diff --git a/CVE-2011-0014.patch b/CVE-2011-0014.patch
new file mode 100644
index 0000000..ac65f0e
--- /dev/null
+++ b/CVE-2011-0014.patch
@@ -0,0 +1,28 @@
+Index: openssl-1.0.0c/ssl/t1_lib.c
+===================================================================
+--- openssl-1.0.0c.orig/ssl/t1_lib.c
++++ openssl-1.0.0c/ssl/t1_lib.c
+@@ -917,6 +917,7 @@ int ssl_parse_clienthello_tlsext(SSL *s,
+ 						}
+ 					n2s(data, idsize);
+ 					dsize -= 2 + idsize;
++					size -= 2 + idsize;
+ 					if (dsize < 0)
+ 						{
+ 						*al = SSL_AD_DECODE_ERROR;
+@@ -955,9 +956,14 @@ int ssl_parse_clienthello_tlsext(SSL *s,
+ 					}
+ 
+ 				/* Read in request_extensions */
++				if (size < 2)
++				{
++					*al = SSL_AD_DECODE_ERROR;
++					return 0;
++				}
+ 				n2s(data,dsize);
+ 				size -= 2;
+-				if (dsize > size) 
++				if (dsize != size) 
+ 					{
+ 					*al = SSL_AD_DECODE_ERROR;
+ 					return 0;
diff --git a/_service b/_service
deleted file mode 100644
index 99d1cef..0000000
--- a/_service
+++ /dev/null
@@ -1,12 +0,0 @@
-<services>
-  <service name="download_url">
-    <param name="protocol">http</param>
-    <param name="host">www.openssl.org</param>
-    <param name="path">/source/openssl-1.0.0d.tar.gz</param>
-  </service>
-  <service name="verify_file">
-    <param name="file">_service:download_url:openssl-1.0.0d.tar.gz</param>
-    <param name="verifier">sha256</param>
-    <param name="checksum">92511d1f0caaa298dba250426f8e7d5d00b271847886d1adc62422778d6320db</param>
-  </service>
-</services>
\ No newline at end of file
diff --git a/_service:download_url:openssl-1.0.0d.tar.gz b/_service:download_url:openssl-1.0.0d.tar.gz
deleted file mode 100644
index d41c3d6..0000000
--- a/_service:download_url:openssl-1.0.0d.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:92511d1f0caaa298dba250426f8e7d5d00b271847886d1adc62422778d6320db
-size 4025484
diff --git a/bug610223.patch b/bug610223.patch
index 3c7037a..957125e 100644
--- a/bug610223.patch
+++ b/bug610223.patch
@@ -1,6 +1,8 @@
---- Configure.orig
-+++ Configure
-@@ -1688,7 +1688,8 @@ while (<IN>)
+Index: openssl-1.0.0/Configure
+===================================================================
+--- openssl-1.0.0.orig/Configure
++++ openssl-1.0.0/Configure
+@@ -1673,7 +1673,8 @@ while (<IN>)
  		}
  	elsif	(/^#define\s+ENGINESDIR/)
  		{
diff --git a/openssl-1.0.0-aesni-v4.patch b/openssl-1.0.0b-aesni.patch
similarity index 91%
rename from openssl-1.0.0-aesni-v4.patch
rename to openssl-1.0.0b-aesni.patch
index 73f10a3..3b07c2f 100644
--- a/openssl-1.0.0-aesni-v4.patch
+++ b/openssl-1.0.0b-aesni.patch
@@ -1,5 +1,6 @@
---- Configure.orig
-+++ Configure
+diff -up openssl-1.0.0b/Configure.aesni openssl-1.0.0b/Configure
+--- openssl-1.0.0b/Configure.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/Configure	2010-11-16 17:35:15.000000000 +0100
 @@ -123,11 +123,11 @@ my $tlib="-lnsl -lsocket";
  my $bits1="THIRTY_TWO_BIT ";
  my $bits2="SIXTY_FOUR_BIT ";
@@ -14,7 +15,16 @@
  my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void";
  my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void";
  my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
-@@ -1410,6 +1410,7 @@ if ($rmd160_obj =~ /\.o$/)
+@@ -491,7 +491,7 @@ my %table=(
+ #
+ # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+ "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
+-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
++"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+ "debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
+ "debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+ # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
