Project import
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..60102c5
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,139 @@
+#
+# Copyright (c) 2010-2012 Nest, Inc.
+# All rights reserved.
+#
+# This document is the property of Nest. It is considered
+# confidential and proprietary information.
+#
+# This document may not be reproduced or transmitted in any form,
+# in whole or in part, without the express written permission of
+# Nest.
+#
+# Description:
+# This file is the makefile for the Open Secure Socket Layer
+# (SSL) library.
+#
+
+.NOTPARALLEL:
+
+BuildConfigSpecialized := No
+
+include pre.mak
+
+PackageName := openssl
+
+PackageExtension := tar.gz
+PackageSeparator := -
+
+PackagePatchArgs := -p1
+
+PackageArchive := $(PackageName)$(PackageSeparator)$(PackageVersion).$(PackageExtension)
+PackageSourceDir := $(PackageName)$(PackageSeparator)$(PackageVersion)
+
+PackageBuildMakefile = $(call GenerateBuildPaths,Makefile)
+
+CleanPaths += $(PackageLicenseFile)
+
+LinuxDir := sw/tps/linux
+LinuxIncDir := $(call GenerateResultPaths,$(LinuxDir),include)
+
+ZlibDir := sw/tps/zlib
+ZlibIncDir := $(call GenerateResultPaths,$(ZlibDir),usr/include)
+ZlibLibDir := $(call GenerateResultPaths,$(ZlibDir),usr/lib)
+
+OpenSSLPackageOptions += experimental-jpake $(call ToolGenerateDefineArgument,OPENSSL_EXPERIMENTAL_JPAKE)
+
+OpenSSLTargets = all
+OpenSSLInstallTargets = install
+
+# If the feature BUILD_FEATURE_OPENSSL_FORCE32_LONG is set, we're forcing OpenSSL to use a 32bit long
+# We typically set this when building the simulator because our PASE code expects BN_BYTES == 4
+# We force 32bit by setting the TargetConfig to gcc
+# Couple unfortunate side effects:
+# 1) Assembly is not supported
+# 2) This TargetConfig forces us to build as a static library (OpenSSL limitation)
+# 3) We have to turn off compression. Zlib causes problems for other packages like curl
+# whose configure script can't seem to realize that it needs to bring in zlib as well
+# (might be a pkgconfig issue with openssl?)
+# 4) We have to compile with -fPIC since other dylibs (curl) link openssl
+ifeq ($(BUILD_FEATURE_OPENSSL_FORCE32_LONG),1)
+OpenSSLPackageOptions += no-asm no-zlib
+OpenSSLCCFlags = -fPIC
+OpenSSLTargetConfig = gcc
+else
+OpenSSLPackageOptions += shared zlib
+endif
+
+all: $(PackageDefaultGoal)
+
+# Generate the package license contents.
+
+$(PackageSourceDir)/LICENSE: source
+
+$(PackageLicenseFile): $(PackageSourceDir)/LICENSE
+ $(copy-result)
+
+# Extract the source from the archive and apply patches, if any.
+
+$(PackageSourceDir): $(PackageArchive) $(PackagePatchPaths)
+ $(expand-and-patch-package)
+
+# Prepare the sources.
+
+.PHONY: source
+source: | $(PackageSourceDir)
+
+# Patch the sources, if necessary.
+
+.PHONY: patch
+patch: source
+
+$(PackageBuildMakefile): | $(PackageSourceDir) $(BuildDirectory)
+ $(Verbose)$(call create-links,$(CURDIR)/$(PackageSourceDir),$(BuildDirectory)) ; \
+ cd $(BuildDirectory) && \
+ INSTALL="$(INSTALL) $(INSTALLFLAG)" \
+ ./Configure \
+ --prefix=/usr \
+ --openssldir=/usr/lib/ssl \
+ $(call ToolGenerateIncludeArgument,$(ZlibIncDir)) \
+ $(call ToolGenerateLibraryPathArgument,$(ZlibLibDir)) \
+ $(OpenSSLPackageOptions) \
+ $(OpenSSLCCFlags) \
+ $(OpenSSLTargetConfig)
+
+# Configure the source for building.
+
+.PHONY: configure
+configure: source $(PackageBuildMakefile)
+
+# Build the source.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: build
+build: configure | $(BuildDirectory)
+ $(Verbose)unset MAKEFLAGS && \
+ $(MAKE) $(JOBSFLAG) -C $(BuildDirectory) \
+ CC="$(CC)" AR="$(AR) $(ARFLAGS)" RANLIB=$(RANLIB) \
+ INSTALL_PREFIX=$(ResultDirectory) \
+ $(OpenSSLTargets)
+
+# Stage the build to a temporary installation area.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: stage
+stage: build | $(ResultDirectory)
+ $(Verbose)unset MAKEFLAGS && \
+ $(MAKE) -C $(BuildDirectory) \
+ CC="$(CC)" AR="$(AR) $(ARFLAGS)" RANLIB=$(RANLIB) \
+ INSTALL="$(INSTALL) $(INSTALLFLAGS)" \
+ INSTALL_PREFIX=$(ResultDirectory) \
+ $(OpenSSLInstallTargets)
+
+clean:
+ $(Verbose)$(RM) $(RMFLAGS) -r $(PackageSourceDir)
+ $(Verbose)$(RM) $(RMFLAGS) -r $(BuildDirectory)
+ $(Verbose)$(RM) $(RMFLAGS) -r $(ResultDirectory)
+
+include post.mak
diff --git a/openssl-1.0.1p.tar.gz b/openssl-1.0.1p.tar.gz
new file mode 100644
index 0000000..db77eba
--- /dev/null
+++ b/openssl-1.0.1p.tar.gz
Binary files differ
diff --git a/openssl.patches/openssl-50.description b/openssl.patches/openssl-50.description
new file mode 100644
index 0000000..da8e579
--- /dev/null
+++ b/openssl.patches/openssl-50.description
@@ -0,0 +1,3 @@
+This patch ensures that shared libraries are, at minimum, user writable
+so that they may be successfully stripped when generating file system
+and installation images.
diff --git a/openssl.patches/openssl-50.patch b/openssl.patches/openssl-50.patch
new file mode 100644
index 0000000..653d97f
--- /dev/null
+++ b/openssl.patches/openssl-50.patch
@@ -0,0 +1,11 @@
+--- a/Makefile.org 2010-01-27 08:06:36.000000000 -0800
++++ b/Makefile.org 2010-09-03 14:47:59.000000000 -0700
+@@ -527,7 +527,7 @@
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
++ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
diff --git a/openssl.patches/openssl-51.description b/openssl.patches/openssl-51.description
new file mode 100644
index 0000000..7988986
--- /dev/null
+++ b/openssl.patches/openssl-51.description
@@ -0,0 +1 @@
+This patch ensures that CHECKED_STACK_OF can successfully work with C++ classes that employs cast operators.
diff --git a/openssl.patches/openssl-51.patch b/openssl.patches/openssl-51.patch
new file mode 100644
index 0000000..a0c4a69
--- /dev/null
+++ b/openssl.patches/openssl-51.patch
@@ -0,0 +1,11 @@
+--- a/crypto/stack/safestack.h 2011-08-17 15:39:52.853888167 -0700
++++ b/crypto/stack/safestack.h 2011-08-17 15:40:20.181928142 -0700
+@@ -68,7 +68,7 @@
+ */
+
+ # define CHECKED_STACK_OF(type, p) \
+- ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
++ ((_STACK*) (1 ? (STACK_OF(type)*)p : (STACK_OF(type)*)0))
+
+ # define CHECKED_SK_FREE_FUNC(type, p) \
+ ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
diff --git a/openssl.patches/openssl-52.description b/openssl.patches/openssl-52.description
new file mode 100644
index 0000000..8aba8cc
--- /dev/null
+++ b/openssl.patches/openssl-52.description
@@ -0,0 +1,3 @@
+Patch to allow parallel build of openssl.
+Gathered from https://github.com/Alexpux/Qt-builds/blob/master/patches/openssl/openssl-1.0.1-parallel-build.patch
+Licensed under BSD-3 http://www.opensource.org/licenses/BSD-3-Clause
diff --git a/openssl.patches/openssl-52.patch b/openssl.patches/openssl-52.patch
new file mode 100644
index 0000000..5289d6c
--- /dev/null
+++ b/openssl.patches/openssl-52.patch
@@ -0,0 +1,346 @@
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -277,17 +277,17 @@
+ build_libssl: build_ssl libssl.pc
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -497,9 +497,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -508,6 +508,13 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+@@ -511,7 +511,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -593,12 +600,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -105,6 +105,7 @@ LINK_SO= \
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +124,7 @@ SYMLINK_SO= \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+
+@@ -110,7 +110,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -119,7 +119,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -131,7 +131,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -394,121 +394,121 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+- @target=$(VERIFYEXTRATEST) $(BUILD_CMD)
++ +@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -521,7 +521,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
diff --git a/openssl.patches/openssl-53.description b/openssl.patches/openssl-53.description
new file mode 100644
index 0000000..722d6f6
--- /dev/null
+++ b/openssl.patches/openssl-53.description
@@ -0,0 +1 @@
+Patch to have Openssl use /usr/bin/install
diff --git a/openssl.patches/openssl-53.patch b/openssl.patches/openssl-53.patch
new file mode 100644
index 0000000..4cf8b05
--- /dev/null
+++ b/openssl.patches/openssl-53.patch
@@ -0,0 +1,960 @@
+diff -aruN a/apps/Makefile b/apps/Makefile
+--- a/apps/Makefile 2014-04-07 09:55:44.000000000 -0700
++++ b/apps/Makefile 2014-06-11 13:39:01.206044045 -0700
+@@ -102,20 +102,14 @@
+ @set -e; for i in $(EXE); \
+ do \
+ (echo installing $$i; \
+- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
++ $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ done;
+ @set -e; for i in $(SCRIPTS); \
+ do \
+ (echo installing $$i; \
+- cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
++ $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ done
+- @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+- chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
++ @$(INSTALL) openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf; \
+
+ tags:
+ ctags $(SRC)
+diff -aruN a/crypto/aes/Makefile b/crypto/aes/Makefile
+--- a/crypto/aes/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/aes/Makefile 2014-06-11 13:46:43.547397933 -0700
+@@ -94,8 +94,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/asn1/Makefile b/crypto/asn1/Makefile
+--- a/crypto/asn1/Makefile 2014-04-07 09:55:35.000000000 -0700
++++ b/crypto/asn1/Makefile 2014-06-11 14:04:27.899675150 -0700
+@@ -81,8 +81,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/bf/Makefile b/crypto/bf/Makefile
+--- a/crypto/bf/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/bf/Makefile 2014-06-11 13:50:59.870800614 -0700
+@@ -60,8 +60,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/bio/Makefile b/crypto/bio/Makefile
+--- a/crypto/bio/Makefile 2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/bio/Makefile 2014-06-11 13:49:31.285958273 -0700
+@@ -61,8 +61,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/bn/Makefile b/crypto/bn/Makefile
