == 0)
++        goto err;
++
++    hashlength(sha, point_len);
++    SHA256_Update(sha, point_oct, point_len);
++    ret = 1;
++
++err:
++    if (point_oct != NULL)
++        OPENSSL_free(point_oct);
++    return ret;
++}
++
++static ECJPAKE_HASHPOINT_FUNC_PTR hashpoint = &hashpoint_default;
++
++void ECJPAKE_Set_HashECPoint(ECJPAKE_HASHPOINT_FUNC_PTR hashpoint_custom)
++{
++    hashpoint = hashpoint_custom;
++}
++
++/* h = hash(G, G*r, G*x, ecjpake_id) */
++static int zkp_hash(ECJPAKE_CTX *ctx, BIGNUM *h, const EC_POINT *zkpG,
++                    const ECJPAKE_STEP_PART *p, const int use_local_id)
++{
++    unsigned char md[SHA256_DIGEST_LENGTH];
++    SHA256_CTX sha;
++
++    SHA256_Init(&sha);
++    if (!hashpoint(ctx, &sha, zkpG))
++        goto err;
++    if (!hashpoint(ctx, &sha, p->zkpx.Gr))
++        goto err;
++    if (!hashpoint(ctx, &sha, p->Gx))
++        goto err;
++    if (use_local_id)
++        SHA256_Update(&sha, ctx->local_id.num, ctx->local_id.len);
++    else
++        SHA256_Update(&sha, ctx->peer_id.num, ctx->peer_id.len);
++    SHA256_Final(md, &sha);
++    if (BN_bin2bn(md, SHA256_DIGEST_LENGTH, h) == NULL)
++        goto err;
++    return 1;
++
++err:
++    ECJPAKEerr(ECJPAKE_F_ZKP_HASH, ERR_R_MALLOC_FAILURE);
++    return 0;
++}
++
++/* Generate random number in [1, n - 1] ( i.e. [1, n) ) */
++static int genrand(BIGNUM *rnd, const BIGNUM *n)
++{
++    BIGNUM *nm1 = NULL;
++    int ret = 0;
++
++    nm1 = BN_new();
++    if (nm1 == NULL)
++        goto err;
++    /* n - 1 */
++    if (!BN_copy(nm1, n))
++        goto err;
++    if (!BN_sub_word(nm1, 1))
++        goto err;
++    /* random number in [0, n - 1) */
++    if (!BN_rand_range(rnd, nm1))
++        goto err;
++    /* [1, n) */
++    if (!BN_add_word(rnd, 1))
++        goto err;
++    ret = 1;
++
++err:
++    if (!ret)
++        ECJPAKEerr(ECJPAKE_F_GENRAND, ERR_R_MALLOC_FAILURE);
++    if (nm1 != NULL)
++        BN_free(nm1);
++    return ret;
++}
++
++/* Prove knowledge of x. (Note that p->Gx has already been calculated) */
++static int generate_zkp(ECJPAKE_STEP_PART *p, const BIGNUM *x,
++                        const EC_POINT *zkpG, ECJPAKE_CTX *ctx)
++{
++    BIGNUM *order = NULL;
++    BIGNUM *r = NULL;
++    BIGNUM *h = NULL;
++    BIGNUM *t = NULL;
++    int ret = 0;
++
++    order = BN_new();
++    if (order == NULL)
++        goto err;
++    if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++        goto err;
++    /* r in [1,n-1] */
++    r = BN_new();
++    if (r == NULL)
++        goto err;
++    if (!genrand(r, order))
++        goto err;
++    /* G * r */
++    if (!EC_POINT_mul(ctx->group, p->zkpx.Gr, NULL, zkpG, r, ctx->ctx))
++        goto err;
++    /* h = hash(G, G * r, G * x, ecjpake_id) */
++    h = BN_new();
++    if (h == NULL)
++        goto err;
++    if (!zkp_hash(ctx, h, zkpG, p, 1))
++        goto err;
++    /* b = r - x*h */
++    t = BN_new();
++    if (t == NULL)
++        goto err;
++    if (!BN_mod_mul(t, x, h, order, ctx->ctx))
++        goto err;
++    if (!BN_mod_sub(p->zkpx.b, r, t, order, ctx->ctx))
++        goto err;
++    ret = 1;
++
++err:
++    if (!ret)
++        ECJPAKEerr(ECJPAKE_F_GENERATE_ZKP, ERR_R_MALLOC_FAILURE);
++    if (t != NULL)
++        BN_free(t);
++    if (h != NULL)
++        BN_free(h);
++    if (r != NULL)
++        BN_free(r);
++    if (order != NULL)
++        BN_free(order);
++    return ret;
++}
++
++static int verify_zkp(const ECJPAKE_STEP_PART *p, const EC_POINT *zkpG,
++                      ECJPAKE_CTX *ctx)
++{
++    BIGNUM *h = NULL;
++    EC_POINT *point1 = NULL;
++    EC_POINT *point2 = NULL;
++    int ret = 0;
++
++    /* h = hash(G, G * r, G * x, ecjpake_id) */
++    h = BN_new();
++    if (h == NULL)
++        goto err;
++    if (!zkp_hash(ctx, h, zkpG, p, 0))
++        goto err;
++    /* point1 = G * b */
++    point1 = EC_POINT_new(ctx->group);
++    if (point1 == NULL)
++        goto err;
++    if (!EC_POINT_mul(ctx->group, point1, NULL, zkpG, p->zkpx.b, ctx->ctx))
++        goto err;
++    /* point2 = (G * x) * h = G * {h * x} */
++    point2 = EC_POINT_new(ctx->group);
++    if (point2 == NULL)
++        goto err;
++    if (!EC_POINT_mul(ctx->group, point2, NULL, p->Gx, h, ctx->ctx))
++        goto err;
++    /* point2 = point1 + point2 = G*{hx} + G*b = G*{hx+b} = G*r (allegedly) */
++    if (!EC_POINT_add(ctx->group, point2, point1, point2, ctx->ctx))
++        goto err;
++    /* verify (point2 == G * r) */
++    if (0 != EC_POINT_cmp(ctx->group, point2, p->zkpx.Gr, ctx->ctx))
++    {
++        ECJPAKEerr(ECJPAKE_F_VERIFY_ZKP, ECJPAKE_R_ZKP_VERIFY_FAILED);
++        goto clean;
++    }
++
++    ret = 1;
++    goto clean;
++
++err:
++    ECJPAKEerr(ECJPAKE_F_VERIFY_ZKP, ERR_R_MALLOC_FAILURE);
++clean:
++    if (point2 != NULL)
++        EC_POINT_free(point2);
++    if (point1 != NULL)
++        EC_POINT_free(point1);
++    if (h != NULL)
++        BN_free(h);
++    return ret;
++}
++
++static int step_part_generate(ECJPAKE_STEP_PART *p, const BIGNUM *x,
++                              const EC_POINT *G, ECJPAKE_CTX *ctx)
++{
++    if (!EC_POINT_mul(ctx->group, p->Gx, NULL, G, x, ctx->ctx))
++        goto err;
++    if (!generate_zkp(p, x, G, ctx))
++        goto err;
++    return 1;
++
++err:
++    ECJPAKEerr(ECJPAKE_F_STEP_PART_GENERATE, ERR_R_MALLOC_FAILURE);
++    return 0;
++}
++
++int ECJPAKE_STEP1_generate(ECJPAKE_STEP1 *send, ECJPAKE_CTX *ctx)
++{
++    BIGNUM *order = NULL;
++    const EC_POINT *generator = NULL;
++    int ret = 0;
++
++    order = BN_new();
++    if (order == NULL)
++        goto err;
++    if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++        goto err;
++
++    if (!genrand(ctx->xa, order))
++        goto err;
++    if (!genrand(ctx->xb, order))
