--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-fips-140/patches/206-hmac-ctx-check.patch	Thu Nov 17 13:20:16 2016 -0800
@@ -0,0 +1,61 @@
+# Developed in house.
+# It checks the validity of the context.
+# The issue was reported to the upstream by QE: #4679
+--- a/crypto/hmac/hmac.c	2016-11-09 12:52:40.755645360 -0800
++++ b/crypto/hmac/hmac.c	2016-11-09 12:53:17.872944235 -0800
+@@ -71,6 +71,10 @@
+     int i, j, reset = 0;
+     unsigned char pad[HMAC_MAX_MD_CBLOCK];
+ 
++    /* If we are changing MD then we must have a key */
++    if (md != NULL && md != ctx->md && (key == NULL || len < 0))
++        return 0;
++
+ #ifdef OPENSSL_FIPS
+     /* If FIPS mode switch to approved implementation if possible */
+     if (FIPS_mode()) {
+@@ -97,9 +101,6 @@
+             return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
+     }
+ #endif
+-    /* If we are changing MD then we must have a key */
+-    if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+-        return 0;
+ 
+     if (md != NULL) {
+         reset = 1;
+@@ -164,12 +165,13 @@
+ 
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+ {
++    if (!ctx->md)
++        return 0;
++
+ #ifdef OPENSSL_FIPS
+     if (FIPS_mode() && !ctx->i_ctx.engine)
+         return FIPS_hmac_update(ctx, data, len);
+ #endif
+-    if (!ctx->md)
+-        return 0;
+ 
+     return EVP_DigestUpdate(&ctx->md_ctx, data, len);
+ }
+@@ -178,14 +180,15 @@
+ {
+     unsigned int i;
+     unsigned char buf[EVP_MAX_MD_SIZE];
++
++    if (!ctx->md)
++        goto err;
++
+ #ifdef OPENSSL_FIPS
+     if (FIPS_mode() && !ctx->i_ctx.engine)
+         return FIPS_hmac_final(ctx, md, len);
+ #endif
+ 
+-    if (!ctx->md)
+-        goto err;
+-
+     if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
+         goto err;
+     if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))