+--- a/crypto/bn/Makefile 2014-04-07 09:55:28.000000000 -0700
++++ b/crypto/bn/Makefile 2014-06-11 13:43:42.741340785 -0700
+@@ -147,8 +147,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ exptest:
+diff -aruN a/crypto/buffer/Makefile b/crypto/buffer/Makefile
+--- a/crypto/buffer/Makefile 2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/buffer/Makefile 2014-06-11 13:42:26.316781813 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/camellia/Makefile b/crypto/camellia/Makefile
+--- a/crypto/camellia/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/camellia/Makefile 2014-06-11 14:02:08.982642071 -0700
+@@ -61,8 +61,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/cast/Makefile b/crypto/cast/Makefile
+--- a/crypto/cast/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/cast/Makefile 2014-06-11 13:48:36.426856633 -0700
+@@ -57,8 +57,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/cmac/Makefile b/crypto/cmac/Makefile
+--- a/crypto/cmac/Makefile 2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/cmac/Makefile 2014-06-11 13:51:21.993551302 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/cms/Makefile b/crypto/cms/Makefile
+--- a/crypto/cms/Makefile 2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/cms/Makefile 2014-06-11 13:53:34.699854344 -0700
+@@ -55,8 +55,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/comp/Makefile b/crypto/comp/Makefile
+--- a/crypto/comp/Makefile 2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/comp/Makefile 2014-06-11 13:46:10.786827825 -0700
+@@ -52,8 +52,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/conf/Makefile b/crypto/conf/Makefile
+--- a/crypto/conf/Makefile 2014-04-07 09:55:37.000000000 -0700
++++ b/crypto/conf/Makefile 2014-06-11 13:56:14.764697941 -0700
+@@ -52,8 +52,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/des/Makefile b/crypto/des/Makefile
+--- a/crypto/des/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/des/Makefile 2014-06-11 14:06:57.431837553 -0700
+@@ -82,8 +82,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/dh/Makefile b/crypto/dh/Makefile
+--- a/crypto/dh/Makefile 2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/dh/Makefile 2014-06-11 13:47:28.927456463 -0700
+@@ -51,8 +51,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/dsa/Makefile b/crypto/dsa/Makefile
+--- a/crypto/dsa/Makefile 2014-04-07 09:55:29.000000000 -0700
++++ b/crypto/dsa/Makefile 2014-06-11 13:42:04.823299123 -0700
+@@ -51,8 +51,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/dso/Makefile b/crypto/dso/Makefile
+--- a/crypto/dso/Makefile 2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/dso/Makefile 2014-06-11 14:11:50.062940325 -0700
+@@ -51,8 +51,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/ec/Makefile b/crypto/ec/Makefile
+--- a/crypto/ec/Makefile 2014-04-07 09:55:29.000000000 -0700
++++ b/crypto/ec/Makefile 2014-06-11 13:39:44.765969069 -0700
+@@ -58,8 +58,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile
+--- a/crypto/ecdh/Makefile 2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/ecdh/Makefile 2014-06-11 13:47:06.515665143 -0700
+@@ -50,8 +50,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile
+--- a/crypto/ecdsa/Makefile 2014-04-07 09:55:30.000000000 -0700
++++ b/crypto/ecdsa/Makefile 2014-06-11 13:58:43.793131492 -0700
+@@ -50,8 +50,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/engine/Makefile b/crypto/engine/Makefile
+--- a/crypto/engine/Makefile 2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/engine/Makefile 2014-06-11 13:40:25.650744785 -0700
+@@ -59,8 +59,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/err/Makefile b/crypto/err/Makefile
+--- a/crypto/err/Makefile 2014-04-07 09:55:32.000000000 -0700
++++ b/crypto/err/Makefile 2014-06-11 13:50:16.228708297 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/evp/Makefile b/crypto/evp/Makefile
+--- a/crypto/evp/Makefile 2014-04-07 09:55:33.000000000 -0700
++++ b/crypto/evp/Makefile 2014-06-11 14:09:00.133453079 -0700
+@@ -74,8 +74,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/hmac/Makefile b/crypto/hmac/Makefile
+--- a/crypto/hmac/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/hmac/Makefile 2014-06-11 13:55:01.044141828 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/idea/Makefile b/crypto/idea/Makefile
+--- a/crypto/idea/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/idea/Makefile 2014-06-11 14:08:09.671197576 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/jpake/Makefile b/crypto/jpake/Makefile
+--- a/crypto/jpake/Makefile 2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/jpake/Makefile 2014-06-11 13:56:54.540624511 -0700
+@@ -28,8 +28,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ depend:
+diff -aruN a/crypto/krb5/Makefile b/crypto/krb5/Makefile
+--- a/crypto/krb5/Makefile 2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/krb5/Makefile 2014-06-11 14:12:56.833039499 -0700
+@@ -50,8 +50,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/lhash/Makefile b/crypto/lhash/Makefile
+--- a/crypto/lhash/Makefile 2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/lhash/Makefile 2014-06-11 13:56:41.079261923 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/Makefile b/crypto/Makefile
+--- a/crypto/Makefile 2014-06-11 13:02:39.380535040 -0700
++++ b/crypto/Makefile 2014-06-11 13:47:53.230872775 -0700
+@@ -120,8 +120,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ +@target=install; $(RECURSIVE_MAKE)
+
+diff -aruN a/crypto/Makefile.orig b/crypto/Makefile.orig
+--- a/crypto/Makefile.orig 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/Makefile.orig 2014-06-11 13:39:57.026776154 -0700
+@@ -120,8 +120,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @target=install; $(RECURSIVE_MAKE)
+
+diff -aruN a/crypto/md2/Makefile b/crypto/md2/Makefile
+--- a/crypto/md2/Makefile 2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/md2/Makefile 2014-06-11 13:54:14.945895895 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/md4/Makefile b/crypto/md4/Makefile
+--- a/crypto/md4/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/md4/Makefile 2014-06-11 13:54:00.092521963 -0700
+@@ -50,8 +50,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/md5/Makefile b/crypto/md5/Makefile
+--- a/crypto/md5/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/md5/Makefile 2014-06-11 13:55:55.937685997 -0700
+@@ -64,8 +64,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile
+--- a/crypto/mdc2/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/mdc2/Makefile 2014-06-11 14:12:34.196368264 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/modes/Makefile b/crypto/modes/Makefile
+--- a/crypto/modes/Makefile 2014-04-07 09:55:28.000000000 -0700
++++ b/crypto/modes/Makefile 2014-06-11 13:52:08.997894428 -0700
+@@ -77,8 +77,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/objects/Makefile b/crypto/objects/Makefile
+--- a/crypto/objects/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/objects/Makefile 2014-06-11 13:55:28.402856592 -0700
+@@ -62,8 +62,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile
+--- a/crypto/ocsp/Makefile 2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/ocsp/Makefile 2014-06-11 13:48:15.287102311 -0700
+@@ -52,8 +52,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/pem/Makefile b/crypto/pem/Makefile
+--- a/crypto/pem/Makefile 2014-04-07 09:55:35.000000000 -0700
++++ b/crypto/pem/Makefile 2014-06-11 13:41:41.493726266 -0700
+@@ -52,8 +52,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile
+--- a/crypto/pkcs12/Makefile 2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/pkcs12/Makefile 2014-06-11 13:41:19.128249482 -0700
+@@ -55,8 +55,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile
+--- a/crypto/pkcs7/Makefile 2014-04-07 09:55:38.000000000 -0700
++++ b/crypto/pkcs7/Makefile 2014-06-11 13:54:39.150252800 -0700
+@@ -70,8 +70,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile
+--- a/crypto/pqueue/Makefile 2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/pqueue/Makefile 2014-06-11 13:43:08.489534434 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/rand/Makefile b/crypto/rand/Makefile
+--- a/crypto/rand/Makefile 2014-04-07 09:55:32.000000000 -0700
++++ b/crypto/rand/Makefile 2014-06-11 13:49:06.071946738 -0700
+@@ -51,8 +51,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/rc2/Makefile b/crypto/rc2/Makefile
+--- a/crypto/rc2/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/rc2/Makefile 2014-06-11 13:51:45.103805991 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/rc4/Makefile b/crypto/rc4/Makefile
+--- a/crypto/rc4/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/rc4/Makefile 2014-06-11 14:09:50.071968921 -0700
+@@ -77,8 +77,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/rc5/Makefile b/crypto/rc5/Makefile
+--- a/crypto/rc5/Makefile 2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/rc5/Makefile 2014-06-11 14:10:23.714735068 -0700
+@@ -57,8 +57,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile
+--- a/crypto/ripemd/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/ripemd/Makefile 2014-06-11 14:11:30.676651703 -0700
+@@ -57,8 +57,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/rsa/Makefile b/crypto/rsa/Makefile
+--- a/crypto/rsa/Makefile 2014-04-07 09:55:29.000000000 -0700
++++ b/crypto/rsa/Makefile 2014-06-11 14:01:44.289334721 -0700
+@@ -55,8 +55,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/seed/Makefile b/crypto/seed/Makefile
+--- a/crypto/seed/Makefile 2014-04-07 09:55:27.000000000 -0700
++++ b/crypto/seed/Makefile 2014-06-11 14:12:15.094418677 -0700
+@@ -50,8 +50,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/sha/Makefile b/crypto/sha/Makefile
+--- a/crypto/sha/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/sha/Makefile 2014-06-11 14:09:22.645821412 -0700
+@@ -105,8 +105,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/srp/Makefile b/crypto/srp/Makefile
+--- a/crypto/srp/Makefile 2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/srp/Makefile 2014-06-11 14:05:00.823176148 -0700