+@@ -1419,6 +1419,7 @@ if ($rmd160_obj =~ /\.o$/)
  if ($aes_obj =~ /\.o$/)
  	{
  	$cflags.=" -DAES_ASM";
@@ -22,102 +32,9 @@
  	}
  else	{
  	$aes_obj=$aes_enc;
---- crypto/aes/Makefile.orig
-+++ crypto/aes/Makefile
-@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
- 
- aes-586.s:	asm/aes-586.pl ../perlasm/x86asm.pl
- 	$(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
-+aesni-x86.s:	asm/aesni-x86.pl ../perlasm/x86asm.pl
-+	$(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
- 
- aes-x86_64.s: asm/aes-x86_64.pl
- 	$(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
-+aesni-x86_64.s: asm/aesni-x86_64.pl
-+	$(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
- 
- aes-sparcv9.s: asm/aes-sparcv9.pl
- 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
---- crypto/engine/Makefile.orig
-+++ crypto/engine/Makefile
-@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
- 	eng_table.c eng_pkey.c eng_fat.c eng_all.c \
- 	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
- 	tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
--	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
-+	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
-+	eng_aesni.c
- LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
- 	eng_table.o eng_pkey.o eng_fat.o eng_all.o \
- 	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
- 	tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
--	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
-+	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
-+	eng_aesni.o
- 
- SRC= $(LIBSRC)
- 
---- crypto/engine/eng_all.c.orig
-+++ crypto/engine/eng_all.c
-@@ -61,6 +61,8 @@
- 
- void ENGINE_load_builtin_engines(void)
- 	{
-+	/* Engines may depend on CPU capabilities */
-+	OPENSSL_cpuid_setup();
- #if 0
- 	/* There's no longer any need for an "openssl" ENGINE unless, one day,
- 	 * it is the *only* way for standard builtin implementations to be be
-@@ -71,6 +73,9 @@ void ENGINE_load_builtin_engines(void)
- #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
- 	ENGINE_load_cryptodev();
- #endif
-+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI)
-+	ENGINE_load_aesni();
-+#endif
- 	ENGINE_load_dynamic();
- #ifndef OPENSSL_NO_STATIC_ENGINE
- #ifndef OPENSSL_NO_HW
-@@ -112,6 +117,7 @@ void ENGINE_load_builtin_engines(void)
- 	ENGINE_load_capi();
- #endif
- #endif
-+	ENGINE_register_all_complete();
- 	}
- 
- #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
---- crypto/engine/engine.h.orig
-+++ crypto/engine/engine.h
-@@ -344,6 +344,7 @@ void ENGINE_load_gost(void);
- #endif
- #endif
- void ENGINE_load_cryptodev(void);
-+void ENGINE_load_aesni(void);
- void ENGINE_load_builtin_engines(void);
- 
- /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
---- crypto/evp/evp.h.orig
-+++ crypto/evp/evp.h
-@@ -1190,6 +1190,7 @@ void ERR_load_EVP_strings(void);
- /* Error codes for the EVP functions. */
- 
- /* Function codes. */
-+#define EVP_F_AESNI_INIT_KEY				 165
- #define EVP_F_AES_INIT_KEY				 133
- #define EVP_F_CAMELLIA_INIT_KEY				 159
- #define EVP_F_D2I_PKEY					 100
---- crypto/evp/evp_err.c.orig
-+++ crypto/evp/evp_err.c
-@@ -70,6 +70,7 @@
- 
- static ERR_STRING_DATA EVP_str_functs[]=
- 	{
-+{ERR_FUNC(EVP_F_AESNI_INIT_KEY),	"AESNI_INIT_KEY"},
- {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
- {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
- {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
---- /dev/null
-+++ crypto/aes/asm/aesni-x86.pl
+diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl
+--- openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/crypto/aes/asm/aesni-x86.pl	2010-11-16 17:33:23.000000000 +0100
 @@ -0,0 +1,765 @@
 +#!/usr/bin/env perl
 +
@@ -884,8 +801,9 @@
 +&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
 +
 +&asm_finish();
---- /dev/null
-+++ crypto/aes/asm/aesni-x86_64.pl
+diff -up openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl
+--- openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/crypto/aes/asm/aesni-x86_64.pl	2010-11-16 17:33:23.000000000 +0100
 @@ -0,0 +1,991 @@
 +#!/usr/bin/env perl
 +#
@@ -1878,9 +1796,27 @@
 +print $code;
 +
 +close STDOUT;
---- /dev/null
-+++ crypto/engine/eng_aesni.c
-@@ -0,0 +1,412 @@
+diff -up openssl-1.0.0b/crypto/aes/Makefile.aesni openssl-1.0.0b/crypto/aes/Makefile
+--- openssl-1.0.0b/crypto/aes/Makefile.aesni	2008-12-23 12:33:00.000000000 +0100
++++ openssl-1.0.0b/crypto/aes/Makefile	2010-11-16 17:33:23.000000000 +0100
+@@ -50,9 +50,13 @@ aes-ia64.s: asm/aes-ia64.S
+ 
+ aes-586.s:	asm/aes-586.pl ../perlasm/x86asm.pl
+ 	$(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
++aesni-x86.s:	asm/aesni-x86.pl ../perlasm/x86asm.pl
++	$(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+ 
+ aes-x86_64.s: asm/aes-x86_64.pl
+ 	$(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
++aesni-x86_64.s: asm/aesni-x86_64.pl
++	$(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
+ 
+ aes-sparcv9.s: asm/aes-sparcv9.pl
+ 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+diff -up openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni openssl-1.0.0b/crypto/engine/eng_aesni.c
+--- openssl-1.0.0b/crypto/engine/eng_aesni.c.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/eng_aesni.c	2010-11-16 17:33:23.000000000 +0100
+@@ -0,0 +1,413 @@
 +/*
 + * Support for Intel AES-NI intruction set
 + *   Author: Huang Ying <ying.huang@intel.com>
@@ -1988,6 +1924,7 @@
 +	if (!toadd)
 +		return;
 +	ENGINE_add (toadd);
++	ENGINE_register_complete (toadd);
 +	ENGINE_free (toadd);
 +	ERR_clear_error ();
 +#endif
@@ -2045,10 +1982,10 @@
 +{
 +	int engage;
 +	if (sizeof(OPENSSL_ia32cap_P) > 4) {
-+		engage = (int)((OPENSSL_ia32cap_P >> 30) >> 27) & 1;
++		engage = (OPENSSL_ia32cap_P >> 57) & 1;
 +	} else {
 +		IA32CAP OPENSSL_ia32_cpuid(void);
-+		engage = (int)(OPENSSL_ia32_cpuid() >> 57) & 1;
++		engage = (OPENSSL_ia32_cpuid() >> 57) & 1;
 +	}
 +
 +	/* Register everything or return with an error */
@@ -2293,8 +2230,92 @@
 +
 +#endif /* COMPILE_HW_AESNI */
 +#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */
---- /dev/null
-+++ test/test_aesni
+diff -up openssl-1.0.0b/crypto/engine/eng_all.c.aesni openssl-1.0.0b/crypto/engine/eng_all.c
+--- openssl-1.0.0b/crypto/engine/eng_all.c.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/eng_all.c	2010-11-16 17:33:23.000000000 +0100
+@@ -85,6 +85,9 @@ void ENGINE_load_builtin_engines(void)
+ #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
+ 	ENGINE_load_cryptodev();
+ #endif
++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI)
++	ENGINE_load_aesni();
++#endif
+ 	ENGINE_load_dynamic();
+ #ifndef OPENSSL_NO_STATIC_ENGINE
+ #ifndef OPENSSL_NO_HW
+diff -up openssl-1.0.0b/crypto/engine/engine.h.aesni openssl-1.0.0b/crypto/engine/engine.h
+--- openssl-1.0.0b/crypto/engine/engine.h.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/engine.h	2010-11-16 17:33:23.000000000 +0100
+@@ -338,6 +338,7 @@ void ENGINE_load_gost(void);
+ #endif
+ #endif
+ void ENGINE_load_cryptodev(void);
++void ENGINE_load_aesni(void);
+ void ENGINE_load_builtin_engines(void);
+ 
+ /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+diff -up openssl-1.0.0b/crypto/engine/Makefile.aesni openssl-1.0.0b/crypto/engine/Makefile