++        goto err;
++
++    generator = EC_GROUP_get0_generator(ctx->group);
++    if (!step_part_generate(&send->p1, ctx->xa, generator, ctx))
++        goto err;
++    if (!step_part_generate(&send->p2, ctx->xb, generator, ctx))
++        goto err;
++
++    ret = 1;
++
++err:
++    if (!ret)
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_GENERATE, ERR_R_MALLOC_FAILURE);
++    if (order != NULL)
++        BN_free(order);
++    return ret;
++}
++
++/*-
++ * Elliptic Curve Point Validity Check based on p. 25
++ * http://cs.ucsb.edu/~koc/ccs130h/notes/ecdsa-cert.pdf
++ */
++static int EC_POINT_is_legal(const EC_POINT *point, const ECJPAKE_CTX *ctx)
++{
++    BIGNUM *point_x = NULL;
++    BIGNUM *point_y = NULL;
++    BIGNUM *p = NULL;
++    BIGNUM *order = NULL;
++    EC_POINT *tmp_point = NULL;
++    int res = 0;
++
++    /* 1. Verify that point is not at Infinity */
++    if (EC_POINT_is_at_infinity(ctx->group, point))
++        goto illegal_point;
++
++    /* 2. Verify that point.X and point.Y are in the prime field */
++    point_x = BN_new();
++    if (point_x == NULL)
++        goto err;
++    point_y = BN_new();
++    if (point_y == NULL)
++        goto err;
++    p = BN_new();
++    if (p == NULL)
++        goto err;
++    if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, point, point_x,
++                                             point_y, ctx->ctx))
++        goto err;
++    if (!EC_GROUP_get_curve_GFp(ctx->group, p, NULL, NULL, ctx->ctx))
++        goto err;
++    if (BN_is_negative(point_x) || BN_is_negative(point_y) ||
++        BN_cmp(point_x, p) >= 0 || BN_cmp(point_y, p) >= 0)
++        goto illegal_point;
++
++    /* 3. Check point lies on the curve */
++    if (!EC_POINT_is_on_curve(ctx->group, point, ctx->ctx))
++        goto illegal_point;
++
++    /* 4. Check that point*n is at Infinity */
++    order = BN_new();
++    if (order == NULL)
++        goto err;
++    tmp_point = EC_POINT_new(ctx->group);
++    if (tmp_point == NULL)
++        goto err;
++    if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++        goto err;
++    if (!EC_POINT_mul(ctx->group, tmp_point, NULL, point, order, ctx->ctx))
++        goto err;
++    if (!EC_POINT_is_at_infinity(ctx->group, tmp_point))
++        goto illegal_point;
++
++    res = 1;
++    goto clean;
++
++err:
++    ECJPAKEerr(ECJPAKE_F_EC_POINT_IS_LEGAL, ERR_R_MALLOC_FAILURE);
++    goto clean;
++illegal_point:
++    ECJPAKEerr(ECJPAKE_F_EC_POINT_IS_LEGAL, ECJPAKE_R_G_IS_NOT_LEGAL);
++clean:
++    if (tmp_point != NULL)
++        EC_POINT_free(tmp_point);
++    if (order != NULL)
++        BN_free(order);
++    if (p != NULL)
++        BN_free(p);
++    if (point_y != NULL)
++        BN_free(point_y);
++    if (point_x != NULL)
++        BN_free(point_x);
++    return res;
++}
++
++int ECJPAKE_STEP1_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP1 *received)
++{
++
++    /* check Gxc is a legal point on Elliptic Curve */
++    if (!EC_POINT_is_legal(received->p1.Gx, ctx))
++    {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++                   ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
++        return 0;
++    }
++
++    /* check Gxd is a legal point on Elliptic Curve */
++    if (!EC_POINT_is_legal(received->p2.Gx, ctx))
++    {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++                   ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
++        return 0;
++    }
++
++    /* verify ZKP(xc) */
++    if (!verify_zkp(&received->p1, EC_GROUP_get0_generator(ctx->group), ctx))
++    {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++                   ECJPAKE_R_VERIFY_X3_FAILED);
++        return 0;
++    }
++
++    /* verify ZKP(xd) */
++    if (!verify_zkp(&received->p2, EC_GROUP_get0_generator(ctx->group), ctx))
++    {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++                   ECJPAKE_R_VERIFY_X4_FAILED);
++        return 0;
++    }
++
++    /* Save the points we need for later */
++    if (!EC_POINT_copy(ctx->Gxc, received->p1.Gx) ||
++        !EC_POINT_copy(ctx->Gxd, received->p2.Gx))
++    {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS, ERR_R_MALLOC_FAILURE);
++        return 0;
++    }
++
++    return 1;
++}
++
++int ECJPAKE_STEP2_generate(ECJPAKE_STEP2 *send, ECJPAKE_CTX *ctx)
++{
++    EC_POINT *point = NULL;
++    BIGNUM *order = NULL;
++    BIGNUM *xbs = NULL;
++    int ret = 0;
++
++    /*-
++     * X = G * {(xa + xc + xd) * xb * s}
++     */
++    point = EC_POINT_new(ctx->group);
++    if (point == NULL)
++        goto err;
++    /* point = G * xa */
++    if (!EC_POINT_mul(ctx->group, point, NULL,
++                      EC_GROUP_get0_generator(ctx->group), ctx->xa, ctx->ctx))
++        goto err;
++    /* point = G * xa + G * xc = G * {xa + xc} */
++    if (!EC_POINT_add(ctx->group, point, point, ctx->Gxc, ctx->ctx))
++        goto err;
++    /* point = G * {xa + xc} + G * xd = G * {xa + xc + xd} */
++    if (!EC_POINT_add(ctx->group, point, point, ctx->Gxd, ctx->ctx))
++        goto err;
++    /* xbs = xb * s */
++    order = BN_new();
++    if (order == NULL)
++        goto err;
++    xbs = BN_new();
++    if (xbs == NULL)
++        goto err;
++    if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++        goto err;
++    if (!BN_mod_mul(xbs, ctx->xb, ctx->secret, order, ctx->ctx))
++        goto err;
++
++    /*-
++     * ZKP(xb * s)
++     * For STEP2 the generator is:
++     *     G' = G * {xa + xc + xd}
++     * which means X is G' * {xb * s}
++     *     X  = G' * {xb * s} = G * {(xa + xc + xd) * xb * s}
++     */
++    if (!step_part_generate(send, xbs, point, ctx))
++        goto err;
++    ret = 1;
++
++err:
++    if (!ret)
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_GENERATE, ERR_R_MALLOC_FAILURE);