+@@ -46,8 +46,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/stack/Makefile b/crypto/stack/Makefile
+--- a/crypto/stack/Makefile 2014-04-07 09:55:31.000000000 -0700
++++ b/crypto/stack/Makefile 2014-06-11 13:42:49.561969066 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/store/Makefile b/crypto/store/Makefile
+--- a/crypto/store/Makefile 2014-03-17 09:14:20.000000000 -0700
++++ b/crypto/store/Makefile 2014-06-11 13:43:17.929014163 -0700
+@@ -51,8 +51,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/ts/Makefile b/crypto/ts/Makefile
+--- a/crypto/ts/Makefile 2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/ts/Makefile 2014-06-11 13:59:56.784110542 -0700
+@@ -63,8 +63,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile
+--- a/crypto/txt_db/Makefile 2014-04-07 09:55:37.000000000 -0700
++++ b/crypto/txt_db/Makefile 2014-06-11 13:49:53.869284854 -0700
+@@ -49,8 +49,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/ui/Makefile b/crypto/ui/Makefile
+--- a/crypto/ui/Makefile 2014-04-07 09:55:39.000000000 -0700
++++ b/crypto/ui/Makefile 2014-06-11 13:44:10.289357761 -0700
+@@ -53,8 +53,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/whrlpool/Makefile b/crypto/whrlpool/Makefile
+--- a/crypto/whrlpool/Makefile 2014-04-07 09:55:26.000000000 -0700
++++ b/crypto/whrlpool/Makefile 2014-06-11 14:07:47.522277623 -0700
+@@ -62,8 +62,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/x509/Makefile b/crypto/x509/Makefile
+--- a/crypto/x509/Makefile 2014-04-07 09:55:36.000000000 -0700
++++ b/crypto/x509/Makefile 2014-06-11 14:10:12.300848773 -0700
+@@ -59,8 +59,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile
+--- a/crypto/x509v3/Makefile 2014-04-07 09:55:37.000000000 -0700
++++ b/crypto/x509v3/Makefile 2014-06-11 13:40:46.808848902 -0700
+@@ -59,8 +59,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/engines/ccgost/Makefile b/engines/ccgost/Makefile
+--- a/engines/ccgost/Makefile 2014-04-07 09:55:42.000000000 -0700
++++ b/engines/ccgost/Makefile 2014-06-11 13:03:28.527470520 -0700
+@@ -53,13 +53,11 @@
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ $(INSTALL) -m 555 $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+ else \
+ sfx=".so"; \
+- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ $(INSTALL) -m 555 cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
+ fi
+
+ links:
+diff -aruN a/engines/Makefile b/engines/Makefile
+--- a/engines/Makefile 2014-06-11 13:02:39.380535040 -0700
++++ b/engines/Makefile 2014-06-11 13:03:28.527470520 -0700
+@@ -119,13 +119,12 @@
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ $(INSTALL) -m 555 $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx; \
+ else \
+ sfx=".so"; \
+- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ $(INSTALL) -m 555 cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++ ); \
+ done; \
+ fi
+ +@target=install; $(RECURSIVE_MAKE)
+diff -aruN a/Makefile b/Makefile
+--- a/Makefile 2014-04-07 09:55:45.000000000 -0700
++++ b/Makefile 2014-06-11 14:50:49.899378498 -0700
+@@ -553,18 +553,14 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
++ $(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ fi; \
+ done;
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+@@ -574,9 +570,7 @@
+ if [ -f "$$i" -o -f "$$i.a" ]; then \
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
++ $(INSTALL) -m 555 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+@@ -608,12 +602,9 @@
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
+ fi
+- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
++ $(INSTALL) -m 644 libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++ $(INSTALL) -m 644 libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++ $(INSTALL) -m 644 openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+
+ install_html_docs:
+ here="`pwd`"; \
+diff -aruN a/Makefile.org b/Makefile.org
+--- a/Makefile.org 2014-06-11 13:02:39.376537077 -0700
++++ b/Makefile.org 2014-06-11 13:24:59.134799293 -0700
+@@ -538,7 +538,7 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: install_docs install_sw
++install: install_sw
+
+ install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+@@ -558,18 +558,14 @@
+ install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
++ $(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ fi; \
+ done;
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+@@ -579,9 +575,7 @@
+ if [ -f "$$i" -o -f "$$i.a" ]; then \
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
++ $(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+@@ -613,12 +607,9 @@
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
+ fi
+- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
++ $(INSTALL) -m 644 libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++ $(INSTALL) -m 644 libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
++ $(INSTALL) -m 644 openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+
+ install_html_docs:
+ here="`pwd`"; \
+diff -aruN a/ssl/Makefile b/ssl/Makefile
+--- a/ssl/Makefile 2014-04-07 09:55:41.000000000 -0700
++++ b/ssl/Makefile 2014-06-11 13:26:18.056426238 -0700
+@@ -77,8 +77,7 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+ tags:
+diff -aruN a/tools/Makefile b/tools/Makefile
+--- a/tools/Makefile 2014-03-17 09:14:20.000000000 -0700
++++ b/tools/Makefile 2014-06-11 14:29:33.165313421 -0700
+@@ -8,6 +8,7 @@
+ INCLUDES= -I$(TOP) -I../../include
+ CFLAG=-g
+ MAKEFILE= Makefile
++INSTALL=/usr/bin/install -c -C
+
+ CFLAGS= $(INCLUDES) $(CFLAG)
+
+@@ -22,15 +23,11 @@
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @for i in $(APPS) ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
++ ($(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+ done;
+ @for i in $(MISC_APPS) ; \
+ do \
+- (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
+- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
++ ($(INSTALL) -m 755 $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+ done;
+
+ files:
diff --git a/openssl.patches/openssl-54.description b/openssl.patches/openssl-54.description
new file mode 100644
index 0000000..964c33a
--- /dev/null
+++ b/openssl.patches/openssl-54.description
@@ -0,0 +1,2 @@
+Fix openssl parallel build problem. Applying the fix provided here:
+http://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
diff --git a/openssl.patches/openssl-54.patch b/openssl.patches/openssl-54.patch
new file mode 100644
index 0000000..660d504
--- /dev/null
+++ b/openssl.patches/openssl-54.patch
@@ -0,0 +1,15 @@
+diff -Naur a/Makefile.org b/Makefile.org
+--- a/Makefile.org 2015-04-17 16:31:06.448921145 -0700
++++ b/Makefile.org 2015-04-20 13:48:08.654093777 -0700
+@@ -340,7 +340,10 @@
+ libs="$$libs -l$$i"; \
+ done
+
+-build-shared: do_$(SHLIB_TARGET) link-shared
++# The link target in Makefile.shared will create the symlink for us, so no need
++# to call link-shared directly. Doing so will cause races with two processes
++# trying to symlink the lib.
++build-shared: do_$(SHLIB_TARGET)
+
+ do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
diff --git a/openssl.patches/openssl-55.description b/openssl.patches/openssl-55.description
new file mode 100644
index 0000000..92bfe6a
--- /dev/null
+++ b/openssl.patches/openssl-55.description
@@ -0,0 +1,2 @@
+An implementation of the J-PAKE cryptographic protocol based on elliptic curves.
+This protocol is implemented by Nest Labs.
diff --git a/openssl.patches/openssl-55.patch b/openssl.patches/openssl-55.patch
new file mode 100644
index 0000000..2fb25ed
--- /dev/null
+++ b/openssl.patches/openssl-55.patch
@@ -0,0 +1,1702 @@
+diff -ruaN --no-dereference openssl-1.0.1m/Configure openssl/Configure
+--- openssl-1.0.1m/Configure 2015-08-17 15:44:12.275201194 -0700
++++ openssl/Configure 2015-08-17 15:44:34.818599289 -0700
+@@ -718,6 +718,7 @@
+ "ec_nistp_64_gcc_128" => "default",
+ "gmp" => "default",
+ "jpake" => "experimental",
++ "ecjpake" => "experimental",
+ "md2" => "default",
+ "rc5" => "default",
+ "rfc3779" => "default",
+@@ -732,7 +733,7 @@
+
+ # This is what $depflags will look like with the above defaults
+ # (we need this to see if we should advise the user to run "make depend"):
+-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
++my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_ECJPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+
+ # Explicit "no-..." options will be collected in %disabled along with the defaults.
+ # To remove something from %disabled, use "enable-foo" (unless it's experimental).
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake.c openssl/crypto/ecjpake/ecjpake.c
+--- openssl-1.0.1m/crypto/ecjpake/ecjpake.c 1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpake.c 2015-08-17 16:31:00.241703253 -0700
+@@ -0,0 +1,792 @@
++/* ecjpake.c */
++/*
++ * Written by Evgeny Margolis (emargolis@nestlabs.com) for the OpenSSL project
++ * 2015.
++ */
++
++#include "ecjpake.h"
++
++#include <openssl/crypto.h>
++#include <openssl/err.h>
++#include <memory.h>
++
++/*
++ * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
++ * Bob's (x3, x4, x1, x2).
++ */
++
++typedef struct {
++ unsigned char *num; /* Must be unique */
++ size_t len;
++} ECJPAKE_ID;
++
++struct ECJPAKE_CTX {
++ /* public values */
++ ECJPAKE_ID local_id;
++ ECJPAKE_ID peer_id;
++ const EC_GROUP *group; /* Elliptic Curve Group */
++ EC_POINT *Gxc; /* Alice's G*x3 or Bob's G*x1 */
++ EC_POINT *Gxd; /* Alice's G*x4 or Bob's G*x2 */
++ /* secret values - should not be revealed publicly and
++ should be cleared when released */
++ BIGNUM *secret; /* The shared secret */
++ BN_CTX *ctx;
++ BIGNUM *xa; /* Alice's x1 or Bob's x3 */
++ BIGNUM *xb; /* Alice's x2 or Bob's x4 */
++ unsigned char key[SHA256_DIGEST_LENGTH]; /* The calculated (shared) key */
++};
++
++static int zkp_init(ECJPAKE_ZKP *zkp, const EC_GROUP *group)
++{
++ zkp->Gr = EC_POINT_new(group);
++ if (zkp->Gr == NULL)
++ return 0;
++ zkp->b = BN_new();
++ if (zkp->b == NULL)
++ return 0;
++ return 1;
++}