+--- openssl-1.0.0b/crypto/engine/Makefile.aesni	2010-11-15 15:44:49.000000000 +0100
++++ openssl-1.0.0b/crypto/engine/Makefile	2010-11-16 17:33:23.000000000 +0100
+@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c e
+ 	eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+ 	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+ 	tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
+-	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
++	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
++	eng_aesni.c
+ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+ 	eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+ 	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+ 	tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
+-	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
++	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
++	eng_aesni.o
+ 
+ SRC= $(LIBSRC)
+ 
+diff -up openssl-1.0.0b/crypto/evp/evp_err.c.aesni openssl-1.0.0b/crypto/evp/evp_err.c
+--- openssl-1.0.0b/crypto/evp/evp_err.c.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/evp/evp_err.c	2010-11-16 17:33:23.000000000 +0100
+@@ -1,6 +1,6 @@
+ /* crypto/evp/evp_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -70,6 +70,7 @@
+ 
+ static ERR_STRING_DATA EVP_str_functs[]=
+ 	{
++{ERR_FUNC(EVP_F_AESNI_INIT_KEY),	"AESNI_INIT_KEY"},
+ {ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
+ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
+ {ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
+@@ -86,7 +87,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},
+-{ERR_FUNC(EVP_F_EVP_MD_SIZE),	"EVP_MD_SIZE"},
++{ERR_FUNC(EVP_F_EVP_MD_SIZE),	"EVP_MD_size"},
+ {ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},
+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},
+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE),	"EVP_PBE_alg_add_type"},
+diff -up openssl-1.0.0b/crypto/evp/evp.h.aesni openssl-1.0.0b/crypto/evp/evp.h
+--- openssl-1.0.0b/crypto/evp/evp.h.aesni	2010-11-16 17:33:22.000000000 +0100
++++ openssl-1.0.0b/crypto/evp/evp.h	2010-11-16 17:33:23.000000000 +0100
+@@ -1167,6 +1167,7 @@ void ERR_load_EVP_strings(void);
+ /* Error codes for the EVP functions. */
+ 
+ /* Function codes. */
++#define EVP_F_AESNI_INIT_KEY				 163
+ #define EVP_F_AES_INIT_KEY				 133
+ #define EVP_F_CAMELLIA_INIT_KEY				 159
+ #define EVP_F_D2I_PKEY					 100
+diff -up openssl-1.0.0b/test/test_aesni.aesni openssl-1.0.0b/test/test_aesni
+--- openssl-1.0.0b/test/test_aesni.aesni	2010-11-16 17:33:23.000000000 +0100
++++ openssl-1.0.0b/test/test_aesni	2010-11-16 17:33:23.000000000 +0100
 @@ -0,0 +1,69 @@
 +#!/bin/sh
 +
diff --git a/openssl-1.0.0c.tar.bz2 b/openssl-1.0.0c.tar.bz2
new file mode 100644
index 0000000..dca4042
--- /dev/null
+++ b/openssl-1.0.0c.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fabc7750eb05c2b15916b1abdff7287064dd4bc120b0b77e233bc390352bae5d
+size 3207024
diff --git a/openssl-padlock-x86_64-head.patch b/openssl-padlock-x86_64-head.patch
deleted file mode 100644
index f2ff2b0..0000000
--- a/openssl-padlock-x86_64-head.patch
+++ /dev/null
@@ -1,215 +0,0 @@
-diff --git a/engines/e_padlock.c b/engines/e_padlock.c
-index 7d09419..ce7e086 100644
---- a/engines/e_padlock.c
-+++ b/engines/e_padlock.c
-@@ -101,10 +101,15 @@
-    compiler choice is limited to GCC and Microsoft C. */
- #undef COMPILE_HW_PADLOCK
- #if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
--# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
-+# if (defined(__GNUC__) && __GNUC__>=2 && \