++    if (xbs != NULL)
++        BN_clear_free(xbs);
++    if (order != NULL)
++        BN_free(order);
++    if (point != NULL)
++        EC_POINT_free(point);
++    return ret;
++}
++
++/* Gx = G * {(xc + xa + xb) * xd * secret} */
++static int compute_key(ECJPAKE_CTX *ctx, const EC_POINT *Gx)
++{
++    EC_POINT *point = NULL;
++    SHA256_CTX sha;
++    int ret = 0;
++
++    /*-
++     * K = (Gx - G * {xb * xd * secret}) * xb
++     *   = (G * {(xc + xa + xb) * xd * secret - xb * xd * secret}) * xb
++     *   = (G * {(xc + xa) * xd * secret}) * xb
++     *   =  G * {(xa + xc) * xb * xd * secret}
++     * [which is the same regardless of who calculates it]
++     */
++
++    /* point = (G * xd) * xb = G * {xb * xd} */
++    point = EC_POINT_new(ctx->group);
++    if (point == NULL)
++        goto err;
++    if (!EC_POINT_mul(ctx->group, point, NULL, ctx->Gxd, ctx->xb, ctx->ctx))
++        goto err;
++    /* point = - G * {xb * xd} */
++    if (!EC_POINT_invert(ctx->group, point, ctx->ctx))
++        goto err;
++    /* point = - G * {xb * xd * secret} */
++    if (!EC_POINT_mul(ctx->group, point, NULL, point, ctx->secret, ctx->ctx))
++        goto err;
++    /* point = Gx - G * {xb * xd * secret} */
++    if (!EC_POINT_add(ctx->group, point, Gx, point, ctx->ctx))
++        goto err;
++    /* point = point * xb */
++    if (!EC_POINT_mul(ctx->group, point, NULL, point, ctx->xb, ctx->ctx))
++        goto err;
++    /* Hash point to generate shared secret key */
++    SHA256_Init(&sha);
++    if (!hashpoint(ctx, &sha, point))
++        goto err;
++    SHA256_Final(ctx->key, &sha);
++    ret = 1;
++
++err:
++    if (!ret)
++        ECJPAKEerr(ECJPAKE_F_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++    if (point != NULL)
++        EC_POINT_clear_free(point);
++    return ret;
++}
++
++int ECJPAKE_STEP2_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP2 *received)
++{
++    BIGNUM *order = NULL;
++    BIGNUM *tmp = NULL;
++    EC_POINT *point = NULL;
++    int ret = 0;
++
++    /* Get Order */
++    order = BN_new();
++    if (order == NULL)
++        goto err;
++    if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++        goto err;
++    /* G' = G * {xc + xa + xb} */
++    /* tmp = xa + xb */
++    tmp = BN_new();
++    if (tmp == NULL)
++        goto err;
++    if (!BN_mod_add(tmp, ctx->xa, ctx->xb, order, ctx->ctx))
++        goto err;
++    /* point = G * {xa + xb} */
++    point = EC_POINT_new(ctx->group);
++    if (point == NULL)
++        goto err;
++    if (!EC_POINT_mul(ctx->group, point, NULL,
++                      EC_GROUP_get0_generator(ctx->group), tmp, ctx->ctx))
++        goto err;
++    /* point = G * {xc + xa + xb} */
++    if (!EC_POINT_add(ctx->group, point, ctx->Gxc, point, ctx->ctx))
++        goto err;
++    /* Verify ZKP */
++    if (!verify_zkp(received, point, ctx))
++    {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_PROCESS, ECJPAKE_R_VERIFY_X4S_FAILED);
++        goto clean;
++    }
++    /* calculate shared secret (key) */
++    if (!compute_key(ctx, received->Gx))
++        goto err;
++
++    ret = 1;
++    goto clean;
++
++err:
++    ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_PROCESS, ERR_R_MALLOC_FAILURE);
++clean:
++    if (point != NULL)
++        EC_POINT_free(point);
++    if (tmp != NULL)
++        BN_free(tmp);
++    if (order != NULL)
++        BN_free(order);
++    return ret;
++}
++
++void ECJPAKE_STEP3A_init(ECJPAKE_STEP3A *s3a)
++{
++}
++
++int ECJPAKE_STEP3A_generate(ECJPAKE_STEP3A *send, ECJPAKE_CTX *ctx)
++{
++    SHA256(ctx->key, sizeof ctx->key, send->hhk);
++    SHA256(send->hhk, sizeof send->hhk, send->hhk);
++
++    return 1;
++}
++
++int ECJPAKE_STEP3A_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3A *received)
++{
++    unsigned char hhk[SHA256_DIGEST_LENGTH];
++
++    SHA256(ctx->key, sizeof ctx->key, hhk);
++    SHA256(hhk, sizeof hhk, hhk);
++    if (memcmp(hhk, received->hhk, sizeof hhk)) {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP3A_PROCESS,
++                   ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
++        return 0;
++    }
++    return 1;
++}
++
++void ECJPAKE_STEP3A_release(ECJPAKE_STEP3A *s3a)
++{
++}
++
++void ECJPAKE_STEP3B_init(ECJPAKE_STEP3B *s3b)
++{
++}
++
++int ECJPAKE_STEP3B_generate(ECJPAKE_STEP3B *send, ECJPAKE_CTX *ctx)
++{
++    SHA256(ctx->key, sizeof(ctx->key), send->hk);
++    return 1;
++}
++
++int ECJPAKE_STEP3B_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3B *received)
++{
++    unsigned char hk[SHA256_DIGEST_LENGTH];
++
++    SHA256(ctx->key, sizeof(ctx->key), hk);
++    if (memcmp(hk, received->hk, sizeof(hk))) {
++        ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP3B_PROCESS,
++                   ECJPAKE_R_HASH_OF_KEY_MISMATCH);
++        return 0;
++    }
++    return 1;
++}
++
++void ECJPAKE_STEP3B_release(ECJPAKE_STEP3B *s3b)
++{
++}
++
++const EC_GROUP *ECJPAKE_get_ecGroup(const ECJPAKE_CTX *ctx)
++{
++    return ctx->group;
++}
++
++const unsigned char *ECJPAKE_get_shared_key(const ECJPAKE_CTX *ctx)
++{
++    return ctx->key;
++}
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake_err.c openssl/crypto/ecjpake/ecjpake_err.c
+--- openssl-1.0.1m/crypto/ecjpake/ecjpake_err.c	1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpake_err.c	2015-08-17 15:44:34.818599289 -0700
+@@ -0,0 +1,118 @@
++/* crypto/ecjpake/ecjpake_err.c */
++/* ====================================================================
++ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++/*
++ * NOTE: this file was auto generated by the mkerr.pl script: any changes
++ * made to it will be overwritten when the script next updates this file,
++ * only reason strings will be preserved.