++
++static void zkp_release(ECJPAKE_ZKP *zkp)
++{
++ if (zkp->b != NULL)
++ BN_free(zkp->b);
++ if (zkp->Gr != NULL)
++ EC_POINT_free(zkp->Gr);
++}
++
++#define step_part_init ECJPAKE_STEP2_init
++#define step_part_release ECJPAKE_STEP2_release
++
++int step_part_init(ECJPAKE_STEP_PART *p, const ECJPAKE_CTX *ctx)
++{
++ memset(p, 0, sizeof(*p));
++ p->Gx = EC_POINT_new(ctx->group);
++ if (p->Gx == NULL)
++ goto err;
++ if (!zkp_init(&p->zkpx, ctx->group))
++ goto err;
++ return 1;
++
++err:
++ ECJPAKEerr(ECJPAKE_F_STEP_PART_INIT, ERR_R_MALLOC_FAILURE);
++ step_part_release(p);
++ return 0;
++}
++
++void step_part_release(ECJPAKE_STEP_PART *p)
++{
++ zkp_release(&p->zkpx);
++ if (p->Gx != NULL)
++ EC_POINT_free(p->Gx);
++}
++
++int ECJPAKE_STEP1_init(ECJPAKE_STEP1 *s1, const ECJPAKE_CTX *ctx)
++{
++ if (!step_part_init(&s1->p1, ctx))
++ return 0;
++ if (!step_part_init(&s1->p2, ctx))
++ return 0;
++ return 1;
++}
++
++void ECJPAKE_STEP1_release(ECJPAKE_STEP1 *s1)
++{
++ step_part_release(&s1->p2);
++ step_part_release(&s1->p1);
++}
++
++ECJPAKE_CTX *ECJPAKE_CTX_new(const EC_GROUP *group, const BIGNUM *secret,
++ const unsigned char *local_id_num,
++ const size_t local_id_len,
++ const unsigned char *peer_id_num,
++ const size_t peer_id_len)
++{
++ ECJPAKE_CTX *ctx = NULL;
++
++ /* init ecjpake context */
++ ctx = OPENSSL_malloc(sizeof(*ctx));
++ if (ctx == NULL)
++ goto err;
++ memset(ctx, 0, sizeof(*ctx));
++
++ /* init elliptic curve group */
++ if (group == NULL)
++ goto err;
++ ctx->group = group;
++
++ /* init local id */
++ ctx->local_id.num = (unsigned char *)OPENSSL_malloc(local_id_len);
++ if (ctx->local_id.num == NULL)
++ goto err;
++ memcpy(ctx->local_id.num, local_id_num, local_id_len);
++ ctx->local_id.len = local_id_len;
++
++ /* init peer id */
++ ctx->peer_id.num = (unsigned char *)OPENSSL_malloc(peer_id_len);
++ if (ctx->peer_id.num == NULL)
++ goto err;
++ memcpy(ctx->peer_id.num, peer_id_num, peer_id_len);
++ ctx->peer_id.len = peer_id_len;
++
++ /* init secret */
++ ctx->secret = BN_dup(secret);
++ if (ctx->secret == NULL)
++ goto err;
++
++ /* init remaining ecjpake context fields */
++ ctx->Gxc = EC_POINT_new(ctx->group);
++ if (ctx->Gxc == NULL)
++ goto err;
++ ctx->Gxd = EC_POINT_new(ctx->group);
++ if (ctx->Gxd == NULL)
++ goto err;
++ ctx->xa = BN_new();
++ if (ctx->xa == NULL)
++ goto err;
++ ctx->xb = BN_new();
++ if (ctx->xb == NULL)
++ goto err;
++ ctx->ctx = BN_CTX_new();
++ if (ctx->ctx == NULL)
++ goto err;
++
++ return ctx;
++
++err:
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_CTX_NEW, ERR_R_MALLOC_FAILURE);
++ ECJPAKE_CTX_free(ctx);
++ return NULL;
++}
++
++void ECJPAKE_CTX_free(ECJPAKE_CTX *ctx)
++{
++ if (ctx != NULL) {
++ if (ctx->ctx != NULL)
++ BN_CTX_free(ctx->ctx);
++ if (ctx->xb != NULL)
++ BN_clear_free(ctx->xb);
++ if (ctx->xa != NULL)
++ BN_clear_free(ctx->xa);
++ if (ctx->Gxd != NULL)
++ EC_POINT_free(ctx->Gxd);
++ if (ctx->Gxc != NULL)
++ EC_POINT_free(ctx->Gxc);
++ if (ctx->secret != NULL)
++ BN_clear_free(ctx->secret);
++ if (ctx->peer_id.num != NULL)
++ OPENSSL_free(ctx->peer_id.num);
++ if (ctx->local_id.num != NULL)
++ OPENSSL_free(ctx->local_id.num);
++ OPENSSL_free(ctx);
++ }
++}
++
++static void hashlength(SHA256_CTX *sha, size_t l)
++{
++ unsigned char b[2];
++
++ OPENSSL_assert(l <= 0xffff);
++ b[0] = l >> 8;
++ b[1] = l & 0xff;
++ SHA256_Update(sha, b, 2);
++}
++
++static int hashpoint_default(ECJPAKE_CTX *ctx, SHA256_CTX *sha,
++ const EC_POINT *point)
++{
++ size_t point_len;
++ unsigned char *point_oct = NULL;
++ int ret = 0;
++
++ point_len = EC_POINT_point2oct(ctx->group, point,
++ POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
++ if (point_len == 0)
++ goto err;
++
++ point_oct = (unsigned char *)OPENSSL_malloc(point_len);
++ if (point_oct == NULL)
++ goto err;
++
++ point_len = EC_POINT_point2oct(ctx->group, point,
++ POINT_CONVERSION_UNCOMPRESSED, point_oct,
++ point_len, ctx->ctx);
++ if (point_len == 0)
++ goto err;
++
++ hashlength(sha, point_len);
++ SHA256_Update(sha, point_oct, point_len);
++ ret = 1;
++
++err:
++ if (point_oct != NULL)
++ OPENSSL_free(point_oct);
++ return ret;
++}
++
++static ECJPAKE_HASHPOINT_FUNC_PTR hashpoint = &hashpoint_default;
++
++void ECJPAKE_Set_HashECPoint(ECJPAKE_HASHPOINT_FUNC_PTR hashpoint_custom)
++{
++ hashpoint = hashpoint_custom;
++}
++
++/* h = hash(G, G*r, G*x, ecjpake_id) */
++static int zkp_hash(ECJPAKE_CTX *ctx, BIGNUM *h, const EC_POINT *zkpG,
++ const ECJPAKE_STEP_PART *p, const int use_local_id)
++{
++ unsigned char md[SHA256_DIGEST_LENGTH];
++ SHA256_CTX sha;
++
++ SHA256_Init(&sha);
++ if (!hashpoint(ctx, &sha, zkpG))
++ goto err;
++ if (!hashpoint(ctx, &sha, p->zkpx.Gr))
++ goto err;
++ if (!hashpoint(ctx, &sha, p->Gx))
++ goto err;
++ if (use_local_id)
++ SHA256_Update(&sha, ctx->local_id.num, ctx->local_id.len);
++ else
++ SHA256_Update(&sha, ctx->peer_id.num, ctx->peer_id.len);
++ SHA256_Final(md, &sha);
++ if (BN_bin2bn(md, SHA256_DIGEST_LENGTH, h) == NULL)
++ goto err;
++ return 1;
++
++err:
++ ECJPAKEerr(ECJPAKE_F_ZKP_HASH, ERR_R_MALLOC_FAILURE);
++ return 0;
++}
++
++/* Generate random number in [1, n - 1] ( i.e. [1, n) ) */
++static int genrand(BIGNUM *rnd, const BIGNUM *n)
++{
++ BIGNUM *nm1 = NULL;
++ int ret = 0;
++
++ nm1 = BN_new();
++ if (nm1 == NULL)
++ goto err;
++ /* n - 1 */
++ if (!BN_copy(nm1, n))
++ goto err;
++ if (!BN_sub_word(nm1, 1))
++ goto err;
++ /* random number in [0, n - 1) */
++ if (!BN_rand_range(rnd, nm1))
++ goto err;
++ /* [1, n) */
++ if (!BN_add_word(rnd, 1))
++ goto err;
++ ret = 1;
++
++err:
++ if (!ret)
++ ECJPAKEerr(ECJPAKE_F_GENRAND, ERR_R_MALLOC_FAILURE);
++ if (nm1 != NULL)
++ BN_free(nm1);
++ return ret;
++}
++
++/* Prove knowledge of x. (Note that p->Gx has already been calculated) */
++static int generate_zkp(ECJPAKE_STEP_PART *p, const BIGNUM *x,
++ const EC_POINT *zkpG, ECJPAKE_CTX *ctx)
++{
++ BIGNUM *order = NULL;
++ BIGNUM *r = NULL;
++ BIGNUM *h = NULL;
++ BIGNUM *t = NULL;
++ int ret = 0;
++
++ order = BN_new();
++ if (order == NULL)
++ goto err;
++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++ goto err;
++ /* r in [1,n-1] */
++ r = BN_new();
++ if (r == NULL)
++ goto err;
++ if (!genrand(r, order))
++ goto err;
++ /* G * r */
++ if (!EC_POINT_mul(ctx->group, p->zkpx.Gr, NULL, zkpG, r, ctx->ctx))
++ goto err;
++ /* h = hash(G, G * r, G * x, ecjpake_id) */
++ h = BN_new();
++ if (h == NULL)
++ goto err;
++ if (!zkp_hash(ctx, h, zkpG, p, 1))
++ goto err;
++ /* b = r - x*h */
++ t = BN_new();
++ if (t == NULL)
++ goto err;
++ if (!BN_mod_mul(t, x, h, order, ctx->ctx))
++ goto err;
++ if (!BN_mod_sub(p->zkpx.b, r, t, order, ctx->ctx))
++ goto err;
++ ret = 1;
++
++err:
++ if (!ret)
++ ECJPAKEerr(ECJPAKE_F_GENERATE_ZKP, ERR_R_MALLOC_FAILURE);
++ if (t != NULL)
++ BN_free(t);
++ if (h != NULL)
++ BN_free(h);
++ if (r != NULL)
++ BN_free(r);
++ if (order != NULL)
++ BN_free(order);
++ return ret;
++}
++
++static int verify_zkp(const ECJPAKE_STEP_PART *p, const EC_POINT *zkpG,
++ ECJPAKE_CTX *ctx)
++{
++ BIGNUM *h = NULL;
++ EC_POINT *point1 = NULL;
++ EC_POINT *point2 = NULL;
++ int ret = 0;
++
++ /* h = hash(G, G * r, G * x, ecjpake_id) */
++ h = BN_new();
++ if (h == NULL)
++ goto err;
++ if (!zkp_hash(ctx, h, zkpG, p, 0))
++ goto err;
++ /* point1 = G * b */
++ point1 = EC_POINT_new(ctx->group);
++ if (point1 == NULL)
++ goto err;
++ if (!EC_POINT_mul(ctx->group, point1, NULL, zkpG, p->zkpx.b, ctx->ctx))
++ goto err;
++ /* point2 = (G * x) * h = G * {h * x} */
++ point2 = EC_POINT_new(ctx->group);
++ if (point2 == NULL)
++ goto err;
++ if (!EC_POINT_mul(ctx->group, point2, NULL, p->Gx, h, ctx->ctx))
++ goto err;
++ /* point2 = point1 + point2 = G*{hx} + G*b = G*{hx+b} = G*r (allegedly) */
++ if (!EC_POINT_add(ctx->group, point2, point1, point2, ctx->ctx))
++ goto err;
++ /* verify (point2 == G * r) */
++ if (0 != EC_POINT_cmp(ctx->group, point2, p->zkpx.Gr, ctx->ctx))
++ {
++ ECJPAKEerr(ECJPAKE_F_VERIFY_ZKP, ECJPAKE_R_ZKP_VERIFY_FAILED);
++ goto clean;
++ }
++
++ ret = 1;
++ goto clean;
++
++err:
++ ECJPAKEerr(ECJPAKE_F_VERIFY_ZKP, ERR_R_MALLOC_FAILURE);
++clean:
++ if (point2 != NULL)
++ EC_POINT_free(point2);
++ if (point1 != NULL)
++ EC_POINT_free(point1);
++ if (h != NULL)
++ BN_free(h);
++ return ret;
++}
++
++static int step_part_generate(ECJPAKE_STEP_PART *p, const BIGNUM *x,
++ const EC_POINT *G, ECJPAKE_CTX *ctx)
++{
++ if (!EC_POINT_mul(ctx->group, p->Gx, NULL, G, x, ctx->ctx))
++ goto err;
++ if (!generate_zkp(p, x, G, ctx))
++ goto err;
++ return 1;
++
++err:
++ ECJPAKEerr(ECJPAKE_F_STEP_PART_GENERATE, ERR_R_MALLOC_FAILURE);
++ return 0;
++}
++
++int ECJPAKE_STEP1_generate(ECJPAKE_STEP1 *send, ECJPAKE_CTX *ctx)
++{
++ BIGNUM *order = NULL;
++ const EC_POINT *generator = NULL;
++ int ret = 0;
++
++ order = BN_new();
++ if (order == NULL)
++ goto err;
++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++ goto err;
++
++ if (!genrand(ctx->xa, order))
++ goto err;
++ if (!genrand(ctx->xb, order))
++ goto err;
++
++ generator = EC_GROUP_get0_generator(ctx->group);
++ if (!step_part_generate(&send->p1, ctx->xa, generator, ctx))
++ goto err;
++ if (!step_part_generate(&send->p2, ctx->xb, generator, ctx))
++ goto err;
++
++ ret = 1;
++
++err:
++ if (!ret)
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_GENERATE, ERR_R_MALLOC_FAILURE);
++ if (order != NULL)
++ BN_free(order);
++ return ret;
++}
++
++/*-
++ * Elliptic Curve Point Validity Check based on p. 25
++ * http://cs.ucsb.edu/~koc/ccs130h/notes/ecdsa-cert.pdf
++ */
++static int EC_POINT_is_legal(const EC_POINT *point, const ECJPAKE_CTX *ctx)
++{
++ BIGNUM *point_x = NULL;
++ BIGNUM *point_y = NULL;
++ BIGNUM *p = NULL;
++ BIGNUM *order = NULL;
++ EC_POINT *tmp_point = NULL;
++ int res = 0;
++
++ /* 1. Verify that point is not at Infinity */
++ if (EC_POINT_is_at_infinity(ctx->group, point))
++ goto illegal_point;
++
++ /* 2. Verify that point.X and point.Y are in the prime field */
++ point_x = BN_new();
++ if (point_x == NULL)
++ goto err;
++ point_y = BN_new();