-+	(defined(__i386__) || defined(__i386) || \
-+	 defined(__x86_64__) || defined(__x86_64)) \
-+     ) || \
-      (defined(_MSC_VER) && defined(_M_IX86))
- #  define COMPILE_HW_PADLOCK
-+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
- static ENGINE *ENGINE_padlock (void);
-+#  endif
- # endif
- #endif
- 
-@@ -135,7 +140,7 @@ void ENGINE_load_padlock (void)
- # endif
- #elif defined(__GNUC__)
- # ifndef alloca
--#  define alloca(s) __builtin_alloca(s)
-+#  define alloca(s) __builtin_alloca((s))
- # endif
- #endif
- 
-@@ -197,6 +202,7 @@ padlock_bind_helper(ENGINE *e)
- 	return 1;
- }
- 
-+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
- /* Constructor */
- static ENGINE *
- ENGINE_padlock(void)
-@@ -214,6 +220,7 @@ ENGINE_padlock(void)
- 
- 	return eng;
- }
-+#endif
- 
- /* Check availability of the engine */
- static int
-@@ -298,6 +305,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
-  * =======================================================
-  */
- #if defined(__GNUC__) && __GNUC__>=2
-+#if defined(__i386__) || defined(__i386)
- /*
-  * As for excessive "push %ebx"/"pop %ebx" found all over.
-  * When generating position-independent code GCC won't let
-@@ -377,21 +385,6 @@ padlock_available(void)
- 	return padlock_use_ace + padlock_use_rng;
- }
- 
--#ifndef OPENSSL_NO_AES
--/* Our own htonl()/ntohl() */
--static inline void
--padlock_bswapl(AES_KEY *ks)
--{
--	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
--	unsigned int *key = ks->rd_key;
--
--	while (i--) {
--		asm volatile ("bswapl %0" : "+r"(*key));
--		key++;
--	}
--}
--#endif
--
- /* Force key reload from memory to the CPU microcode.
-    Loading EFLAGS from the stack clears EFLAGS[30] 
-    which does the trick. */
-@@ -449,12 +442,127 @@ static inline void *name(size_t cnt,		\
- 		: "edx", "cc", "memory");	\
- 	return iv;				\
- }
-+#endif
-+
-+#elif defined(__x86_64__) || defined(__x86_64)
-+
-+/* Load supported features of the CPU to see if
-+   the PadLock is available. */
-+static int
-+padlock_available(void)
-+{
-+	char vendor_string[16];
-+	unsigned int eax, edx;
-+
-+	/* Are we running on the Centaur (VIA) CPU? */
-+	eax = 0x00000000;
-+	vendor_string[12] = 0;
-+	asm volatile (
-+		"cpuid\n"
-+		"movl	%%ebx,(%1)\n"
-+		"movl	%%edx,4(%1)\n"
-+		"movl	%%ecx,8(%1)\n"
-+		: "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx");
-+	if (strcmp(vendor_string, "CentaurHauls") != 0)
-+		return 0;
-+
-+	/* Check for Centaur Extended Feature Flags presence */
-+	eax = 0xC0000000;
-+	asm volatile ("cpuid"
-+		: "+a"(eax) : : "rbx", "rcx", "rdx");
-+	if (eax < 0xC0000001)
-+		return 0;
-+
-+	/* Read the Centaur Extended Feature Flags */
-+	eax = 0xC0000001;
-+	asm volatile ("cpuid"
-+		: "+a"(eax), "=d"(edx) : : "rbx", "rcx");
-+
-+	/* Fill up some flags */
-+	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
-+	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
-+
-+	return padlock_use_ace + padlock_use_rng;
-+}
-+
-+/* Force key reload from memory to the CPU microcode.
-+   Loading EFLAGS from the stack clears EFLAGS[30] 
-+   which does the trick. */
-+static inline void
-+padlock_reload_key(void)
-+{
-+	asm volatile ("pushfq; popfq");
-+}
-+
-+#ifndef OPENSSL_NO_AES
-+/*
-+ * This is heuristic key context tracing. At first one
-+ * believes that one should use atomic swap instructions,
-+ * but it's not actually necessary. Point is that if
-+ * padlock_saved_context was changed by another thread
-+ * after we've read it and before we compare it with cdata,
-+ * our key *shall* be reloaded upon thread context switch
-+ * and we are therefore set in either case...
