--- openssl-fc21.spec	2014-03-22 00:13:27.650941221 -0700
+++ openssl.spec	2014-03-22 00:51:12.293348187 -0700
@@ -10,6 +10,7 @@
 # 0.9.8jk + EAP-FAST soversion = 8
 # 1.0.0 soversion = 10
 %define soversion 10
+%define nofips 1
 
 # Number of threads to spawn when testing some threading fixes.
 %define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
@@ -22,14 +23,17 @@
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 1.0.1e
-Release: 42%{?dist}
+##Version: 1.0.1e
+Version: 1.0.1f
+##Release: 42%{?dist}
+Release: 1%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
 # The original openssl upstream tarball cannot be shipped in the .src.rpm.
-Source: openssl-%{version}-hobbled.tar.xz
-Source1: hobble-openssl
+##Source: openssl-%{version}-hobbled.tar.xz
+Source: openssl-%{version}.tar.gz
+##Source1: hobble-openssl
 Source2: Makefile.certificate
 Source6: make-dummy-cert
 Source7: renew-dummy-cert
@@ -56,42 +60,42 @@
 Patch34: openssl-0.9.6-x509.patch
 Patch35: openssl-0.9.8j-version-add-engines.patch
 Patch36: openssl-1.0.0e-doc-noeof.patch
-Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
+##Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
 Patch39: openssl-1.0.1c-ipv6-apps.patch
-Patch40: openssl-1.0.1e-fips.patch
+##Patch40: openssl-1.0.1e-fips.patch
 Patch45: openssl-1.0.1e-env-zlib.patch
 Patch47: openssl-1.0.0-beta5-readme-warning.patch
 Patch49: openssl-1.0.1a-algo-doc.patch
 Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
 Patch51: openssl-1.0.1e-version.patch
-Patch56: openssl-1.0.0c-rsa-x931.patch
-Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
+##Patch56: openssl-1.0.0c-rsa-x931.patch
+##Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
 Patch60: openssl-1.0.0d-apps-dgst.patch
 Patch63: openssl-1.0.0d-xmpp-starttls.patch
 Patch65: openssl-1.0.0e-chil-fixes.patch
 Patch66: openssl-1.0.1-pkgconfig-krb5.patch
-Patch68: openssl-1.0.1e-secure-getenv.patch
+##Patch68: openssl-1.0.1e-secure-getenv.patch
 Patch69: openssl-1.0.1c-dh-1024.patch
-Patch70: openssl-1.0.1e-fips-ec.patch
+##Patch70: openssl-1.0.1e-fips-ec.patch
 Patch71: openssl-1.0.1e-manfix.patch
-Patch72: openssl-1.0.1e-fips-ctor.patch
-Patch73: openssl-1.0.1e-ecc-suiteb.patch
+##Patch72: openssl-1.0.1e-fips-ctor.patch
+##Patch73: openssl-1.0.1e-ecc-suiteb.patch
 Patch74: openssl-1.0.1e-no-md5-verify.patch
-Patch75: openssl-1.0.1e-compat-symbols.patch
-Patch76: openssl-1.0.1e-new-fips-reqs.patch
+##Patch75: openssl-1.0.1e-compat-symbols.patch
+##Patch76: openssl-1.0.1e-new-fips-reqs.patch
 Patch77: openssl-1.0.1e-weak-ciphers.patch
-Patch78: openssl-1.0.1e-3des-strength.patch
-Patch79: openssl-1.0.1e-req-keylen.patch
+##Patch78: openssl-1.0.1e-3des-strength.patch
+##Patch79: openssl-1.0.1e-req-keylen.patch
 Patch90: openssl-1.0.1e-enc-fail.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.1-beta2-padlock64.patch
-Patch82: openssl-1.0.1e-backports.patch
-Patch83: openssl-1.0.1e-bad-mac.patch
+##Patch82: openssl-1.0.1e-backports.patch
+##Patch83: openssl-1.0.1e-bad-mac.patch
 Patch84: openssl-1.0.1e-trusted-first.patch
 Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
-Patch86: openssl-1.0.1e-cve-2013-6449.patch
-Patch87: openssl-1.0.1e-cve-2013-6450.patch
-Patch88: openssl-1.0.1e-cve-2013-4353.patch
+##Patch86: openssl-1.0.1e-cve-2013-6449.patch
+##Patch87: openssl-1.0.1e-cve-2013-6450.patch
+##Patch88: openssl-1.0.1e-cve-2013-4353.patch
 Patch89: openssl-1.0.1e-ephemeral-key-size.patch
 