++ if (point_y == NULL)
++ goto err;
++ p = BN_new();
++ if (p == NULL)
++ goto err;
++ if (!EC_POINT_get_affine_coordinates_GFp(ctx->group, point, point_x,
++ point_y, ctx->ctx))
++ goto err;
++ if (!EC_GROUP_get_curve_GFp(ctx->group, p, NULL, NULL, ctx->ctx))
++ goto err;
++ if (BN_is_negative(point_x) || BN_is_negative(point_y) ||
++ BN_cmp(point_x, p) >= 0 || BN_cmp(point_y, p) >= 0)
++ goto illegal_point;
++
++ /* 3. Check point lies on the curve */
++ if (!EC_POINT_is_on_curve(ctx->group, point, ctx->ctx))
++ goto illegal_point;
++
++ /* 4. Check that point*n is at Infinity */
++ order = BN_new();
++ if (order == NULL)
++ goto err;
++ tmp_point = EC_POINT_new(ctx->group);
++ if (tmp_point == NULL)
++ goto err;
++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++ goto err;
++ if (!EC_POINT_mul(ctx->group, tmp_point, NULL, point, order, ctx->ctx))
++ goto err;
++ if (!EC_POINT_is_at_infinity(ctx->group, tmp_point))
++ goto illegal_point;
++
++ res = 1;
++ goto clean;
++
++err:
++ ECJPAKEerr(ECJPAKE_F_EC_POINT_IS_LEGAL, ERR_R_MALLOC_FAILURE);
++ goto clean;
++illegal_point:
++ ECJPAKEerr(ECJPAKE_F_EC_POINT_IS_LEGAL, ECJPAKE_R_G_IS_NOT_LEGAL);
++clean:
++ if (tmp_point != NULL)
++ EC_POINT_free(tmp_point);
++ if (order != NULL)
++ BN_free(order);
++ if (p != NULL)
++ BN_free(p);
++ if (point_y != NULL)
++ BN_free(point_y);
++ if (point_x != NULL)
++ BN_free(point_x);
++ return res;
++}
++
++int ECJPAKE_STEP1_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP1 *received)
++{
++
++ /* check Gxc is a legal point on Elliptic Curve */
++ if (!EC_POINT_is_legal(received->p1.Gx, ctx))
++ {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++ ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
++ return 0;
++ }
++
++ /* check Gxd is a legal point on Elliptic Curve */
++ if (!EC_POINT_is_legal(received->p2.Gx, ctx))
++ {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++ ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
++ return 0;
++ }
++
++ /* verify ZKP(xc) */
++ if (!verify_zkp(&received->p1, EC_GROUP_get0_generator(ctx->group), ctx))
++ {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++ ECJPAKE_R_VERIFY_X3_FAILED);
++ return 0;
++ }
++
++ /* verify ZKP(xd) */
++ if (!verify_zkp(&received->p2, EC_GROUP_get0_generator(ctx->group), ctx))
++ {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS,
++ ECJPAKE_R_VERIFY_X4_FAILED);
++ return 0;
++ }
++
++ /* Save the points we need for later */
++ if (!EC_POINT_copy(ctx->Gxc, received->p1.Gx) ||
++ !EC_POINT_copy(ctx->Gxd, received->p2.Gx))
++ {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP1_PROCESS, ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++
++ return 1;
++}
++
++int ECJPAKE_STEP2_generate(ECJPAKE_STEP2 *send, ECJPAKE_CTX *ctx)
++{
++ EC_POINT *point = NULL;
++ BIGNUM *order = NULL;
++ BIGNUM *xbs = NULL;
++ int ret = 0;
++
++ /*-
++ * X = G * {(xa + xc + xd) * xb * s}
++ */
++ point = EC_POINT_new(ctx->group);
++ if (point == NULL)
++ goto err;
++ /* point = G * xa */
++ if (!EC_POINT_mul(ctx->group, point, NULL,
++ EC_GROUP_get0_generator(ctx->group), ctx->xa, ctx->ctx))
++ goto err;
++ /* point = G * xa + G * xc = G * {xa + xc} */
++ if (!EC_POINT_add(ctx->group, point, point, ctx->Gxc, ctx->ctx))
++ goto err;
++ /* point = G * {xa + xc} + G * xd = G * {xa + xc + xd} */
++ if (!EC_POINT_add(ctx->group, point, point, ctx->Gxd, ctx->ctx))
++ goto err;
++ /* xbs = xb * s */
++ order = BN_new();
++ if (order == NULL)
++ goto err;
++ xbs = BN_new();
++ if (xbs == NULL)
++ goto err;
++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++ goto err;
++ if (!BN_mod_mul(xbs, ctx->xb, ctx->secret, order, ctx->ctx))
++ goto err;
++
++ /*-
++ * ZKP(xb * s)
++ * For STEP2 the generator is:
++ * G' = G * {xa + xc + xd}
++ * which means X is G' * {xb * s}
++ * X = G' * {xb * s} = G * {(xa + xc + xd) * xb * s}
++ */
++ if (!step_part_generate(send, xbs, point, ctx))
++ goto err;
++ ret = 1;
++
++err:
++ if (!ret)
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_GENERATE, ERR_R_MALLOC_FAILURE);
++ if (xbs != NULL)
++ BN_clear_free(xbs);
++ if (order != NULL)
++ BN_free(order);
++ if (point != NULL)
++ EC_POINT_free(point);
++ return ret;
++}
++
++/* Gx = G * {(xc + xa + xb) * xd * secret} */
++static int compute_key(ECJPAKE_CTX *ctx, const EC_POINT *Gx)
++{
++ EC_POINT *point = NULL;
++ SHA256_CTX sha;
++ int ret = 0;
++
++ /*-
++ * K = (Gx - G * {xb * xd * secret}) * xb
++ * = (G * {(xc + xa + xb) * xd * secret - xb * xd * secret}) * xb
++ * = (G * {(xc + xa) * xd * secret}) * xb
++ * = G * {(xa + xc) * xb * xd * secret}
++ * [which is the same regardless of who calculates it]
++ */
++
++ /* point = (G * xd) * xb = G * {xb * xd} */
++ point = EC_POINT_new(ctx->group);
++ if (point == NULL)
++ goto err;
++ if (!EC_POINT_mul(ctx->group, point, NULL, ctx->Gxd, ctx->xb, ctx->ctx))
++ goto err;
++ /* point = - G * {xb * xd} */
++ if (!EC_POINT_invert(ctx->group, point, ctx->ctx))
++ goto err;
++ /* point = - G * {xb * xd * secret} */
++ if (!EC_POINT_mul(ctx->group, point, NULL, point, ctx->secret, ctx->ctx))
++ goto err;
++ /* point = Gx - G * {xb * xd * secret} */
++ if (!EC_POINT_add(ctx->group, point, Gx, point, ctx->ctx))
++ goto err;
++ /* point = point * xb */
++ if (!EC_POINT_mul(ctx->group, point, NULL, point, ctx->xb, ctx->ctx))
++ goto err;
++ /* Hash point to generate shared secret key */
++ SHA256_Init(&sha);
++ if (!hashpoint(ctx, &sha, point))
++ goto err;
++ SHA256_Final(ctx->key, &sha);
++ ret = 1;
++
++err:
++ if (!ret)
++ ECJPAKEerr(ECJPAKE_F_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
++ if (point != NULL)
++ EC_POINT_clear_free(point);
++ return ret;
++}
++
++int ECJPAKE_STEP2_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP2 *received)
++{
++ BIGNUM *order = NULL;
++ BIGNUM *tmp = NULL;
++ EC_POINT *point = NULL;
++ int ret = 0;
++
++ /* Get Order */
++ order = BN_new();
++ if (order == NULL)
++ goto err;
++ if (!EC_GROUP_get_order(ctx->group, order, ctx->ctx))
++ goto err;
++ /* G' = G * {xc + xa + xb} */
++ /* tmp = xa + xb */
++ tmp = BN_new();
++ if (tmp == NULL)
++ goto err;
++ if (!BN_mod_add(tmp, ctx->xa, ctx->xb, order, ctx->ctx))
++ goto err;
++ /* point = G * {xa + xb} */
++ point = EC_POINT_new(ctx->group);
++ if (point == NULL)
++ goto err;
++ if (!EC_POINT_mul(ctx->group, point, NULL,
++ EC_GROUP_get0_generator(ctx->group), tmp, ctx->ctx))
++ goto err;
++ /* point = G * {xc + xa + xb} */
++ if (!EC_POINT_add(ctx->group, point, ctx->Gxc, point, ctx->ctx))
++ goto err;
++ /* Verify ZKP */
++ if (!verify_zkp(received, point, ctx))
++ {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_PROCESS, ECJPAKE_R_VERIFY_X4S_FAILED);
++ goto clean;
++ }
++ /* calculate shared secret (key) */
++ if (!compute_key(ctx, received->Gx))
++ goto err;
++
++ ret = 1;
++ goto clean;
++
++err:
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP2_PROCESS, ERR_R_MALLOC_FAILURE);
++clean:
++ if (point != NULL)
++ EC_POINT_free(point);
++ if (tmp != NULL)
++ BN_free(tmp);
++ if (order != NULL)
++ BN_free(order);
++ return ret;
++}
++
++void ECJPAKE_STEP3A_init(ECJPAKE_STEP3A *s3a)
++{
++}
++
++int ECJPAKE_STEP3A_generate(ECJPAKE_STEP3A *send, ECJPAKE_CTX *ctx)
++{
++ SHA256(ctx->key, sizeof ctx->key, send->hhk);
++ SHA256(send->hhk, sizeof send->hhk, send->hhk);
++
++ return 1;
++}
++
++int ECJPAKE_STEP3A_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3A *received)
++{
++ unsigned char hhk[SHA256_DIGEST_LENGTH];
++
++ SHA256(ctx->key, sizeof ctx->key, hhk);
++ SHA256(hhk, sizeof hhk, hhk);
++ if (memcmp(hhk, received->hhk, sizeof hhk)) {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP3A_PROCESS,
++ ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
++ return 0;
++ }
++ return 1;
++}
++
++void ECJPAKE_STEP3A_release(ECJPAKE_STEP3A *s3a)
++{
++}
++
++void ECJPAKE_STEP3B_init(ECJPAKE_STEP3B *s3b)
++{
++}
++
++int ECJPAKE_STEP3B_generate(ECJPAKE_STEP3B *send, ECJPAKE_CTX *ctx)
++{
++ SHA256(ctx->key, sizeof(ctx->key), send->hk);
++ return 1;
++}
++
++int ECJPAKE_STEP3B_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3B *received)
++{
++ unsigned char hk[SHA256_DIGEST_LENGTH];
++
++ SHA256(ctx->key, sizeof(ctx->key), hk);
++ if (memcmp(hk, received->hk, sizeof(hk))) {
++ ECJPAKEerr(ECJPAKE_F_ECJPAKE_STEP3B_PROCESS,
++ ECJPAKE_R_HASH_OF_KEY_MISMATCH);
++ return 0;
++ }
++ return 1;
++}
++
++void ECJPAKE_STEP3B_release(ECJPAKE_STEP3B *s3b)
++{
++}
++
++const EC_GROUP *ECJPAKE_get_ecGroup(const ECJPAKE_CTX *ctx)
++{
++ return ctx->group;
++}
++
++const unsigned char *ECJPAKE_get_shared_key(const ECJPAKE_CTX *ctx)
++{
++ return ctx->key;
++}
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake_err.c openssl/crypto/ecjpake/ecjpake_err.c
+--- openssl-1.0.1m/crypto/ecjpake/ecjpake_err.c 1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpake_err.c 2015-08-17 15:44:34.818599289 -0700
+@@ -0,0 +1,118 @@
++/* crypto/ecjpake/ecjpake_err.c */
++/* ====================================================================
++ * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in
++ * the documentation and/or other materials provided with the
++ * distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ * software must display the following acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ * endorse or promote products derived from this software without
++ * prior written permission. For written permission, please contact
++ * openssl-core@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ * nor may "OpenSSL" appear in their names without prior written
++ * permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ * acknowledgment:
++ * "This product includes software developed by the OpenSSL Project
++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com). This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
++
++/*
++ * NOTE: this file was auto generated by the mkerr.pl script: any changes
++ * made to it will be overwritten when the script next updates this file,
++ * only reason strings will be preserved.