-+ */
-+static inline void
-+padlock_verify_context(struct padlock_cipher_data *cdata)
-+{
-+	asm volatile (
-+	"pushfq\n"
-+"	btl	$30,(%%rsp)\n"
-+"	jnc	1f\n"
-+"	cmpq	%2,%1\n"
-+"	je	1f\n"
-+"	popfq\n"
-+"	subq	$8,%%rsp\n"
-+"1:	addq	$8,%%rsp\n"
-+"	movq	%2,%0"
-+	:"+m"(padlock_saved_context)
-+	: "r"(padlock_saved_context), "r"(cdata) : "cc");
-+}
-+
-+/* Template for padlock_xcrypt_* modes */
-+/* BIG FAT WARNING: 
-+ * 	The offsets used with 'leal' instructions
-+ * 	describe items of the 'padlock_cipher_data'
-+ * 	structure.
-+ */
-+#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt)	\
-+static inline void *name(size_t cnt,		\
-+	struct padlock_cipher_data *cdata,	\
-+	void *out, const void *inp) 		\
-+{	void *iv; 				\
-+	asm volatile ( "leaq	16(%0),%%rdx\n"	\
-+		"	leaq	32(%0),%%rbx\n"	\
-+			rep_xcrypt "\n"		\
-+		: "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
-+		: "0"(cdata), "1"(cnt), "2"(out), "3"(inp)  \
-+		: "rbx", "rdx", "cc", "memory");	\
-+	return iv;				\
-+}
-+#endif
-+
-+#endif	/* cpu */
- 
-+#ifndef OPENSSL_NO_AES
- /* Generate all functions with appropriate opcodes */
- PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")	/* rep xcryptecb */
- PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")	/* rep xcryptcbc */
- PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")	/* rep xcryptcfb */
- PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")	/* rep xcryptofb */
-+
-+/* Our own htonl()/ntohl() */
-+static inline void
-+padlock_bswapl(AES_KEY *ks)
-+{
-+	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
-+	unsigned int *key = ks->rd_key;
-+
-+	while (i--) {
-+		asm volatile ("bswapl %0" : "+r"(*key));
-+		key++;
-+	}
-+}
- #endif
- 
- /* The RNG call itself */
-@@ -485,8 +593,8 @@ padlock_xstore(void *addr, unsigned int edx_in)
- static inline unsigned char *
- padlock_memcpy(void *dst,const void *src,size_t n)
- {
--	long       *d=dst;
--	const long *s=src;
-+	size_t       *d=dst;
-+	const size_t *s=src;
- 
- 	n /= sizeof(*d);
- 	do { *d++ = *s++; } while (--n);
diff --git a/openssl.changes b/openssl.changes
index 2ef4fe6..6e33d06 100644
--- a/openssl.changes
+++ b/openssl.changes
@@ -1,22 +1,3 @@
--------------------------------------------------------------------
-Wed Apr 13 02:03:02 UTC 2011 - crrodriguez@opensuse.org
-
-- Fix engine loading issues [bnc#660452]
-- Update AES-NI patch to upstream version 4 
-- Drop CVE-2011-0014.patch and replace it with pristine tarball
-  of 1.0.0d which only fixes this vulnerability.
- 
--------------------------------------------------------------------
-Sat Apr  9 18:18:42 UTC 2011 - crrodriguez@opensuse.org
-
-- Correct last change 
-
--------------------------------------------------------------------
-Sat Apr  9 15:00:33 UTC 2011 - crrodriguez@opensuse.org
-
-- Disable SSLv2 support permanently,it must not be used.