++ */
++
++#include <stdio.h>
++#include <openssl/err.h>
++#include <openssl/ecjpake.h>
++
++/* BEGIN ERROR CODES */
++#ifndef OPENSSL_NO_ERR
++
++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECJPAKE,func,0)
++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECJPAKE,0,reason)
++
++static ERR_STRING_DATA ECJPAKE_str_functs[] = {
++    {ERR_FUNC(ECJPAKE_F_COMPUTE_KEY), "compute_key"},
++    {ERR_FUNC(ECJPAKE_F_EC_POINT_IS_LEGAL), "EC_POINT_is_legal"},
++    {ERR_FUNC(ECJPAKE_F_ECJPAKE_CTX_NEW), "ECJPAKE_CTX_new"},
++    {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP1_GENERATE), "ECJPAKE_STEP1_generate"},
++    {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP1_PROCESS), "ECJPAKE_STEP1_process"},
++    {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP2_GENERATE), "ECJPAKE_STEP2_generate"},
++    {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP2_PROCESS), "ECJPAKE_STEP2_process"},
++    {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP3A_PROCESS), "ECJPAKE_STEP3A_process"},
++    {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP3B_PROCESS), "ECJPAKE_STEP3B_process"},
++    {ERR_FUNC(ECJPAKE_F_GENERATE_ZKP), "generate_zkp"},
++    {ERR_FUNC(ECJPAKE_F_GENRAND), "genrand"},
++    {ERR_FUNC(ECJPAKE_F_STEP_PART_GENERATE), "step_part_generate"},
++    {ERR_FUNC(ECJPAKE_F_STEP_PART_INIT), "step_part_init"},
++    {ERR_FUNC(ECJPAKE_F_VERIFY_ZKP), "verify_zkp"},
++    {ERR_FUNC(ECJPAKE_F_ZKP_HASH), "zkp_hash"},
++    {0,NULL}
++};
++
++static ERR_STRING_DATA ECJPAKE_str_reasons[] = {
++    {ERR_REASON(ECJPAKE_R_G_IS_NOT_LEGAL), "Gx is not legal"},
++    {ERR_REASON(ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),
++     "Gx to the x3 is not legal"},
++    {ERR_REASON(ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),
++     "Gx to the x4 is not legal"},
++    {ERR_REASON(ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),
++     "hash of hash of key mismatch"},
++    {ERR_REASON(ECJPAKE_R_HASH_OF_KEY_MISMATCH), "hash of key mismatch"},
++    {ERR_REASON(ECJPAKE_R_VERIFY_X3_FAILED), "verify x3 failed"},
++    {ERR_REASON(ECJPAKE_R_VERIFY_X4_FAILED), "verify x4 failed"},
++    {ERR_REASON(ECJPAKE_R_VERIFY_X4S_FAILED), "verify x4*s failed"},
++    {ERR_REASON(ECJPAKE_R_ZKP_VERIFY_FAILED), "zkp verify failed"},
++    {0,NULL}
++};
++
++#endif
++
++void ERR_load_ECJPAKE_strings(void)
++{
++#ifndef OPENSSL_NO_ERR
++
++    if (ERR_func_error_string(ECJPAKE_str_functs[0].error) == NULL) {
++        ERR_load_strings(0, ECJPAKE_str_functs);
++        ERR_load_strings(0, ECJPAKE_str_reasons);
++    }
++#endif
++}
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake.h openssl/crypto/ecjpake/ecjpake.h
+--- openssl-1.0.1m/crypto/ecjpake/ecjpake.h	1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpake.h	2015-08-17 16:29:40.405982099 -0700
+@@ -0,0 +1,169 @@
++/*
++ * Implement EC J-PAKE, based on J-PAKE as described in
++ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
++ *
++ * Useful J-PAKE Java Demo:
++ * http://homepages.cs.ncl.ac.uk/feng.hao/files/JPAKEDemo.java
++ *
++ * Useful Elliptic Curve (EC) J-PAKE Java Demo:
++ * http://homepages.cs.ncl.ac.uk/feng.hao/files/EllipticCurveJPAKEDemo.java
++ */
++
++#ifndef HEADER_ECJPAKE_H
++# define HEADER_ECJPAKE_H
++
++# include <openssl/opensslconf.h>
++
++# ifdef OPENSSL_NO_ECJPAKE
++#  error ECJPAKE is disabled.
++# endif
++
++# ifdef  __cplusplus
++extern "C" {
++# endif
++
++# include <openssl/ec.h>
++# include <openssl/bn.h>
++# include <openssl/sha.h>
++
++typedef struct ECJPAKE_CTX ECJPAKE_CTX;
++
++typedef struct {
++    EC_POINT *Gr;            /* G * r (r random) */
++    BIGNUM *b;               /* b = r - x * h,
++				h = hash(G, G * r, G * x, name) */
++} ECJPAKE_ZKP;
++
++typedef struct {
++    EC_POINT *Gx;            /* G * x in step 1,
++				G * ((xa + xc + xd) * xb * s) in step 2 */
++    ECJPAKE_ZKP zkpx;        /* ZKP(x) or ZKP(xb * s) */
++} ECJPAKE_STEP_PART;
++
++typedef struct {
++    ECJPAKE_STEP_PART p1;    /* {G * x3, ZKP(x3)} or {G * x1, ZKP(x1)} */
++    ECJPAKE_STEP_PART p2;    /* {G * x4, ZKP(x4)} or {G * x2, ZKP(x2)} */
++} ECJPAKE_STEP1;
++
++typedef ECJPAKE_STEP_PART ECJPAKE_STEP2;
++
++typedef struct {
++    unsigned char hhk[SHA256_DIGEST_LENGTH];
++} ECJPAKE_STEP3A;
++
++typedef struct {
++    unsigned char hk[SHA256_DIGEST_LENGTH];
++} ECJPAKE_STEP3B;
++
++/*
++ * Defines pointer to the function that calculates SHA256 hash of elliptic curve
++ * point. ECJPAKE implements it's own point hash function.
++ * Use ECJPAKE_Set_HashECPoint() to provide alternative implementation of the
++ * point hash.
++ */
++typedef int(*ECJPAKE_HASHPOINT_FUNC_PTR)(ECJPAKE_CTX *, SHA256_CTX *,
++                                          const EC_POINT *);
++
++/*
++ * Sets the function that will be used to hash elliptic curve point.
++ * If this function is not called the ecjpake uses it's own (default)
++ * implementation of the point hash function.
++ */
++void ECJPAKE_Set_HashECPoint(ECJPAKE_HASHPOINT_FUNC_PTR hashpoint_custom);
++
++/* Initializes ECJPAKE_CTX with protocol parameters */
++ECJPAKE_CTX *ECJPAKE_CTX_new(const EC_GROUP *group, const BIGNUM *secret,
++                             const unsigned char *local_id_num,
++                             const size_t local_id_len,
++                             const unsigned char *peer_id_num,
++                             const size_t peer_id_len);
++
++/* Releases ECJPAKE_CTX */
++void ECJPAKE_CTX_free(ECJPAKE_CTX *ctx);
++
++/*
++ * Functions to initialize, generate, process, and release ECJPAKE_STEP1 data.