++ */
++
++#include <stdio.h>
++#include <openssl/err.h>
++#include <openssl/ecjpake.h>
++
++/* BEGIN ERROR CODES */
++#ifndef OPENSSL_NO_ERR
++
++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECJPAKE,func,0)
++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECJPAKE,0,reason)
++
++static ERR_STRING_DATA ECJPAKE_str_functs[] = {
++ {ERR_FUNC(ECJPAKE_F_COMPUTE_KEY), "compute_key"},
++ {ERR_FUNC(ECJPAKE_F_EC_POINT_IS_LEGAL), "EC_POINT_is_legal"},
++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_CTX_NEW), "ECJPAKE_CTX_new"},
++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP1_GENERATE), "ECJPAKE_STEP1_generate"},
++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP1_PROCESS), "ECJPAKE_STEP1_process"},
++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP2_GENERATE), "ECJPAKE_STEP2_generate"},
++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP2_PROCESS), "ECJPAKE_STEP2_process"},
++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP3A_PROCESS), "ECJPAKE_STEP3A_process"},
++ {ERR_FUNC(ECJPAKE_F_ECJPAKE_STEP3B_PROCESS), "ECJPAKE_STEP3B_process"},
++ {ERR_FUNC(ECJPAKE_F_GENERATE_ZKP), "generate_zkp"},
++ {ERR_FUNC(ECJPAKE_F_GENRAND), "genrand"},
++ {ERR_FUNC(ECJPAKE_F_STEP_PART_GENERATE), "step_part_generate"},
++ {ERR_FUNC(ECJPAKE_F_STEP_PART_INIT), "step_part_init"},
++ {ERR_FUNC(ECJPAKE_F_VERIFY_ZKP), "verify_zkp"},
++ {ERR_FUNC(ECJPAKE_F_ZKP_HASH), "zkp_hash"},
++ {0,NULL}
++};
++
++static ERR_STRING_DATA ECJPAKE_str_reasons[] = {
++ {ERR_REASON(ECJPAKE_R_G_IS_NOT_LEGAL), "Gx is not legal"},
++ {ERR_REASON(ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),
++ "Gx to the x3 is not legal"},
++ {ERR_REASON(ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),
++ "Gx to the x4 is not legal"},
++ {ERR_REASON(ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),
++ "hash of hash of key mismatch"},
++ {ERR_REASON(ECJPAKE_R_HASH_OF_KEY_MISMATCH), "hash of key mismatch"},
++ {ERR_REASON(ECJPAKE_R_VERIFY_X3_FAILED), "verify x3 failed"},
++ {ERR_REASON(ECJPAKE_R_VERIFY_X4_FAILED), "verify x4 failed"},
++ {ERR_REASON(ECJPAKE_R_VERIFY_X4S_FAILED), "verify x4*s failed"},
++ {ERR_REASON(ECJPAKE_R_ZKP_VERIFY_FAILED), "zkp verify failed"},
++ {0,NULL}
++};
++
++#endif
++
++void ERR_load_ECJPAKE_strings(void)
++{
++#ifndef OPENSSL_NO_ERR
++
++ if (ERR_func_error_string(ECJPAKE_str_functs[0].error) == NULL) {
++ ERR_load_strings(0, ECJPAKE_str_functs);
++ ERR_load_strings(0, ECJPAKE_str_reasons);
++ }
++#endif
++}
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpake.h openssl/crypto/ecjpake/ecjpake.h
+--- openssl-1.0.1m/crypto/ecjpake/ecjpake.h 1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpake.h 2015-08-17 16:29:40.405982099 -0700
+@@ -0,0 +1,169 @@
++/*
++ * Implement EC J-PAKE, based on J-PAKE as described in
++ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
++ *
++ * Useful J-PAKE Java Demo:
++ * http://homepages.cs.ncl.ac.uk/feng.hao/files/JPAKEDemo.java
++ *
++ * Useful Elliptic Curve (EC) J-PAKE Java Demo:
++ * http://homepages.cs.ncl.ac.uk/feng.hao/files/EllipticCurveJPAKEDemo.java
++ */
++
++#ifndef HEADER_ECJPAKE_H
++# define HEADER_ECJPAKE_H
++
++# include <openssl/opensslconf.h>
++
++# ifdef OPENSSL_NO_ECJPAKE
++# error ECJPAKE is disabled.
++# endif
++
++# ifdef __cplusplus
++extern "C" {
++# endif
++
++# include <openssl/ec.h>
++# include <openssl/bn.h>
++# include <openssl/sha.h>
++
++typedef struct ECJPAKE_CTX ECJPAKE_CTX;
++
++typedef struct {
++ EC_POINT *Gr; /* G * r (r random) */
++ BIGNUM *b; /* b = r - x * h,
++ h = hash(G, G * r, G * x, name) */
++} ECJPAKE_ZKP;
++
++typedef struct {
++ EC_POINT *Gx; /* G * x in step 1,
++ G * ((xa + xc + xd) * xb * s) in step 2 */
++ ECJPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */
++} ECJPAKE_STEP_PART;
++
++typedef struct {
++ ECJPAKE_STEP_PART p1; /* {G * x3, ZKP(x3)} or {G * x1, ZKP(x1)} */
++ ECJPAKE_STEP_PART p2; /* {G * x4, ZKP(x4)} or {G * x2, ZKP(x2)} */
++} ECJPAKE_STEP1;
++
++typedef ECJPAKE_STEP_PART ECJPAKE_STEP2;
++
++typedef struct {
++ unsigned char hhk[SHA256_DIGEST_LENGTH];
++} ECJPAKE_STEP3A;
++
++typedef struct {
++ unsigned char hk[SHA256_DIGEST_LENGTH];
++} ECJPAKE_STEP3B;
++
++/*
++ * Defines pointer to the function that calculates SHA256 hash of elliptic curve
++ * point. ECJPAKE implements it's own point hash function.
++ * Use ECJPAKE_Set_HashECPoint() to provide alternative implementation of the
++ * point hash.
++ */
++typedef int(*ECJPAKE_HASHPOINT_FUNC_PTR)(ECJPAKE_CTX *, SHA256_CTX *,
++ const EC_POINT *);
++
++/*
++ * Sets the function that will be used to hash elliptic curve point.
++ * If this function is not called the ecjpake uses it's own (default)
++ * implementation of the point hash function.
++ */
++void ECJPAKE_Set_HashECPoint(ECJPAKE_HASHPOINT_FUNC_PTR hashpoint_custom);
++
++/* Initializes ECJPAKE_CTX with protocol parameters */
++ECJPAKE_CTX *ECJPAKE_CTX_new(const EC_GROUP *group, const BIGNUM *secret,
++ const unsigned char *local_id_num,
++ const size_t local_id_len,
++ const unsigned char *peer_id_num,
++ const size_t peer_id_len);
++
++/* Releases ECJPAKE_CTX */
++void ECJPAKE_CTX_free(ECJPAKE_CTX *ctx);
++
++/*
++ * Functions to initialize, generate, process, and release ECJPAKE_STEP1 data.
++ * Note that ECJPAKE_STEP1 can be used multiple times before release
++ * without another init.
++ */
++int ECJPAKE_STEP1_init(ECJPAKE_STEP1 *s1, const ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP1_generate(ECJPAKE_STEP1 *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP1_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP1 *received);
++void ECJPAKE_STEP1_release(ECJPAKE_STEP1 *s1);
++
++/*
++ * Functions to initialize, generate, process, and release ECJPAKE_STEP2 data.
++ * Note that ECJPAKE_STEP2 can be used multiple times before release
++ * without another init.
++ */
++int ECJPAKE_STEP2_init(ECJPAKE_STEP2 *s2, const ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP2_generate(ECJPAKE_STEP2 *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP2_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP2 *received);
++void ECJPAKE_STEP2_release(ECJPAKE_STEP2 *s2);
++
++/*
++ * Optionally verify the shared key. If the shared secrets do not
++ * match, the two ends will disagree about the shared key, but
++ * otherwise the protocol will succeed.
++ */
++void ECJPAKE_STEP3A_init(ECJPAKE_STEP3A *s3a);
++int ECJPAKE_STEP3A_generate(ECJPAKE_STEP3A *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP3A_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3A *received);
++void ECJPAKE_STEP3A_release(ECJPAKE_STEP3A *s3a);
++
++void ECJPAKE_STEP3B_init(ECJPAKE_STEP3B *s3b);
++int ECJPAKE_STEP3B_generate(ECJPAKE_STEP3B *send, ECJPAKE_CTX *ctx);
++int ECJPAKE_STEP3B_process(ECJPAKE_CTX *ctx, const ECJPAKE_STEP3B *received);
++void ECJPAKE_STEP3B_release(ECJPAKE_STEP3B *s3b);
++
++/*
++ * Returns shared secret value. The value belongs to the library and will be
++ * released when ctx is released, and will change when a new handshake is
++ * performed.
++ */
++const unsigned char *ECJPAKE_get_shared_key(const ECJPAKE_CTX *ctx);
++
++/* Returns elliptic curve group used in the current ECJPAKE handshake. */
++const EC_GROUP *ECJPAKE_get_ecGroup(const ECJPAKE_CTX *ctx);
++
++/* BEGIN ERROR CODES */
++/*
++ * The following lines are auto generated by the script mkerr.pl. Any changes
++ * made after this point may be overwritten when the script is next run.