-- No longer requires -fno-strict-aliasing 
-
 -------------------------------------------------------------------
 Thu Feb 10 07:42:01 UTC 2011 - gjhe@novell.com
 
diff --git a/openssl.spec b/openssl.spec
index a59f57e..d909b80 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -32,11 +32,11 @@ Obsoletes:      openssl-64bit
 %endif
 #
 #Version:        1.0.0
-Version:        1.0.0d
-Release:        1
+Version:        1.0.0c
+Release:        20
 Summary:        Secure Sockets and Transport Layer Security
 Url:            http://www.openssl.org/
-Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.gz
+Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
 # to get mtime of file:
 Source1:        openssl.changes
 Source2:        baselibs.conf
@@ -48,9 +48,8 @@ Patch2:         bug610223.patch
 #Patch4:         patchset-19727.diff
 #Patch5:         CVE-2010-2939.patch
 #Patch6:         CVE-2010-3864.patch
-Patch7:         openssl-1.0.0-aesni-v4.patch
-#PATCH_FIX-UPSTREAM Fix padlock engine in x86_64 hosts
-Patch8:         openssl-padlock-x86_64-head.patch
+Patch7:         openssl-1.0.0b-aesni.patch
+Patch8:         CVE-2011-0014.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -179,12 +178,12 @@ Authors:
 %setup -q 
 %patch0 -p1
 %patch1 -p1
-%patch2
+%patch2 -p1
 #%patch3 -p1
 #%patch4 -p1
 #%patch5 -p1
 #%patch6 -p1
-%patch7
+%patch7 -p1
 %patch8 -p1
 cp -p %{S:10} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
@@ -225,9 +224,6 @@ sed -i -e "s|#define DATE \(.*\).LC_ALL.*date.|#define DATE \1$CHANGES|" crypto/
 ./config --test-sanity 
 #
 config_flags="threads shared no-rc5 no-idea \
-%if 0%{suse_version} > 1140
-no-ssl2 \
-%endif
 enable-camellia \
 zlib \
 --prefix=%{_prefix} \
@@ -236,6 +232,7 @@ zlib \
 $RPM_OPT_FLAGS \
 -Wa,--noexecstack \
 -fomit-frame-pointer \
+-fno-strict-aliasing \
 -DTERMIO \
 -DPURIFY \
 %ifnarch hppa
@@ -340,7 +337,7 @@ unsigned int i;
 SSL_CTX *ctx;
 SSL *ssl;
 SSL_METHOD *meth;
-  meth = SSLv23_client_method();
+  meth = SSLv2_client_method();
   SSLeay_add_ssl_algorithms();
   ctx = SSL_CTX_new(meth);
   if (ctx == NULL) return 0;
@@ -373,36 +370,14 @@ cd $RPM_BUILD_ROOT%{_libdir}/
 ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
 ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
 
-#ugly artifact to delete engines that are disabled/unusable in LINUX
-#that for some reason the build system insist on creating.
-
-# CAPI, Windows specific
-rm %{buildroot}/%_lib/engines/libcapi.so
-# GMP, has been always non-functional
-rm %{buildroot}/%_lib/engines/libgmp.so
-# Requires propietary Broadcom library, not available
-rm %{buildroot}/%_lib/engines/libubsec.so
-#Requires library called libnfhwcrhk.so which is not available 
-rm %{buildroot}/%_lib/engines/libchil.so
-#requires library named "SureWareHook" which is not available
-rm %{buildroot}/%_lib/engines/libsureware.so
-#requires DSO "libswift.so",propietary and not available
-rm %{buildroot}/%_lib/engines/libcswift.so
-#requires DSO "nuronssl.so", propietary and not available
-rm %{buildroot}/%_lib/engines/libnuron.so
-#only supported in AIX and Windows...
-rm %{buildroot}/%_lib/engines/lib4758cca.so
-# deprecated in favor of http://sourceforge.net/projects/opencryptoki/files/ (??)
-rm %{buildroot}/%_lib/engines/libaep.so
-# HP Atalla AXL600L SSL Accelerator Card, EOL, linux 2.4/SLE8, useless nowdays
-rm %{buildroot}/%_lib/engines/libatalla.so
-
 %clean
 if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 
-%post -n libopenssl1_0_0 -p /sbin/ldconfig
+%post -n libopenssl1_0_0
+/sbin/ldconfig
 
-%postun -n libopenssl1_0_0 -p /sbin/ldconfig
+%postun -n libopenssl1_0_0
+/sbin/ldconfig
 
 %files -n libopenssl1_0_0
 %defattr(-, root, root)