++ * Note that ECJPAKE_STEP1 can be used multiple times before release
++ * without another init.
++ */
++int ECJPAKE_STEP1_init(ECJPAKE_STEP1 *s1, const ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP1_generate(ECJPAKE_STEP1 *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP1_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP1 *received);
++void ECJPAKE_STEP1_release(ECJPAKE_STEP1 *s1);
++
++/*
++ * Functions to initialize, generate, process, and release ECJPAKE_STEP2 data.
++ * Note that ECJPAKE_STEP2 can be used multiple times before release
++ * without another init.
++ */
++int ECJPAKE_STEP2_init(ECJPAKE_STEP2 *s2, const ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP2_generate(ECJPAKE_STEP2 *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP2_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP2 *received);
++void ECJPAKE_STEP2_release(ECJPAKE_STEP2 *s2);
++
++/*
++ * Optionally verify the shared key. If the shared secrets do not
++ * match, the two ends will disagree about the shared key, but
++ * otherwise the protocol will succeed.
++ */
++void ECJPAKE_STEP3A_init(ECJPAKE_STEP3A *s3a);
++int ECJPAKE_STEP3A_generate(ECJPAKE_STEP3A *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP3A_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3A *received);
++void ECJPAKE_STEP3A_release(ECJPAKE_STEP3A *s3a);
++
++void ECJPAKE_STEP3B_init(ECJPAKE_STEP3B *s3b);
++int ECJPAKE_STEP3B_generate(ECJPAKE_STEP3B *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP3B_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3B *received);
++void ECJPAKE_STEP3B_release(ECJPAKE_STEP3B *s3b);
++
++/*
++ * Returns shared secret value. The value belongs to the library and will be
++ * released when ctx is released, and will change when a new handshake is
++ * performed.
++ */
++const unsigned char *ECJPAKE_get_shared_key(const ECJPAKE_CTX *ctx);
++
++/* Returns elliptic curve group used in the current ECJPAKE handshake. */
++const EC_GROUP *ECJPAKE_get_ecGroup(const ECJPAKE_CTX *ctx);
++
++/* BEGIN ERROR CODES */
++/*
++ * The following lines are auto generated by the script mkerr.pl. Any changes
++ * made after this point may be overwritten when the script is next run.
++ */
++void ERR_load_ECJPAKE_strings(void);
++
++/* Error codes for the ECJPAKE functions. */
++
++/* Function codes. */
++# define ECJPAKE_F_COMPUTE_KEY                            100
++# define ECJPAKE_F_EC_POINT_IS_LEGAL                      101
++# define ECJPAKE_F_ECJPAKE_CTX_NEW                        102
++# define ECJPAKE_F_ECJPAKE_STEP1_GENERATE                 103
++# define ECJPAKE_F_ECJPAKE_STEP1_PROCESS                  104
++# define ECJPAKE_F_ECJPAKE_STEP2_GENERATE                 105
++# define ECJPAKE_F_ECJPAKE_STEP2_PROCESS                  106
++# define ECJPAKE_F_ECJPAKE_STEP3A_PROCESS                 107
++# define ECJPAKE_F_ECJPAKE_STEP3B_PROCESS                 108
++# define ECJPAKE_F_GENERATE_ZKP                           109
++# define ECJPAKE_F_GENRAND                                110
++# define ECJPAKE_F_STEP_PART_GENERATE                     111
++# define ECJPAKE_F_STEP_PART_INIT                         112
++# define ECJPAKE_F_VERIFY_ZKP                             113
++# define ECJPAKE_F_ZKP_HASH                               114
++
++/* Reason codes. */
++# define ECJPAKE_R_G_IS_NOT_LEGAL                         100
++# define ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL               101
++# define ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL               102
++# define ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH           103
++# define ECJPAKE_R_HASH_OF_KEY_MISMATCH                   104
++# define ECJPAKE_R_VERIFY_X3_FAILED                       105
++# define ECJPAKE_R_VERIFY_X4_FAILED                       106
++# define ECJPAKE_R_VERIFY_X4S_FAILED                      107
++# define ECJPAKE_R_ZKP_VERIFY_FAILED                      108
++
++# ifdef  __cplusplus
++}
++# endif
++#endif
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpaketest.c openssl/crypto/ecjpake/ecjpaketest.c
+--- openssl-1.0.1m/crypto/ecjpake/ecjpaketest.c	1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpaketest.c	2015-08-17 16:29:40.405982099 -0700
+@@ -0,0 +1,358 @@
++#include <openssl/opensslconf.h>
++
++#ifdef OPENSSL_NO_ECJPAKE
++
++# include <stdio.h>
++
++int main(int argc, char *argv[])
++{
++    printf("No EC J-PAKE support\n");
++    return(0);
++}
++
++#else
++
++# include "../e_os.h"
++# include <openssl/ecjpake.h>
++# include <openssl/crypto.h>
++# include <openssl/bio.h>
++# include <openssl/rand.h>
++# include <openssl/obj_mac.h>
++# include <openssl/err.h>
++# include <memory.h>
++
++static void showkey(const char *name, const unsigned char *key)
++{
++    int i;
++
++    fputs(name, stdout);
++    fputs(" = ", stdout);
++    for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
++        fprintf(stdout, "%02X", key[i]);
++    putc('\n', stdout);
++}
++
++# if 0
++static void showbn(const char *name, const BIGNUM *bn)
++{
++    fputs(name, stdout);
++    fputs(" = ", stdout);
++    BN_print_fp(stdout, bn);
++    putc('\n', stdout);
++}
++
++static void showpoint(const char *name, const EC_POINT *point, ECJPAKE_CTX *ctx)
++{
++    BIGNUM *point_x = BN_new();
++    BIGNUM *point_y = BN_new();
++    BN_CTX *bn_ctx = BN_CTX_new();
++    const EC_GROUP *group = ECJPAKE_get_ecGroup(ctx);
++
++    if (bn_ctx == NULL || point_y == NULL || point_x == NULL)
++        goto err;
++
++    EC_POINT_get_affine_coordinates_GFp(group, point, point_x, point_y, bn_ctx);
++
++    fputs(name, stdout);
++    showbn(" X:", point_x);
++    fputs(name, stdout);
++    showbn(" Y:", point_y);
++
++err:
++    if (bn_ctx != NULL)
++        BN_CTX_free(bn_ctx);
++    if (point_y != NULL)
++        BN_free(point_y);
++    if (point_x != NULL)
++        BN_free(point_x);
++}
++# endif
++
++static const char rnd_seed[] =
++    "string to make the random number generator think it has entropy";
++
++/* generates random length value in a range [len_bottom, len_top] */
++static int generate_rand_len(size_t *rand_len,
++                             unsigned int len_bottom,
++                             unsigned int len_top)
++{
++    if (len_top > 0xffff || len_bottom > len_top)
++        return 0;
++
++    if (!RAND_bytes((unsigned char *)(rand_len), sizeof(size_t)))
++        return 0;
++
++    *rand_len = *rand_len % (len_top - len_bottom + 1) + len_bottom;
++
++    return 1;
++}
++
++static int run_ecjpake(ECJPAKE_CTX *alice, ECJPAKE_CTX *bob)
++{
++    ECJPAKE_STEP1 alice_s1;
++    ECJPAKE_STEP1 bob_s1;
++    ECJPAKE_STEP2 alice_s2;
++    ECJPAKE_STEP2 bob_s2;
++    ECJPAKE_STEP3A alice_s3a;
++    ECJPAKE_STEP3B bob_s3b;
++
++    /* Alice --> Bob: Step 1 */
++    fputs("\tAlice --> Bob: Step 1\n", stdout);
++    ECJPAKE_STEP1_init(&alice_s1, alice);
++    ECJPAKE_STEP1_generate(&alice_s1, alice);
++
++    if (!ECJPAKE_STEP1_process(bob, &alice_s1)) {
++        ECJPAKE_STEP1_release(&alice_s1);
++        fprintf(stderr, "Bob fails to process Alice's step 1\n");
++        ERR_print_errors_fp(stdout);
++        return 1;
++    }
++    ECJPAKE_STEP1_release(&alice_s1);
++
++    /* Bob --> Alice: Step 1 */
++    fputs("\tBob --> Alice: Step 1\n", stdout);
++    ECJPAKE_STEP1_init(&bob_s1, bob);
++    ECJPAKE_STEP1_generate(&bob_s1, bob);
++    if (!ECJPAKE_STEP1_process(alice, &bob_s1)) {
++        ECJPAKE_STEP1_release(&bob_s1);
++        fprintf(stderr, "Alice fails to process Bob's step 1\n");
++        ERR_print_errors_fp(stdout);
++        return 2;
++    }
++    ECJPAKE_STEP1_release(&bob_s1);
++
++    /* Alice --> Bob: Step 2 */
++    fputs("\tAlice --> Bob: Step 2\n", stdout);
++    ECJPAKE_STEP2_init(&alice_s2, alice);
++    ECJPAKE_STEP2_generate(&alice_s2, alice);
++    if (!ECJPAKE_STEP2_process(bob, &alice_s2)) {
++        ECJPAKE_STEP2_release(&alice_s2);
++        fprintf(stderr, "Bob fails to process Alice's step 2\n");
++        ERR_print_errors_fp(stdout);
++        return 3;
++    }
++    ECJPAKE_STEP2_release(&alice_s2);
++
++    /* Bob --> Alice: Step 2 */
++    fputs("\tBob --> Alice: Step 2\n", stdout);
++    ECJPAKE_STEP2_init(&bob_s2, bob);
++    ECJPAKE_STEP2_generate(&bob_s2, bob);
++    if (!ECJPAKE_STEP2_process(alice, &bob_s2)) {
++        ECJPAKE_STEP2_release(&bob_s2);
++        fprintf(stderr, "Alice fails to process Bob's step 2\n");
++        ERR_print_errors_fp(stdout);
++        return 4;
++    }
++    ECJPAKE_STEP2_release(&bob_s2);
++
++    showkey("\tAlice's key", ECJPAKE_get_shared_key(alice));
++    showkey("\tBob's key  ", ECJPAKE_get_shared_key(bob));
++
++    /* Alice --> Bob: Step 3A */
++    fputs("\tAlice --> Bob: Step 3A\n", stdout);
++    ECJPAKE_STEP3A_init(&alice_s3a);
++    ECJPAKE_STEP3A_generate(&alice_s3a, alice);
++    if (!ECJPAKE_STEP3A_process(bob, &alice_s3a)) {
++        ECJPAKE_STEP3A_release(&alice_s3a);
++        return 5;
++    }
++    ECJPAKE_STEP3A_release(&alice_s3a);
++
++    /* Bob --> Alice: Step 3B */
++    fputs("\tBob --> Alice: Step 3B\n", stdout);
++    ECJPAKE_STEP3B_init(&bob_s3b);
++    ECJPAKE_STEP3B_generate(&bob_s3b, bob);
++    if (!ECJPAKE_STEP3B_process(alice, &bob_s3b)) {
++        ECJPAKE_STEP3B_release(&bob_s3b);
++        return 6;
++    }
++    ECJPAKE_STEP3B_release(&bob_s3b);
++
++    return 0;
++}
++
++int main(int argc, char **argv)
++{
++    ECJPAKE_CTX *alice = NULL;
++    ECJPAKE_CTX *bob = NULL;
++    unsigned char *alice_id_num = NULL;
++    unsigned char *bob_id_num = NULL;
++    size_t alice_id_len;
++    size_t bob_id_len;
++    BIGNUM *secret = NULL;;
++    BIGNUM *secret_wrong = NULL;
++    size_t secret_len;
++    EC_GROUP *group = NULL;
++    BIO *bio_err;
++    int i;
++    int ret = 1;
++
++    typedef struct test_curve {
++        int nid;
++        char *name;
++    } test_curve;
++
++    test_curve test_curves[] = {
++        /* SECG PRIME CURVES TESTS */
++        {NID_secp160r1, "SECG Prime-Curve P-160"},
++        /* NIST PRIME CURVES TESTS */
++        {NID_X9_62_prime192v1, "NIST Prime-Curve P-192"},
++        {NID_secp224r1, "NIST Prime-Curve P-224"},
++        {NID_X9_62_prime256v1, "NIST Prime-Curve P-256"},
++        {NID_secp384r1, "NIST Prime-Curve P-384"},
++        {NID_secp521r1, "NIST Prime-Curve P-521"},
++# ifndef OPENSSL_NO_EC2M
++        /* NIST BINARY CURVES TESTS */
++        {NID_sect163k1, "NIST Binary-Curve K-163"},
++        {NID_sect163r2, "NIST Binary-Curve B-163"},
++        {NID_sect233k1, "NIST Binary-Curve K-233"},
++        {NID_sect233r1, "NIST Binary-Curve B-233"},
++        {NID_sect283k1, "NIST Binary-Curve K-283"},
++        {NID_sect283r1, "NIST Binary-Curve B-283"},
++        {NID_sect409k1, "NIST Binary-Curve K-409"},
++        {NID_sect409r1, "NIST Binary-Curve B-409"},
++        {NID_sect571k1, "NIST Binary-Curve K-571"},
++        {NID_sect571r1, "NIST Binary-Curve B-571"},
++# endif
++    };
++
++    CRYPTO_malloc_debug_init();
++    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
++    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
++
++# ifdef OPENSSL_SYS_WIN32
++    CRYPTO_malloc_init();
++# endif
++
++    RAND_seed(rnd_seed, sizeof rnd_seed);
++
++    bio_err = BIO_new(BIO_s_file());
++    if (bio_err == NULL)
++        EXIT(1);
++    BIO_set_fp(bio_err, stdout, BIO_NOCLOSE);
++
++    for (i = 0; i < sizeof(test_curves)/sizeof(test_curve); i++) {
++
++        fprintf(stdout, "\nTesting ECJPAKE protocol for %s\n",