++ */
++void ERR_load_ECJPAKE_strings(void);
++
++/* Error codes for the ECJPAKE functions. */
++
++/* Function codes. */
++# define ECJPAKE_F_COMPUTE_KEY 100
++# define ECJPAKE_F_EC_POINT_IS_LEGAL 101
++# define ECJPAKE_F_ECJPAKE_CTX_NEW 102
++# define ECJPAKE_F_ECJPAKE_STEP1_GENERATE 103
++# define ECJPAKE_F_ECJPAKE_STEP1_PROCESS 104
++# define ECJPAKE_F_ECJPAKE_STEP2_GENERATE 105
++# define ECJPAKE_F_ECJPAKE_STEP2_PROCESS 106
++# define ECJPAKE_F_ECJPAKE_STEP3A_PROCESS 107
++# define ECJPAKE_F_ECJPAKE_STEP3B_PROCESS 108
++# define ECJPAKE_F_GENERATE_ZKP 109
++# define ECJPAKE_F_GENRAND 110
++# define ECJPAKE_F_STEP_PART_GENERATE 111
++# define ECJPAKE_F_STEP_PART_INIT 112
++# define ECJPAKE_F_VERIFY_ZKP 113
++# define ECJPAKE_F_ZKP_HASH 114
++
++/* Reason codes. */
++# define ECJPAKE_R_G_IS_NOT_LEGAL 100
++# define ECJPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 101
++# define ECJPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 102
++# define ECJPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 103
++# define ECJPAKE_R_HASH_OF_KEY_MISMATCH 104
++# define ECJPAKE_R_VERIFY_X3_FAILED 105
++# define ECJPAKE_R_VERIFY_X4_FAILED 106
++# define ECJPAKE_R_VERIFY_X4S_FAILED 107
++# define ECJPAKE_R_ZKP_VERIFY_FAILED 108
++
++# ifdef __cplusplus
++}
++# endif
++#endif
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/ecjpaketest.c openssl/crypto/ecjpake/ecjpaketest.c
+--- openssl-1.0.1m/crypto/ecjpake/ecjpaketest.c 1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/ecjpaketest.c 2015-08-17 16:29:40.405982099 -0700
+@@ -0,0 +1,358 @@
++#include <openssl/opensslconf.h>
++
++#ifdef OPENSSL_NO_ECJPAKE
++
++# include <stdio.h>
++
++int main(int argc, char *argv[])
++{
++ printf("No EC J-PAKE support\n");
++ return(0);
++}
++
++#else
++
++# include "../e_os.h"
++# include <openssl/ecjpake.h>
++# include <openssl/crypto.h>
++# include <openssl/bio.h>
++# include <openssl/rand.h>
++# include <openssl/obj_mac.h>
++# include <openssl/err.h>
++# include <memory.h>
++
++static void showkey(const char *name, const unsigned char *key)
++{
++ int i;
++
++ fputs(name, stdout);
++ fputs(" = ", stdout);
++ for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
++ fprintf(stdout, "%02X", key[i]);
++ putc('\n', stdout);
++}
++
++# if 0
++static void showbn(const char *name, const BIGNUM *bn)
++{
++ fputs(name, stdout);
++ fputs(" = ", stdout);
++ BN_print_fp(stdout, bn);
++ putc('\n', stdout);
++}
++
++static void showpoint(const char *name, const EC_POINT *point, ECJPAKE_CTX *ctx)
++{
++ BIGNUM *point_x = BN_new();
++ BIGNUM *point_y = BN_new();
++ BN_CTX *bn_ctx = BN_CTX_new();
++ const EC_GROUP *group = ECJPAKE_get_ecGroup(ctx);
++
++ if (bn_ctx == NULL || point_y == NULL || point_x == NULL)
++ goto err;
++
++ EC_POINT_get_affine_coordinates_GFp(group, point, point_x, point_y, bn_ctx);
++
++ fputs(name, stdout);
++ showbn(" X:", point_x);
++ fputs(name, stdout);
++ showbn(" Y:", point_y);
++
++err:
++ if (bn_ctx != NULL)
++ BN_CTX_free(bn_ctx);
++ if (point_y != NULL)
++ BN_free(point_y);
++ if (point_x != NULL)
++ BN_free(point_x);
++}
++# endif
++
++static const char rnd_seed[] =
++ "string to make the random number generator think it has entropy";
++
++/* generates random length value in a range [len_bottom, len_top] */
++static int generate_rand_len(size_t *rand_len,
++ unsigned int len_bottom,
++ unsigned int len_top)
++{
++ if (len_top > 0xffff || len_bottom > len_top)
++ return 0;
++
++ if (!RAND_bytes((unsigned char *)(rand_len), sizeof(size_t)))
++ return 0;
++
++ *rand_len = *rand_len % (len_top - len_bottom + 1) + len_bottom;
++
++ return 1;
++}
++
++static int run_ecjpake(ECJPAKE_CTX *alice, ECJPAKE_CTX *bob)
++{
++ ECJPAKE_STEP1 alice_s1;
++ ECJPAKE_STEP1 bob_s1;
++ ECJPAKE_STEP2 alice_s2;
++ ECJPAKE_STEP2 bob_s2;
++ ECJPAKE_STEP3A alice_s3a;
++ ECJPAKE_STEP3B bob_s3b;
++
++ /* Alice --> Bob: Step 1 */
++ fputs("\tAlice --> Bob: Step 1\n", stdout);
++ ECJPAKE_STEP1_init(&alice_s1, alice);
++ ECJPAKE_STEP1_generate(&alice_s1, alice);
++
++ if (!ECJPAKE_STEP1_process(bob, &alice_s1)) {
++ ECJPAKE_STEP1_release(&alice_s1);
++ fprintf(stderr, "Bob fails to process Alice's step 1\n");
++ ERR_print_errors_fp(stdout);
++ return 1;
++ }
++ ECJPAKE_STEP1_release(&alice_s1);
++
++ /* Bob --> Alice: Step 1 */
++ fputs("\tBob --> Alice: Step 1\n", stdout);
++ ECJPAKE_STEP1_init(&bob_s1, bob);
++ ECJPAKE_STEP1_generate(&bob_s1, bob);
++ if (!ECJPAKE_STEP1_process(alice, &bob_s1)) {
++ ECJPAKE_STEP1_release(&bob_s1);
++ fprintf(stderr, "Alice fails to process Bob's step 1\n");
++ ERR_print_errors_fp(stdout);
++ return 2;
++ }
++ ECJPAKE_STEP1_release(&bob_s1);
++
++ /* Alice --> Bob: Step 2 */
++ fputs("\tAlice --> Bob: Step 2\n", stdout);
++ ECJPAKE_STEP2_init(&alice_s2, alice);
++ ECJPAKE_STEP2_generate(&alice_s2, alice);
++ if (!ECJPAKE_STEP2_process(bob, &alice_s2)) {
++ ECJPAKE_STEP2_release(&alice_s2);
++ fprintf(stderr, "Bob fails to process Alice's step 2\n");
++ ERR_print_errors_fp(stdout);
++ return 3;
++ }
++ ECJPAKE_STEP2_release(&alice_s2);
++
++ /* Bob --> Alice: Step 2 */
++ fputs("\tBob --> Alice: Step 2\n", stdout);
++ ECJPAKE_STEP2_init(&bob_s2, bob);
++ ECJPAKE_STEP2_generate(&bob_s2, bob);
++ if (!ECJPAKE_STEP2_process(alice, &bob_s2)) {
++ ECJPAKE_STEP2_release(&bob_s2);
++ fprintf(stderr, "Alice fails to process Bob's step 2\n");
++ ERR_print_errors_fp(stdout);
++ return 4;
++ }
++ ECJPAKE_STEP2_release(&bob_s2);
++
++ showkey("\tAlice's key", ECJPAKE_get_shared_key(alice));
++ showkey("\tBob's key ", ECJPAKE_get_shared_key(bob));
++
++ /* Alice --> Bob: Step 3A */
++ fputs("\tAlice --> Bob: Step 3A\n", stdout);
++ ECJPAKE_STEP3A_init(&alice_s3a);
++ ECJPAKE_STEP3A_generate(&alice_s3a, alice);
++ if (!ECJPAKE_STEP3A_process(bob, &alice_s3a)) {
++ ECJPAKE_STEP3A_release(&alice_s3a);
++ return 5;
++ }
++ ECJPAKE_STEP3A_release(&alice_s3a);
++
++ /* Bob --> Alice: Step 3B */
++ fputs("\tBob --> Alice: Step 3B\n", stdout);
++ ECJPAKE_STEP3B_init(&bob_s3b);
++ ECJPAKE_STEP3B_generate(&bob_s3b, bob);
++ if (!ECJPAKE_STEP3B_process(alice, &bob_s3b)) {
++ ECJPAKE_STEP3B_release(&bob_s3b);
++ return 6;
++ }
++ ECJPAKE_STEP3B_release(&bob_s3b);
++
++ return 0;
++}
++
++int main(int argc, char **argv)
++{
++ ECJPAKE_CTX *alice = NULL;
++ ECJPAKE_CTX *bob = NULL;
++ unsigned char *alice_id_num = NULL;
++ unsigned char *bob_id_num = NULL;
++ size_t alice_id_len;
++ size_t bob_id_len;
++ BIGNUM *secret = NULL;;
++ BIGNUM *secret_wrong = NULL;
++ size_t secret_len;
++ EC_GROUP *group = NULL;
++ BIO *bio_err;
++ int i;
++ int ret = 1;
++
++ typedef struct test_curve {
++ int nid;
++ char *name;
++ } test_curve;
++
++ test_curve test_curves[] = {
++ /* SECG PRIME CURVES TESTS */
++ {NID_secp160r1, "SECG Prime-Curve P-160"},
++ /* NIST PRIME CURVES TESTS */
++ {NID_X9_62_prime192v1, "NIST Prime-Curve P-192"},
++ {NID_secp224r1, "NIST Prime-Curve P-224"},
++ {NID_X9_62_prime256v1, "NIST Prime-Curve P-256"},
++ {NID_secp384r1, "NIST Prime-Curve P-384"},
++ {NID_secp521r1, "NIST Prime-Curve P-521"},
++# ifndef OPENSSL_NO_EC2M
++ /* NIST BINARY CURVES TESTS */
++ {NID_sect163k1, "NIST Binary-Curve K-163"},
++ {NID_sect163r2, "NIST Binary-Curve B-163"},
++ {NID_sect233k1, "NIST Binary-Curve K-233"},
++ {NID_sect233r1, "NIST Binary-Curve B-233"},
++ {NID_sect283k1, "NIST Binary-Curve K-283"},
++ {NID_sect283r1, "NIST Binary-Curve B-283"},
++ {NID_sect409k1, "NIST Binary-Curve K-409"},
++ {NID_sect409r1, "NIST Binary-Curve B-409"},
++ {NID_sect571k1, "NIST Binary-Curve K-571"},
++ {NID_sect571r1, "NIST Binary-Curve B-571"},
++# endif
++ };
++
++ CRYPTO_malloc_debug_init();
++ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
++ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
++
++# ifdef OPENSSL_SYS_WIN32
++ CRYPTO_malloc_init();
++# endif
++
++ RAND_seed(rnd_seed, sizeof rnd_seed);
++
++ bio_err = BIO_new(BIO_s_file());
++ if (bio_err == NULL)
++ EXIT(1);
++ BIO_set_fp(bio_err, stdout, BIO_NOCLOSE);
++
++ for (i = 0; i < sizeof(test_curves)/sizeof(test_curve); i++) {
++
++ fprintf(stdout, "\nTesting ECJPAKE protocol for %s\n",
++ test_curves[i].name);
++
++ group = EC_GROUP_new_by_curve_name(test_curves[i].nid);
++ if (group == NULL)
++ goto err;
++
++ /* randomize length of a secret in a range [32, 1024] bits */
++ if (!generate_rand_len(&secret_len, 32, 512))
++ goto err;
++ /* randomize secret of secret_len bits */
++ secret = BN_new();
++ if (secret == NULL)
++ goto err;
++ if (!BN_rand(secret, secret_len, 0, 0))
++ goto err;
++ /* randomize alice_id_len in a range [4, 128] bytes */
++ if (!generate_rand_len(&alice_id_len, 4, 128))
++ goto err;
++ /* randomize alice_id_num of alice_id_len bytes */
++ alice_id_num = (unsigned char *)OPENSSL_malloc(alice_id_len);
++ if (alice_id_num == NULL)
++ goto err;
++ if (!RAND_bytes(alice_id_num, alice_id_len))
++ goto err;
++ /* randomize bob_id_len in a range [4, 128] bytes */
++ if (!generate_rand_len(&bob_id_len, 4, 128))
++ goto err;
++ /* randomize bob_id_num of bob_id_len bytes */
++ bob_id_num = (unsigned char *)OPENSSL_malloc(bob_id_len);
++ if (bob_id_num == NULL)
++ goto err;
++ if (!RAND_bytes(bob_id_num, bob_id_len))
++ goto err;
++
++ /* Initialize ECJPAKE_CTX for Alice and Bob */
++ alice = ECJPAKE_CTX_new(group, secret, alice_id_num, alice_id_len,
++ bob_id_num, bob_id_len);
++ if (alice == NULL)
++ goto err;
++ bob = ECJPAKE_CTX_new(group, secret, bob_id_num, bob_id_len,
++ alice_id_num, alice_id_len);
++ if (bob == NULL)
++ goto err;
++
++ fprintf(stdout, "Plain EC J-PAKE run\n");
++ if (run_ecjpake(alice, bob) != 0) {
++ fprintf(stderr, "Plain EC J-PAKE run failed\n");
++ goto err;
++ }
++
++ ECJPAKE_CTX_free(bob);
++ bob = NULL;
++ ECJPAKE_CTX_free(alice);
++ alice = NULL;
++
++ /* Now give Alice and Bob different secrets */
++ alice = ECJPAKE_CTX_new(group, secret, alice_id_num, alice_id_len,
++ bob_id_num, bob_id_len);
++ if (alice == NULL)
++ goto err;
++ /* randomize secret_wrong of secret_len bits */
++ secret_wrong = BN_new();
++ if (secret_wrong == NULL)
++ goto err;
++ if (!BN_rand(secret_wrong, secret_len, 0, 0))
++ goto err;
++ if (!BN_add(secret_wrong, secret_wrong, secret))
++ goto err;
++ bob = ECJPAKE_CTX_new(group, secret_wrong, bob_id_num, bob_id_len,
++ alice_id_num, alice_id_len);
++ if (bob == NULL)
++ goto err;
++
++ fprintf(stdout, "Mismatch secret EC J-PAKE run\n");
++ if (run_ecjpake(alice, bob) != 5) {
++ fprintf(stderr, "Mismatched secret EC J-PAKE run failed\n");
++ goto err;
++ }
++
++ ECJPAKE_CTX_free(bob);
++ bob = NULL;
++ ECJPAKE_CTX_free(alice);
++ alice = NULL;
++ BN_free(secret);
++ secret = NULL;
++ BN_free(secret_wrong);
++ secret_wrong = NULL;
++ OPENSSL_free(alice_id_num);
++ alice_id_num = NULL;
++ OPENSSL_free(bob_id_num);
++ bob_id_num = NULL;
++ EC_GROUP_free(group);
++ group = NULL;
++ }
++
++ ret = 0;
++
++err:
++ if (ret)
++ fprintf(stderr, "Exiting ecjpaketest with error.\n");
++ if (bob != NULL)
++ ECJPAKE_CTX_free(bob);
++ if (alice != NULL)
++ ECJPAKE_CTX_free(alice);
++ if (secret != NULL)
++ BN_free(secret);
++ if (secret_wrong != NULL)
++ BN_free(secret_wrong);
++ if (alice_id_num != NULL)
++ OPENSSL_free(alice_id_num);
++ if (bob_id_num != NULL)
++ OPENSSL_free(bob_id_num);
++ if (group != NULL)
++ EC_GROUP_free(group);
++ BIO_free(bio_err);
++ CRYPTO_cleanup_all_ex_data();
++ ERR_remove_thread_state(NULL);
++ CRYPTO_mem_leaks_fp(stderr);
++ return ret;
++}
++
++#endif
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/ecjpake/Makefile openssl/crypto/ecjpake/Makefile
+--- openssl-1.0.1m/crypto/ecjpake/Makefile 1969-12-31 16:00:00.000000000 -0800
++++ openssl/crypto/ecjpake/Makefile 2015-08-17 15:44:34.818599289 -0700
+@@ -0,0 +1,81 @@
++#
++# crypto/ecjpake/Makefile
++#
++
++DIR=ecjpake
++TOP=../..