 License: OpenSSL
@@ -162,9 +166,9 @@
 
 # The hobble_openssl is called here redundantly, just to be sure.
 # The tarball has already the sources removed.
-%{SOURCE1} > /dev/null
+##%{SOURCE1} > /dev/null
 
-cp %{SOURCE12} %{SOURCE13} crypto/ec/
+##cp %{SOURCE12} %{SOURCE13} crypto/ec/
 
 %patch1 -p1 -b .rpmbuild
 %patch2 -p1 -b .defaults
@@ -182,42 +186,42 @@
 %patch34 -p1 -b .x509
 %patch35 -p1 -b .version-add-engines
 %patch36 -p1 -b .doc-noeof
-%patch38 -p1 -b .op-all
+##%patch38 -p1 -b .op-all
 %patch39 -p1 -b .ipv6-apps
-%patch40 -p1 -b .fips
+##%patch40 -p1 -b .fips
 %patch45 -p1 -b .env-zlib
 %patch47 -p1 -b .warning
 %patch49 -p1 -b .algo-doc
 %patch50 -p1 -b .dtls1-abi
 %patch51 -p1 -b .version
-%patch56 -p1 -b .x931
-%patch58 -p1 -b .md5-allow
+##%patch56 -p1 -b .x931
+##%patch58 -p1 -b .md5-allow
 %patch60 -p1 -b .dgst
 %patch63 -p1 -b .starttls
 %patch65 -p1 -b .chil
 %patch66 -p1 -b .krb5
-%patch68 -p1 -b .secure-getenv
+##%patch68 -p1 -b .secure-getenv
 %patch69 -p1 -b .dh1024
-%patch70 -p1 -b .fips-ec
-%patch72 -p1 -b .fips-ctor
-%patch73 -p1 -b .suiteb
+##%patch70 -p1 -b .fips-ec
+##%patch72 -p1 -b .fips-ctor
+##%patch73 -p1 -b .suiteb
 %patch74 -p1 -b .no-md5-verify
-%patch75 -p1 -b .compat
-%patch76 -p1 -b .fips-reqs
+##%patch75 -p1 -b .compat
+##%patch76 -p1 -b .fips-reqs
 %patch77 -p1 -b .weak-ciphers
-%patch78 -p1 -b .3des-strength
-%patch79 -p1 -b .keylen
+##%patch78 -p1 -b .3des-strength
+##%patch79 -p1 -b .keylen
 %patch90 -p1 -b .enc-fail
 
 %patch81 -p1 -b .padlock64
-%patch82 -p1 -b .backports
+##%patch82 -p1 -b .backports
 %patch71 -p1 -b .manfix
-%patch83 -p1 -b .bad-mac
+##%patch83 -p1 -b .bad-mac
 %patch84 -p1 -b .trusted-first
 %patch85 -p1 -b .armcap
-%patch86 -p1 -b .hash-crash
-%patch87 -p1 -b .dtls1-mitm
-%patch88 -p1 -b .handshake-crash
+##%patch86 -p1 -b .hash-crash
+##%patch87 -p1 -b .dtls1-mitm
+##%patch88 -p1 -b .handshake-crash
 %patch89 -p1 -b .ephemeral
 
 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@@ -270,10 +274,11 @@
 # Configure the build tree.  Override OpenSSL defaults with known-good defaults
 # usable on all platforms.  The Configure script already knows to use -fPIC and
 # RPM_OPT_FLAGS, so we can skip specifiying them here.
+	#enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \
 ./Configure \
 	--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
 	zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
-	enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \
+	enable-cms enable-md2 no-mdc2 no-rc5 enable-ec enable-ec2m enable-gost enable-ecdh enable-ecdsa enable-srp \
 	--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
 	--with-krb5-dir=/usr shared  ${sslarch} %{?!nofips:fips}
 
@@ -318,10 +323,10 @@
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
     %{__os_install_post} \
-    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
-    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
-    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
-    ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
+##    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
+##    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
+##    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
+##    ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
 %{nil}
 
 %define __provides_exclude_from %{_libdir}/openssl
@@ -455,8 +460,8 @@
 %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion}
 %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
 %attr(0755,root,root) %{_libdir}/libssl.so.%{soversion}
-%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
-%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
+##%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
+##%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
 %attr(0755,root,root) %{_libdir}/openssl
 
 %files devel