--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-fips-140/patches/206-hmac-ctx-check.patch Thu Nov 17 13:20:16 2016 -0800
@@ -0,0 +1,61 @@
+# Developed in house.
+# It checks the validity of the context.
+# The issue was reported to the upstream by QE: #4679
+--- a/crypto/hmac/hmac.c 2016-11-09 12:52:40.755645360 -0800
++++ b/crypto/hmac/hmac.c 2016-11-09 12:53:17.872944235 -0800
+@@ -71,6 +71,10 @@
+ int i, j, reset = 0;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
++ /* If we are changing MD then we must have a key */
++ if (md != NULL && md != ctx->md && (key == NULL || len < 0))
++ return 0;
++
+ #ifdef OPENSSL_FIPS
+ /* If FIPS mode switch to approved implementation if possible */
+ if (FIPS_mode()) {
+@@ -97,9 +101,6 @@
+ return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
+ }
+ #endif
+- /* If we are changing MD then we must have a key */
+- if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+- return 0;
+
+ if (md != NULL) {
+ reset = 1;
+@@ -164,12 +165,13 @@
+
+ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+ {
++ if (!ctx->md)
++ return 0;
++
+ #ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !ctx->i_ctx.engine)
+ return FIPS_hmac_update(ctx, data, len);
+ #endif
+- if (!ctx->md)
+- return 0;
+
+ return EVP_DigestUpdate(&ctx->md_ctx, data, len);
+ }
+@@ -178,14 +180,15 @@
+ {
+ unsigned int i;
+ unsigned char buf[EVP_MAX_MD_SIZE];
++
++ if (!ctx->md)
++ goto err;
++
+ #ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !ctx->i_ctx.engine)
+ return FIPS_hmac_final(ctx, md, len);
+ #endif
+
+- if (!ctx->md)
+- goto err;
+-
+ if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))