++CC= cc
++INCLUDES= -I.. -I$(TOP) -I../../include
++CFLAG=-g -Wall
++MAKEFILE= Makefile
++AR= ar r
++
++CFLAGS= $(INCLUDES) $(CFLAG)
++
++LIB=$(TOP)/libcrypto.a
++LIBOBJ=ecjpake.o ecjpake_err.o
++LIBSRC=ecjpake.c ecjpake_err.c
++
++SRC= $(LIBSRC)
++
++EXHEADER=ecjpake.h
++TEST=ecjpaketest.c
++
++
++top:
++ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
++
++all: lib
++
++lib: $(LIBOBJ)
++ $(AR) $(LIB) $(LIBOBJ)
++ $(RANLIB) $(LIB) || echo Never mind.
++ @touch lib
++
++links:
++ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
++ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
++
++install:
++ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
++ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
++ do \
++ ($(INSTALL) -m 644 $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
++ done;
++
++update: depend
++
++depend:
++ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
++ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
++
++dclean:
++ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
++ mv -f Makefile.new $(MAKEFILE)
++
++clean:
++ rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
++
++ecjpaketest: top ecjpaketest.c $(LIB)
++ $(CC) $(CFLAGS) -Wall -Werror -g -o ecjpaketest ecjpaketest.c $(LIB)
++# DO NOT DELETE THIS LINE -- make depend depends on it.
++
++ecjpake.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++ecjpake.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++ecjpake.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++ecjpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
++ecjpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++ecjpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
++ecjpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++ecjpake.o: ../../include/openssl/symhacks.h ecjpake.c ecjpake.h
++ecjpake_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
++ecjpake_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
++ecjpake_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
++ecjpake_err.o: ../../include/openssl/ecjpake.h ../../include/openssl/err.h
++ecjpake_err.o: ../../include/openssl/lhash.h
++ecjpake_err.o: ../../include/openssl/opensslconf.h
++ecjpake_err.o: ../../include/openssl/opensslv.h
++ecjpake_err.o: ../../include/openssl/ossl_typ.h
++ecjpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++ecjpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++ecjpake_err.o: ecjpake_err.c
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/err_all.c openssl/crypto/err/err_all.c
+--- openssl-1.0.1m/crypto/err/err_all.c 2015-08-17 15:44:12.631191688 -0700
++++ openssl/crypto/err/err_all.c 2015-08-17 15:44:34.818599289 -0700
+@@ -107,6 +107,9 @@
+ #ifndef OPENSSL_NO_JPAKE
+ # include <openssl/jpake.h>
+ #endif
++#ifndef OPENSSL_NO_ECJPAKE
++# include <openssl/ecjpake.h>
++#endif
+
+ void ERR_load_crypto_strings(void)
+ {
+@@ -164,5 +167,8 @@
+ # ifndef OPENSSL_NO_JPAKE
+ ERR_load_JPAKE_strings();
+ # endif
++# ifndef OPENSSL_NO_ECJPAKE
++ ERR_load_ECJPAKE_strings();
++# endif
+ #endif
+ }
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/err.h openssl/crypto/err/err.h
+--- openssl-1.0.1m/crypto/err/err.h 2015-08-17 15:44:12.631191688 -0700
++++ openssl/crypto/err/err.h 2015-08-17 15:44:34.818599289 -0700
+@@ -197,6 +197,7 @@
+ # define ERR_LIB_TS 47
+ # define ERR_LIB_HMAC 48
+ # define ERR_LIB_JPAKE 49
++# define ERR_LIB_ECJPAKE 50
+
+ # define ERR_LIB_USER 128
+
+@@ -233,6 +234,7 @@
+ # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
+ # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
+ # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
++# define ECJPAKEerr(f,r) ERR_PUT_error(ERR_LIB_ECJPAKE,(f),(r),__FILE__,__LINE__)
+
+ /*
+ * Borland C seems too stupid to be able to shift and do longs in the
+diff -ruaN --no-dereference openssl-1.0.1m/crypto/err/openssl.ec openssl/crypto/err/openssl.ec
+--- openssl-1.0.1m/crypto/err/openssl.ec 2015-08-17 15:44:12.635191581 -0700
++++ openssl/crypto/err/openssl.ec 2015-08-17 15:44:34.818599289 -0700
+@@ -35,6 +35,7 @@
+ L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c
+ L CMS crypto/cms/cms.h crypto/cms/cms_err.c
+ L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c
++L ECJPAKE crypto/ecjpake/ecjpake.h crypto/ecjpake/ecjpake_err.c
+
+ # additional header files to be scanned for function names
+ L NONE crypto/x509/x509_vfy.h NONE
+diff -ruaN --no-dereference openssl-1.0.1m/Makefile.org openssl/Makefile.org
+--- openssl-1.0.1m/Makefile.org 2015-08-17 15:44:12.715189445 -0700
++++ openssl/Makefile.org 2015-08-17 15:44:34.818599289 -0700
+@@ -147,7 +147,7 @@
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
+ buffer bio stack lhash rand err \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+- cms pqueue ts jpake srp store cmac
++ cms pqueue ts jpake ecjpake srp store cmac
+ # keep in mind that the above list is adjusted by ./Configure
+ # according to no-xxx arguments...
+
+diff -ruaN --no-dereference openssl-1.0.1m/test/Makefile openssl/test/Makefile
+--- openssl-1.0.1m/test/Makefile 2015-08-17 15:44:12.759188270 -0700
++++ openssl/test/Makefile 2015-08-17 16:50:00.574984277 -0700
+@@ -62,6 +62,7 @@
+ EVPEXTRATEST=evp_extra_test
+ IGETEST= igetest
+ JPAKETEST= jpaketest
++ECJPAKETEST= ecjpaketest
+ SRPTEST= srptest
+ ASN1TEST= asn1test
+ HEARTBEATTEST= heartbeat_test
+@@ -71,7 +72,7 @@
+
+ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
+ $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \
+- $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
++ $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) $(ECJPAKETEST)$(EXE_EXT) \
+ $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
+ $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
+ $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
+@@ -86,7 +87,7 @@
+ $(HMACTEST).o $(WPTEST).o \
+ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+ $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
+- $(MDC2TEST).o $(RMDTEST).o \
++ $(MDC2TEST).o $(RMDTEST).o $(ECJPAKETEST).o \
+ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
+ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
+ $(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o \
+@@ -94,7 +95,7 @@
+
+ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
+ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
+- $(HMACTEST).c $(WPTEST).c \
++ $(HMACTEST).c $(WPTEST).c $(ECJPAKETEST).c \
+ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
+@@ -137,7 +138,7 @@
+
+ alltests: \
+ test_des test_idea test_sha test_md4 test_md5 test_hmac \
+- test_md2 test_mdc2 test_wp \
++ test_md2 test_mdc2 test_wp test_ecjpake \
+ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+ test_rand test_bn test_ec test_ecdsa test_ecdh \
+ test_enc test_x509 test_rsa test_crl test_sid \
+@@ -319,6 +320,10 @@
+ @echo "Test JPAKE"
+ ../util/shlib_wrap.sh ./$(JPAKETEST)
+
++test_ecjpake: $(ECJPAKETEST)$(EXE_EXT)
++ @echo "Test ECJPAKE"
++ ../util/shlib_wrap.sh ./$(ECJPAKETEST)
++
+ test_cms:
+ @echo "CMS consistency test"
+ $(PERL) cms-test.pl
+@@ -489,6 +494,9 @@
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+ @target=$(JPAKETEST); $(BUILD_CMD)
+
++$(ECJPAKETEST)$(EXE_EXT): $(ECJPAKETEST).o $(DLIBCRYPTO)
++ @target=$(ECJPAKETEST); $(BUILD_CMD)
++
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+ @target=$(ASN1TEST); $(BUILD_CMD)
+
+@@ -593,6 +601,11 @@
+ ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ ecdsatest.o: ecdsatest.c
++ecjpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
++ecjpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
++ecjpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
++ecjpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
++ecjpaketest.o: ../include/openssl/symhacks.h ecjpaketest.c
+ ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
diff --git a/openssl.url b/openssl.url
new file mode 100644
index 0000000..aa445e9
--- /dev/null
+++ b/openssl.url
@@ -0,0 +1 @@
+https://www.openssl.org/source/openssl-1.0.1p.tar.gz
diff --git a/openssl.version b/openssl.version
new file mode 100644
index 0000000..c94b8ea
--- /dev/null
+++ b/openssl.version
@@ -0,0 +1 @@
+1.0.1p