++		test_curves[i].name);
++
++        group = EC_GROUP_new_by_curve_name(test_curves[i].nid);
++        if (group == NULL)
++            goto err;
++
++        /* randomize length of a secret in a range [32, 1024] bits */
++        if (!generate_rand_len(&secret_len, 32, 512))
++            goto err;
++        /* randomize secret of secret_len bits */
++        secret = BN_new();
++	if (secret == NULL)
++	    goto err;
++        if (!BN_rand(secret, secret_len, 0, 0))
++            goto err;
++        /* randomize alice_id_len in a range [4, 128] bytes */
++        if (!generate_rand_len(&alice_id_len, 4, 128))
++            goto err;
++        /* randomize alice_id_num of alice_id_len bytes */
++        alice_id_num = (unsigned char *)OPENSSL_malloc(alice_id_len);
++	if (alice_id_num == NULL)
++            goto err;
++        if (!RAND_bytes(alice_id_num, alice_id_len))
++            goto err;
++        /* randomize bob_id_len in a range [4, 128] bytes */
++        if (!generate_rand_len(&bob_id_len, 4, 128))
++            goto err;
++        /* randomize bob_id_num of bob_id_len bytes */
++        bob_id_num = (unsigned char *)OPENSSL_malloc(bob_id_len);
++	if (bob_id_num == NULL)
++            goto err;
++        if (!RAND_bytes(bob_id_num, bob_id_len))
++            goto err;
++
++        /* Initialize ECJPAKE_CTX for Alice and Bob */
++        alice = ECJPAKE_CTX_new(group, secret, alice_id_num, alice_id_len,
++                                bob_id_num, bob_id_len);
++        if (alice == NULL)
++            goto err;
++        bob = ECJPAKE_CTX_new(group, secret, bob_id_num, bob_id_len,
++                              alice_id_num, alice_id_len);
++        if (bob == NULL)
++            goto err;
++
++        fprintf(stdout, "Plain EC J-PAKE run\n");
++        if (run_ecjpake(alice, bob) != 0) {
++            fprintf(stderr, "Plain EC J-PAKE run failed\n");
++            goto err;
++        }
++
++        ECJPAKE_CTX_free(bob);
++        bob = NULL;
++        ECJPAKE_CTX_free(alice);
++        alice = NULL;
++
++        /* Now give Alice and Bob different secrets */
++        alice = ECJPAKE_CTX_new(group, secret, alice_id_num, alice_id_len,
++                                bob_id_num, bob_id_len);
++        if (alice == NULL)
++            goto err;
++        /* randomize secret_wrong of secret_len bits */
++        secret_wrong = BN_new();
++	if (secret_wrong == NULL)
++	    goto err;
++        if (!BN_rand(secret_wrong, secret_len, 0, 0))
++            goto err;
++        if (!BN_add(secret_wrong, secret_wrong, secret))
++            goto err;
++        bob = ECJPAKE_CTX_new(group, secret_wrong, bob_id_num, bob_id_len,
++                              alice_id_num, alice_id_len);
++        if (bob == NULL)
++            goto err;
++
++        fprintf(stdout, "Mismatch secret EC J-PAKE run\n");
++        if (run_ecjpake(alice, bob) != 5) {
++            fprintf(stderr, "Mismatched secret EC J-PAKE run failed\n");
++            goto err;
++        }
++
++        ECJPAKE_CTX_free(bob);
++        bob = NULL;
++        ECJPAKE_CTX_free(alice);
++        alice = NULL;
++        BN_free(secret);
++        secret = NULL;
++        BN_free(secret_wrong);
++        secret_wrong = NULL;
++	OPENSSL_free(alice_id_num);
++	alice_id_num = NULL;
++	OPENSSL_free(bob_id_num);
++	bob_id_num = NULL;
++        EC_GROUP_free(group);
++	group = NULL;
++    }
++
++    ret = 0;
++
++err:
++    if (ret)
++        fprintf(stderr, "Exiting ecjpaketest with error.\n");
++    if (bob != NULL)
++        ECJPAKE_CTX_free(bob);
++    if (alice != NULL)
++        ECJPAKE_CTX_free(alice);
++    if (secret != NULL)
++        BN_free(secret);
++    if (secret_wrong != NULL)
++        BN_free(secret_wrong);
++    if (alice_id_num != NULL)
++	OPENSSL_free(alice_id_num);
++    if (bob_id_num != NULL)
++	OPENSSL_free(bob_id_num);
++    if (group != NULL)
++        EC_GROUP_free(group);
++    BIO_free(bio_err);
++    CRYPTO_cleanup_all_ex_data();
++    ERR_remove_thread_state(NULL);
++    CRYPTO_mem_leaks_fp(stderr);
++    return ret;
++}
++
++#endif
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/Makefile openssl/crypto/ecjpake/Makefile
+--- openssl-1.0.1m/crypto/ecjpake/Makefile	1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/Makefile	2015-08-17 15:44:34.818599289 -0700
+@@ -0,0 +1,81 @@
++#
++# crypto/ecjpake/Makefile
++#
++
++DIR=ecjpake
++TOP=../..
++CC=	cc
++INCLUDES= -I.. -I$(TOP) -I../../include
++CFLAG=-g -Wall
++MAKEFILE=	Makefile
++AR=		ar r
++
++CFLAGS= $(INCLUDES) $(CFLAG)
++
++LIB=$(TOP)/libcrypto.a
++LIBOBJ=ecjpake.o ecjpake_err.o
++LIBSRC=ecjpake.c ecjpake_err.c
++
++SRC= $(LIBSRC)
++
++EXHEADER=ecjpake.h
++TEST=ecjpaketest.c
++
++
++top:
++	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
++
++all:	lib
++
++lib:	$(LIBOBJ)
++	$(AR) $(LIB) $(LIBOBJ)
++	$(RANLIB) $(LIB) || echo Never mind.
++	@touch lib
++
++links:
++	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
++	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
++
++install:
++	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
++	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
++	do  \
++	($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++	done;
++
++update: depend
++
++depend:
++	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
++	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
++
++dclean:
++	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
++	mv -f Makefile.new $(MAKEFILE)
++
++clean:
++	rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
++
++ecjpaketest: top ecjpaketest.c $(LIB)
++	$(CC) $(CFLAGS) -Wall -Werror -g -o ecjpaketest ecjpaketest.c $(LIB)
++# DO NOT DELETE THIS LINE -- make depend depends on it.
++
++ecjpake.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++ecjpake.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++ecjpake.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++ecjpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
++ecjpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++ecjpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
++ecjpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++ecjpake.o: ../../include/openssl/symhacks.h ecjpake.c ecjpake.h
++ecjpake_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++ecjpake_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++ecjpake_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++ecjpake_err.o: ../../include/openssl/ecjpake.h ../../include/openssl/err.h
++ecjpake_err.o: ../../include/openssl/lhash.h
++ecjpake_err.o: ../../include/openssl/opensslconf.h
++ecjpake_err.o: ../../include/openssl/opensslv.h
++ecjpake_err.o: ../../include/openssl/ossl_typ.h
++ecjpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++ecjpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++ecjpake_err.o: ecjpake_err.c
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/err_all.c openssl/crypto/err/err_all.c
+--- openssl-1.0.1m/crypto/err/err_all.c	2015-08-17 15:44:12.631191688 -0700
++++ openssl/crypto/err/err_all.c	2015-08-17 15:44:34.818599289 -0700
+@@ -107,6 +107,9 @@
+ #ifndef OPENSSL_NO_JPAKE
+ # include <openssl/jpake.h>
+ #endif
++#ifndef OPENSSL_NO_ECJPAKE
++# include <openssl/ecjpake.h>
++#endif
+ 
+ void ERR_load_crypto_strings(void)
+ {
+@@ -164,5 +167,8 @@
+ # ifndef OPENSSL_NO_JPAKE
+     ERR_load_JPAKE_strings();
+ # endif
++# ifndef OPENSSL_NO_ECJPAKE
++    ERR_load_ECJPAKE_strings();
++# endif
+ #endif
+ }
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/err.h openssl/crypto/err/err.h
+--- openssl-1.0.1m/crypto/err/err.h	2015-08-17 15:44:12.631191688 -0700
++++ openssl/crypto/err/err.h	2015-08-17 15:44:34.818599289 -0700
+@@ -197,6 +197,7 @@
+ # define ERR_LIB_TS              47
+ # define ERR_LIB_HMAC            48
+ # define ERR_LIB_JPAKE           49
++# define ERR_LIB_ECJPAKE         50
+ 
+ # define ERR_LIB_USER            128
+ 
+@@ -233,6 +234,7 @@
+ # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
+ # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
+ # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
++# define ECJPAKEerr(f,r) ERR_PUT_error(ERR_LIB_ECJPAKE,(f),(r),__FILE__,__LINE__)
+ 
+ /*
+  * Borland C seems too stupid to be able to shift and do longs in the
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/openssl.ec openssl/crypto/err/openssl.ec
+--- openssl-1.0.1m/crypto/err/openssl.ec	2015-08-17 15:44:12.635191581 -0700
++++ openssl/crypto/err/openssl.ec	2015-08-17 15:44:34.818599289 -0700
+@@ -35,6 +35,7 @@
+ L HMAC		crypto/hmac/hmac.h		crypto/hmac/hmac_err.c
+ L CMS		crypto/cms/cms.h		crypto/cms/cms_err.c
+ L JPAKE		crypto/jpake/jpake.h		crypto/jpake/jpake_err.c
++L ECJPAKE	crypto/ecjpake/ecjpake.h	crypto/ecjpake/ecjpake_err.c
+ 
+ # additional header files to be scanned for function names
+ L NONE		crypto/x509/x509_vfy.h		NONE
+diff -ruaN --no-dereference openssl-1.0.1m/Makefile.org openssl/Makefile.org
+--- openssl-1.0.1m/Makefile.org	2015-08-17 15:44:12.715189445 -0700
++++ openssl/Makefile.org	2015-08-17 15:44:34.818599289 -0700
+@@ -147,7 +147,7 @@
+ 	bn ec rsa dsa ecdsa dh ecdh dso engine \
+ 	buffer bio stack lhash rand err \
+ 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+-	cms pqueue ts jpake srp store cmac
++	cms pqueue ts jpake ecjpake srp store cmac
+ # keep in mind that the above list is adjusted by ./Configure
+ # according to no-xxx arguments...
+ 
+diff -ruaN --no-dereference openssl-1.0.1m/test/Makefile openssl/test/Makefile
+--- openssl-1.0.1m/test/Makefile	2015-08-17 15:44:12.759188270 -0700
++++ openssl/test/Makefile	2015-08-17 16:50:00.574984277 -0700
+@@ -62,6 +62,7 @@
+ EVPEXTRATEST=evp_extra_test
+ IGETEST=	igetest
+ JPAKETEST=	jpaketest
++ECJPAKETEST=	ecjpaketest
+ SRPTEST=	srptest
+ ASN1TEST=	asn1test
+ HEARTBEATTEST=  heartbeat_test
+@@ -71,7 +72,7 @@
+ 
+ EXE=	$(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT)  $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
+ 	$(MD2TEST)$(EXE_EXT)  $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \
+-	$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
++	$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) $(ECJPAKETEST)$(EXE_EXT) \
+ 	$(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
+ 	$(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
+ 	$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
+@@ -86,7 +87,7 @@
+ 	$(HMACTEST).o $(WPTEST).o \
+ 	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+ 	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
+-	$(MDC2TEST).o $(RMDTEST).o \
++	$(MDC2TEST).o $(RMDTEST).o $(ECJPAKETEST).o \
+ 	$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
+ 	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
+ 	$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \
+@@ -94,7 +95,7 @@
+ 
+ SRC=	$(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
+ 	$(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
+-	$(HMACTEST).c $(WPTEST).c \
++	$(HMACTEST).c $(WPTEST).c $(ECJPAKETEST).c \
+ 	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+ 	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+ 	$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
+@@ -137,7 +138,7 @@
+ 
+ alltests: \
+ 	test_des test_idea test_sha test_md4 test_md5 test_hmac \
+-	test_md2 test_mdc2 test_wp \
++	test_md2 test_mdc2 test_wp test_ecjpake \
+ 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+ 	test_rand test_bn test_ec test_ecdsa test_ecdh \
+ 	test_enc test_x509 test_rsa test_crl test_sid \
+@@ -319,6 +320,10 @@
+ 	@echo "Test JPAKE"
+ 	../util/shlib_wrap.sh ./$(JPAKETEST)
+ 
++test_ecjpake: $(ECJPAKETEST)$(EXE_EXT)
++	@echo "Test ECJPAKE"
++	../util/shlib_wrap.sh ./$(ECJPAKETEST)
++
+ test_cms:
+ 	@echo "CMS consistency test"
+ 	$(PERL) cms-test.pl
+@@ -489,6 +494,9 @@
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+ 	@target=$(JPAKETEST); $(BUILD_CMD)
+ 
++$(ECJPAKETEST)$(EXE_EXT): $(ECJPAKETEST).o $(DLIBCRYPTO)
++	@target=$(ECJPAKETEST); $(BUILD_CMD)
++
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+ 	@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+@@ -593,6 +601,11 @@
+ ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ ecdsatest.o: ecdsatest.c
++ecjpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
++ecjpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
++ecjpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++ecjpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
++ecjpaketest.o: ../include/openssl/symhacks.h ecjpaketest.c
+ ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
diff --git a/openssl.url b/openssl.url
new file mode 100644
index 0000000..aa445e9
--- /dev/null
+++ b/openssl.url
@@ -0,0 +1 @@
+https://www.openssl.org/source/openssl-1.0.1p.tar.gz
diff --git a/openssl.version b/openssl.version
new file mode 100644
index 0000000..c94b8ea
--- /dev/null
+++ b/openssl.version
@@ -0,0 +1 @@
+1.0.1p